惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
Cyberwarzone
Cyberwarzone
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
SecWiki News
SecWiki News
Martin Fowler
Martin Fowler
T
Tor Project blog
N
Netflix TechBlog - Medium
C
Cybersecurity and Infrastructure Security Agency CISA
V
Vulnerabilities – Threatpost
V
Visual Studio Blog
GbyAI
GbyAI
PCI Perspectives
PCI Perspectives
D
DataBreaches.Net
Jina AI
Jina AI
H
Heimdal Security Blog
云风的 BLOG
云风的 BLOG
P
Privacy International News Feed
A
About on SuperTechFans
J
Java Code Geeks
美团技术团队
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
News | PayPal Newsroom
有赞技术团队
有赞技术团队
MyScale Blog
MyScale Blog
博客园 - 司徒正美
C
Check Point Blog
T
Threat Research - Cisco Blogs
Attack and Defense Labs
Attack and Defense Labs
宝玉的分享
宝玉的分享
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
C
Cyber Attacks, Cyber Crime and Cyber Security
I
Intezer
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Apple Machine Learning Research
Apple Machine Learning Research
Hugging Face - Blog
Hugging Face - Blog
The Last Watchdog
The Last Watchdog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
I
InfoQ
阮一峰的网络日志
阮一峰的网络日志
Cisco Talos Blog
Cisco Talos Blog
W
WeLiveSecurity
Hacker News: Ask HN
Hacker News: Ask HN
Recent Commits to openclaw:main
Recent Commits to openclaw:main
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
D
Docker
博客园 - Franky
Security Archives - TechRepublic
Security Archives - TechRepublic

