Derek has worked in many environments ranging from an International Managed Hosting provider handling “actual metal” to Managed Service Providers to major training corporations. He has also started a Manufacturing Technology Provider utilizing Kubernetes and other cutting-edge tools. He currently works at Spacelift and his own training company morethancertified.com providing advocacy and training to all.

All posts by Derek Morgan - Infrastructure as Code Expert

Derek Morgan

Author title

Title category

Get all the latest content on Infrastructure as Code, DevOps, Spacelift features & news directly to your inbox!

Level up your IaC knowledge. Stay up to date with educational devops guides & news in infrastructure as code, cloud & more!

Managing Infrastructure at Scale | Spacelift Blog

applepodcasts

spotify

missionctrl

Welcome to missionCTRL, a show dedicated to exploring the frontiers of modern DevOps. Listen (or watch) as we sit down with the practitioners who are pushing the boundaries of development

Learn more about new features, updates, and Spacelift product announcements.

Product Features and Updates | Spacelift Blog

Product

SaaS platforms like Spacelift have become the norm in tech today, thanks to the numerous complications and Capex associated with building a platform yourself. Being able to focus on your core business while letting other teams manage issues such as deployment is crucial to maintaining velocity and focus for your product. 
This is all great — except when it isn’t. One of the main reasons, if not the main reason, has to do with compliance. There’s big business in government, fintech, medical, and other regulated markets. And, to the chagrin of C-suites everywhere, where there’s money, there’s probably heaps of regulatory red tape. 
Luckily, Spacelift engineers have heeded this call and worked tirelessly to develop our most significant security-related release yet — Self-Hosted! While the managed Spacelift product is developed with <a class="c-link" href="https://spacelift.io/security" target="_blank" rel="noopener noreferrer" data-stringify-link="https://spacelift.io/security" data-sk="tooltip_parent">security</a> in mind with SOC II compliance, that still doesn’t quite cut it for certain defense-related and other extremely regulated industries. 
The ability to self-host an entire, fully-functional Spacelift platform within your AWS cloud alleviates concerns for most of these industries. Because it is self-hosted in YOUR AWS cloud, you can control ingress, egress, internal traffic, and certificates and even run it within GovCloud.

aws-iam-user

aws iam user

The process of deploying your own self-hosted Spacelift is a lot easier than you might think. While it’s not as simple as deploying an EC2 instance (come on, you know we’re more advanced than that!), it is as simple as accepting a license,

license

running a few CloudFormation stacks,

cloudformation-stacks

cloudformation stacks

and deploying a worker pool.

spacelift-self-hosted-deploying-a-worker-pool

spacelift self hosted deploying a worker pool

<ul>
<li><a href="https://spacelift.io/blog/why-devops-engineers-recommend-spacelift" target="_blank" rel="noopener">Why DevOps Engineers Recommend Spacelift</a></li>
<li><a href="https://spacelift.io/blog/prometheus-exporter-for-spacelift" target="_blank" rel="noopener"><span data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Monitoring Your Spacelift Account via Prometheus&quot;}" data-sheets-userformat="{&quot;2&quot;:513,&quot;3&quot;:{&quot;1&quot;:0},&quot;12&quot;:0}">Monitoring Your Spacelift Account via Prometheus</a></li>
<li><a href="https://spacelift.io/blog/spacelift-pull-requests" target="_blank" rel="noopener">Working with Pull Requests on Spacelift</a></li>
</ul>

Reach out to us <a href="https://spacelift.io/schedule-demo" target="_blank" rel="noopener">here to schedule a demo</a>. Once we’ve validated your needs and ensured we can meet your requirements, we’ll get everything going!

<span data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Spacelift is an alternative to using homegrown solutions on top of a generic CI. It helps overcome common state management issues and adds several must-have capabilities for infrastructure management.&quot;}" data-sheets-userformat="{&quot;2&quot;:769,&quot;3&quot;:{&quot;1&quot;:0},&quot;11&quot;:4,&quot;12&quot;:0}">Spacelift is an alternative to using homegrown solutions on top of a generic CI. It helps overcome common state management issues and adds several must-have capabilities for infrastructure management.

