That's fair. This was definitely written with deployments in mind so I can't disagree with your assessment. With that said, I think the real downside of config management, and the real upside of containers really comes down to deployments. There is definitely still a use case for system level changes and patching that are best served by config management. How long until the container based config management? :serious_question:
> There is definitely still a use case for system level changes and patching that are best served by config management.
This is only true for bare-metal deployments where virtualization is not an option, which isn't too common these days. When you have virtualization, deployments can and should be viewed as immutable, which gets rid of the need for any of the config management tooling.
If you want to make a system-level change, you update the script that builds the image, CI builds a new copy of the image and you deploy a new, immutable version of your infrastructure. Not having immutable infrastructure components is just opting into a world of pain that's completely unnecessary these days.
Why were people horrified? I liked the points you made in your slides, specifically patching openssl in containers is a great use case. When will this connector be beta? By the way this connector along with something like "clair" would be a good foundation for vulnerability management system for containers in production:
