Adds Pulumi ESC Module #22
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
jkodroff
requested changes
May 29, 2024
|
|
||
| --- | ||
|
|
||
| ## Module 10 - Intro to Pulumi ESC - Consumers |
There was a problem hiding this comment.
Give examples here (on additional slides if necessary).
| - Imports `env_parent` values | ||
| - Adds an `aws:region` value to be consumed by a Pulumi program** | ||
|
|
||
| ** Hint: take a look at the ESC `pulumiConfig` syntax |
There was a problem hiding this comment.
Maybe make a Pulumi program that verifies the correctness of the environment config.
There was a problem hiding this comment.
This is part of the Read exercise.
There was a problem hiding this comment.
While working on this solution, I think I ran into a bug, filed pulumi/pulumi-pulumiservice#319
|
Nice to see this coming along!
(Note the typo on "Inlcuding" while you here!)
…On Wed, May 29, 2024 at 11:27 AM Josh Kodroff ***@***.***> wrote:
***@***.**** requested changes on this pull request.
------------------------------
In module-10-intro-to-pulumi-esc/slides/slides.md
<#22 (comment)>:
> +- What is it?
+- Features
+- AWS OIDC
+- CRUD
+
+---
+
+## Module 10 - Intro to Pulumi ESC
+
+- ESC -> Environments, Secrets, and Configuration
+- Centralized management solution for cloud apps + infra secrets, and configurations
+- A managed service within Pulumi Cloud (self-hosted offering at some point...)
+- Fully packed with enterprise features
+ - RBAC
+ - Auditing
+- Define _Environments_ as YAML files, which are collection of secrets and configurations.
Add a slide that breaks down Config, Secrets, and Environments as terms.
Include a breakdown of static and dynamic secrets.
------------------------------
In module-10-intro-to-pulumi-esc/slides/slides.md
<#22 (comment)>:
> +- ESC -> Environments, Secrets, and Configuration
+- Centralized management solution for cloud apps + infra secrets, and configurations
+- A managed service within Pulumi Cloud (self-hosted offering at some point...)
+- Fully packed with enterprise features
+ - RBAC
+ - Auditing
+- Define _Environments_ as YAML files, which are collection of secrets and configurations.
+
+---
+
+## Module 10 - Intro to Pulumi ESC - Advanced Features
+
+- Ability to import other Pulumi ESC Environments
+- Store Dynamic Credentials, e.g., OIDC
+- Import secrets from other [Secret Managers](https://www.pulumi.com/docs/esc/providers/)
+ - AWS, GCP, Azure, Vault, 1Password, and [more](https://www.pulumi.com/docs/esc/other-integrations/).
Break down integrations on a separate slide.
------------------------------
In module-10-intro-to-pulumi-esc/slides/slides.md
<#22 (comment)>:
> + - Auditing
+- Define _Environments_ as YAML files, which are collection of secrets and configurations.
+
+---
+
+## Module 10 - Intro to Pulumi ESC - Advanced Features
+
+- Ability to import other Pulumi ESC Environments
+- Store Dynamic Credentials, e.g., OIDC
+- Import secrets from other [Secret Managers](https://www.pulumi.com/docs/esc/providers/)
+ - AWS, GCP, Azure, Vault, 1Password, and [more](https://www.pulumi.com/docs/esc/other-integrations/).
+- Import secrets from Pulumi Stacks
+
+---
+
+## Module 10 - Intro to Pulumi ESC - AWS OIDC
Love this!
------------------------------
In module-10-intro-to-pulumi-esc/slides/slides.md
<#22 (comment)>:
> +- Popular configuration for AWS + Dynamic Credentials
+
+```yaml
+aws:
+ login:
+ fn::open::aws-login:
+ oidc:
+ roleArn: arn:aws:iam::123456789:role/esc-oidc
+ sessionName: pulumi-environments-session
+```
+
+Other configuration [options](https://www.pulumi.com/docs/esc/providers/aws-login/#configuring-oidc) available.
+
+---
+
+## Module 10 - Intro to Pulumi ESC - CRUD
Give examples of each.
------------------------------
In module-10-intro-to-pulumi-esc/slides/slides.md
<#22 (comment)>:
> +Other configuration [options](https://www.pulumi.com/docs/esc/providers/aws-login/#configuring-oidc) available.
+
+---
+
+## Module 10 - Intro to Pulumi ESC - CRUD
+
+You can CRUD Pulumi ESC environments from
+
+- Pulumi ESC CLI
+- Pulumi CLI, via the `pulumi esc` command
+- Pulumi Cloud REST API
+- Pulumi Service Provider (in the works)
+
+---
+
+## Module 10 - Intro to Pulumi ESC - Consumers
Give examples here (on additional slides if necessary).
