Judging by all the next-generation tools coming on the market this year, the management of Kubernetes definitely requires a great deal of simplification and security. There’s no question that administrative complexity in cloud management is a worrying factor for IT managers and developer teams.
At KubeCon Salt Lake City 2024, cloud infrastructure software maker Pulumi today revealed its own new set of tools and features aimed at simplifying and securing Kubernetes deployments.
The Seattle-based company’s Infrastructure as Code (IaC) platform now offers a Kubernetes-native deployment agent for improved security and scalability, along with updates to its Amazon EKS provider, enabling support for Amazon Linux 2023 and updated security features.
Pulumi’s latest release is designed to serve as an antidote to the growing complexity of managing Kubernetes environments. As enterprises increasingly rely on diverse cloud native tools and multicloud deployments, managing infrastructure, ensuring security, and maintaining visibility across Kubernetes resources has become more challenging.
“Traditional infrastructure management tools struggle to handle the scale and complexity of Kubernetes deployments,” CEO Joe Duffy told The New Stack. Pulumi uses familiar programming languages and AI to simplify these tasks.
Managing Kubernetes workloads is increasingly complex because they rely on numerous different Cloud Native Native Foundation (CNCF) products and span multiple clouds. This complexity creates significant challenges for managing infrastructure, securing cloud workloads, and gaining observability across all Kubernetes resources and infrastructure. Managing infrastructure has become hamstrung by legacy tools that weren’t designed to handle hundreds of Kubernetes resources spread across multiple clusters, Duffy said.
Pulumi Infrastructure as Code (IaC) offers a next-gen solution to these problems. Instead of specialized languages, teams can now program both their cloud infrastructure and Kubernetes resources using familiar general-purpose programming languages, aided by generative AI capabilities.
Detail on the updates includes:
- Pulumi Kubernetes Operator 2.0: Introduces dedicated workspace pods for improved isolation, scalability, and access control. This automates the deployment and management of infrastructure by running Pulumi programs directly in Kubernetes clusters, enabling teams to manage cloud resources alongside Kubernetes-native resources. The Pulumi Kubernetes Operator 2.0 is a significant upgrade that introduces dedicated “workspace” pods for each stack resource, effectively isolating each stack’s compute and memory resources, improving the isolation of secrets, and opening up new customization options. The operator now scales horizontally, enhancing performance and enabling teams to manage complex Kubernetes setups with greater reliability.
- Improved Amazon Elastic Kubernetes Service (EKS) provider: Adds support for Amazon Linux 2023, Bottlerocket, EKS Security Groups for Pods, and Network Policies. This ensures that workloads are optimized for performance and compliance, while addressing the deprecation of Amazon Linux 2. Managing critical EKS components like vpc-cni, coredns, and kube-proxy is automated, reducing operational burden. Improved networking features, such as Security Groups for Pods, enable fine-grained control over traffic within clusters, improving security.
- Pulumi ESC integration with External Secrets Operator: Streamlines secure secrets management within Kubernetes applications. This integration solves Kubernetes’ native secret management challenges (e.g., less secure and hard to manage). By syncing secrets from external systems such as AWS Secrets Manager, HashiCorp Vault, and Pulumi ESC, it provides more secure storage and access of secrets across environments. Pulumi ESC is unique in that it provides a centralized secrets management and orchestration service that makes it easy to tame secrets sprawl and configuration complexity securely across all cloud infrastructure and applications. Secrets can be pulled and synced from any secrets store — including HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, 1Password, and more — and consume secrets in any application, tool, or CI/CD platform.
- Pulumi Insights: Provides unified search, compliance remediation, and visualization across all infrastructure resources.
“With today’s launch, customer-managed Pulumi Deployments Agents now allows organizations to host Pulumi Deployments agents within their Kubernetes environments, improving the flexibility and control they have over their infrastructure deployments,” Duffy told The New Stack. “Kubernetes-native support offers greater flexibility, scalability, and security for self-hosted Pulumi Deployments agents. The agent is deployed directly into a Kubernetes cluster.” See the code here.
Snowflake, insurance provider Lemonade and North Carolina Institute of Climate Studies are current Pulumi customers. Customer-Managed Agents are available on the Business Critical edition of Pulumi Cloud.
The post Pulumi Centralizes Kubernetes Management with Native Tools appeared first on The New Stack.
Infrastructure as Code (IaC) platform now offers a Kubernetes-native deployment agent for improved security and scalability.