Learning Kubernetes - Episode 25 - Managing Kubernetes Objects

#Introduction

Note

If you want to read the previous episode, you can click the Episode 24 thumbnail below

In the previous episode, we learned about Downward API and how to expose Pod metadata to applications. In episode 25, we'll discuss Managing Kubernetes Objects, exploring both imperative and declarative approaches to creating and managing resources.

Note: Here I'll be using a Kubernetes Cluster installed through K3s.

Understanding how to manage Kubernetes objects is fundamental to working effectively with Kubernetes. There are two main approaches: imperative (telling Kubernetes what to do) and declarative (telling Kubernetes what you want).

#What Is Object Management?

Object Management refers to how you create, update, and delete Kubernetes resources. The approach you choose affects maintainability, reproducibility, and collaboration.

Think of object management like cooking - imperative is like following step-by-step instructions ("chop onions, heat oil, add onions"), while declarative is like describing the desired outcome ("I want onion soup"). Both get you to the same place, but the approach differs.

Key characteristics of Object Management:

Two approaches - Imperative and declarative
Different workflows - Command-line vs configuration files
Version control - Declarative enables Git workflows
Reproducibility - Declarative ensures consistency
Collaboration - Declarative facilitates team work
Automation - Declarative enables GitOps

#Imperative Management

Imperative management means telling Kubernetes exactly what actions to perform using commands.

#Imperative Commands

Create objects directly with kubectl commands.

Creating a Deployment:

Creating a Service:

Scaling a Deployment:

Setting Image:

Creating a ConfigMap:

Creating a Secret:

#Imperative Object Configuration

Use configuration files with imperative commands.

Create from file:

Replace object:

Delete object:

#Advantages of Imperative Management

Quick and simple - Fast for one-off tasks
Easy to learn - Straightforward commands
Interactive - Immediate feedback
Good for testing - Rapid experimentation
No files needed - Work directly from command line

#Disadvantages of Imperative Management

Not reproducible - Hard to recreate exact state
No version control - Can't track changes in Git
Error-prone - Easy to make mistakes
Limited collaboration - Hard to share with team
No audit trail - Difficult to track who changed what
Manual updates - Must remember all commands

#Declarative Management

Declarative management means describing the desired state in configuration files and letting Kubernetes figure out how to achieve it.

#Declarative Object Configuration

Use kubectl apply with configuration files.

Example: Deployment Configuration

Apply configuration:

Update configuration (edit file and reapply):

Apply directory:

Apply recursively:

#How kubectl apply Works

kubectl apply performs a three-way merge:

Current configuration - What's in the file
Live configuration - What's running in cluster
Last applied configuration - Stored in annotation

This enables intelligent updates that preserve manual changes when possible.

#Advantages of Declarative Management

Reproducible - Same files produce same results
Version control - Track changes in Git
Collaboration - Easy to share and review
Audit trail - Git history shows all changes
Automation - Enable CI/CD and GitOps
Self-documenting - Files describe infrastructure
Idempotent - Safe to apply multiple times

#Disadvantages of Declarative Management

More setup - Need to create files
Learning curve - Must understand YAML
Slower for quick tests - More overhead
File management - Need to organize files

#Comparing Approaches

Let's compare imperative and declarative management for common tasks.

#Creating a Deployment

Imperative:

Declarative:

#Scaling a Deployment

Imperative:

Declarative:

#Updating an Image

Imperative:

Declarative:

#Best Practices

#Use Declarative for Production

Always use declarative management for production environments:

#Use Imperative for Quick Tests

Imperative is fine for development and testing:

#Organize Configuration Files

Structure your manifests logically:

plaintext

manifests/
├── base/
│   ├── deployment.yml
│   ├── service.yml
│   └── configmap.yml
├── dev/
│   └── kustomization.yml
├── staging/
│   └── kustomization.yml
└── production/
    └── kustomization.yml

#Use Version Control

Always commit configuration files to Git:

#Add Labels and Annotations

Include metadata for organization:

#Use Namespaces

Organize resources by namespace:

#Document Your Configurations

Add comments to explain complex configurations:

#Practical Examples

#Example 1: Complete Application Stack

Declarative approach:

Apply everything:

#Example 2: Multi-Environment Configuration

Base configuration:

Development overlay:

Production overlay:

#Example 3: GitOps Workflow

Directory structure:

plaintext

kubernetes/
├── apps/
│   ├── frontend/
│   │   ├── deployment.yml
│   │   ├── service.yml
│   │   └── ingress.yml
│   └── backend/
│       ├── deployment.yml
│       ├── service.yml
│       └── configmap.yml
└── infrastructure/
    ├── namespaces.yml
    └── rbac.yml

Apply with Git workflow:

#kubectl apply vs kubectl create

Understanding the differences:

#kubectl create

Creates new resources only
Fails if resource already exists
Imperative approach
No three-way merge

#kubectl apply

Creates or updates resources
Idempotent (safe to run multiple times)
Declarative approach
Performs three-way merge
Stores last-applied-configuration

#kubectl replace vs kubectl apply

#kubectl replace

Replaces entire resource
Requires complete configuration
Removes fields not in new config
Fails if resource doesn't exist

#kubectl apply

Merges changes intelligently
Preserves unspecified fields
Creates if doesn't exist
Preferred for declarative management

#Dry Run and Diff

Test changes before applying.

#Dry Run

Preview what would happen:

Tip

Dry run client side only does YAML file parsing and validation, it does not perform validation to the API Server.