Sealos Blog

Build a Full-Stack App with Claude Code + InsForge — Zero Backend Code | Sealos Blog InsForge vs Supabase: Which Backend for AI-Powered Development? | Sealos Blog Kubernetes NodePort Exhaustion: SSH Gateway Solution | Sealos Blog Claude Code Metrics Dashboard: Grafana Setup (2026) | Sealos Blog What Is RustFS? Apache 2.0 MinIO Alternative (2026) | Sealos Blog Claude Code Mobile: iPhone, Android & SSH (2026) | Sealos Blog Eaglercraft Server Hosting: Fast Setup (2026) | Sealos Blog An Honest Review: Migrating a Complex Microservice App from Heroku to Sealos | Sealos Blog The Ultimate Guide to Kubernetes Audit Logging for Security and Compliance | Sealos Blog Cost Optimization Shootout: Sealos Autonomous FinOps vs. Kubecost Manual Reports | Sealos Blog For CTOs: How to Cut Your Cloud Bill by 50% Without Sacrificing Performance | Sealos Blog Building Resilient Systems: A Deep Dive into Sealos High-Availability and Auto-Failover | Sealos Blog Building a Scalable Event-Driven Architecture with Sealos Managed Kafka | Sealos Blog Beyond kubectl apply: 5 GitOps Best Practices for Production-Ready CI/CD on Sealos | Sealos Blog Advanced RAG Pipelines: Why Your Choice of Vector Database (like Milvus) Matters | Sealos Blog Advanced MLOps: How to Monitor and Evaluate LLM Applications in Production | Sealos Blog A Developer's Guide to Kubernetes RBAC: Securing Your Cluster the Easy Way with Sealos | Sealos Blog A CISO's Guide to Cloud Development: Securing the CI/CD Pipeline with Sealos DevBox | Sealos Blog What is Kubernetes Multi-Tenancy? A Guide for Platform Engineers | Sealos Blog What is GitOps? A Beginner's Guide to "Push-to-Deploy" Workflows | Sealos Blog What is eBPF? The Future of Kubernetes Networking and Security | Sealos Blog What is an "AI-Native" Platform? (And Why You Need One for MLOps) | Sealos Blog What is an Agentic Workflow? Building the Next Generation of AI Apps | Sealos Blog What is a Kubernetes Chargeback Model (And How Does it Save You Money?) | Sealos Blog What is a "Headless" Development Environment? (And How it Works with VS Code) | Sealos Blog What is a Graph-Based Vector Database? (And When to Use It Over Milvus) | Sealos Blog What is a "Cloud Operating System"? The Next Evolution of PaaS Explained | Sealos Blog The Real Cost of EKS: How Sealos Delivers a Simpler, Cheaper Kubernetes Experience | Sealos Blog The 3 Types of Kubernetes Autoscaling (HPA, VPA, CA) and How Sealos Manages Them for You | Sealos Blog Sealos vs Vercel: Why a Cloud OS Beats a Frontend Platform for Full-Stack Apps | Sealos Blog Sealos vs. Render vs. Fly.io: A 2025 Guide to the Best Heroku Alternatives | Sealos Blog Sealos vs. OpenShift: Kubernetes for Developers vs. Kubernetes for Ops Teams | Sealos Blog Sealos vs. Netlify: When to Choose a Full Kubernetes Platform over a Static Site Hoster | Sealos Blog Sealos vs. DigitalOcean App Platform: A Head-to-Head Comparison on Cost, Features, and Scalability | Sealos Blog Sealos vs. AWS Elastic Beanstalk: The Modern PaaS for Developers Who Hate YAML | Sealos Blog Sealos DevBox vs. AWS Cloud9: Why Your CDE Should Be Platform-Agnostic | Sealos Blog For Developers: Stop Wasting Time on DevOps. A 10-Minute Guide to Shipping Faster with DevBox. | Sealos Blog Deploying n8n with Docker: From Local Setups to a Radically Simple Cloud Alternative | Sealos Blog The Impact of Prompt Bloat: How the Sealos AI Proxy Can Cache Queries and Cut LLM Costs | Sealos Blog The FinOps Playbook: How to Implement Kubernetes Chargebacks and Showbacks with Sealos | Sealos Blog Smoke Testing for ML Pipelines: Catching Data and Model Errors Before They Hit Production | Sealos Blog Optimizing PostgreSQL Performance: A Guide to Sealos Managed Database Tuning | Sealos Blog Managing Kubernetes Multi-Tenancy: How Sealos Enforces Resource Quotas and Network Policies | Sealos Blog From Days to Minutes: How to Standardize Developer Environments for Your Entire Engineering Org | Sealos Blog For Platform Engineers: How to Build a Golden Path IDP (Internal Developer Platform) with Sealos | Sealos Blog For FinOps Managers: The 5 Leakiest Buckets in Your Kubernetes Budget (And How to Plug Them) | Sealos Blog For Educators & IT Admins: How to Provide a Secure, Scalable Cloud Lab for 1000+ Students on a Budget | Sealos Blog What is a Vector Database? A Beginner's Guide to Milvus, Pinecone, and More | Sealos Blog Why Your Microservices Architecture is Failing (And How a Cloud OS Can Fix It) | Sealos Blog