> There is definitely still a use case for system level changes and patching that are best served by config management.
This is only true for bare-metal deployments where virtualization is not an option, which isn't too common these days. When you have virtualization, deployments can and should be viewed as immutable, which gets rid of the need for any of the config management tooling.
If you want to make a system-level change, you update the script that builds the image, CI builds a new copy of the image and you deploy a new, immutable version of your infrastructure. Not having immutable infrastructure components is just opting into a world of pain that's completely unnecessary these days.
This is only true for bare-metal deployments where virtualization is not an option, which isn't too common these days. When you have virtualization, deployments can and should be viewed as immutable, which gets rid of the need for any of the config management tooling.
If you want to make a system-level change, you update the script that builds the image, CI builds a new copy of the image and you deploy a new, immutable version of your infrastructure. Not having immutable infrastructure components is just opting into a world of pain that's completely unnecessary these days.