Conversation
…tices Add a new operations/ section under self-hosting docs covering architecture, database HA, compute sizing, object storage, networking, monitoring, backup and recovery, upgrades, and security hardening. Add cross-references from existing components/api.md and network.md pages. Update self-hosting landing page with operations cards and bump changelog menu weight. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Docs reviewThis is a well-structured, comprehensive set of operations documentation for self-hosted Pulumi Cloud. The content is organized logically, cross-references are consistent, and frontmatter is complete across all 10 new pages. A few items to address: Issues1. En dash in numeric ranges (style guide: use
2. Vague qualifier — Per the style guide, avoid vague qualifiers like "reasonable."
3. Config key name mismatch with described service
The section heading says "CAPTCHA and bot protection" and references Cloudflare Turnstile, but the config keys are named 4. Magic number without explanation
Minor observations
Mention @claude if you'd like additional review after addressing these items. |
|
Your site preview for commit e4f4ac6 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-17872-e4f4ac63.s3-website.us-west-2.amazonaws.com. |
- Use en dashes for numeric ranges (1–4 hours, 50–60%) - Replace vague qualifier "reasonable" with "good" - Clarify that recaptcha config keys accept Cloudflare Turnstile credentials - Explain why terminationGracePeriodSeconds is set to 130 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Your site preview for commit 8c167fd is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-17872-8c167fd9.s3-website.us-west-2.amazonaws.com. |
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
CamSoper
left a comment
CamSoper
left a comment
There was a problem hiding this comment.
LGTM! Great addition of the self-hosted operations guide. I pushed a small fix for Title Case on the h1/title frontmatter fields per our style guide. Everything else looks clean — well-structured content, correct nav hierarchy, and good cross-references.
|
Your site preview for commit 7901e4c is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-17872-7901e4c8.s3-website.us-west-2.amazonaws.com. |
| | :-- | :-- | | ||
| | Object storage | Blob storage for checkpoint (state) files and policy packs. Supported: S3 and compatible implementations, Azure Blob Storage, Google Cloud Storage | | ||
| | Search (optional) | OpenSearch 2.x or Elasticsearch 7.x for resource search and AI features | | ||
| | Cache (optional) | Redis 6.2 or later for session caching and performance | |
There was a problem hiding this comment.
I'm not aware of any customer who uses Redis or any sort of caching layer - I don't believe that even BMW who were our most active self-hosted user had this so you can probably remove references to this
| | Component | Description | | ||
| | :-- | :-- | | ||
| | Object storage | Blob storage for checkpoint (state) files and policy packs. Supported: S3 and compatible implementations, Azure Blob Storage, Google Cloud Storage | | ||
| | Search (optional) | OpenSearch 2.x or Elasticsearch 7.x for resource search and AI features | |
There was a problem hiding this comment.
OpenSearch/ElasticSearch is only optional if you don't want any sort of resource search, so I wouldn't have this as optional even if it technically is
|
|
||
| ### Connection pooling | ||
|
|
||
| For AWS deployments with many concurrent users, consider placing [Amazon RDS Proxy](https://aws.amazon.com/rds/proxy/) in front of your Aurora or RDS instance. RDS Proxy pools and shares database connections, reducing connection overhead and improving failover times. |
There was a problem hiding this comment.
Not sure anyone will actually need this.
| @@ -0,0 +1,69 @@ | |||
| --- | |||
| title_tag: "Monitoring and Alerting | Self-Hosting Pulumi" | |||
There was a problem hiding this comment.
Prometheus metrics for the Go application are available so you should probably mention these: /docs/administration/self-hosting/components/api/#opentelemetry
| - Password reset emails | ||
| - Organization notifications | ||
|
|
||
| SMTP is optional for initial testing but required for production use. See the [API component reference](/docs/administration/self-hosting/components/api/) for SMTP environment variables. |
There was a problem hiding this comment.