The Power of Autoscaling: A Deep Dive into HPA, VPA, and Cluster Autoscaler | Sealos Blog The Total Economic Impact of Cloud Development Environments (CDEs) | Sealos Blog The Illustrated Guide to the Kubernetes Control Plane | Sealos Blog The MLOps Lifecycle Explained: From Data Prep to Model Deployment | Sealos Blog Beyond Vercel's AI Cloud: The Case for an AI-Native Operating System | Sealos Blog The Architecture of a Modern AI Application: A 2025 Blueprint | Sealos Blog GitHub Codespaces is Great, But Your Workflow is Incomplete. Here's Why. | Sealos Blog The Best Heroku Alternatives in 2025 for Scalability and Cost | Sealos Blog CAST AI vs. Kubecost vs. Sealos: Choosing the Right K8s Cost Management Tool | Sealos Blog DevBox vs. Gitpod vs. Replit: An Unbiased Comparison for 2025 | Sealos Blog Unlocking Hidden Savings: A Guide to Using Spot Instances Safely in Kubernetes | Sealos Blog Can a CDE Really Replace Your MacBook Pro? A Performance Benchmark | Sealos Blog The End of "Works on My Machine": Achieving 100% Reproducible Builds with DevBox | Sealos Blog The Ultimate Guide to GPU Provisioning and Management in Kubernetes | Sealos Blog Rightsizing Kubernetes Workloads: How to Stop Wasting Money on CPU and Memory Requests | Sealos Blog The 2025 Guide to Kubernetes Cost Optimization: 10 Strategies to Cut Your Bill in Half | Sealos Blog FinOps for Startups: How to Build a Cost-Conscious Culture from Day One | Sealos Blog How to Onboard a New Developer in Under 5 Minutes with Sealos DevBox | Sealos Blog Calculating Kubernetes Costs: A Breakdown of EKS, GKE, and AKS Pricing Models | Sealos Blog Case Study: How We Reduced Our Kubernetes Bill by 87% with Sealos | Sealos Blog Are You Overpaying for Managed Kubernetes? The True Cost of Vendor Lock-in | Sealos Blog Beyond Monitoring: How Sealos Autonomously Optimizes Your Cloud Spend | Sealos Blog A Practical Guide to Kubernetes Security: Hardening Your Cluster in 2025 | Sealos Blog A Secure-by-Design Development Workflow with Isolated Cloud Environments | Sealos Blog Setting Up a Collaborative Python Data Science Environment with DevBox | Sealos Blog Using the Sealos AI Proxy to Manage and Cache LLM API Calls | Sealos Blog Migration Guide: Moving Your Node.js & Postgres App from Heroku to Sealos in Under an Hour | Sealos Blog Serving Machine Learning Models at Scale: A Guide to Inference Optimization | Sealos Blog Headless Development with Sealos: Using Your Local VS Code with a Powerful Cloud Backend | Sealos Blog How to Build and Deploy a RAG Pipeline with Llama 3 and Milvus on Sealos | Sealos Blog From Localhost to Production in 15 Minutes: A Full-Stack CDE Workflow with Sealos DevBox | Sealos Blog GitOps on Autopilot: Implementing a CI/CD Pipeline with Sealos and GitHub Actions | Sealos Blog Fine-Tuning Open-Source LLMs on a Budget with Sealos | Sealos Blog From Docker Compose to Kubernetes: A Simple Migration Path with Sealos | Sealos Blog Building an AI Agentic Workflow with LangChain and Sealos | Sealos Blog What is Helm for Kubernetes? The Ultimate Package Manager Explained | Sealos Blog What is a Custom Resource Definition (CRD) in Kubernetes? | Sealos Blog What is a Kubernetes StatefulSet? A Practical Guide | Sealos Blog What is a Kubernetes Ingress Controller? A Guide to Smart Traffic Routing | Sealos Blog What is a Kubernetes Operator? Automating Complex Applications | Sealos Blog What is a Kubernetes Service? A Simple Guide for Developers | Sealos Blog Streamlining Your CI/CD Pipeline with a DevBox Build Environment | Sealos Blog Why Standardized Development Environments Are Key to Team Velocity | Sealos Blog What Is GitHub Codespace? | Sealos Blog DevBox Install? Skip It Entirely. Get a Ready-to-Code Environment in One Click with Sealos DevBox. | Sealos Blog How to Set Up a DevBox: The Ultimate Guide to 1-Click Cloud Development | Sealos Blog Empowering Indie Devs and Startup Teams: How Sealos DevBox Accelerates Agile Development | Sealos Blog From Chaos to Consistency: How Sealos DevBox Transforms Enterprise Development Workflows | Sealos Blog From Campus Labs to Cloud Freedom: How Sealos DevBox Supercharges Student Development | Sealos Blog How Sealos DevBox Cut Container Commit Time from 15 Minutes to 1 Second | Sealos Blog DevBox vs Codespaces: Which Remote Dev Environment Fits You Best? | Sealos Blog
What is Infrastructure from Code (IfC)? The Next Step After Infrastructure as Code (IaC) | Sealos Blog
Sealos · 2025-10-19 · via Sealos Blog

