Back to Details

pulumi

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Pulumi

Pulumi

Pulumi lets you define infrastructure using TypeScript, Python, Go, or C#. It offers the power of a real language (loops, functions, classes) for IaC. 2025 highlights include Pulumi ESC for secret management.
Pulumi允许你使用TypeScript、Python、Go或C#来定义基础设施。它为基础设施即代码(IaC)提供了真实编程语言的强大能力(循环、函数、类)。2025年的重要更新包括用于密钥管理的Pulumi ESC

When to Use

适用场景

  • Developers: You prefer TypeScript over HCL YAML.
  • Complexity: You need genuine logic (if/else, loops, external API calls) during infrastructure definition.
  • Testing: You want to unit test your infrastructure code using standard test runners (Jest, Pytest).
  • 开发者:相较于HCL或YAML,你更偏好使用TypeScript。
  • 复杂场景:在定义基础设施时,你需要真正的逻辑判断(如if/else、循环、调用外部API)。
  • 测试需求:你希望使用标准测试运行器(Jest、Pytest)对基础设施代码进行单元测试。

Quick Start (TypeScript)

快速开始(TypeScript)

typescript
import * as pulum from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("my-bucket", {
  acl: "private",
});

export const bucketName = bucket.id;
typescript
import * as pulum from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("my-bucket", {
  acl: "private",
});

export const bucketName = bucket.id;

Core Concepts

核心概念

Programming Model

编程模型

Unlike Terraform's declarative HCL, Pulumi executes your program to build a resource graph.
与Terraform的声明式HCL不同,Pulumi通过执行你的程序来构建资源图谱。

Pulumi ESC (Environments, Secrets, Config)

Pulumi ESC(环境、密钥、配置)

Centralized secret management. Retrieve dynamic secrets (AWS temp creds) at runtime.
集中式密钥管理。可在运行时获取动态密钥(如AWS临时凭证)。

Automation API

自动化API(Automation API)

Embed infrastructure creation inside your own software. "Click to Deploy" features in SaaS products often use this.
将基础设施创建逻辑嵌入到你自己的软件中。SaaS产品中的“点击部署”功能通常会使用该API。

Best Practices (2025)

2025年最佳实践

Do:
  • Use ComponentResources: Abstract complexity into reusable Classes (e.g., 
    class MyMicroservice extends ComponentResource
    ).
  • Use Secrets Provider: Don't store secrets in plaintext config. Pulumi encrypts config values by default.
  • Unit Test: Use mocks to test that your Security Groups don't allow 0.0.0.0/0.
Don't:
  • Don't mix logic and state: Keep side-effects (API calls) predictable.
建议
  • 使用ComponentResources:将复杂逻辑抽象为可复用的类(例如
    class MyMicroservice extends ComponentResource
    )。
  • 使用密钥提供商:不要以明文形式存储密钥配置。Pulumi默认会加密配置值。
  • 单元测试:使用模拟(mocks)测试你的安全组是否未开放0.0.0.0/0访问权限。
禁忌
  • 不要混合逻辑与状态:确保副作用(如API调用)可预测。

References

参考资料