Infrastructure as Code with Pulumi

Why Pulumi?

There is a tool called Terraform.

It's convenient to keep your infrastructure in version control.

Many providers have their APIs that make it possible.

But then, you'll need a different API client for each vendor you'll want to put infrastructure on. One for AWS, one for Azure, another one for Linode.

Terraform simplifies this, giving you a uniform interface to all providers.

What about knowing, when something needs to be added/deleted/redeployed?

Terraform gives you an interface that is called "declarative". You write, what you want to have, eg.: a server, a domain, and a record pointing from that server to that domain.

That's another place where using APIs of cloud providers directly, you would need to do the discovering yourself, and then make the decision to create/delete/redeploy/do nothing.

Terraform hides that complexity under the simple command terraform apply to do everything that will be needed, in order to match the current state of infrastructure to the desired one.‌

Let's say you've defined some infrastructure in HCL with Terraform.

You've defined your infrastructure in a HCL file with Terraform.

You find your label for the instance (mandatory thing to define), includes the domain name.

You also find that the domain entry (in Terraform it's called a "resource") also has the domain name in several places.

You would like to take that domain name, and put it in all those places, with only slight modifications.

In Terraform there is an option, recently added, to define a "function".

A function could take your domain name, and modify it for including in all those places.

What if you are a developer, used to add tests/examples to document every function you write. Can you easily add a test for this case in Terraform?

Although research is in progress to add test functionality to Terraform, the answer to "Is it convenient?" remains: "No, it is not".

Any alternatives that offer such functionality?

Yes, Pulumi does.

Pulumi offers a Python module. Other languages are supported too.

With that module, you can create a function to modify the domain name for use in your labels.

Then you can test that function just as you normally would with Python.

Perhaps you would use PyTest to run the test. Voila! Not much complexity added in comparison to code without any tests.

Is Pulumi legitimate?

Terraform is the current standard in "infrastructure provisioning". "Provisioning" is the industry term meaning: create infrastructure and ship it (pass it to someone) for use or further configuration.

Is Pulumi not just a cheap attempt to mock Terraform, get some attention, and then disappear?

A look at the Cloud Native Landscape by the Linux Foundation lists Pulumi right next to Puppet, Terraform, and OpenStack – all renowned industry tools.

Udemy insights show that people looking for Infrastructure as Code courses also often ask about Pulumi too.

Finally, a review of the Pulumi website indicates that a lot of thought and work has been put into making this tool robust and useful in common scenarios, including importing configurations from Terraform, and importing existing resources right into IaC config files.

That last thing especially is worth your attention. That is something Terraform itself does not support (perhaps not yet).

So: is Pulumi legitimate? It seems that yes, it is!

And what if it disappears anyway?

You will still have your infrastructure defined in plain text.

This means that even if Pulumi itself disappears, you will still have all the information needed to recreate your infrastructure.

You will be able to import that infrastructure into Terraform (the hard way available only, but that's doable).

Alternatively, you will convert your Pulumi configs into HCL, and recreate the infrastructure from there.

Either way, despite a good amount of work required, you will be able to continue working.

From the points mentioned earlier, the perspective of Pulumi suddenly disappearing still seems very unlikely.

Okay, I'm moving all my infrastructure to Pulumi right now!

Hold on!

Remember that what you already have has been serving you well for a good while.

What if a complete migration would take two weeks in the fortunate course of events?

To weeks of other work frozen because of moving something that alread works well to something you have no experience with yet.

Okay, okay, I'll play with Pulumi for a little while until I feel confident enough to move everything to it.

Then, I will do the big migration.

The code you will play with will quickly become obsolete.

You will have no long-lasting incentive to keep it up-to-date.

Perhaps you will try Pulumi, and then abandon the topic for some time.

Through that time, your benefits of having your infrastructure defined in code, or testable, will amount to 0.

A more practical scenario would be to move a little piece of infrastructure to Pulumi first.

See, how it works. Fix errors on the way.

Once it works, keep it defined this way.

After a while, you will be able to "edit" your infrastructure, just like you edit written text.

You will be able to keep improving those definitions.

This way, they will never go out of date, because they will continue making your life easier, every single day.