Of all the revolutions in modern software development, Infrastructure as Code (IaC) stands as one of the most transformative. The ability to define servers, networks, and databases in version-controlled configuration files brought order to the chaos of manual provisioning. For years, tools like Terraform, CloudFormation, and Ansible have been the gold standard. But as our systems grow more complex and dynamic, are we starting to see the limitations of this approach?

What if you could define your infrastructure not with a Domain-Specific Language (DSL) in YAML or HCL, but with the full power of a general-purpose programming language like Python, TypeScript, or Go? What if you could use loops, conditionals, classes, and unit tests to build your infrastructure?

This isn't a far-off dream. It's the core principle behind Infrastructure from Code (IfC), the next logical step in the evolution of infrastructure management. In this article, we'll explore what IfC is, how it differs from IaC, and why it might be the key to unlocking the next level of automation and scalability for your organization.

Before we dive into the future, let's ground ourselves in the present. Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure through machine-readable definition files, rather than through physical hardware configuration or interactive configuration tools.

Think of it as a blueprint for your environment. You write a file that declares, "I need one web server of this size, a database with these specifications, and a load balancer connecting them." An IaC tool then reads this blueprint and makes it a reality in your cloud provider.

Core Benefits of IaC:

  • Repeatability: Spin up identical environments for development, staging, and production with a single command.
  • Version Control: Track every change to your infrastructure in Git, just like your application code. You get a full history, code reviews, and the ability to roll back.
  • Automation: Eliminate manual, error-prone setup processes, leading to faster and more reliable deployments.
  • Documentation: The code itself serves as documentation for your infrastructure's state.

Popular IaC tools like Terraform, AWS CloudFormation, and Ansible have become indispensable in the DevOps toolkit. They excel at defining static or semi-static infrastructure. However, as complexity mounts, some cracks begin to appear.

While IaC is a massive leap forward from manual clicking in a cloud console, it's not without its challenges, especially at scale.

1. The "Language" Barrier and Logic Limitations

Most IaC tools use a Domain-Specific Language (DSL), such as Terraform's HCL (HashiCorp Configuration Language) or CloudFormation's YAML/JSON. While these DSLs are excellent for declaring resources, they are intentionally limited. Implementing complex conditional logic, loops, or dynamic configurations can become cumbersome and verbose. Have you ever tried to create resources based on a complex set of rules in Terraform? It often involves a maze of count, for_each, and ternary operators that can be difficult to read and maintain.

2. Limited Abstraction and Reusability

IaC tools offer modules as a way to create reusable components. Modules are a great concept, but they often feel more like "copy-paste with variables" than true software abstraction. You can't easily create a "class" for a standard microservice that inherits from a base service and overrides certain properties. This limitation makes it difficult to build truly robust, DRY (Don't Repeat Yourself) infrastructure libraries.

3. The Testing Gap

How do you test your IaC? Typically, the process involves:

  1. Run a plan to see the expected changes.
  2. Deploy to a non-production environment.
  3. Run integration or smoke tests against the live infrastructure.
  4. Tear it down.

This feedback loop is slow and expensive. You can't easily write a unit test to verify that your Terraform module will correctly enable encryption on an S3 bucket if a certain variable is set. You're testing the outcome, not the logic itself.

4. The Developer Experience (DevEx) Divide

Developers are accustomed to rich ecosystems with IDEs that provide autocompletion, type checking, refactoring tools, and robust testing frameworks. While IaC tooling has improved, the experience of writing HCL or YAML often feels disconnected from the modern software development workflow. This creates a cognitive divide between "application code" and "infrastructure code."

Infrastructure from Code (IfC) addresses these limitations by shifting the paradigm.

Infrastructure from Code (IfC) is an approach where you use a general-purpose programming language (like TypeScript, Python, Go, or C#) and a specialized SDK to define and provision cloud infrastructure.

Instead of writing a declarative configuration file, you write code that programmatically defines your infrastructure. This code, when executed, generates the declarative model that the cloud provider's API understands.