Whereas server side will perform full lifecycle validation up to the API Server without actually committing so it is not applied to etcd. Here are the differences:

Feature	Client	Server
Validasi schema	local	server
Admission controller	❌	✅
Default value dari server	❌	✅
Real behavior simulation	❌	✅

Example result of dry run client and server side

apiVersion: v1
items:
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"web","namespace":"default"},"spec":{"replicas":3,"selector":{"matchLabels":{"app":"web"}},"template":{"metadata":{"labels":{"app":"web"}},"spec":{"containers":[{"image":"nginx:1.25","name":"nginx","ports":[{"containerPort":80}]}]}}}}
    name: web
    namespace: default
  spec:
    replicas: 3
    selector:
      matchLabels:
        app: web
    template:
      metadata:
        labels:
          app: web
      spec:
        containers:
        - image: nginx:1.25
          name: nginx
          ports:
          - containerPort: 80
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"web","namespace":"default"},"spec":{"ports":[{"port":80,"targetPort":80}],"selector":{"app":"web"},"type":"LoadBalancer"}}
    name: web
    namespace: default
  spec:
    ports:
    - port: 80
      targetPort: 80
    selector:
      app: web
    type: LoadBalancer
kind: List
metadata: {}

apiVersion: v1
items:
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"web","namespace":"default"},"spec":{"replicas":3,"selector":{"matchLabels":{"app":"web"}},"template":{"metadata":{"labels":{"app":"web"}},"spec":{"containers":[{"image":"nginx:1.25","name":"nginx","ports":[{"containerPort":80}]}]}}}}
    creationTimestamp: "2026-03-26T16:40:28Z"
    generation: 1
    name: web
    namespace: default
    uid: 8d506b7c-6979-40f5-822a-3e1db2eef09d
  spec:
    progressDeadlineSeconds: 600
    replicas: 3
    revisionHistoryLimit: 10
    selector:
      matchLabels:
        app: web
    strategy:
      rollingUpdate:
        maxSurge: 25%
        maxUnavailable: 25%
      type: RollingUpdate
    template:
      metadata:
        creationTimestamp: null
        labels:
          app: web
      spec:
        containers:
        - image: nginx:1.25
          imagePullPolicy: IfNotPresent
          name: nginx
          ports:
          - containerPort: 80
            protocol: TCP
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext: {}
        terminationGracePeriodSeconds: 30
  status: {}
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"web","namespace":"default"},"spec":{"ports":[{"port":80,"targetPort":80}],"selector":{"app":"web"},"type":"LoadBalancer"}}
    creationTimestamp: "2026-03-26T16:40:28Z"
    name: web
    namespace: default
    uid: b25733ed-8260-4f4a-9db1-e7d69555cac8
  spec:
    allocateLoadBalancerNodePorts: true
    clusterIP: 10.43.0.0
    clusterIPs:
    - 10.43.0.0
    externalTrafficPolicy: Cluster
    internalTrafficPolicy: Cluster
    ipFamilies:
    - IPv4
    ipFamilyPolicy: SingleStack
    ports:
    - nodePort: 32769
      port: 80
      protocol: TCP
      targetPort: 80
    selector:
      app: web
    sessionAffinity: None
    type: LoadBalancer
  status:
    loadBalancer: {}
kind: List
metadata: {}

#Diff

See differences before applying:

Output shows what would change:

#Common Mistakes and Pitfalls

#Mistake 1: Mixing Imperative and Declarative

Problem: Using both approaches causes confusion.

Solution: Choose one approach per environment:

#Mistake 2: Not Using Version Control

Problem: No history of changes.

Solution: Always commit configurations:

#Mistake 3: Imperative Changes in Production

Problem: Manual changes not tracked.

Solution: Always update files and apply:

#Mistake 4: Not Testing Changes

Problem: Applying untested configurations.

Solution: Use dry-run and diff:

#Mistake 5: Incomplete Configurations

Problem: Missing required fields.

Solution: Use complete, valid YAML:

#When to Use Each Approach

#Use Imperative When:

Quick testing and experimentation
Learning Kubernetes
One-off debugging tasks
Development environment
Interactive troubleshooting

#Use Declarative When:

Production environments
Team collaboration
CI/CD pipelines
GitOps workflows
Infrastructure as Code
Reproducible deployments

#Viewing and Managing Objects

#List Objects

#Describe Objects

#View YAML

#Edit Objects

#Delete Objects

#Conclusion

In episode 25, we've explored Managing Kubernetes Objects using both imperative and declarative approaches. We've learned the differences, advantages, and when to use each method.

Key takeaways:

Two approaches - Imperative (commands) and declarative (files)
Imperative tells Kubernetes what to do step-by-step
Declarative describes desired state in configuration files
Use kubectl create/scale/set for imperative management
Use kubectl apply for declarative management
Declarative is preferred for production environments
Version control enables collaboration and audit trails
kubectl apply performs intelligent three-way merge
Dry run and diff help test changes before applying
Organize files in logical directory structure
GitOps enables automated deployments from Git
Imperative is fine for quick tests and learning
Don't mix approaches in the same environment
Always test with dry-run before applying
Document configurations with comments and annotations

Understanding object management is fundamental to working effectively with Kubernetes. By choosing the right approach for your use case, you can build maintainable, reproducible, and collaborative infrastructure.

Are you getting a clearer understanding of Managing Kubernetes Objects? Keep your learning momentum going and look forward to the next episode!

Note

If you want to continue to the next episode, you can click the Episode 26 thumbnail below

Episode 26

Learning Kubernetes - Episode 25 - Managing Kubernetes Objects

Related Posts