Build fluency in the vocabulary of replacing a server entirely instead of patching it in place.
0 / 5 completed
1 / 5
At standup, a dev mentions that a running server is never modified in place after it's deployed, and any change instead requires building a brand-new server image and replacing the old instance entirely. What is this approach called?
Immutable infrastructure means a running server is never modified in place after it's deployed, and any change, whether a config update or a security patch, instead requires building a brand-new image and replacing the old instance entirely. Configuration management, in its traditional form, applies an in-place update to an already-running server, which is exactly the mutable approach immutable infrastructure is designed to avoid. This replace-don't-patch discipline is what eliminates an entire category of drift that accumulates when servers are modified individually over time.
2 / 5
During a design review, the team decides a security patch will be applied by baking a new golden image and rolling it out to replace every running instance, rather than SSHing into each running server to apply the patch directly. Which capability does baking a new image provide?
Baking a new golden image provides a single, consistently tested artifact deployed identically everywhere, since every replaced instance starts from the exact same verified image, instead of each server ending up in a slightly different, unverified state after an individually applied SSH patch. Patching each running server individually risks one server's patch application failing partway, or being applied slightly differently, than another's. This single-artifact consistency is a core benefit immutable infrastructure provides over patching servers in place one at a time.
3 / 5
In a code review, a dev notices a deploy script SSHs into a running production instance to apply a configuration change directly, rather than baking that change into a new image and replacing the instance. What does this represent?
This is a mutable-infrastructure practice reintroducing the exact drift risk immutable infrastructure is meant to eliminate, since a change applied directly to one running instance over SSH has no guarantee of being applied identically, or at all, to every other instance running the same role. A schema registry is an unrelated concept about validating a message's format. Catching this in review matters because a single manually patched instance quietly breaks the assumption that every instance of a given role is running an identical, known image.
4 / 5
An incident report shows two servers running the same application role behaved differently under the same load, because one had received a manual SSH patch months earlier that the other never got, and nobody had a clear record of exactly what had changed. What practice would prevent this?
Adopting immutable infrastructure, so any change is baked into a new image and rolled out to replace every instance uniformly, ensures every server running a given role is provably identical, since there's no manual patching step left to apply inconsistently across some instances but not others. Continuing to apply a manual SSH patch to whichever server needs it, with no requirement to keep every instance identical, is exactly what caused the two servers to diverge and behave differently in this incident. This uniform, image-based replacement is the standard fix for eliminating configuration drift between instances of the same role.
5 / 5
During a PR review, a teammate asks why the team rebuilds and replaces an entire server image for a small configuration change instead of just SSHing in and editing the config file directly, which would be much faster. What is the reasoning?
SSHing in to edit a config file directly on one server creates drift the moment that same change isn't applied identically, or at all, to every other instance of the same role, and there's rarely a reliable record of exactly which servers received which manual edit over time. Rebuilding the image guarantees every instance stays provably identical, since they're all replaced from the same tested artifact rather than patched individually. The tradeoff is the added time and process of building and rolling out a new image for even a small change, which immutable infrastructure accepts as the cost of avoiding drift entirely.