Pulumi and Google Cloud Platform

Intro to Pulumi for GCP

Share this page:

Prep the environment

Installing Google Cloud SDK: https://cloud.google.com/sdk/docs/downloads-interactive

On MacOS the process is:

curl https://sdk.cloud.google.com | bash

this will trigger a looong line of installation commands will start, basically installing the following table of components:

┌─────────────────────────────────────────────────────────────────────────────┐
│                     These components will be installed.                     │
├─────────────────────────────────────────────────────┬────────────┬──────────┤
│                         Name                        │  Version   │   Size   │
├─────────────────────────────────────────────────────┼────────────┼──────────┤
│ BigQuery Command Line Tool                          │     2.0.58 │  < 1 MiB │
│ BigQuery Command Line Tool (Platform Specific)      │     2.0.58 │  < 1 MiB │
│ Cloud SDK Core Libraries (Platform Specific)        │ 2020.06.19 │  < 1 MiB │
│ Cloud Storage Command Line Tool                     │       4.51 │  3.5 MiB │
│ Cloud Storage Command Line Tool (Platform Specific) │       4.51 │  < 1 MiB │
│ Default set of gcloud commands                      │            │          │
│ anthoscli                                           │            │          │
│ anthoscli                                           │     0.1.12 │ 43.1 MiB │
│ gcloud cli dependencies                             │ 2020.06.12 │  < 1 MiB │
└─────────────────────────────────────────────────────┴────────────┴──────────┘

Once this is done, you’ll need to restart your shell, and trigger the login:

exec -l $SHELL

So this is amazing, unlike AWS CLI, where you have to configure a config file and store your credentials, GCP with the gcloud CLI will actually redirect you to the web, let you log in with your Web Auth process, including the MFA, and you’ll get offered to choose the project you want to log into:

The Google Cloud Platform (GCP) resource provider for Pulumi lets you use GCP resources in your cloud programs. To use this package, please install the Pulumi CLI first.

pip3 install pulumi_gcp

Successfully installed arpeggio-1.9.2 dill-0.3.2 grpcio-1.30.0 parver-0.3.0 protobuf-3.12.2 pulumi-2.4.0 pulumi-gcp-3.11.0 semver-2.10.2

Next comes a standard pulumi project creation, documented in the official Pulumi documentation:

~ cd unicornmurder
unicornmurder pulumi new gcp-python

This command will walk you through creating a new Pulumi project.

Enter a value or leave blank to accept the (default), and press <ENTER>.
Press ^C at any time to quit.

project name: unicorn
project description: (A minimal Google Cloud Python Pulumi program) GCP Unicorn Murder platform
Created project 'unicorn'

Please enter your desired stack name.
To create a stack in an organization, use the format <org-name>/<stack-name> (e.g. `acmecorp/dev`).
stack name: (dev)
Created stack 'dev'

gcp:project: The Google Cloud project to deploy into: unicorn-xxx
Saved config

Creating virtual environment...

Finished creating virtual environment

...

Your new project is ready to go! ✨

To perform an initial deployment, run 'pulumi up'

Pulumi projects and stacks let you organize Pulumi code. Consider a Pulumi project to be analogous to a GitHub repo—a single place for code—and a stack to be an instance of that code with a separate configuration. For instance, Project Foo may have multiple stacks for different development environments (Dev, Test, or Prod), or perhaps for different cloud configurations (geographic region for example).

Cool, seems that our project is up, lets check out what was actually created. main.py file should look like this. Apparently, by default you get a Storage Bucket creation, probably Pulumi assumes you’ll need one.

"""A Google Cloud Python Pulumi program"""

import pulumi
from pulumi_gcp import storage

# Create a GCP resource (Storage Bucket)
bucket = storage.Bucket('my-bucket')

# Export the DNS name of the bucket
pulumi.export('bucket_name', bucket.url)

Basically:

Pulumi.yaml defines the project.
Pulumi.dev.yaml contains configuration values for the stack we initialized.
__main__.py is the Pulumi program that defines our stack resources. This Pulumi program creates a storage bucket and exports the bucket URL.

Before you start, make sure you’re logged in to gcloud, by using this command to login for application default credentials:

gcloud auth application-default login

And then…

(venv) ➜  unicornmurder gcloud auth application-default login

Your browser has been opened to visit:

LINK...

Credentials saved to file: [/Users/mjovanovic/.config/gcloud/application_default_credentials.json]

These credentials will be used by any library that requests Application Default Credentials (ADC).

Quota project "unicorn-project-281314" was added to ADC which can be used by Google client libraries for billing and quota. Note that some services may still bill the project owning the resource.
(venv) ➜  unicornmurder 
(venv) ➜  unicornmurder 
(venv) ➜  unicornmurder pulumi up
Previewing update (dev):
     Type                   Name               Plan       
 +   pulumi:pulumi:Stack    unicornmurder-dev  create     
 +   └─ gcp:storage:Bucket  my-bucket          create     
 
Resources:
    + 2 to create

Do you want to perform this update?  [Use arrows to move, enter to select, type to filter]
  yes
> no
  details

[profile cepsa] sso_start_url = https://cepsacorp.awsapps.com/start sso_region = eu-west-1 sso_account_id = 803341552391 sso_role_name = arn:aws:iam::803341552391:role/Administrator_Trusted_803341552391 region = eu-west-1 output = yaml

Feedback

Was this page helpful?

Awesome! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified August 7, 2020: AddingPulumi (ef0cf4e)