AgentSkillsCN

iac

在使用基础设施即代码工具与平台时使用。涵盖 Terraform、Pulumi、CloudFormation、Bicep、ARM、Kubernetes、Helm、Docker、Crossplane 以及 Dagger。 适用场景:选择 IaC 工具、比较 Terraform 与 Pulumi 与 CloudFormation、制定基础设施战略 不适用场景:特定工具的语法(应使用其子技能:Terraform、Pulumi、Bicep 等)

SKILL.md
--- frontmatter
name: iac
description: |
  Use when working with Infrastructure as Code tools and platforms. Covers Terraform, Pulumi, CloudFormation, Bicep, ARM, Kubernetes, Helm, Docker, Crossplane, and Dagger.
  USE FOR: choosing IaC tools, comparing Terraform vs Pulumi vs CloudFormation, infrastructure strategy
  DO NOT USE FOR: specific tool syntax (use the sub-skills: terraform, pulumi, bicep, etc.)
license: MIT
metadata:
  displayName: "Infrastructure as Code"
  author: "Tyler-R-Kendrick"
compatibility: claude, copilot, cursor

Infrastructure as Code

Overview

Infrastructure as Code (IaC) defines and manages cloud resources, containers, and deployment pipelines through declarative or imperative code rather than manual configuration. This skill covers the major IaC tools and their trade-offs.

Tool Landscape

ToolApproachLanguageScope
TerraformDeclarativeHCLMulti-cloud infrastructure
PulumiImperativeTypeScript, Python, Go, C#Multi-cloud infrastructure
CloudFormationDeclarativeJSON/YAMLAWS-only infrastructure
BicepDeclarativeBicep DSLAzure-only infrastructure
ARMDeclarativeJSONAzure-only infrastructure
KubernetesDeclarativeYAMLContainer orchestration
HelmDeclarative (templated)YAML + Go templatesKubernetes package management
DockerDeclarativeDockerfileContainer image builds
CrossplaneDeclarativeYAML (K8s CRDs)Kubernetes-native cloud provisioning
DaggerImperativeTypeScript, Python, GoCI/CD pipelines as code

Choosing the Right Tool

Cloud Infrastructure

  • Multi-cloud or cloud-agnostic? Use Terraform or Pulumi
  • AWS-only? CloudFormation is native, or use Terraform/Pulumi
  • Azure-only? Bicep is the modern choice (replaces ARM templates)
  • Kubernetes-native approach? Crossplane extends the K8s control plane to cloud resources

Containers and Orchestration

  • Building images? Dockerfile with multi-stage builds
  • Running containers? Kubernetes manifests or Docker Compose
  • Packaging K8s apps? Helm charts for templated, distributable deployments

Pipelines

  • Programmable CI/CD? Dagger runs pipelines in containers with real language SDKs

General Best Practices

  • Store all IaC in version control alongside application code.
  • Use state management (Terraform state, Pulumi state, CloudFormation stacks) to track what's deployed.
  • Pin provider/module versions for reproducible deployments.
  • Use environments (dev/staging/prod) with parameterized configurations.
  • Validate changes before applying: terraform plan, pulumi preview, CloudFormation change sets.
  • Use secrets management — never hardcode credentials in IaC files.