managing-infra
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseInfrastructure Patterns
基础设施模式
When to Use What
工具适用场景指南
| Tool | Use For |
|---|---|
| Raw K8s YAML | Simple deployments, one-off resources |
| Kustomize | Environment variations, overlays without templating |
| Helm | Complex apps, third-party charts, heavy templating |
| Terraform | Cloud resources, infrastructure lifecycle |
| GitHub Actions | CI/CD, automated testing, releases |
| Makefile | Build automation, self-documenting targets |
| Dockerfile | Container builds, multi-stage, multi-arch |
| 工具 | 适用场景 |
|---|---|
| 原生K8s YAML | 简单部署、一次性资源 |
| Kustomize | 环境差异配置、无需模板的覆盖层 |
| Helm | 复杂应用、第三方Chart、重度模板化 |
| Terraform | 云资源、基础设施生命周期管理 |
| GitHub Actions | CI/CD、自动化测试、版本发布 |
| Makefile | 构建自动化、自文档化目标 |
| Dockerfile | 容器构建、多阶段、多架构 |
Quick Decisions
快速决策指南
Kustomize when: Simple env differences, readable manifests, patching YAML
Helm when: Complex templating, third-party charts, release management
选择Kustomize的场景:简单环境差异、易读的清单文件、YAML补丁
选择Helm的场景:复杂模板化、第三方Chart、版本发布管理
K8s Security Defaults
K8s安全默认配置
Every workload: non-root user, read-only filesystem, no privilege escalation, dropped capabilities, network policies.
每个工作负载:使用非root用户、只读文件系统、禁止权限提升、移除不必要的权限、配置网络策略。
GitHub Actions Patterns
GitHub Actions模式
- CI workflow: Lint, test, compile on PRs (run on both x86 + ARM)
- Release workflow: Multi-arch Docker build on tags (native ARM runners)
- Pin actions by SHA, least-privilege permissions
- CI工作流:在PR上执行代码检查、测试、编译(同时支持x86和ARM架构)
- 发布工作流:在打标签时构建多架构Docker镜像(使用原生ARM运行器)
- 通过SHA固定Actions版本、遵循最小权限原则
References
参考资料
- KUBERNETES.md - K8s resource patterns
- TERRAFORM.md - Terraform module patterns
- GITHUB-ACTIONS.md - CI/CD workflow patterns
- MAKEFILE.md - Build automation patterns
- DOCKERFILE.md - Container build patterns
- templates/ - Ready-to-use templates
- KUBERNETES.md - K8s资源模式
- TERRAFORM.md - Terraform模块模式
- GITHUB-ACTIONS.md - CI/CD工作流模式
- MAKEFILE.md - 构建自动化模式
- DOCKERFILE.md - 容器构建模式
- templates/ - 即用型模板
Commands
常用命令
bash
kubectl apply -k ./ # Apply kustomize
helm upgrade --install NAME . # Install/upgrade chart
terraform plan && terraform applybash
kubectl apply -k ./ # 应用kustomize配置
helm upgrade --install NAME . # 安装/升级Chart
terraform plan && terraform apply