Start for free
Get a demo

What is declarative infrastructure?

Keen to focus on the final state of your infrastructure, rather than the step-by-step mechanics of how to get there? Then it’s time to dive into declarative infrastructure.

The concept of declarative infrastructure as code (IaC) carries significant benefits, bringing automation and consistency that can make your organization more secure, correct configuration drift, and ultimately optimize for scalability. Read on to discover all you need to know.

What is declarative infrastructure?

Declarative infrastructure is an approach where you declare the desired end state of your configuration. Instead of focusing on how to configure it, you define where you want to be, then use declarative infrastructure as code tooling to get you there. The emphasis is on deciding on the name and attributes of the resources you want to use and what you want your infrastructure to look like.

What are the benefits of declarative infrastructure?

A declarative approach to your infrastructure can deliver a wide range of benefits. Chief among these is the automated and highly scalable and repeatable nature of declarative infrastructure, which makes it easy to grow across numerous environments. Other key benefits include: 

  • Consistent version control: With a declarative infrastructure, you can store your configurations in version control systems, making it easy to roll out changes, track who has changed what, and roll back if necessary.
  • Enhanced team collaboration: Disparate teams can more easily work together when everything is stored and tracked in your version control system, promoting transparency and repeatability across your architecture and reducing the likelihood of unexpected conflicts.
  • Efficiency and security through automation: When you automate your infrastructure, you make it easier to spin up another environment or region consistent with your security and governance policies. Being able to deploy and enforce codified, predictable provisioning in this way will help keep your system auditable, as well.

How does declarative configuration reduce drift? 

Another hugely beneficial aspect of using a declarative infrastructure as code approach is its automated system correction capabilities. When you define the end state of the system, and leave it to your tooling to provision it, there’s scope to enable the system to identify issues such as configuration drift. It can monitor your infrastructure and manage any corrections through automated actions, delivering impressive reliability through its capability to update everything to realign it with the desired end state.

How does declarative infrastructure differ from imperative?

Before we leap into the hot topic of declarative infrastructure tooling, it’s important to understand the difference between declarative vs imperative infrastructure as code.

The fundamental difference is that an imperative infrastructure involves you specifying the exact steps and commands you need to provision and orchestrate resources. With a declarative approach, the focus is not on the how of the provisioning and orchestration but on where you want to get to. It’s a deployment approach where you let the system determine how to reach that state, instead of having to define it step-by-step yourself.

As such, when using infrastructure as code declarative vs imperative can make a significant difference in how much time you invest in setting everything up – as well as the ongoing benefits your chosen approach delivers.

Which tools support declarative infrastructure?

Using the right tools is key to your declarative IaC success. You’ll need to bear this in mind when planning your declarative approach, either training up your existing team or bringing in expertise through recruitment or consultancy.

Declarative infrastructure as code tools that can help you create an automated, efficient and easily maintainable setup include:

  • Terraform, which enables you to use HashiCorp Configuration Language (HCL) to define resources and apply them using a multi-cloud approach.
  • Kubernetes, where you can use YAML manifests to declare your desired end state for containerized applications.
  • Pulumi, which allows you to use familiar programming languages such as Python and Go to define your infrastructure.
  • Puppet, a configuration management tool supporting declarative models and services.
  • SaltStack, another handy configuration management/automation tool.
  • Spacelift, which delivers workflow capabilities to streamline and standardize your IaC pipeline.

Amazon, Microsoft, and Google also provide handy native tools for provisioning resources in the form of AWS CloudFormation, Azure Resource Manager (ARM), and Google Cloud Deployment Manager.

The Tyk platform fits neatly into your declarative infrastructure provisioning as well. Designed to deliver a seamless, secure API management and gateway infrastructure, it integrates tightly with declarative IaC workflows thanks to:

  • Native support for OpenAPI-based declarative API definitions, GitOps, and Kubernetes.
  • Modular components that you can deploy using Terraform modules, Helm charts, Kubernetes manifest, Pulumi (via Kubernetes), and more.
  • The flexible nature of Tyk API Gateway, which you can deploy as a managed service (with Tyk Cloud), a deployable component via IaC, and a declaratively configured resource (via Tyk Operator/CRDs).

Is declarative IaC more secure or scalable?

Declarative infrastructure is both more secure and more scalable than an imperative approach. The fact that declarative infrastructure is more seamless to version and automate plays a big part in this.

With a declarative vs imperative infrastructure as code approach, you capture the entire system state as code (whereas an imperative infrastructure is delivered through a sequence of CLI-driven operations). This means you gain a single source of truth for your teams, helping achieve consistency and predictability, as well as eliminating configuration drift.

