Let’s face it, managing infrastructure at scale, deploying it, and handling drift is pretty hard to do on our own. DevOps Engineers have to use so many tools nowadays, and they simply can’t have the same level of knowledge in all of them.
As we are humans, the possibility of making an error is very likely, even though we are doing the best we can to be fully attentive to what we are doing, but due to the number of complex things we are managing, this is unavoidable. Or isn’t it?
We can’t ensure that an engineer’s code won’t create unauthorized resources by simply reviewing thousands of lines of code, so a policy is needed to address this issue. Collaboration is difficult, even with version control systems. Deploying production code from multiple devices can lead to configuration breakdowns. Using different tools to manage infrastructure deployments can complicate the decision to choose a CI/CD tool, and workflows will become complicated. Encouraging a unified approach for deployment in a team that uses multiple IaC tools can help streamline the process and improve organizational results.
End-to-End Deployment Workflow
One of the key reasons why DevOps engineers love Spacelift is its ability to automate many of the tedious and time-consuming tasks associated with infrastructure management.
For example, Spacelift can automate your deployments end to end, having full control over what happens before or after any operation using our Stacks. This automation frees up DevOps engineers from the manual work of infrastructure management and allows them to focus on more important tasks.
Achieving true GitOps
GitOps has become one of the key paradigms lately. Commonly used when it comes to managing cloud-native services, GitOps refers to the fact that you are using your VCS as the single source of truth when it comes to managing your infrastructure, meaning that whenever you do a change to the git repository, that change will be reflected in the environment you are targeting.
As you don’t need to define complex CI/CD pipelines for deploying your code with Spacelift, but rather your changes get deployed whenever you are pushing your code, true GitOps is achieved.
Spacelift integrates with popular tools such as Terraform, Pulumi, Kubernetes, Cloudformation, and soon Ansible, making it easy for DevOps engineers to use within their existing workflows.
The native integrations with multiple VCS providers (GitHub, GitLab, Bitbucket, and Azure DevOps) and Cloud providers (AWS, Azure, GCP) and other third-party tools like InfraCost, further streamline the process of managing infrastructure, reducing the time and effort required to make changes. Learn more about our integrations.
Spacelift integrates with OPA and takes policies to the next level. With Spacelift, you can create several types of policies:
- Login – which controls who can log in and give admin rights to the required parties.
- Approval – creates run reviews and approval flows that respect the security concerns of an organization.
- Notification – with these types of policies, you can route notifications for your Spacelift Spaces – and send them to your notification inbox, Slack, or your webhooks.
- Plan – gives you the possibility to take control of your infrastructure plan (denying the creation of resources that, view cost estimates, and denying the actual deployment of resources if the cost is actually bigger than your threshold and more).
- Push – actions that should be taken in response to pull and push that happen on your VCS.
- Trigger – making a complex workflow by creating dependencies between stacks; still, the new stack dependency feature should be leveraged.
Not only the integration with OPA takes your policies to the next level, but it can be leveraged for customizing your workflow to the point that it suits your needs perfectly. By default, Spacelift provides the best practices, having a solid starting point, but by using it, you can truly have your own workflow.
Bring your own Workers
Workers are elements that perform your IaC tasks using containers. These tasks can include deploying code, updating resources, and running before and after actions inside of your workflow.
Creating your private worker pools is another key feature that Spacelift offers.
Even though, by default, you can use the public workers that Spacelift provides, there is a possibility that you have a security requirement that requires the use of private workers. At Spacelift, we understand that you have full flexibility to opt-in to either one of the choices, and configuring private worker pools isn’t that big of a deal due to the fact that we are providing everything you need to do it on AWS, Azure, GCP or Kubernetes.
Using Terraform’s public registry to get modules and providers is ok, but you will most likely need to build your own modules to overcome security issues and concerns that are raised throughout your organization. Spacelift offers a private registry for modules and one for providers. For the modules, what is different than other registries is the fact that you can write test cases and even extend them via hooks.
For more information, you can check this blog post on Spacelift Module Registry – What It is and How to Use It.
Drift happens all the time, so how can you overcome it? It gets clearer and clearer that it’s impossible to do it manually as you cannot monitor everything all the time. One can argue that you can build a script that compares your infrastructure code with what is happening in your infrastructure and maybe run it in a cronjob that sends a notification to the interested parties.
What about reconciling the drift? That can also cause a lot of headaches. Also, these scripts have to be maintained, so that adds more overhead for your engineers.
This is a lot of work, and most likely, you will face issues, so Spacelift offers a solution for that. Out of the box, with Spacelift’s enterprise plan, you can detect infrastructure drift, and optionally, you can even resolve it based on your IaC. The only thing you need to do is specify the interval in which you poll your infrastructure for drift, and that is done pretty easily, as described in the documentation linked above.
Apart from everything mentioned above, Spacelift comes with the possibility of sharing variables between Stacks and mounting files to them using Contexts.
You should most definitely use Spaces throughout your account as, in this way, you delegate partial admin rights, control different levels of accesses to your Stacks and also share resources between these isolated environments.
Spacelift has its own Terraform provider, meaning that you can literally manage Spacelift with Terraform, making it easy to replicate all your configuration to a new account.
Before jumping in and showcasing some of our client’s testimonials, I want to share my 100% unbiased opinion on Spacelift before even starting an interview process for them. To be honest, I wasn’t even interested in changing my job, but I fell in love with the product, and that made me apply for this position.
