Add a site
In this tutorial, you will follow step-by-step instructions to bring an existing site to Cloudflare using Pulumi infrastructure as code (IaC) to familiarize yourself with the resource management lifecycle. In particular, you will create a Zone and a DNS record to resolve your newly added site. This tutorial adopts the IaC principle to complete the steps listed in the Add site tutorial.
Ensure you have:
- A Cloudflare account and API Token with permission to edit the resources in this tutorial. If you need to, sign up for a Cloudflare account ↗ before continuing. Your token must have:
Zone-Zone-Edit
permissionZone-DNS-Edit
permissioninclude-All zones from an account-<your account>
zone resource
- A Pulumi Cloud account. You can sign up for an always-free individual tier ↗.
- The Pulumi CLI is installed on your machine.
- A Pulumi-supported programming language ↗ is configured. (TypeScript, JavaScript, Python, Go, .NET, Java, or use YAML)
- A domain name. You may use
example.com
to complete the tutorial.
A Pulumi project is a collection of files in a dedicated folder that describes the infrastructure you want to create. The Pulumi project folder is identified by the required Pulumi.yaml
file. You will use the Pulumi CLI to create and configure a new project.
Use a new and empty directory for this tutorial.
mkdir addsite-cloudflarecd addsite-cloudflare
Pulumi Cloud ↗ is a hosted service that provides a secure and scalable platform for managing your infrastructure as code. You will use it to store your Pulumi backend configurations.
At the prompt, press Enter to log into your Pulumi Cloud account via the browser. Alternatively, you may provide a Pulumi Cloud access token ↗.
pulumi login
A Pulumi program is code written in a supported programming language ↗ that defines infrastructure resources.
To create a program, select your language of choice and run the pulumi
command:
pulumi new javascript --name addsite-cloudflare --yes# wait a few seconds while the project is initialized
pulumi new typescript --name addsite-cloudflare --yes# wait a few seconds while the project is initialized
pulumi new python --name addsite-cloudflare --yes# wait a few seconds while the project is initialized
pulumi new go --name addsite-cloudflare --yes# wait a few seconds while the project is initialized
pulumi new java --name addsite-cloudflare --yes# wait a few seconds while the project is initialized
pulumi new csharp --name addsite-cloudflare --yes# wait a few seconds while the project is initialized
pulumi new yaml --name addsite-cloudflare --yes
A Pulumi stack ↗ is an instance of a Pulumi program. Stacks are independently configurable and may represent different environments (development, staging, production) or feature branches. For this tutorial, you'll use the dev
stack.
To instantiate your dev
stack, run:
pulumi up --yes# wait a few seconds for the stack to be instantiated.
You have not defined any resources at this point, so you'll have an empty stack.
In this step, you will store your settings in a Pulumi ESC Environment ↗, a YAML file containing configurations and secrets. These can be accessed in several ways, including a Pulumi program. All ESC Environments securely reside in your Pulumi Cloud account and can be fully managed via the Pulumi CLI. For this tutorial, you will store the following values:
- Your Cloudflare account ID.
- A valid Cloudflare API token.
- A domain. For instance,
example.com
.
# Define an ESC Environment nameE=clouflare/my-dev-env
# Create a new Pulumi ESC Environmentpulumi config env init --env $E --yes
Creating environment clouflare/my-dev-env for stack dev...
# Replace abc123 with your Cloudflare Account IDpulumi env set $E --plaintext pulumiConfig.accountId abc123
# Replace API_TOKEN with your Cloudflare API Tokenpulumi env set $E --secret pulumiConfig.cloudflare:apiToken API_TOKEN
# Replace example.com with your registered domain, or leave as ispulumi env set $E --plaintext pulumiConfig.domain example.com
You need to install the Cloudflare package for your language of choice in order to define Cloudflare resources in your Pulumi program.
Install the Cloudflare package by running the following command:
npm install @pulumi/cloudflare
added 1 package ...
npm install @pulumi/cloudflare
added 1 package ...
echo "pulumi_cloudflare>=5.38,<6.0.0" >> requirements.txtsource venv/bin/activatepip install -r requirements.txt
...Collecting pulumi-cloudflare...
go get github.com/pulumi/pulumi-cloudflare/sdk/v3/go/cloudflare
go: downloading github.com/pulumi/pulumi-cloudflare ...
