Should you use Terraform or Pulumi?

Three illustrated characters showing different reactions: one casually eating snacks, another with a bandaged head and unhappy expression, and the last one sneezing into a tissue. Three illustrated characters showing different reactions: one casually eating snacks, another with a bandaged head and unhappy expression, and the last one sneezing into a tissue.
terraform init --reconfigure
terraform plan
terraform apply

How many times have you executed these commands? In my case thousands of times. I have deployed infrastructure in many companies, and different cloud providers, but how many times have you executed

pulumi login
pulumi up

May be only a few times? May be never?

Cloud Native consulting: regardless if you are just getting started, or looking for a big shift from the old ways to the future, we are here to help. About consulting

Today we are going to talk about two tools that we have currently in the market that generate a lot of controversies because they are very similar, we are going to see the differences between Pulumi and Terraform, and if is there any. We are going to see when to use any of those tools and which one is the best in every situation and may be, because always there is a may be, may be we don’t like any of those and we prefer a shell script with a direct API call to our cloud provider, why not?

Cloud Native consulting: regardless if you are just getting started, or looking for a big shift from the old ways to the future, we are here to help. About consulting

First, let's start to show the characteristic of every one of our options.

Terraform

We can say that Terraform is the most famous Infrastructure as a code application currently in the market. Terraform is a declarative tool that uses a syntax called HCL, like this

resource "google_compute_network" "network" {
name = “resource”
project = “project”
routing_mode = "GLOBAL"
auto_create_subnetworks = false
delete_default_routes_on_create = true
}

The idea is that terraform will read this code, and with the information from a database called state file, where we have all the components currently created with Terraform, will create an action plan about what to do. And it is so simple, reading this file can decide to add a resource, edit or even delete this resource. For sure that this can be more complicated as soon as we add modules, but basically this is the idea.

This state file database can be local or remote, for example in a cloud bucket, or in Terraform Cloud and will contain information about all the resources that we have defined. Ok, not all, only the ones that are defined in this folder. And what does mean? that if I go to a different folder and I execute a different HCL file I will create other resources. And those are connected? Answer yes and no. No because those components are no connected at all because they are in different state files, and the answer is yes too, because if I want I can connect those components with a terraform object called terraform_remote_state.

So, if I work in a folder I can only execute this code once? so can I not reuse this code? Again there are several answers, but let’s say that yes, you can reuse this code in several ways.

You can for example use workspaces that will allow you to execute different times the same code in different with different environments variables. This is as simple as locating state files for Terraform in different folders in the state file. Another way to reuse the code is the modules that allow us to use libraries, but always you need to remember that terraform is a declarative language that uses HCL as syntax and this is not always simple to do.

Pulumi

On the other side Pulumi. What is Pulumi? Pulumi is a side effect of Open Source. Terraform is an Open Source application, and that means that the code is there, open. This is a very good way to make money, but on the bad side of Open Source, people can copy you. And this is Pulumi, a copy of Terraform. Ok, it is not really a copy, and if it is a copy, it will be a copy of Terraform SDK, and really Pulumi was before Terraform SDK, so we are not going to say that anymore. But why have investors already expended 60 million on this project if this is a tool to do something that currently can be done with the original tool? I have no answer to that but here we have some options.

Pulumi people have removed the complexity of HCL syntax creating libraries that can be used in languages like Python, Java Script, go, or. NET. So Pulumi is Terraform, and nobody can doubt that. But is a terraform SDK, so why not to use terraform SDK instead. No idea, may be this is a question to make to the Pulumi investors, or the investors of the beautiful terminal, warp. Why do they expend 23 million on a terminal? No idea, but it is cool.

So Pulumi is like Terraform SDK. But there are some issues because it is not as up-to-date as Terraform can be. And what does that mean? If Google, for example, is going to add a new functionality will talk with Terraform and will explain to them what is the new functionality, how it's working, and they will include this functionality. Pulumi is almost 100 employees while Hasicorp is 2500 employees. So it should be hard for Pulumi to be up to date only if we think about all the new functionalities that we have daily in AWS, Azure, and GCP.

But this is the bad side. Now, what is good? Pulumi allows us to make simple from what is complex. And what is that? For example when we want to use conditional based on variables, loops, injections of variables, and many other things. But why? Simple, HCL is not a simple syntax while, for example, if you know Python, something complex could be done in 10 simple lines. But ok, Terraform SDK can solve that too.

Pulumi uses stack instead of states and this at some point could reduce the complexity, but neither solve the problem because we can use the same stack in different folder distributing the problem. The same problem that we had with Terraform and the possibility to reuse the code.

And we have the same issue that we have with Terraform. State files or stacks are not at the same level as the branches. We have Infrastructure as code tools that are living in git, where we use branches, but Terraform and Pulumi use stacks and state files, and those are not at the same level.

But what option is the best?

We need to consider first that we are talking about infrastructure as a code tool and we need to find what is the best infrastructure tool.

  • Both are doing the same, deploying resources using the code that we provide, but Terraform simply uses a tf file with an HCL syntax to create an object and Pulumi is a library of a language. So here we have to think if we have a developer team to deploy infrastructure or a DevOps team to deploy the infrastructure. Mostly most of the people that deploy infrastructure are not developers so I think that here Terraform is the winner.
  • If we have a complex environment, but complex in a dynamic way. In an environment with an infrastructure that dynamically is growing and shrinking and that needs for that reason, a big number of loops and conditional, may be HCL is not your solution because it is going to generate a code difficult to understand. So here Pulumi is the winner. But what happens if my team has no idea about languages like Python or Java Script? Should I need to hire a developer and an infra guy? I think that no.
  • If we have a multi-cloud environment both are working with the main three Azure, GCP, and AWS so there is no winner here.
  • But if you are in any of the previous Cloud Providers and you need support in your infrastructure, or you need a specific utility, level of support, SLA, and a big team working with you, for sure that Terraform is the winner. *Something to consider is what could happen in 2 years time. Pulumi can disappear, this is a risk capital investment and could be the case that may be there is no more money. On the other side Hasicorp can disappear too, so why not. Last quarter generated 117 million in revenue but still with a negative EPS of -0.17, and since they are in the Nasdaq never generate benefits. But there is a vast difference. There are 1.600 contributors in Terraform's main repo and almost 10 times less in the Pulumi repo. There are more contributors in Terraform SDK (221) than in Pulumi (181). So if something happens and those 2 companies close the door, there are at least 10 more options that people will continue Terraform project the people in Pulumi continue the work.

So Terraform or Pulumi, what is the best? May be a simple shell script with an API call, who knows!


Here's the same article in video form for your convenience: