Going to AWS re:Invent 2024?
VARNER’s search for a centralized IaC tool to manage their cloud growth led them to Spacelift. We spoke to platform engineer Markus Holsve Sanness about how the platform has allowed the company’s engineers to spend less time maintaining functionality and more time innovating.
VARNER is huge — the kind of huge that has 9,000 employees, six online stores, and 1,200 physical stores across Norway, Sweden, Finland, and Iceland. That type of scale requires multiple teams and individuals to run Terraform code and without some kind of unified control, things can get messy very fast. “It quickly became apparent that we needed a central tool to aid our growth in the cloud. Struggles included infrastructure governance, policy enforcement, identity control, and access management,” recalls platform engineer Markus Holsve Sanness.
They were looking for a solution that combined policy as code with cloud integration to make it easy to control everything happening in their cloud in a granular fashion. “Policies empower us to control who has access to what, and at the same time control who is creating what type of resources. Cloud integrations make it easy to manage the identity and access of the stacks without configuring secrets and variables,” explains Markus.
The team started investigating pipeline tools, but they found that most of the tools on the market had neither the flexibility nor the specific functionality they needed. Then they discovered the Spacelift platform. VARNER signed up for a free trial of Spacelift as they researched the options available to them. “Spacelift covered most of the bases and was priced more competitively,” notes Markus.
One advantage Spacelift had over its rivals was the fact that it is powered by the open-source policy engine Open Policy Agent (OPA). OPA provides a way of declaratively writing policies as code and then incorporating those policies in a decision-making process, using the policy language Rego to write policies for different services. OPA integrates with many different tools, so it enables you to use a standard policy language across many parts of your system.
“Multiple people will be using the tools, and the time to get onboard was a pain point for us. We also needed a tool that supported more than Terraform, as we use different configuration code offerings, which automatically ruled out many competitors,” Markus points out.
This flexibility and functionality were key factors in pushing VARNER in Spacelift’s direction, but the Spacelift team’s responsiveness clinched it for them. “The availability and dedicated support provided both before and during our engagement convinced us that Spacelift would be a suitable company to work with technically and as a partner,” reveals Markus. “The responses and eagerness from your team made it easy to go for Spacelift — you always helped and answered our questions.”
As a company with big ambitions, VARNER needs to be able to scale its infrastructure efficiently. VARNER’s infrastructure team follows a monorepo approach, and using the Spacelift platform enables them to create a unique stack that points to the intended path and manages that segment of infrastructure. “For example, in Azure, we chose to have one stack corresponding to a single resource group and its constituent components. When the organization expands, having this separation of infrastructure intuitively available will make it a breeze to control the offering from an operational and maintainability perspective,” explains Markus.
Automating and streamlining as many processes as possible is the key to successful scaling. “Using CDK for Terraform and the Spacelift provider, we have created logic to detect any CDKTF stack, which in turn creates a Spacelift stack with all the connected bells and whistles according to the configured environment and team. Long story short, we don’t manually provision the stacks we need anymore,” notes Markus. “Administrative stacks are responsible for detecting and provisioning this through the use of Typescript and Terraform. For anyone wondering, we also use this type of logical magic to handle all stack dependencies to ensure ordered runs on dependent infrastructure.”
Policy as code is also central to security at VARNER. “To lock everything down in a way that makes Spacelift secure for our usage, we utilize the Rego-formatted policy system,” Markus explains. We regularly have new ideas and needs for new policies, which are usually provisioned in a matter of minutes. Granted, getting to that level of efficiency took some time, but it was very much worth it!”
Visibility is another benefit of the Spacelift IaC experience. “The ability to see what infrastructure changes are proposed before the code is pushed helps us maintain a clean main branch, which makes both the integration with pull requests and the ability to make local runs using the CLI tool invaluable,” says Markus.
As VARNER scales, Spacelift is proving to be a valuable partner. “Using Spacelift has helped us expand our infrastructural growth in a sustainable and controlled manner — no rogue infrastructure deployments with questionable identity management! We can now centrally manage everything while empowering our developer teams to provision their own infrastructure and place code ownership where the infrastructure is used,” says Markus.
This centralization and autonomy were exactly what VARNER was looking for. Now its engineers can dedicate themselves to tasks that add true business value. “We can now use more time to innovate and develop our platform and less time maintaining and operating,” concludes Markus.