Below are Apache Maven instructions. For other Java project managers such as Gradle, see the official Maven repository ↗
- Open your
pom.xml
file. - Add the Pulumi Cloudflare dependency inside the
<dependencies>
section.
<dependency> <groupId>com.pulumi</groupId> <artifactId>cloudflare</artifactId> <version>5.38.0</version></dependency>
- Run:
mvn clean install
...[INFO] BUILD SUCCESS...
dotnet add package Pulumi.Cloudflare
...info : Adding PackageReference for package 'Pulumi.Cloudflare' into project...
There are no dependencies to download for YAML. Skip ahead.
With the Cloudflare package installed, you can now define any supported Cloudflare resource ↗ in your Pulumi program. You'll define a Zone, and a DNS Record next.
A domain, or site, is known as a Zone in Cloudflare. In Pulumi, the Zone resource ↗ represents a Cloudflare Zone.
Replace the contents of your entrypoint file with the following:
Filename: index.js
"use strict";const pulumi = require("@pulumi/pulumi");const cloudflare = require("@pulumi/cloudflare");
const config = new pulumi.Config();const accountId = config.require("accountId");const domain = config.require("domain");
// Create a Cloudflare resource (Zone)const zone = new cloudflare.Zone("my-zone", { zone: domain, accountId: accountId, plan: "free", jumpStart: true,});
exports.zoneId = zone.id;exports.nameservers = zone.nameServers;exports.status = zone.status;
Filename: index.ts
import * as pulumi from "@pulumi/pulumi";import * as cloudflare from "@pulumi/cloudflare";
const config = new pulumi.Config();const accountId = config.require("accountId");const domain = config.require("domain");
// Create a Cloudflare resource (Zone)const zone = new cloudflare.Zone("my-zone", { zone: domain, accountId: accountId, plan: "free", jumpStart: true,});
export const zoneId = zone.id;export const nameservers = zone.nameServers;export const status = zone.status;
Filename: __main__.py
import pulumiimport pulumi_cloudflare as cloudflare
account_id = pulumi.Config().require("accountId")domain = pulumi.Config().require("domain")
# Create a Cloudflare resource (Zone)zone = cloudflare.Zone("my-zone", zone=domain, account_id=account_id, plan="free", jump_start=True)
pulumi.export("zoneId", zone.id)pulumi.export('nameservers', zone.name_servers)pulumi.export('status', zone.status)
Filename: main.go
package main
import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" cloudflare "github.com/pulumi/pulumi-cloudflare/sdk/v3/go/cloudflare")
func main() { pulumi.Run(func(ctx *pulumi.Context) error { domain, _ := ctx.GetConfig("domain")
// Create a Cloudflare resource (Zone) zone, err := cloudflare.NewZone(ctx, "my-zone", &cloudflare.ZoneArgs{ Zone: pulumi.String(domain), Plan: pulumi.String("free"), JumpStart: pulumi.Bool(true), }) if err != nil { return err }
ctx.Export("zoneId", zone.ID()) ctx.Export("nameservers", zone.NameServers) ctx.Export("status", zone.Status) return nil })}
Filename: src/main/java/myproject/App.java
package myproject;
import com.pulumi.Pulumi;import com.pulumi.Context;import com.pulumi.cloudflare.ZoneArgs;import com.pulumi.cloudflare.Zone;
public class App { public static void main(String[] args) { Pulumi.run(ctx -> { var config = ctx.config();
String accountId = config.require("accountId"); String domain = config.require("domain");
var zone = new Zone("my-zone", ZoneArgs.builder() .zone(domain) .accountId(accountId) .plan("free") .jumpStart(true) .build());
ctx.export("zoneId", zone.id()); ctx.export("nameservers", zone.nameServers()); ctx.export("status", zone.status()); }); }}
Filename: Program.cs
using System.Threading.Tasks;using System.Collections.Immutable;using Pulumi;using Pulumi.Cloudflare;
class Program{ static Task<int> Main() => Deployment.RunAsync<MyStack>();
class MyStack : Stack { public MyStack() { var config = new Pulumi.Config(); var accountId = config.Require("accountId"); var domain = config.Require("domain");
var zone = new Zone("my-zone", new ZoneArgs { ZoneName = domain, AccountId = accountId, Plan = "free", JumpStart = true });
this.ZoneId = zone.Id; this.Nameservers = zone.NameServers; this.Status = zone.Status; }
[Output] public Output<string> ZoneId { get; set; } public Output<ImmutableArray<string>> Nameservers { get; set; } public Output<string> Status { get; set; } }}
Filename: Pulumi.yaml
name: addsite-cloudflareruntime: yamlresources: myZone: type: cloudflare:Zone properties: zone: ${domain} accountId: ${accountId} plan: "free" jumpStart: true
outputs: zoneId: ${myZone.id} nameservers: ${exampleZone.nameServers} status: ${exampleZone.status}
Notice that the code also outputs several properties from the Zone resource, such as the zoneId
, nameservers
, and status
, so that they can easily be accessed in subsequent steps.
