Author: Stefan Severin

Modern IaC solution based on Pulumi – Part 3

Post author By Stefan Severin
Post date 2020-06-03

In this third part of Modern IaC solution based on Pulumi I will go through how we handled authentication against Azure and Pulumi in code. I will also show you how we used Azure Key Vault to handle our secrets.

In the previous post Modern IaC solution based on Pulumi – Part 2 I went through our approach to self-manage the Pulumi backend in Azure. It involved creating Azure Blob Storage for storing Pulumi stack states and a Key Vault for config/secret encryption. I also showed how we created a Service Principal for logging in and interacting with Azure.

Cloud Development

Modern IaC solution based on Pulumi – Part 2

Post author By Stefan Severin
Post date 2020-04-16

As I mentioned in the opening post Modern IaC solution based on Pulumi – Part 1 we decided to self-manage the Pulumi backend. In this post I will describe what we did to accomplish this and related things.

Pulumi gives you multiple options when it comes to storing a copy of the current infrastructure state. For most cases the Pulumi Service backend is ideal. Just install the Pulumi CLI and you are pretty much all set. It will manage the state for you, including state sharing, state access synchronization, secret encryption and backup.

Utveckling

Modern IaC solution based on Pulumi – Part 1

Post author By Stefan Severin
Post date 2020-04-01

At my previous customer, an international and well-known telecom company, I’ve been helping the Azure team with migrating their legacy IaC (Infrastructure as Code) solution based mainly on Bash scripts and ARM templates over to a modern IaC solution based on Pulumi.

In a short series of posts I will share some of the findings picked up during this 3-month short assignment. The Pulumi solution handles both IaaS (Infrastructure as a Service) related workloads such as a full-blown Hub-spoke network topology as well as PaaS (Platform as a Service) workloads, such as Azure Kubernetes Services, Key Vault and Cosmos Db.