How IfC Works: From Code to Cloud

The magic of IfC lies in its two-step process: synthesis and deployment.

  1. Write Code: You use a familiar language and an IfC framework's SDK (like AWS CDK or Pulumi) to define your resources. You can create classes for your services, use if/else statements to handle different environments, and loop to create multiple similar resources.

  2. Synthesize (or Compile): You run a command (e.g., cdk synth or pulumi up). The IfC tool executes your code. The output of this execution is not the infrastructure itself, but a standard declarative artifact. For example, the AWS CDK synthesizes your TypeScript or Python code into a standard AWS CloudFormation template (a JSON file). The Terraform CDK (CDKTF) synthesizes your code into a Terraform JSON configuration file.

  3. Deploy: The underlying engine then takes this synthesized artifact and carries out the deployment. The AWS CDK uses the CloudFormation service to deploy the generated template. Pulumi and CDKTF use their respective engines to apply the plan against the cloud provider's API.

This is a crucial point: IfC doesn't replace the battle-tested provisioning engines. It provides a more powerful, flexible, and developer-friendly way to generate the instructions for those engines.

A table is the clearest way to see the differences at a glance.

FeatureInfrastructure as Code (IaC)Infrastructure from Code (IfC)
Primary MethodWriting declarative configuration files (e.g., HCL, YAML).Writing imperative code in a general-purpose language that generates a declarative plan.
LanguageDomain-Specific Language (DSL) like HCL, or a data-serialization language like YAML/JSON.General-purpose languages like TypeScript, Python, Go, C#, Java.
Abstraction & LogicLimited. Uses modules, count, for_each, and ternary operators for logic.High. Uses functions, classes, inheritance, design patterns, and the full logical power of the language.
TestingPrimarily integration testing on deployed resources. Unit testing is difficult or impossible.Enables true unit testing of the infrastructure logic before deployment, alongside integration testing.
Developer ExperienceGood, but often lacks features like advanced autocompletion, type checking, and refactoring.Excellent. Leverages existing IDEs, linters, debuggers, and package managers from the software development world.
Tooling & EcosystemRelies on the ecosystem of the specific IaC tool (e.g., Terraform providers).Taps into the vast ecosystem of the chosen programming language (e.g., npm, PyPI, Maven).

By moving from a limited DSL to a full-fledged programming language, IfC unlocks several powerful benefits.

Use Your Favorite Language

Your team doesn't need to learn the intricacies of HCL or YAML templating. They can use the same language they use for application development. This lowers the barrier to entry for developers to own their infrastructure and fosters a true "you build it, you run it" culture.

Powerful Abstractions and Reusability

With IfC, you can stop copying modules and start building real software components for your infrastructure.

  • Example: You could create a StandardMicroservice class in Python. When instantiated, it could automatically provision an ECS service, a load balancer, security groups, and IAM roles with your company's best practices baked in. Another team could then inherit from this class to create a BillingMicroservice that adds a specific SQS queue and DynamoDB table.

Improved Testing and Validation

This is a game-changer. With IfC, you can use standard testing frameworks like Jest (for TypeScript) or Pytest (for Python) to write unit tests for your infrastructure logic.

  • Example: You can write a test that asserts: "When I instantiate my SecureS3Bucket construct with isPublic=false, the synthesized template must not contain a public read ACL." This test runs in milliseconds on your local machine, providing an incredibly fast feedback loop and preventing misconfigurations before they ever reach the cloud.

Enhanced Developer Experience (DevEx)

Writing IfC code feels like writing any other software. You get:

  • Intelligent code completion in your IDE.
  • Compile-time type checking to catch errors early.
  • Access to powerful debuggers.
  • The ability to use linters and formatters to maintain code quality.

Dynamic and Conditional Configurations

IfC makes it trivial to create infrastructure that adapts to its context.

  • Example: You can write a simple if statement:
    This is far more readable and maintainable than the equivalent logic in a traditional IaC DSL.

