iac
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseInfrastructure as Code
基础设施即代码(Infrastructure as Code)
Overview
概述
Infrastructure as Code (IaC) defines and manages cloud resources, containers, and deployment pipelines through declarative or imperative code rather than manual configuration. This skill covers the major IaC tools and their trade-offs.
基础设施即代码(IaC)通过声明式或命令式代码来定义和管理云资源、容器及部署流水线,而非手动配置。本技能涵盖主流IaC工具及其优劣对比。
Tool Landscape
工具全景
| Tool | Approach | Language | Scope |
|---|---|---|---|
| Terraform | Declarative | HCL | Multi-cloud infrastructure |
| Pulumi | Imperative | TypeScript, Python, Go, C# | Multi-cloud infrastructure |
| CloudFormation | Declarative | JSON/YAML | AWS-only infrastructure |
| Bicep | Declarative | Bicep DSL | Azure-only infrastructure |
| ARM | Declarative | JSON | Azure-only infrastructure |
| Kubernetes | Declarative | YAML | Container orchestration |
| Helm | Declarative (templated) | YAML + Go templates | Kubernetes package management |
| Docker | Declarative | Dockerfile | Container image builds |
| Crossplane | Declarative | YAML (K8s CRDs) | Kubernetes-native cloud provisioning |
| Dagger | Imperative | TypeScript, Python, Go | CI/CD pipelines as code |
| 工具 | 实现方式 | 语言 | 适用范围 |
|---|---|---|---|
| Terraform | 声明式 | HCL | 多云基础设施 |
| Pulumi | 命令式 | TypeScript、Python、Go、C# | 多云基础设施 |
| CloudFormation | 声明式 | JSON/YAML | 仅AWS基础设施 |
| Bicep | 声明式 | Bicep DSL | 仅Azure基础设施 |
| ARM | 声明式 | JSON | 仅Azure基础设施 |
| Kubernetes | 声明式 | YAML | 容器编排 |
| Helm | 声明式(模板化) | YAML + Go模板 | Kubernetes包管理 |
| Docker | 声明式 | Dockerfile | 容器镜像构建 |
| Crossplane | 声明式 | YAML(K8s CRDs) | 基于Kubernetes的云资源编排 |
| Dagger | 命令式 | TypeScript、Python、Go | 代码化CI/CD流水线 |
Choosing the Right Tool
选择合适的工具
Cloud Infrastructure
云基础设施
- Multi-cloud or cloud-agnostic? Use Terraform or Pulumi
- AWS-only? CloudFormation is native, or use Terraform/Pulumi
- Azure-only? Bicep is the modern choice (replaces ARM templates)
- Kubernetes-native approach? Crossplane extends the K8s control plane to cloud resources
- 多云或云无关场景? 使用Terraform或Pulumi
- 仅AWS环境? CloudFormation是原生选择,也可使用Terraform/Pulumi
- 仅Azure环境? Bicep是现代替代方案(取代ARM模板)
- 基于Kubernetes的方案? Crossplane可扩展K8s控制平面以管理云资源
Containers and Orchestration
容器与编排
- Building images? Dockerfile with multi-stage builds
- Running containers? Kubernetes manifests or Docker Compose
- Packaging K8s apps? Helm charts for templated, distributable deployments
- 构建镜像? 使用带多阶段构建的Dockerfile
- 运行容器? 使用Kubernetes清单或Docker Compose
- 打包K8s应用? 使用Helm Chart实现模板化、可分发的部署
Pipelines
流水线
- Programmable CI/CD? Dagger runs pipelines in containers with real language SDKs
- 可编程CI/CD? Dagger通过容器运行流水线,并提供真实语言SDK
General Best Practices
通用最佳实践
- Store all IaC in version control alongside application code.
- Use state management (Terraform state, Pulumi state, CloudFormation stacks) to track what's deployed.
- Pin provider/module versions for reproducible deployments.
- Use environments (dev/staging/prod) with parameterized configurations.
- Validate changes before applying: ,
terraform plan, CloudFormation change sets.pulumi preview - Use secrets management — never hardcode credentials in IaC files.
- 将所有IaC代码与应用代码一同存储在版本控制系统中。
- 使用状态管理(Terraform状态、Pulumi状态、CloudFormation栈)跟踪已部署资源。
- 固定提供商/模块版本以实现可复现的部署。
- 使用参数化配置区分环境(开发/预发布/生产)。
- 应用变更前先验证:、
terraform plan、CloudFormation变更集。pulumi preview - 使用密钥管理——切勿在IaC文件中硬编码凭证。