Going to AWS re:Invent 2024?
Pomelo’s initial approach to managing Terraform was not up to the task of accommodating the needs of a rapidly expanding company. Now that they use Spacelift, they can rely on a specialized platform for infrastructure as code (IaC) that will adapt to their needs as they scale and provide a cost-effective alternative to largely manual processes.
We spoke to staff platform engineer Luis Barrueco and DevSecOps engineer Verónica Ovando about their experience with Spacelift.
When Pomelo first started working with Terraform, their process had considerable potential for improvement. “We would separately write a bunch of Terraform into our local branches of Git repository and just push it whenever we were going to use it, so we sometimes would work on the same set of resources because we didn’t have any central way to manage it,” explains staff DevOps engineer Luis Barrueco.
This largely manual approach worked reasonably well when the Pomelo team was small, but as DevOps and platform teams expanded in line with the company’s rapid growth, it became untenable.
An even bigger drawback of working locally and pushing changes individually was the lack of traceability. “We needed a place where everyone could see what everyone else was doing, That was the main driver of the decision to start looking into a solution,” says Luis.
Like many companies, Pomelo investigated the possibility of managing IaC using their existing toolset as an alternative to implementing a specialized IaC tool. Ultimately, it became clear that this was not a viable option for a scaling company.
“We tried doing this by centralizing the execution of IaC pipelines using the tool that we already have for continuous integration. And I’ve seen implementations that work well, but not at scale. It might not work as intended 100% of the time because it’s not cut out for that purpose. If you’re using a CI tool, it’s optimized for continuous integration.”
With concerns about efficiency and transparency among teams intensifying, it was time to explore more effective approaches to managing Pomelo’s infrastructure.
The Pomelo team looked at possible providers, assessing all the leading IaC platforms. “For the prices they charged, the alternatives didn’t offer the same value because either they had some features that we wouldn’t be using anytime soon, or they had some limitation with regards to the way that we were planning to use it,” recalls Luis. “Comparing the options one by one, Spacelift was clearly the best for our use case.”
Spacelift had the kind of flexibility a scaling company like Pomelo needs. As requirements change, it is important that platform features can be adapted to the customer’s needs. Pomelo found this adaptability in Spacelift, specifically in Spacelift’s use of the open-source project Open Policy Agent and its rule language, Rego, for executing user-defined pieces of code called Policies at various decision points.
“For instance, if you wanted to segregate permissions for different things to be able to use different stacks, you could create a policy using Rego with information from GitHub, describing everything that you wanted to accomplish. And in that way, even though that wasn’t a specific feature of Spacelift, you could use the flexibility of Policies to implement it yourself.”
Pomelo availed of Spacelift’s free trial, and once the team had tested everything they needed in an IaC platform, they decided to proceed with a full-scale implementation.
Pomelo started onboarding in December 2021. Spacelift provides dedicated Slack channels and detailed documentation to make the onboarding process as smooth as possible. “The documentation was comprehensive, useful and error-free,” says Luis.
Verónica agrees: “Our infrastructure team found the product intuitive, so our journey with Spacelift has been smooth. I think we use it every day. We’re permanently pushing changes and running stacks.”
For Veronica, the most interesting feature is Policies. “We explored it from the very beginning as a way to set standards. The most important thing we wanted to achieve was to have our resources tagged with what we define in our tech policy.” The team also finds Contexts useful, and they store Terraform modules in the Module Registry.
Since Pomelo started using Spacelift, they have focused on applying the Terraform code uniformly, which Luis believes is the best approach in the long run.
“Because Spacelift allows us to use Terraform to configure everything, we decided early on that we wanted to avoid touching stuff in the Spacelift UI, so we implemented Terraform modules to create the stacks and everything else.”
The Pomelo team has no regrets about choosing Spacelift. “Whenever I’m asked how to approach IaC, I always recommend Spacelift. Spacelift is 100% infrastructure-as-code-oriented. It’s not something that’s jerry-rigged to work with Terraform,” says Luis. “And with regard to the impact on the company and the cost-effectiveness of using Spacelift, bang for buck for our use case, it’s been really great.”