It's not required for production use. Since most people will use SAML, forgotten password flow isn't used. I think the only thing that will use SMTP is email notifications.
| - API service and console deployed with 2+ replicas | ||
| - Database migrations run successfully | ||
| - DNS records configured for both API and console domains | ||
| - TLS termination configured on load balancer |
There was a problem hiding this comment.
| - TLS termination configured on load balancer |
This may not happen, depending on the setup
| | Installer | Default instance type | Notes | | ||
| | :-- | :-- | :-- | | ||
| | ECS | db.t3.medium (4 GB RAM) | Suitable for small-to-medium workloads | | ||
| | EKS | db.r5.large (16 GB RAM) | Memory-optimized, better for production | |
There was a problem hiding this comment.
I suspect that these two (ECS/EKS) can be the same and are just different because different people updated the installers. I don't see that there is a difference in size because of the compute platform
| | :-- | :-- | :-- | | ||
| | ECS | db.t3.medium (4 GB RAM) | Suitable for small-to-medium workloads | | ||
| | EKS | db.r5.large (16 GB RAM) | Memory-optimized, better for production | | ||
| | GKE | db-g1-small (1.7 GB RAM) | Minimal; upgrade for production use | |
There was a problem hiding this comment.
Can you add in Azure as well?
There was a problem hiding this comment.
There is a list of port requirements here: /docs/administration/self-hosting/network/ (although it is slightly out of date and doesn't include the elasticsearch/opensearch ports)
There was a problem hiding this comment.
added elasticsearch http port
|
|
||
| Pulumi Cloud uses object storage for checkpoint (state) files, policy packs, and other data. This page covers the storage architecture and best practices for production deployments. | ||
|
|
||
| ## Storage architecture |
There was a problem hiding this comment.
You can also specify a file path if you want to use a filesystem for storage: /docs/administration/self-hosting/components/api/#local-storage
Co-authored-by: Piers Karsenbarg <piers@pulumi.com>
|
Your site preview for commit e96ece2 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-17872-e96ece2f.s3-website.us-west-2.amazonaws.com. |
wlami
left a comment
wlami
left a comment
There was a problem hiding this comment.
Thanks for the valueable feedback, @pierskarsenbarg !
| | :-- | :-- | | ||
| | Object storage | Blob storage for checkpoint (state) files and policy packs. Supported: S3 and compatible implementations, Azure Blob Storage, Google Cloud Storage | | ||
| | Search (optional) | OpenSearch 2.x or Elasticsearch 7.x for resource search and AI features | | ||
| | Cache (optional) | Redis 6.2 or later for session caching and performance | |
| | :-- | :-- | :-- | | ||
| | ECS | db.t3.medium (4 GB RAM) | Suitable for small-to-medium workloads | | ||
| | EKS | db.r5.large (16 GB RAM) | Memory-optimized, better for production | | ||
| | GKE | db-g1-small (1.7 GB RAM) | Minimal; upgrade for production use | |
|
|
||
| ### Connection pooling | ||
|
|
||
| For AWS deployments with many concurrent users, consider placing [Amazon RDS Proxy](https://aws.amazon.com/rds/proxy/) in front of your Aurora or RDS instance. RDS Proxy pools and shares database connections, reducing connection overhead and improving failover times. |
There was a problem hiding this comment.
added elasticsearch http port
|
|
||
| Pulumi Cloud uses object storage for checkpoint (state) files, policy packs, and other data. This page covers the storage architecture and best practices for production deployments. | ||
|
|
||
| ## Storage architecture |
- Remove Redis/cache from architecture (unused by customers) - Mark OpenSearch as required, not optional - Normalize DB instance sizing by cloud provider, add Azure - Remove RDS Proxy section - Add Prometheus/OpenTelemetry reference to monitoring - Correct SMTP guidance: optional with SAML SSO - Reframe installer update guidance as reference architecture - Rename to "Pulumi Cloud license key" to avoid OSS confusion - Remove TLS cert and DB migrations checklist items - Add local filesystem storage option to object-storage - Add OpenSearch port 9200 to network requirements Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Your site preview for commit 97b0f6e is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-17872-97b0f6e3.s3-website.us-west-2.amazonaws.com. |
4 participants
Summary
components/api.mdandnetwork.mdpages to the new operations guideTest plan
make lintpasses (0 errors)make buildsucceedscomponents/api.mdandnetwork.mdresolve correctlycomponents/api.mdfor env var details instead of duplicating them🤖 Generated with Claude Code