Introducing Spacelift Cloud Integrations

Terraform vs. AWS CloudFormation : The Ultimate Comparison

Running Spacelift CI/CD workers in Kubernetes using DinD

We are excited to announce that now it is possible to self-host an entire, fully-functional Spacelift platform within your AWS cloud.

152-self-hosted-announcemnet

self hosted announcement

Introducing Spacelift Self-Hosted

Adam Connelly

At Spacelift, we&#8217;re excited to announce our new Cloud Integrations section and our update to support account-level AWS integrations. Public Cloud integration is nothing new in Spacelift, but we wanted to simplify the implementation and organization. Cloud Integrations brings feature parity to AWS and Azure integrations across your Spacelift account.

We’ve created a new Cloud Integrations section in the Spacelift console. This section allows you to manage AWS and Azure integrations from a single location. Azure integrations were previously in the settings section and have been moved from there.

spacelift-cloud-integration-aws

spacelift cloud integration - aws

In addition, we’ve added the ability to attach more than one AWS integration to your stack:

spacelift-cloud-integration-more-than-one-aws-integration

spacelift cloud integration - more than one AWS integration

A stack can have at most two AWS integrations attached, with only one read and one write integration (see “<a href="#read-vs-write-attachments">Read vs. Write Attachments</a>” for more info). An integration can also be attached as both read and write for simple use-cases.
Finally, we’ve also altered the external ID format used when assuming roles. More details are available later in this post.

<ul>
<li><a href="https://spacelift.io/blog/spacelift-in-github-marketplace" target="_blank" rel="noopener">Spacelift in the GitHub Marketplace</a></li>
<li><a href="https://spacelift.io/blog/why-devops-engineers-recommend-spacelift" target="_blank" rel="noopener">Why DevOps Engineers Recommend Spacelift</a></li>
<li><a href="https://spacelift.io/blog/infrastructure-problems-that-spacelift-solves" target="_blank" rel="noopener"><span data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Infrastructure Problems that Spacelift Solves&quot;}" data-sheets-userformat="{&quot;2&quot;:4224,&quot;10&quot;:2,&quot;15&quot;:&quot;Arial&quot;}">Infrastructure Problems that Spacelift Solves</a></li>
</ul>

Don’t worry, your existing AWS integrations will continue to work, and the existing <code>spacelift_aws_role</code> resource can still be used. The only caveat to this is that you will only be able to add new integrations to stacks via the front end using the new Cloud Integrations approach.

Migrating from legacy integrations is easy, with slightly different steps depending on whether you manage your integrations via Terraform or the Spacelift UI. In the simplest case, you just need to create a new integration, delete your old integration, and attach a new one, but you may also need to adjust the Trust Relationships for your <a href="https://spacelift.io/blog/aws-iam-roles" target="_blank" rel="noopener">IAM roles</a> depending on exactly how they are configured.
For more information on migrating, take a look at our <a href="https://docs.spacelift.io/integrations/cloud-providers/aws#migrating-from-legacy-integrations" target="_blank" rel="noopener">documentation</a>.

An integration can be attached to a stack as either read or write. This tells Spacelift which run phases to use each integration during. For simple use-cases, you can attach a single integration as both read and write, but if you want more control, you can create a read-only role and a write role, and attach both to your stack. An example use-case for this is to make sure that a proposed run doesn’t have write permissions to avoid infrastructure changes being made via a pull request.
Read attachments are used during the Initialize and Plan phases of runs. Write attachments are used during the Apply phase of a run, the Perform phase of a task, and the Destroy phase of a stack destructor.

When choosing to assume the role at Spacelift’s end rather than on your private workers, we automatically generate an External ID based on the stack the integration is attached to. Previously we used the following external ID format:

As part of the changes we’ve made, we’ve adjusted our external ID format to the following:

The change means that you can use the “read” or “write” suffix to ensure that a read phase of a run can only assume a read-only role.

