Home

Files

Liste PDF:
KeePass_-_Auto-login
_Putty_rdp_-_Copie
Kubernetes_Cheat_She
et
kubernetes
AZURE
Mastering_Git__A_Com
prehensive_Interview
_Guide
Linux_server_
DevOps_Roadmap_2025
gitlabcicd
Linux_Server_1738327
917
kubernetes-operators

install_cluster_ceph

CICD
DevOps_Shack___Kuber
netes_Projects_with_
Implementation
ALL_DevOps_CMD
Essential_Linux_Comm
ands_for_DevOps_Engi
neers_
Linux_Shell_Scripts_
for_Production_Autom
ation
Linux-Commands_
DHCP_et_DNS
CKS
Gitlab
sheet_K8S
Articles

Tous les articles
Cluster Pg K8S Jkfbuild K8S New Users Rbac Kube-Bench Docker-Service Build Authorisation Certbot Standlone Sysdig Sa Ingress Gvisor Upgrade K8S Networkpolicy Cet Manager Sc Ceph Image Security Postgres Helm Commande Crictl Install K8S Kubespary Audit Log Terraform Certificat K8S Falco Ssl Certbot Mutable Immutable Infra Auditing Postgres Prep Awx Ssl Maj Kernel Kubelet Install Sm Vault Install Et Configure Introduction Upgrade Supply Chain Security Jenkinss Longhorn Install Argocd Trivy Trouble Ceph Lien Best One Apigroups Etcd Upgrade K8S New Windows Commande Kubesec Mes Note Fs Linux Ceph Awx Image Custom Argocd Windows Services Install Kubspray Offline Cks Readme Ceph Commande Tls Kubectl-Forward Sbom Gitlab-Ci

```markdown

Mutable vs Immutable Infrastructure

Overview

Infrastructure can be classified as mutable or immutable, impacting security, maintainability, and reliability.

Mutable Infrastructure

Definition

Can be modified after deployment.
Updates, patches, and changes are applied in place.
Common in traditional IT environments and on-premises setups.

Examples

Updating a running server with patches.
Changing configuration files manually.
Using tools like Ansible, Chef, or Puppet to modify live systems.

Pros

Flexibility to apply incremental changes.
No need to redeploy the entire system for small updates.
Works well in legacy environments.

Cons

Higher risk of configuration drift.
Harder to maintain consistency across environments.
Security vulnerabilities can persist due to incomplete patching.

Immutable Infrastructure

Definition

Once deployed, infrastructure is never changed.
Updates require creating a new version and redeploying.
Old versions are discarded and replaced with new instances.

Examples

Deploying new container images instead of updating running containers.
Using Infrastructure as Code (IaC) tools like Terraform or Pulumi.
AWS AMIs, Kubernetes pods, and immutable storage models.

Pros

Eliminates configuration drift, ensuring consistency.
More secure: no ad-hoc changes that introduce vulnerabilities.
Easier to rollback by reverting to a previous version.
Works well in CI/CD environments with automation.

Cons

Requires full redeployment for every change.
Can be resource-intensive, requiring new instances instead of patches.
Learning curve for teams used to mutable infrastructure.

Security Best Practices

Prefer immutable infrastructure for better consistency and security.
Use containerization and orchestration (e.g., Kubernetes) to enforce immutability.
Automate deployments with Infrastructure as Code (IaC).
Implement blue-green deployments to minimize downtime and risk.
Regularly audit infrastructure to detect unauthorized changes.

References

Infrastructure as Code: https://www.hashicorp.com/resources/infrastructure-as-code
Kubernetes Best Practices: https://kubernetes.io/docs/setup/best-practices/
AWS Immutable Infrastructure Guide: https://aws.amazon.com/builders-library/immutable-infrastructure/ ```

Retour à la liste