The predictable, idempotent workflows that result from a declarative approach also reduce the surface area for human error. You express your identity policies, network rules, encryption settings, and other security controls transparently in code, creating a repeatable security posture that you can subject to static analysis and automated compliance checks as part of your CI/CD pipelines.

From a scalability perspective, consistent and automated provisioning means you can scale up services in response to demand without relying on your team to write (and then maintain) complex scaling logic.

Combining your declarative infrastructure as code with Git-based workflows helps in respect of both greater security and greater scalability.

How do GitOps and declarative IaC relate? 

GitOps and declarative IaC are closely connected, with GitOps serving as a crucial enabler of your declarative infrastructure approach.

To benefit from using both, you’ll need to start with a declarative description of your infrastructure (you can use Terraform and the other tools mentioned above to define this). Without this, GitOps won’t have the stable model it needs to track, compare against, and reconcile should drift occur. 

With your declarative definition in place, GitOps can apply version control, using Git (usually) as the source of truth. You can also use it to apply automated reconciliation loops, which continually compare the live environment to the version in Git at runtime, and to automate drift detection and correction. Git can also trigger changes to support continuous delivery, reducing the need for manual intervention.

In short, your declarative infrastructure as code defines the desired state, while GitOps keeps everything efficiently versioned and in sync. GitOps can also amplify some of the benefits of a declarative infrastructure, including:

  • Security, through Git-based reviews, permissions, and immutable history.
  • Stability, with automated drift correction and the ability to easily monitor and validate the need for any changes.
  • Scalability, as it’s easier to use declarative definitions as templates for portable replication across different environments.
  • Auditing, with every infrastructure change being a commit, delivering full traceability.  

What problems does declarative infrastructure solve? 

Declarative infrastructure tackles many of the challenges of contemporary systems head-on, helping you build a more resilient and robust infrastructure. Some of the problems that it so neatly solves include:

Inconsistent security 

With new threats and vulnerabilities emerging frequently, and attacks becoming more sophisticated, consistent, robust security has never been more crucial.  

Poor auditability and compliance 

Nobody wants to deal with the headache of non-compliance, so the more auditable your infrastructure, the better. With automated changes rather than manual, it’s much easier to see who changed what, when, how, and why. With declarative infrastructure as code, your Git-based declarations provide the version history, approval workflows, and change tracking you need for ultimate transparency.

Slow and complex scaling 

Scaling a series of unique environments is much harder than scaling those with consistent patterns. As such, the repeatability, predictability, and reproduceable nature of a declarative infrastructure really shine when it comes to growing your business seamlessly. 

Configuration drift

Declarative systems are excellent when it comes to keeping everything as it should be. Instead of manual changes and ad-hoc fixes resulting in drift between your development, staging, and production environments, your declarative infrastructure automatically and continually reconciles everything towards your defined intended state.

Fragile deployments

The hidden dependencies and ordering assumptions that imperative scripts so frequently contain can, over time, make your infrastructure feel like a house of cards. Conversely, a declarative model lets the system figure out the sequence that works best, enabling everything to move safely to the desired state.

Knowledge silos, resulting in slow onboarding 

With unique, fragile deployments, you end up with complex manual processes underpinned by deep internal knowledge silos. When a team member leaves, critical information can go with them, leaving knowledge gaps that make onboarding of new staff slow and arduous. With a declarative infrastructure, your declarations serve as a self-documenting system, reducing the degree of knowledge lost when team members leave and the time lost while new recruits learn the ropes.

Slow disaster response and recovery

Without the definitions provided by using declarative infrastructure as code, rebuilding your infrastructure after a disaster can be slow and tedious. By contrast, a declarative infrastructure can recreate entire environments from scratch with a single command – a far superior solution in terms of both time and complexity.

Make your declarative infrastructure goals a reality

If you’ve come down on the declarative side of the declarative vs imperative infrastructure as code debate, you’re ready to reap the rewards outlined above, creating a more resilient and efficient infrastructure.

With an API management solution that fits into your declarative infrastructure seamlessly, Tyk is here to help. Speak to our team today to find out more about Tyk’s native support for OpenAPI-based declarative API definitions, GitOps, and Kubernetes, and how this integrates with your declarative IaC workflows.

You can also find out more with our article on what declarative API management is and how it can benefit your business.

Share the Post:

Related Posts

Start for free

Start for free

Get a demo

Get a demo

Ready to get started?

You can have your first API up and running in as little as 15 minutes. Just sign up for a Tyk Cloud account, select your free trial option and follow the guided setup.