We really hope that these changes will be useful and will provide extra flexibility for those users who need it while making simple use-cases easier through reusing integrations. To find out more about Cloud Integrations, review the <a href="https://docs.spacelift.io/integrations/cloud-providers/" target="_blank" rel="noopener">documentation</a>.

Spacelift is a sophisticated SaaS product for Infrastructure as Code that helps DevOps develop and deploy new infrastructures or changes quickly and with confidence.

Monitoring Your Spacelift Account via Prometheus

Spacelift in the GitHub Marketplace

How Spacelift Can Improve Your Infrastructure as Code

We are excited to announce our new Cloud Integrations section and our update to support account-level AWS integrations.

111-spacelift-cloud-integration

Introducing Cloud Integrations

Want to level up your Terraform knowledge? Explore our tutorials and step-by-step guides written by Terraform experts. Learn Terraform best practices and solutions to the most difficult problems.

Terraform Guides and Tutorials | Spacelift Blog

Terraform

Chris Spitzenberger

How do Terraform and CloudFormation differ? In short, Terraform is an open-source Infrastructure as Code tool that has the ability to deploy resources to multiple cloud providers, while CloudFormation is an AWS service designed specifically for provisioning AWS resources.
 In this blog post, we will be comparing these two most common Infrastructure as Code options, Terraform and AWS CloudFormation, and outlining some of the key differences between them.

Terraform is an open-source Infrastructure as Code tool created by HashiCorp. Terraform utilizes a syntax called the HashiCorp Configuration Language (HCL), which allows users to define their infrastructure programmatically.
One of the most notable benefits of Terraform is that it provides the ability to deploy resources to multiple cloud providers, which makes it dare I say &#8211; “cloud agnostic.”
Although the term cloud-agnostic is often used when discussing Terraform, just because you are using Terraform doesn’t automatically make you “multi-cloud” or any more cloud agnostic than if you were using AWS CloudFormation. This is because you won’t be able to re-use the same code you’re using for one cloud provider (e.g., AWS), to deploy resources to another cloud provider (e.g., Azure). Instead, you’ll end up creating code specifically for each cloud provider. 
In addition to the “multi-provider” support that Terraform provides, there are other benefits to consider as well, such as its ability to dynamically create resources using it&#8217;s <code>for_each</code> or <code>count</code> features and the ability to dynamically configure properties of a resource with the <a href="https://spacelift.io/blog/terraform-dynamic-blocks" target="_blank" rel="noopener"><code>dynamic</code> block</a> functionality.
Additionally, Terraform supports built-in functions that can be called and used within your code, which become very useful for everyday tasks.
<h3>Providers &amp; Resource Types</h3>
Speaking of providers, Terraform itself has the concept of “<a href="https://spacelift.io/blog/terraform-providers" target="_blank" rel="noopener">providers</a>”, which you’ll need to define and configure within your code explicitly. The provider configuration is where you specify things like how you are authenticating into a particular AWS account and what region will be used for the resources you’re trying to deploy. When using a provider, each provider has its selection of  “resource types”, which are the literal items you define your code to create.
These resource types are typically cloud resources; for most folks, that’s what we are ultimately looking to define and deploy at the end of the day. When deploying resources, you’ll find that the provider name is embedded within the resource type name for a given resource, which helps users understand what provider they are currently using.
For example, if you were looking to create an Amazon S3 Bucket, you would be using the <code>aws_s3_bucket</code> resource type. Based on this naming being prefixed with <code>aws_</code>, you can tell that this resource type is within the <a href="https://spacelift.io/blog/terraform-aws-provider" target="_blank" rel="noopener"><code>aws</code> provider</a>. Pretty convenient, right?

