Declarative vs Imperative Infrastructure

The pattern: declare the desired end state (declarative) or write the steps to reach it (imperative). Declarative tools own the “how” — diff actual against desired, apply the delta, retry on partial failure. Imperative tools execute steps; if step 3 fails, you are stuck mid-state with no idea what to roll back.

The trade-off: convergence reliability vs. mental model. Declarative is harder to reason about when something happens (eventually, via reconcile loop) but converges from any starting state. Imperative is explicit about ordering but fragile to partial failure. Modern infra is overwhelmingly declarative because operators want self-healing under partial failure — and because GitOps only works on top of declarative state.

Deepens in Year 2 Phase 9: IaC — Terraform + Crossplane side-by-side as terralabs ships publicly. The control-loop intuition is seeded in Year 1 Phase 7 (K8s reconcilers).

Related patterns

• gitops — git as the declarative source of truth a reconciler watches.
• immutable-infrastructure — declarative artifacts (images, AMIs) are what the reconciler ships.
• progressive-delivery — the rollout layer on top of declarative deploys.
• least-privilege — declarative policy is what makes scoped permissions auditable.
• runbook-as-code — the same desired-state discipline applied to operational procedures.
• Phase 9: IaC and terralabs — where this pattern earns its keep.