The IfC space is vibrant and growing. The main players today are:

  • AWS Cloud Development Kit (CDK): The pioneer in this space. It allows you to use languages like TypeScript, Python, and Java to define AWS resources, which are then synthesized into CloudFormation templates. It's deeply integrated with the AWS ecosystem.
  • Pulumi: A multi-cloud, multi-language IfC platform. Pulumi supports AWS, Azure, GCP, Kubernetes, and more. Unlike CDK, which relies on a separate engine (CloudFormation), Pulumi has its own deployment engine and state management system.
  • Terraform CDK (CDKTF): HashiCorp's entry into the IfC world. It allows you to use languages like TypeScript and Python to generate Terraform JSON configuration files. This gives you the power of a real programming language while still leveraging the vast ecosystem of Terraform providers and the battle-tested Terraform Core engine.

Where does IfC really shine?

Building Reusable Infrastructure Components

Organizations can create their own internal "construct libraries" that codify security best practices, tagging policies, and architectural patterns. This ensures that every new service deployed is compliant and consistent by default.

Dynamic Environments for CI/CD

You can write a script that, for every pull request, dynamically spins up a complete, isolated test environment. The script can read the PR details and provision only the necessary components, then automatically tear them down when the PR is merged or closed.

Policy as Code Integration

Because you're using a real language, you can programmatically enforce policies. You can iterate through all defined resources before synthesis and check if they meet certain criteria (e.g., all EBS volumes must be encrypted, no security groups can have 0.0.0.0/0 open).

Complementing Platform Engineering with Sealos

While IfC tools are fantastic for provisioning foundational cloud resources (like VPCs, subnets, and virtual machines), managing the application layer on top—especially Kubernetes—can still be complex. This is where platforms like Sealos come in.

You could use an IfC tool like Pulumi or CDK to provision the underlying IaaS resources for a Kubernetes cluster. Once those VMs and networking are in place, you can leverage a tool like Sealos to install and manage a production-ready Kubernetes cluster with just a single command.

  • IfC's Role: Define the "what" and "where" of your cluster's hardware (e.g., 3 m5.xlarge nodes in us-east-1 with specific security groups).
  • Sealos's Role: Take that provisioned hardware and handle the "how" of running Kubernetes—installing the control plane, managing worker nodes, and simplifying the lifecycle management of the entire cluster.

This layered approach allows you to combine the expressive power of IfC for your cloud foundation with the operational simplicity of a dedicated Kubernetes platform for your application layer.

IfC is incredibly powerful, but it's not a silver bullet that makes traditional IaC obsolete overnight.

  • Maturity and Community: Tools like Terraform have a decade of development, a massive community, and an unparalleled number of providers for almost any service imaginable. The IfC ecosystem is younger and still growing.
  • Complexity Trade-offs: While IfC simplifies logical complexity, it can introduce software development complexity. You now have to manage dependencies, deal with language versioning, and understand the synthesis/compilation step. A simple, static infrastructure might still be easier to manage with a straightforward Terraform file.
  • State Management: IfC tools still need to manage state to understand the difference between your code's desired state and the real-world state of your infrastructure. This fundamental challenge of infrastructure management doesn't disappear.

The choice between IaC and IfC is not mutually exclusive. Many teams find success by using traditional IaC for stable, foundational infrastructure and adopting IfC for more complex, dynamic, and application-centric parts of their environment.

Infrastructure as Code brought the principles of software engineering—version control and automation—to infrastructure management. Infrastructure from Code completes that journey by bringing the tools of software engineering—expressive languages, powerful abstractions, and robust testing—to the same domain.

IfC represents a fundamental shift in how we think about and interact with our infrastructure. It empowers developers, enables unprecedented levels of abstraction and reuse, and provides a path to building more reliable, secure, and scalable systems.

While traditional IaC will remain a vital tool for years to come, IfC is undeniably the direction the industry is heading for complex cloud-native environments. By embracing the full power of code, we are finally breaking down the last barriers between application development and infrastructure operations, paving the way for a truly unified engineering future.