AWS CloudFormation is an AWS service that is designed specifically for provisioning AWS resources. You have a choice of using either <a href="https://spacelift.io/blog/yaml" target="_blank" rel="noopener">YAML</a> or JSON syntax for writing your AWS CloudFormation code, both of which are natural choices for many users.
Given <a href="https://aws.amazon.com/cloudformation/" target="_blank" rel="nofollow noopener">AWS CloudFormation</a> is AWS’s native language and service for infrastructure as code, you will likely find more official quickstarts provided by AWS in the language. In addition to this, AWS Support will probably be more capable of assisting you with issues when you need help. AWS Support is essential for large enterprises, particularly those new to the cloud or slow to adopt. These types of organizations may have a skill gap within their organization regarding their cloud skill set, and in turn, they are more likely to use AWS Enterprise Support. 
Historically speaking, one of the primary reasons users would pick a tool such as Terraform over CloudFormation was the lack of support for modules. When using AWS CloudFormation, you previously needed to utilize nested templates to achieve re-usable code &#8211; and may still follow this approach today. 
Fortunately, though, in November 2020, AWS introduced support for AWS CloudFormation modules, allowing for a new way to create re-usable code. There are, of course, other significant differences between the two languages, which we will be exploring in the following section.

<ul>
<li><a href="https://spacelift.io/blog/terraform-vs-kubernetes" target="_blank" rel="noopener">Terraform vs. Kubernetes Comparison</a></li>
<li><a href="https://spacelift.io/blog/how-specialized-solution-can-improve-your-iac" target="_blank" rel="noopener"><span data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;How to Improve Your Infrastructure as Code using Terraform&quot;}" data-sheets-userformat="{&quot;2&quot;:513,&quot;3&quot;:{&quot;1&quot;:0},&quot;12&quot;:0}">How to Improve Your Infrastructure as Code using Terraform</a></li>
<li><a href="https://spacelift.io/blog/5-ways-to-manage-terraform-at-scale" target="_blank" rel="noopener">5 Ways to Manage Terraform at Scale</a></li>
</ul>

