Virtualization Technology News and Information
Article
RSS
Pulumi Automates, Secures, and Manages the Kubernetes Ecosystem

At KubeCon Salt Lake City 2024, Pulumi announced significant enhancements to the Kubernetes ecosystem. Key improvements include major updates to the EKS provider supporting Amazon Linux 2023 and Security Groups for pods, the release of Pulumi Kubernetes Operator 2.0 with dedicated workspace pods, Pulumi ESC integration with External Secrets Operator, and a new Kubernetes-native deployment agent for enhanced security and scalability. These updates, alongside improvements to Helm Chart resourcesenhanced await logic, and better CustomResource support through crd2pulumi, strengthens Pulumi's commitment to providing developers with robust, enterprise-grade tools for managing Kubernetes infrastructure.

"Pulumi's deep integration with the CNCF ecosystem underscores our commitment to modern cloud infrastructure management," says Eric Rudder, co-founder of Pulumi. "Our approach of embracing the great work done by open-source communities, using the most popular programming languages and enhancing these efforts with enterprise-grade security and scalability features, enables organizations to manage infrastructure at incredible scale. Working closely with the CNCF and supporting the entire cloud-native stack, we're not just building tools - we're advancing the entire community towards a more efficient, secure, and collaborative future."

Managing Kubernetes workloads are increasingly complex because they rely on numerous different CNCF products and span multiple clouds. This complexity creates significant challenges for managing infrastructure, securing cloud workloads, and gaining visibility across all Kubernetes resources and infrastructure.

Managing infrastructure has become progressively more time consuming and complicated, especially with legacy tools that weren't designed to handle hundreds or thousands of Kubernetes resources spread across multiple clusters. Teams often struggle with large, complex YAML configurations and domain-specific languages (DSLs) that are restrictive and fail to scale effectively.

Pulumi Infrastructure as Code (IaC) offers a modern solution to these challenges. Instead of specialized languages, teams can program both their cloud infrastructure and Kubernetes resources using familiar, general-purpose programming languages, enhanced by generative AI capabilities. For instance, setting up managed Kubernetes services like Amazon EKS can be accomplished with just a single line of code: cluster = eks.Cluster("my-cluster").

The latest Pulumi EKS v3 provider brings several important improvements. It now supports Amazon Linux 2023 and Bottlerocket Operating Systems, while adding enhanced security features including EKS Security Groups for Pods and Network Policies. The provider also streamlines various Kubernetes networking features by integrating them directly with EKS.

For teams looking to implement GitOps workflows, the Pulumi Kubernetes Operator has been updated to version 2. This new version introduces dedicated "workspace" pods for each stack, providing teams with greater isolation between workloads, improved scalability, and more granular access control over their infrastructure resources.

Poor secrets management creates critical security risks through static and sprawling secrets and configurations. Pulumi Environments, Secrets, and Configuration (ESC) solves this by centralizing secrets management and orchestration. Through native integration with Kubernetes' External Secrets Operator (ESO), Pulumi ESC now securely injects secrets directly as environment variables into Kubernetes applications, making secure secrets management seamless and foolproof.

"ESC is very practical for centralizing configuration or secrets in environments that can inherit from each other," says Alexandre Nedelec, a software engineer at Avanade. "It is very convenient to use it to get secrets from other stores like Azure Key Vault or 1Password, and the integration with OIDC allows easy retrieval of short term cloud access tokens, following security best practices."

Organizations today face a massive challenge: making sense of millions of cloud resources spread across hundreds of Kubernetes clusters, clouds, regions, and accounts. Pulumi Insights tackles this complexity by providing unified search, compliance remediation, and visualization capabilities for all infrastructure resources - whether they were provisioned through Pulumi, Kubernetes YAML, Terraform, or cloud consoles. With the AI-powered Pulumi Copilot, teams can now discover cost savings, run compliance checks, and debug deployments across their entire infrastructure simply by asking questions in natural language.

Published Wednesday, November 13, 2024 8:05 AM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2024>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567