Infrastructure as Code

We recommend Crossplane if you are or will be using Kubernetes & it supports your infrastructure APIs. Even if you're not already running Kubernetes, you might want to use Crossplane because of how it can auto fix drift. It does add some complexity but the benefits can far out weigh that add layers of complexity. Yes you have to run a Kubernetes instance but you can run MicroK8s in an LXC container or Minikube, AKS, EKS or GKE to run it.

The primary difference between Terraform, Pulumi, and Crossplane lies in their architectural philosophy: Terraform uses a static, configuration-driven approach (HCL), Pulumi uses general-purpose programming languages (Python, TypeScript), and Crossplane shifts the paradigm entirely by using Kubernetes as a continuous, active control plane.

High-Level Overview

Feature	HashiCorp Terraform	Pulumi	Crossplane
Primary Language	HCL (HashiCorp Configuration Language)	Python, TypeScript, Go, C#	YAML / Kubernetes Manifests
Execution Model	Client-side CLI (`plan` / `apply`)	Client-side CLI (`preview` / `up`)	Server-side API / Continuous Control Loop
Drift Correction	Manual / Point-in-time	Manual / Point-in-time	Automatic & Continuous
State Management	State files (.tfstate)	State backend (Pulumi Cloud / self-managed)	Native Kubernetes `etcd`
Target Audience	Operations, DevOps, Platform Engineers	Software Engineers, Dev-Heavy Teams	Platform Teams building Internal Developer Platforms

Core Tool Breakdowns

1. Terraform: The Industry Baseline

Terraform is a mature, configuration-first Infrastructure as Code (IaC) tool. It uses a domain-specific language called HCL.

How it works: You define your infrastructure, run a plan to preview changes, and execute apply to deploy. The state is saved in a static file.
Pros: It has a massive ecosystem of providers, great stability, and a huge community.
Cons: It struggles with complex programming logic (loops and conditionals are clunky in HCL) and does not natively detect drift unless you manually run it again.

2. Pulumi: Infrastructure as Actual Code

Pulumi shifts IaC into real software development. It allows you to provision resources using languages like Python, TypeScript, and Go.

How it works: While written in a general-purpose language, Pulumi compiles your code into a declarative resource graph that behaves predictably.
Pros: You can use native unit testing, IDE autocompletion, loops, and packaging tools standard to software development. https://www.reddit.com/r/devops/comments/vvcle7/for_those_who_tried_both_pulumi_terraform_which/
Cons: Infrastructure-only teams face a steeper learning curve. Its ecosystem relies heavily on bridged providers adapted from the Pulumi Registry.

3. Crossplane: The Continuous Control Plane

Crossplane is an open-source Kubernetes add-on that transitions your operational architecture from a "scripting" engine to a "control plane".

How it works: It treats cloud resources (like AWS S3 or GCP databases) as Kubernetes Custom Resources (CRDs). It runs continuously in a cluster using Kubernetes control loops to monitor real-world assets.
Pros: It offers native GitOps integration and real-time self-healing from configuration drift. If someone manually deletes an AWS database, Crossplane instantly recreates it without running a pipeline.
Cons: It requires a dedicated, running Kubernetes cluster to function. Debugging control loops can be difficult, and writing large amounts of raw YAML is cumbersome.

Which One Should You Choose?

Select Terraform if you want the safest, most widely supported industry standard to quickly build static, standard cloud infrastructure.
Select Pulumi if your team consists heavily of software developers who want to write, test, and loop infrastructure using standard programming languages.
Select Crossplane if you are heavily committed to Kubernetes and GitOps, or if you are a platform engineering group attempting to build a custom Internal Developer Platform (IDP).

To narrow down the best choice for your project, would you like to share what cloud providers you use, how large your team is, or whether you already use Kubernetes?

Details

Terraform

Terraform is an Infrastructure as Code (IaC) tool created by HashiCorp. It allows you to build, change, and manage your IT infrastructure (like servers, databases, and networking) using simple, human-readable code files rather than manually clicking through cloud dashboards.