terraform_vs_cloudformation

Terraform vs CloudFormation - Comparison

<h3>1) Code Syntax</h3>
The syntax between Terraform and CloudFormation is probably the most apparent major differentiator, as many users are already familiar with writing YAML and JSON-based templates compared to <a href="https://developer.hashicorp.com/terraform/language/syntax/configuration" target="_blank" rel="nofollow noopener">Terraform’s HCL syntax</a>.
Granted, many users find HCL reasonably straightforward to learn.
<h3>2) Dynamic Features</h3>
Dynamically creating and configuring resources is a powerful feature that Terraform provides that CloudFormation currently cannot match within its standard features. AWS does offer an extension to CloudFormation called the Serverless Application Model (SAM), as well as an entirely separate tool called the AWS Cloud Development Kit (CDK), but in this case, we are focusing on standard CloudFormation features. 
The <a href="https://spacelift.io/blog/terraform-count-for-each" target="_blank" rel="noopener">terraform <code>count</code> and <code>for_each</code></a> functionality allows you to create logic to create a resource multiple times dynamically. Furthermore, you can dynamically configure your resource using the <code>dynamic</code> block feature. AWS CloudFormation, on the other hand, is much less dynamic and more explicit. With CloudFormation, you will need to define a given resource multiple times (or modularize the resource and call the given module numerous times) to create resources repeatedly.
<h3>3) Usable Functions</h3>
The ability to use built-in functions within your code can have tremendous benefits.
In Terraform, you have access to many different types of functions. A few example categories of <a href="https://spacelift.io/blog/terraform-functions-expressions-loops" target="_blank" rel="noopener">Terraform functions</a> include numeric, string manipulation, encoding, date/time, and filesystem &#8211; and this is not the complete list!
In comparison, CloudFormation is extremely limited, providing less than 15 intrinsic functions in total. The lack of helper functions can lead to annoying, complicated situations for basic tasks.
 For example, if you’re simply looking to obtain the date or time within your <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/gettingstarted.templatebasics.html" target="_blank" rel="nofollow noopener">CloudFormation template</a>, there’s no built-in function for this. Instead, you’ll need to create a custom resource within your template that calls a lambda function that returns the information you need.
<h3>4) State Management</h3>
When using Terraform, users will be quickly introduced to the concept of “state.” <a href="https://spacelift.io/blog/terraform-state" target="_blank" rel="noopener">Terraform state</a> represents stored information about your deployed infrastructure and configuration (a list of what resources have been created). 
This “state” is a file created once you run the <code>terraform apply</code> command to deploy the resources you defined in your code. You’ll need to come up with a process for maintaining your Terraform state file, whether that’s storing it in an Amazon S3, utilizing Spacelift’s <a href="https://docs.spacelift.io/vendors/terraform/state-management.html" target="_blank" rel="noopener">managed state</a> feature, or other means. The default functionality of Terraform is to keep your state locally, which is problematic when attempting to use Terraform collaboratively.
With AWS CloudFormation, this is simply something you don’t have to worry about, as CloudFormation deployments are represented within the CloudFormation service as a “stack” &#8211; showing the deployment result/events of the resources that were created/updated/deleted based on the CloudFormation template you deployed.
<h3>5) Cloud Providers</h3>
AWS CloudFormation, as the name suggests, is specific to Amazon Web Services. You can theoretically achieve deployment to third-party resources through the use of custom resources, but this is rather hacky, and at the end of the day, those third-party resources are not truly supported by CloudFormation. 
On the other hand, Terraform allows you to deploy to other cloud providers as well. Granted, you won’t be able to re-use the same codebase from one cloud provider to another. At the very least, when using Terraform, you’ll have familiar syntax and methods for deploying to different cloud providers. For some companies, this is a significant benefit, as being able to use the same syntax and deployment methods to deploy to multiple cloud providers is a clear plus.
<h3>6) Enterprise Support</h3>
If your organization uses AWS Enterprise Support, this certainly provides peace of mind knowing that AWS can assist you directly when/if you have issues with your AWS CloudFormation.
This is in comparison to Terraform, where you can also obtain support from HashiCorp directly or through the open-source community. For users that are all-in on AWS, the ability to have native knowledgeable support for your Infrastructure as Code tool is a significant benefit.

So by now, you know that you have a variety of infrastructure as code languages to choose from &#8211; with the two most common being AWS CloudFormation and Terraform, but these tools all inevitably bring about new problems that can be difficult to solve. 
Most organizations will initially go down the path of building their own custom tooling or scripts around their IaC deployments but will eventually discover that these custom-built tools often don’t scale, meet compliance requirements, and require overhead to maintain. Not to mention the fact that if you’re using multiple IaC languages, you’ll have to build multiple tools yourself or further complicate the existing custom tool you’re attempting to build.
Fortunately, there is a tool that can solve these types of problems &#8211; and provide many additional benefits, such as compliance and scalability. <a href="https://spacelift.io" target="_blank" rel="noopener">Spacelift</a> is the most flexible CI/CD <a href="https://spacelift.io/blog/how-specialized-solution-can-improve-your-iac" target="_blank" rel="noopener">tool for infrastructure as code</a> and was purpose-built for this use case. Spacelift supports multiple IaC languages (including AWS CloudFormation and Terraform), which allows you to standardize your deployment processes and compliance requirements across all of your IaC languages. Additionally, Spacelift has many unique features, such as Policies &#8211; which can be used for access controls, approvals, customizing your deployment workflows, and even creating dependencies across your IaC languages.

The battle of Terraform vs. CloudFormation is poised to be an ongoing debate. At the end of the day, this is a decision for you to make based on your preferences between the two tools. 
If having native support from AWS is essential to you, then perhaps you should consider AWS CloudFormation. If you enjoy the dynamic features that Terraform providers such as <code>count</code> and <code>for_each</code>, maybe Terraform is best.
At the end of the day, though, why restrict yourself to simply one infrastructure-as-code tool if you are able to leverage the benefits of both? There’s nothing wrong with using multiple infrastructure-as-code tools, especially if your IaC automation tool can support this.
If you want to learn how other tools compare to Terraform, see our <a href="https://spacelift.io/blog/terraform-vs-kubernetes" target="_blank" rel="noopener">Terraform vs. Kubernetes</a> article.
Thank you for taking the time to read this blog post. I wish your team the best of luck in your infrastructure-as-code journey!