I’ve been working with Terraform for more than six years on a daily basis and never felt the need to have a tool on top of it, even though I had to use Terraform Cloud in one of my previous jobs. My feeling changed when I tried Spacelift. You can check my opinion out here.
One of our clients had Atlantis in place, and in order to promote their changes across all their environments, they needed to create seven pull requests to accomplish this. Apart from this being time-consuming, this process was, of course, error-prone. Another challenge they faced was the fact that they didn’t have drift detection, lacking visibility overall in their process.
Spacelift reduced their pull requests from seven to one, and bringing drift detection to the table increased their visibility and reduced the possibility of facing errors.
“Spacelift has let us get down to a single pull request per change across all environments. We have drift detection, and we can easily see when changes are pending across all components when they have failed, so we have a lot better visibility than before. Spacelift has greatly reduced the amount of time we spend dealing with CI/CD for Terraform…”
Read the full story here.
Spacelift’s easy-to-configure nature that offers full flexibility and the guardrails that can be configured to improve overall security helped another customer who had a couple of issues with their IaC process. They were interested in auditing, doing security scans on the code, and improving the overall security of their processes, restricting accesses, and making sure they were implementing the least privilege paradigm in their solution. In addition to this, they also needed to achieve Terraform at scale, avoiding error-prone processes, and Spacelift helped all around that.
“I was impressed with Spacelift. It felt much more coherent than the competition…We don’t have to worry about fiddly, error-prone, manual deployment processes, which used to plague us like they plague many companies…It’s automating a lot of that grunt work and getting rid of a lot of the toil involved in managing infrastructure systems”
Read the complete case study.
Another customer wanted to deliver new micro-services from concept to production in one hour. They also needed to implement policies around their code, permissions, and account privileges, and they needed a private registry to push their modules and be able to test them.
Apart from that, they were also interested in having a native integration with Github in their CI/CD in order to have better processes in place.
With Spacelift, they could easily achieve all of these, and leveraging our policy examples and the ability to test modules and our native integration with top VCS providers, sped up their transition.
“Spacelift is by far the best tool we have found as it enabled us to implement our CI/CD strategy for IaC far quicker and with more control than that we had previously thought possible.”
Read the full testimonial here.
One client was growing really fast, and with this growth, of course, they were facing a lot of challenges with their processes. They wanted to have consistent run environments, audit capabilities, and being able to hand off approvals for runs. As they were checking the market, they found similar products to Spacelift that, apart from missing some of the features that we offer, they were lacking one important thing: listening to customer feedback.
At Spacelift, we take customers’ feedback into account whenever we are developing a new feature. Our release cadence is very aggressive, and we always want to bring the most outstanding features to our clients based on their needs.
We are always looking for ways to improve, and we encourage feedback from our users. Whenever we are releasing a new feature, you are going to be notified about it in your Spacelift account, which means that you don’t have to check all the time to see if there is a new release or not.
“Spacelift is a tremendous time saver for me, and that in turn makes our entire development and deployment process smoother and simpler.
Spacelift is like the final stitching on a football; it neatly ties together all of our infrastructure in a way that makes life really simple for our developers – and for me.”
Get all the details of the case study.
Another important aspect for customers when they are interested in buying a product is the price. At Spacelift, we don’t practice hidden costs, we have an always Free plan, a Cloud plan, and an Enterprise SaaS plan, and you get the details here. For Cloud and Enterprise, you even have a 14-day trial to understand what we are offering, so you can try them without having to pay anything. Customers are very happy with our transparency and our response time.
“We liked Spacelift’s pricing model, which is well-suited to a company like ours. And we appreciated their simple, direct communication that quickly answered our questions before we signed up. No matter the time of day, they were responsive.”
More details on this case study: here.
Other Case Studies
If you want to read more about how Spacelift is helping other organizations all over the globe, you can check out some other stories from our customers.
Engineers’ Direct Feedback from Slack
As you can see, people are thrilled with our solution, and even though we thought about making DevOps engineers’ life easier when we were developing it, some customers even had their developers do end-to-end deployments without any intervention from a DevOps.
Security, Observability, and Infrastructure Management, in general, are done way easier with Spacelift, and the overall process is simplified.
In conclusion, Spacelift is a valuable tool for DevOps engineers, as it helps them manage their infrastructure more efficiently and effectively.
With Spacelift, DevOps engineers can automate their manual and time-consuming tasks associated with infrastructure management, improving efficiency and freeing up time for more important tasks.
Spacelift also supports collaboration and teamwork, enabling teams to work together to manage infrastructure more effectively.
Security is very important for Spacelift and having the possibility to control access, resources that can be created, and do actions based on pull/push and other integrations make Spacelift a really good choice for engineers all over the world.
You don’t need to have multiple tools that handle your deployment for the different IaC tools you are supporting in your organization today. You don’t even have to build different CI/CD complex automations for these various tools, as Spacelift will handle deployments without all that fuss.
For all these reasons, DevOps engineers love Spacelift, and it is quickly becoming an essential product in their toolkit.
The Most Flexible CI/CD Automation Tool
Spacelift is an alternative to using homegrown solutions on top of a generic CI. It helps overcome common state management issues and adds several must-have capabilities for infrastructure management.