You will now add a DNS Record resource ↗ to test previously configured Zone.
Add the following code snippet to your entrypoint file after the Zone resource definition:
Filename: index.js
const record = new cloudflare.Record("my-record", { zoneId: zone.id, name: domain, content: "192.0.2.1", type: "A", proxied: true,});
Filename: index.ts
const record = new cloudflare.Record("my-record", { zoneId: zone.id, name: domain, content: "192.0.2.1", type: "A", proxied: true,});
Filename: __main__.py
record = cloudflare.Record("my-record", zone_id=zone.id, name=domain, content="192.0.2.1", type="A", proxied=True)
Filename: main.go
_, err = cloudflare.NewRecord(ctx, "my-record", &cloudflare.RecordArgs{ ZoneId: zone.ID(), Name: pulumi.String(domain), Content: pulumi.String("192.0.2.1"), Type: pulumi.String("A"), Proxied: pulumi.Bool(true), }) if err != nil { return err }
Filename: src/main/java/myproject/App.java
// Add importsimport com.pulumi.cloudflare.Record;import com.pulumi.cloudflare.RecordArgs;
// Below the Zone resource, addnew Record("my-record", RecordArgs.builder().zoneId(zone.id()).name(domain).content("192.0.2.1").type("A").proxied(true).build());
Filename: Program.cs
new Record("my-record", new RecordArgs{ ZoneId = zone.Id, Name = domain, Content = "192.0.2.1", Type = "A", Proxied = true});
Filename: Pulumi.yaml
myRecord: type: cloudflare:Record properties: zoneId: ${myZone.id} name: ${domain} content: 192.0.2.1 type: A proxied: true
Now that you have defined your resources, you can deploy the changes using the Pulumi CLI so that they are reflected in your Cloudflare account.
To deploy the changes, run:
pulumi up --yes
wait for the dev stack to become ready
Once you have added a domain to Cloudflare, that domain will receive two assigned authoritative nameservers.
To retrieve the assigned nameservers
, run:
pulumi stack output
Update the nameservers at your registrar to activate Cloudflare services for your domain. The instructions are registrar-specific. You may be able to find guidance under this consolidated list of common registrars.
Once successfully registered, your domain status
will change to active
.
pulumi stack output
You will run two nslookup
commands against the Cloudflare-assigned nameservers.
To test your site, run:
DOMAIN=$(pulumi config get domain)NS1=$(pulumi stack output nameservers | jq '.[0]' -r)NS2=$(pulumi stack output nameservers | jq '.[1]' -r)nslookup $DOMAIN $NS1nslookup $DOMAIN $NS2
For .NET, use Nameservers
as the Output.
Confirm your response returns the IP address(es) for your site.
In this last step, you will remove the resources and stack used throughout the tutorial.
pulumi destroy --yes
pulumi stack rm dev
You have incrementally defined Cloudflare resources needed to add a site to Cloudflare. You declare the resources in your programming language of choice and let Pulumi handle the rest.
To deploy a serverless app with Pulumi, follow the Deploy a Worker tutorial.