Whenever you're embarking on a new journey or seeking to refine your foundational knowledge.

frame-8479-2

Frame 8479

Terraform vs. Ansible : Key Differences and Comparison of Tools

How to Build on AWS with CDK for Terraform (CDKTF)

Terraform and CloudFormation are both tools for Infrastructure as Code (IaC). We are comparing the two of them and outlining some of the key differences.

35-terraform-vs-cloudformation-2

terraform vs cloudformation

Terraform vs. AWS CloudFormation - Ultimate Comparison

Running Spacelift CICD Workers in Kubernetes Using DinD

Check out the Spacelift Engineering blog to discover internal technical architecture posts written by Spacelift's very own engineers. 

Engineering | Spacelift Blog

Engineering

Want to level up your Kubernetes knowledge? Explore our tutorials and step-by-step guides written by Kubernetes experts. Learn Kubernetes best practices and solutions to the most difficult problems.

Kubernetes Guides and Tutorials | Spacelift Blog

Kubernetes

For a while now at Spacelift we’ve been hearing from users that they’d like to be able to run <a href="https://docs.spacelift.io/concepts/worker-pools" target="_blank" rel="noopener">Spacelift worker pools</a> in their Kubernetes clusters. As a first step towards that we decided to investigate whether we could run workers in Kubernetes using a Docker-in-Docker sidecar container. The rest of this post gives a rough overview of the architecture of Spacelift workers, and also explains how the sidecar container strategy works.
I’d just like to say thanks to <a href="https://medium.com/@v.m_hs" target="_blank" rel="nofollow noopener">Vadym Martsynovskyy</a> for his great article about running <a href="https://medium.com/hootsuite-engineering/building-docker-images-inside-kubernetes-42c6af855f25" target="_blank" rel="nofollow noopener">Jenkins agents in Kubernetes</a>. In that article he outlines the general approach taken here, and also describes some of the pros and cons of using Docker-in-Docker. It’s definitely well worth a read.

Before going into more detail, it’s worth explaining what a Spacelift worker is, and giving a quick overview of our architecture. At Spacelift, we provide a hybrid-SaaS model like many other CI/CD systems. What this means in practice is that the control plane that handles scheduling runs is managed by us, but the execution of runs happens in a separate process called a worker. We provide a public worker pool, but also allow you to self-host your own workers, providing complete control over your infrastructure.
Perhaps confusingly, if you follow the instructions to create a private worker pool, you’ll notice that it involves downloading something called the “launcher”. The launcher is responsible for communicating with the Spacelift mothership (control plane), and creating and destroying worker containers using Docker for each Spacelift run:

image2-5

Spacelift mothership (control plane)

As you can see, the launcher process needs access to a Docker daemon in order to create a container for each run.

<ul>
<li><a href="https://spacelift.io/blog/ci-cd-tools" target="_blank" rel="noopener">Top Most Useful CI/CD Tools for DevOps</a></li>
<li><a href="https://spacelift.io/blog/terraform-in-ci-cd" target="_blank" rel="noopener"><span data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;How to Deploy your Infrastructure in CI/CD using Terraform&quot;}" data-sheets-userformat="{&quot;2&quot;:513,&quot;3&quot;:{&quot;1&quot;:0},&quot;12&quot;:0}">How to Deploy your Infrastructure in CI/CD using Terraform</a></li>
<li><a href="https://spacelift.io/blog/devops-best-practices" target="_blank" rel="noopener">16 DevOps Best Practices to Follow</a></li>
</ul>

