Going to AWS re:Invent 2024?
Gametech companies compete in a crowded market where security is paramount. That makes life challenging for the DevOps engineers who must keep things moving fast but with control. We spoke to Novibet’s head of DevOps, Kurt Azzopardi, and senior DevOps engineer Davide Attard about the company’s approach to infrastructure management and why they have embraced Spacelift as their specialized IaC platform of choice.
“Terraform first” has been the mantra for Novibet’s DevOps engineers since Kurt Azzopardi joined the company in 2020. Novibet is in the cloud, and everything is provisioned through Terraform, which the team used to manage with GitHub Actions. However, as the organization scaled, managing Novibet’s IaC through a generic CI/CD platform stretched both the capabilities of the tool and the DevOps team. Although management was not convinced a specialized IaC tool was required, resources were under pressure.
As the Novibet team expanded, managing access to run production plans and applies became more difficult, and fears grew that an overlooked error could bring down parts of the production environment. “We needed a centralized location where we could properly audit our changes with some kind of policy to enforce when production changes could be made. We also wanted some kind of mechanism to alert us when there was drift in the infrastructure, in case changes were made outside Terraform,” recalls Kurt Azzopardi, Novibet head of DevOps.
“Before using Spacelift, our DevOps engineers applied changes to Terraform using their laptops. We reviewed the plan when sending the pull request, but that still leaves room for error and things can change — you can get drift by the time someone is applying. And of course, there’s only one set of eyes looking at a potential change,” explains senior DevOps engineer Davide Attard.
The team decided to make a case for adopting a specialized platform to manage their infrastructure and started researching options including env0, Atlantis, and Spacelift. They signed up for a Spacelift demo and trialed a few of their dev/staging environments on the platform. The benefits of having Spacelift inside their toolchain became evident quickly. The speed and control of deployments and automatic drift detection they saw on the ten-day free trial impressed the team. They presented their findings to the board, who agreed there was a good use case for requesting the budget.
A major attraction of Spacelift when Novibet started evaluating it was its ease of use. “Just getting things going with a stack and having a simple run on an environment was much easier to do on Spacelift compared with other products. Spacelift really excels in getting you where you want to go and being productive in a short amount of time rather than having to go through tons of documentation trying to figure things out,” recalls Davide. He is a huge fan of the UX. “Even if you gave it to someone who never used Spacelift before, within a day of using it they would be fairly proficient.”
“It’s intuitive,” Kurt agrees. “We have a change management system where we have non-technical people taking care of our process, so now we’re incorporating Spacelift, they see how easy it is to change things on the UI, and they feel more at ease. We can apply guardrails against doing these changes and they will feel confident. Infrastructure as code sounds like magic to a lot of people, so this just makes it easier with the visualization of what is changing.
We have Golden Paths set up, and we put governance on them, so if you veer off the path, you get stopped. You always have to go through that specific process.”
Onboarding to Spacelift proved pretty seamless. “We had a lot of help from our dedicated engineer, and the shared Slack channel between us and Spacelift helped us tremendously during this period. All of the questions we raised were quickly answered by the Spacelift team,” says Kurt.
The Spacelift platform has also proved highly accessible for new hires, saving Davide considerable time when onboarding any new DevOps engineers to the process of how to apply changes. “It’s much easier to explain that they need to raise a PR and after getting the required approvers they go to Spacelift to implement the change. Before, if you applied Terraform changes on a laptop, you needed to have certain prerequisites: You needed to have Terraform installed and have the right case with the right permissions. From a security standpoint, it’s safe because you can have cases where only Spacelift is allowed to create or delete certain resources. In that way, you restrict potential damage.”
Auditing is somewhere that Spacelift really shines for the DevOps team. “There’s a historical record of what’s been applied — which we were missing before, so I can go back 30 days from now and see what happened in a particular environment,” says Davide.
Kurt is emphatic in his agreement. “Exactly right! Most of my time is spent in audits, speaking to auditors, and trying to demystify IaC. That’s why having a tool like Spacelift with its nice UI makes the process so much more painless when you show it to non-technical people.
Before Spacelift, I had to go in and show them actual GitHub pull requests, which can get very, very technical.”
Spacelift is now an integral part of the Novibet platform and slots in neatly with the rest of their tools. “The team uses Spacelift on a daily basis up to our production environments. Apart from that, we have various stacks to apply changes on different providers such as Azure, Cloudflare, Consul, and VMware,” explains Kurt.
The features they use most are drift detection and policies — particularly for run approvals. They have ambitious plans to move toward a platform engineering mindset, equipping developers with the tools to work autonomously but with guardrails to keep them from veering off course. “The Spacelift technical team has given us some ideas on how we can use the Kubernetes operator and leverage it so developers can serve themselves and work without intervention from managers,” says Kurt.
Thanks to Spacelift, the CI/CD and governance aspects of Novibet’s Terraform setup are now in a much better state. ”It gives us great peace of mind that changes to our infrastructure are being done in an orderly fashion,” says Davide. “Spacelift has given us the ability to vet changes, especially production ones. These are very, very difficult to control if applies are being done from a laptop or from a jump server because there’s a human element factor — which Spacelift overcomes.”
The team is convinced that any company considering an IaC migration should look at Spacelift. “It is an essential tool for any growing company that needs to govern its IaC with proper policy management and great visibility of potential changes in your infrastructure for both technical and non-technical teams,” concludes Kurt.