Why use configuration management tools in the world of modern cloud?

Question

Configuration management tools like Ansible, Chef, Puppet, and Saltstack allows us to configure a cluster of blank machines to help install and deploy an application. For example, with Ansible, we can set up a cluster of newly provisioned compute servers to e.g. install a specific version of Go, edit O.S. properties, or modify the firewall.

Are these tools still needed in today's world where we have cloud providers that offer managed k8s, docker registries, and machine images for us? For example, on AWS:

• We can configure an OS environment manually once and save it as an AMI, then simply just use this AMI for the cluster. Alternatively, we can just use Fargate.
• The Docker image will contain all needed dependencies, and will also have an entrypoint to run the application itself.
• Managed k8s like EKS mean we don't have to worry about setting up the control plane, and updating the cluster is as simple as issuing a kubectl command to the control plane.

Assuming one uses EKS + ECR + something like Terraform to provision the resources, what value would Ansible, Chef, etc. provide? Why would we want to include them into our stack? Or does modern cloud services make them unneccesary?

My question is inspired from this guide, which recommends using EKS + Terraform + Ansible... but the Ansible playbook is just 2 kubectl commands that can just be replaced by a shellscript, right? Why introduce an entirely new technology in our stack?

Answer 1

What value does Ansible have in a modern cloud environment?

As the comments say, it depends on your needs. But I think there is value in considering this sort of thing, so I'm going to answer this from two angles. I've spent the last dozen years working in large scale cloud environments and I've seen ansible used for all sorts of weird yet handy things.

Does ansible make sense in the example you cited?

Your guide from Dhruvin Soni is using ansible to manage which services are running in your kubernetes environment. This is a problem that should be solved with some tool. I would not try to maintain all of my kubernetes services with a shell script. I'm a fan of the shell, but building a bespoke solution for this seems like a waste of time.

So we have a problem and we need a tool. Is ansible a good tool for this? I'd say yes. I haven't seen it used that way in any of the places I've worked, but I wouldn't object to maintaining the state of kubernetes this way.

If you're looking for something more cloud-native then I'd recommend kustomize. They even describe themselves as "Kubernetes native configuration management" and it provides features for patching your YML configs to add tags, namespaces, or whatever you need. This sort of power is definitely handy when managing complex kubernetes environments.

Does ansible still have a place in modern cloud environments?

So let's say you're using kustomize or Argo to manage your kubernetes environments. Wouldn't that eliminate the need for ansible? Not necessarily. I've seen a few places that ansible would still be a good tool to choose:

1. You're going to want to build your own docker images to run in the cloud and ansible is a perfectly valid and helpful tool for being able to get those built.
2. Maintaining developer desktop environments. This is like the old servers as pets model. The developer doesn't want to lose all of their files every time there is an upgrade. Running ansible works fine in Macs or Windows or Linux and can act differently in those OS's where needed.
3. Almost everybody has some legacy servers or some service they're managing outside of the "modern cloud". Ansible is still a great choice for the legacy stuff.

Answer 2

Generally, things like Packer and Terraform handle most straight infra requirements best in the cloud. Of course, if you have kubernetes up already, it’s the same deal. A packer (or other AMI) image and a docker image are both similar in that they can/should be configured to come up ready for use.

Ansible can still be useful though. As much as we’d all like to avoid it, it is hard to get rid of 100% of long running servers. Ansible is helpful to manage servers already around. Some people also like it for the same kind of thing you would script bash for sometimes; it can be cleaner and more extensible.

In cloud there are other options though. You could happily use AWS SSM for anything you’d use ansible for (and SSM has way more options).