We found that the launcher architecture maps very nicely to Kubernetes using a sidecar container to run the Docker daemon. For each worker in the pool, we need to create a Kubernetes Pod with two containers: one for the launcher; and another for Docker. The following shows a stripped down Deployment definition for creating a worker pool with 4 workers:

The launcher communicates with the Docker-in-Docker sidecar container via TCP, which is configured via the <code>DOCKER_HOST</code> environment variable for the launcher container. This works because the containers in a Kubernetes Pod share the same <a href="https://kubernetes.io/docs/concepts/workloads/pods/#pod-networking" target="_blank" rel="nofollow noopener">IP address and port space, and can communicate with each other via localhost</a>.
In addition, a shared volume called <code>launcher-storage</code> is mounted into each container. This is used by the launcher to store the workspaces for runs, along with other things like cached tool binaries (for example Terraform). The Docker sidecar needs access to the run workspaces in order to mount them into the worker containers, and it also uses that volume to store its image cache.
The last thing worth pointing out is that the <code>dind</code> container sets <code>securityContext.privileged</code> to <code>true</code>. This is required for Docker-in-Docker to function correctly.

The Spacelift launcher is distributed as a statically linked binary, making it simple to build an image. As you can see, the <a href="https://spacelift.io/blog/dockerfile" target="_blank" rel="noopener">Dockerfile</a> simply copies the launcher into an Alpine container, and then sets the startup command:

This image is rebuilt and published to our public ECR repository any time the launcher binary is updated.

We provide <a href="https://spacelift.io/blog/what-are-terraform-modules-and-how-do-they-work" target="_blank" rel="noopener">Terraform modules</a> to make it really easy for users to deploy worker pools to AWS, Azure and GCP, and we wanted to provide a similar experience for Kubernetes. To achieve this, we created a Helm chart that makes it simple to deploy workers to Kubernetes clusters: <a href="https://github.com/spacelift-io/spacelift-workerpool-k8s" target="_blank" rel="nofollow noopener">https://github.com/spacelift-io/spacelift-workerpool-k8s</a>.
Assuming you’ve already configured your worker pool in Spacelift and have access to the credentials for the pool, deploying this chart to your cluster simply requires two steps.
First, add the Spacelift Helm chart repository and update your local chart cache:

Next, install the chart:

Replace <code>&lt;worker-pool-token&gt;</code> and <code>&lt;worker-pool-private-key&gt;</code> with your own credentials, and make sure to base64-encode the private key.
If all goes well, you should be able to view the pods for your worker pool using <code>kubectl get pods</code>:

You should also be able to view the workers in your pool in Spacelift:

image1-5

Bitbucket DC Local Pool

When implementing in a production environment, you may want to use an alternative approach to providing credentials, and may want to configure a custom storage volume for the worker Pods. For more information about configuring the chart, check out the README in the <a href="https://github.com/spacelift-io/spacelift-workerpool-k8s" target="_blank" rel="nofollow noopener">chart GitHub repo</a>.

If you’re interested in running <a href="https://spacelift.io/blog/spacelift-worker-pools-on-kubernetes" target="_blank" rel="noopener">Spacelift workers in Kubernetes</a>, we’d welcome any feedback about the approach, contributions to the Helm chart, and also any issues you encounter so that we can make improvements. Also, if you aren’t already using Spacelift but are interested in trying it, you can signup and <a href="https://spacelift.io/free-trial" target="_blank" rel="noopener">start your free evaluation of Spacelift</a>.

Spacelift is an alternative to using homegrown solutions on top of a generic CI. It helps overcome common state management issues and adds several must-have capabilities for infrastructure management.

Infrastructure as Code : Best Practices, Benefits & Examples

Managing Azure Resources using Spacelift

This article is an overview of the architecture of Spacelift workers with an explanation of how the sidecar container strategy works.

Introducing Spacelift Self-Hosted!

Onboarding

How to Get Started

The Most Flexible CI/CD Automation Tool

Written by

Derek Morgan