Why is it used?

Instead of manually deploying resources (which is time-consuming and prone to human error), Terraform automates the entire process. Key benefits include:

Multi-Cloud Support: It isn’t tied to just one provider. You can use the exact same workflow to manage resources in AWS, Microsoft Azure, Google Cloud (GCP), VMware, and on-premises data centers.
Version Control: Because infrastructure is defined as code, it can be tracked using Git. This allows teams to review changes, collaborate, and instantly roll back to previous setups if something goes wrong.
Consistency: It prevents "configuration drift" by ensuring that environments (like Development, Staging, and Production) are exactly identical.

How does it work?

Terraform uses a declarative language called HCL (HashiCorp Configuration Language). You simply write a script describing the desired state of your infrastructure (e.g., "I want 3 virtual machines and a firewall"). Terraform handles the heavy lifting of figuring out the correct order to create dependencies and calls the necessary APIs to build it.

The core workflow revolves around two main commands:

terraform plan: Analyzes your code and your current infrastructure, then generates a preview of exactly what actions it will take before making any changes.
terraform apply: Executes the plan and provisions the actual resources in the cloud.

Pullumi

Pulumi is an open-source Infrastructure as Code (IaC) platform that allows you to create, deploy, and manage cloud resources using standard, general-purpose programming languages rather than specialized domain-specific languages (DSLs) like HashiCorp Configuration Language (HCL) or YAML.

How It Works

Instead of learning a proprietary markup language, you write your infrastructure configurations using the exact same languages you use to build software, such as:

Python
TypeScript / JavaScript
Go
C# / .NET
Java
YAML (if a markup approach is preferred)

Key Features and Benefits

Multicloud Support: It natively supports over 300 providers, allowing you to manage resources seamlessly across AWS, Microsoft Azure, Google Cloud, and Kubernetes.
Real Programming Languages: Using general-purpose languages means you get access to standard development tools: loops, conditionals, functions, classes, and established unit testing frameworks.
IDE & Ecosystem Integration: You can leverage your favorite IDEs (like VS Code), existing package managers, and third-party libraries.
State Management: Pulumi stores the state of your infrastructure securely, keeping track of dependencies and computing the minimal diff required to deploy your changes when updates are made.
Security: It has built-in secrets management and native support for platforms like Pulumi ESC (Environments, Secrets, and Configuration) to securely handle sensitive credentials.

To see how Pulumi operates using general-purpose languages to provision cloud infrastructure:

Crossplane

https://github.com/crossplane/crossplane

Crossplane is an open-source, Kubernetes-native add-on that transforms your Kubernetes cluster into a universal control plane. Instead of running manual or CLI commands to provision infrastructure, it lets you define cloud resources (like AWS RDS, GCP buckets, or networks) directly as Kubernetes objects (YAML) and manages them through continuous automated control loops.

Why Choose Crossplane Over Terraform?

Continuous Reconciliation & Drift Correction: Unlike Terraform—which requires you to manually run terraform plan or apply to check and fix configuration drift—Crossplane runs an active control loop. If someone manually deletes an S3 bucket in your cloud console, Crossplane's engine detects the mismatch and automatically rebuilds it to match the desired state.
No Remote State Management: Terraform relies on a state file (e.g., in an S3 bucket) to track resources, which can lead to state locking issues, corruption, or desynchronization among teams. Crossplane uses the native Kubernetes etcd database as its source of truth.
True Self-Service via Compositions: While Terraform uses modules to wrap up reusable infrastructure, developers generally still need to run the CLI. Crossplane enables platform teams to build custom APIs (using Composite Resource Definitions and Compositions). Developers can simply submit a basic "claim" without knowing the deep cloud configurations, and Crossplane handles the heavy lifting safely behind the scenes.
GitOps Native: Because infrastructure definitions are standard Kubernetes objects, Crossplane plugs perfectly into existing GitOps workflows using tools like ArgoCD or Flux.