On March 20th, we spoke with industry experts Greg Baker and Ryan Bezdicek to discuss this topic and others relating to configuration management.
There is an argument that configuration management is on its way out now—that we’re ready to usher in an era of “immutable” infrastructure. You don’t push out new configs, you build new images with the new configs baked in and replace the existing nodes. How do we define configuration and what do we mean by immutability? According to Greg Baker, “we lean on the 12-factor app!” An apps configuration is everything that is likely to vary between deploys. Configuration should be stored outside of image artifacts and pulled in at deployment time.
Traditionally teams build servers and then deploy their apps to them. When the app changes, updates are sent to the server. With immutable infrastructure, servers never change. They are destroyed and new servers are created. Update and rollbacks are standard infrastructure rollouts. Immutable requires a mature CI/CD and automation pipeline.
Another topic of interest was understanding the best approaches for maintaining container security. Ryan Bezdicek says we are seeing more teams move to immutable infrastructure and work their security into their development pipelines a la DevSecOps. Immutability is read-only data in container, because of this, an attacker has reduced access from within the container to deploy tools and attack further. As this happens, people are questioning whether they need full-blown configuration management or whether bash and PowerShell are sufficient.
Configuration management has come a long way and there are several mature solutions available.
Everyone who chooses a configuration management tool needs to decide, early on, whether they want to use an agent and agentless approach. Both have their pros and cons.
If you have any questions or would like to add your voice to this discussion, please reach out directly to Greg Baker at [email protected] or Ryan Bezdicek at [email protected]
Additionally, read the transcript from our live CrowdChat for more content.
No comments