Pulumi Resources
These pages often point at shared systems. Confirm the cluster, namespace, and ownership boundary before running mutating commands.
Pulumi creates the cluster itself. ArgoCD deploys the applications that run inside that cluster.
This page is about the first half of that split: the infrastructure Pulumi owns.
Pulumi bootstraps the DigitalOcean Kubernetes cluster and installs ArgoCD. Total: about 9 resources, about 5 minutes to deploy.
Architecture
The split is clean:
- Pulumi answers "where does the cluster exist?"
- ArgoCD answers "what runs in the cluster?"
Two Phases
All code lives in crawbl-backend/internal/infra/.
| Phase | Directory | Resources Created |
|---|---|---|
| Cluster | cluster/ | VPC, DOKS cluster (registryIntegration=true), container registry |
| Platform | platform/ | ArgoCD Helm release only |
registryIntegration=true on DOKS grants cluster nodes pull access to DOCR.
In plain language, nodes can pull private images without you creating per-namespace image pull secrets.
Commands
crawbl infra init # Initialize or select Pulumi stack
crawbl infra plan # Preview changes
crawbl infra update # Apply changes (--auto-approve to skip confirmation)
crawbl infra destroy # Destroy all resources
Stack Configuration
Stack config lives in Pulumi.<env>.yaml:
config:
crawbl:environment: dev
crawbl:region: fra1
crawbl:cluster:
nodeSize: s-2vcpu-4gb
nodeCount: 1
highAvailability: false
autoUpgrade: true
surgeUpgrade: true
ArgoCD Helm values live in crawbl-backend/config/helm/argocd.yaml.
Pulumi state is stored in Pulumi Cloud.
Required Environment Variables
| Variable | Description |
|---|---|
PULUMI_ACCESS_TOKEN | Pulumi Cloud authentication |
DIGITALOCEAN_TOKEN | DigitalOcean API access |
DIGITALOCEAN_VPC_ID | (Optional) Reuse an existing VPC |
export PULUMI_ACCESS_TOKEN=<token>
export DIGITALOCEAN_TOKEN=<token>
# Optional: reuse existing VPC
export DIGITALOCEAN_VPC_ID=<vpc-id>
Teardown
Use destroy only when you intend to remove the environment, not when you are trying to fix an application deploy.
crawbl infra destroy
Destroy runs in reverse dependency order: edge, platform, then cluster.
Long-lived resources such as the DOCR registry or VPC may still need manual cleanup if they were created outside Pulumi.
🔗 Terms On This Page
If a term below is unfamiliar, open its glossary entry. For the full list, go to Internal Glossary.
- Pulumi: The infrastructure-as-code tool that creates the cluster and foundational platform resources.
- DOKS: DigitalOcean Kubernetes, the managed Kubernetes service used for the Crawbl cluster.
- DOCR: DigitalOcean Container Registry, where Crawbl stores container images.
- ArgoCD: The GitOps deployment system that keeps the cluster aligned with what is committed in Git.