Automation & Infrastructure as Code
Definition
Describe desired state in code, version it, apply it reproducibly. Two flavors:
- Declarative — “this is what I want” (Terraform, Kubernetes manifests)
- Imperative — “run these steps” (Ansible playbooks, shell)
Where it appears
🐧 Linux
- Ansible — agentless, SSH-based, excellent for config management
- Shell scripts — still the universal glue
- systemd units — declarative service definitions
☁️ Cloud
- Terraform / OpenTofu — multi-cloud, declarative
- CloudFormation (AWS) / Bicep (Azure) — first-party
- Pulumi — real programming languages
📦 Containers
- Helm / Kustomize — templating / overlay
- ArgoCD / Flux — GitOps reconciliation
- Operator pattern — custom controllers
🔄 CI/CD
- Pipeline-as-code —
.github/workflows,.gitlab-ci.yml,Jenkinsfile - Policy-as-code — OPA, Conftest, Checkov
- Drift detection — Terraform plan in CI
Principles
- Idempotent — applying twice = applying once
- Declarative over imperative — describe state, not steps
- Single source of truth — git, not tickets
- Test the config — plan, dry-run, policy gates