------------------------------
In module-10-intro-to-pulumi-esc/slides/slides.md
<#22 (comment)>:
> +- Within Pulumi programs
+ - Referenced in the Stack file
+- Via other ESC Environments
+ - Defined in the `imports` section of the Environment file.
+
+The above allow for straightforward integration with CI/CD pipelines.
+
+---
+
+## Module 10 - Intro to Pulumi ESC - Other
+
+- Currently, in preview /expected to GA in September 2024
+- Pricing TBD, free during Preview
+- Other features
+ - Version control
+ - Table UI editing capabilities
I'd create a separate slide of this with a screenshot.
------------------------------
In module-10-intro-to-pulumi-esc/slides/slides.md
<#22 (comment)>:
> + - Loaded via the ESC CLI or the Pulumi CLI
+- Within Pulumi programs
+ - Referenced in the Stack file
+- Via other ESC Environments
+ - Defined in the `imports` section of the Environment file.
+
+The above allow for straightforward integration with CI/CD pipelines.
+
+---
+
+## Module 10 - Intro to Pulumi ESC - Other
+
+- Currently, in preview /expected to GA in September 2024
+- Pricing TBD, free during Preview
+- Other features
+ - Version control
This should also be broken out. What are the use cases?
------------------------------
In module-10-intro-to-pulumi-esc/exercises/README.md
<#22 (comment)>:
> @@ -0,0 +1,56 @@
+# Module 10 - Intro to Pulumi ESC - Exercises
Rescoped some modules. This is now just "ESC" (no intro). There isn't that
much to explain about it from an end user point of view, so one module to
rule them all, at least on this subject.
------------------------------
In module-10-intro-to-pulumi-esc/slides/slides.md
<#22 (comment)>:
> @@ -0,0 +1,83 @@
+# Module 10 - Intro to Pulumi ESC - 🌐 Overview
+
+Learn the fundamentals Pulumi ESC.
+
+- What is it?
+- Features
+- AWS OIDC
+- CRUD
+
+---
+
+## Module 10 - Intro to Pulumi ESC
Add a slide explaining the problem this is meant to solve.
------------------------------
In module-10-intro-to-pulumi-esc/exercises/README.md
<#22 (comment)>:
> +
+## Module 10 - Intro to Pulumi ESC - Exercise 1 - [C]reate
+
+Create two Pulumi ESC Environments such that
+
+The `env_parent` Environment:
+
+- Has a static value as `HELLO=world`
+- Has a secret value as `BEST_NFL=<your_fav_NFL_team>`
+
+The `env_child` Environment :
+
+- Imports `env_parent` values
+- Adds an `aws:region` value to be consumed by a Pulumi program**
+
+** Hint: take a look at the ESC `pulumiConfig` syntax
Maybe make a Pulumi program that verifies the correctness of the
environment config.
------------------------------
In module-10-intro-to-pulumi-esc/exercises/README.md
<#22 (comment)>:
> +## Module 10 - Intro to Pulumi ESC - Exercise 2 - [R]ead
+
+- Create a Read Only ESC Team token to read everything** in `env_child`
+- Use the token to Read the contents of `env_child` via:
+
+ - Pulumi ESC CLI
+ - Pulumi CLI
+ - A Pulumi program
+
+** Hint: Inlcuding imported values
+
+---
+
+## Module 10 - Intro to Pulumi ESC - Exercise 3 - [U]pdate
+
+Update the `env_parent` with AWS OIDC integration
Gonna need a Pulumi program that correctly configures an OIDC provider.
(These already exist somewhere in our GH org.)
—
Reply to this email directly, view it on GitHub
<#22 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB77TQQZ7P6B3W6CMR42HYTZEYMYJAVCNFSM6AAAAABHQ5WFS2VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDAOBWGEYTENRSHE>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
jkodroff
requested changes
Jun 10, 2024
|
|
||
| --- | ||
|
|
||
| ## Module 10 - Pulumi ESC - Advanced Features |
There was a problem hiding this comment.
These aren't advanced IMO - they're foundational pieces of functionality in the tool. Suggest breaking each one of these out into their own slide if not covered later in the presentation.
There was a problem hiding this comment.
How about calling them capabilities?
There was a problem hiding this comment.
Or just "features". My objection was that they are not advanced per-se.
| @@ -0,0 +1,58 @@ | |||
| # Module 10 - Pulumi ESC - Exercises - 🎯 Goal | |||
There was a problem hiding this comment.
The exercises need to show:
- AWS OIDC
- AWS Secrets Manager as a source
- config values
- environment inheritance
and then pass those things into a Pulumi program.
|
Related Docs issue |
added 3 commits
June 12, 2024 14:03
jkodroff
approved these changes
Jun 18, 2024
module-09-pulumi-esc/.DS_Store
Outdated
added 2 commits
June 21, 2024 10:45
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a module covering Pulumi ESC 101
Fixes #18