Use Spacelift for collaborative Terraform management with policy-as-code, drift detection, and approval workflows. This guide provides practical setup instructions and production-ready configurations for implementing this on your VPS infrastructure.
Installation and Setup
# Install the tool on your VPS
# Follow the official installation guide for your distribution
# Most tools support Docker-based deployment for easy setup
# Quick start with Docker
docker pull spacelift-terraform-management:latest
docker run -d --name spacelift-terraform-management -p 8080:8080 spacelift-terraform-management:latest
# Or install natively
curl -fsSL https://install.example.com | shCore Configuration
The primary configuration covers collaborative workflows and policy-as-code with OPA setup. These form the foundation of a working deployment:
# Primary configuration file
# Adjust these settings based on your environment
# Enable core features
collaborative workflows:
enabled: true
interval: 300 # seconds
# Configure policy-as-code with OPA
policy-as-code with OPA:
enabled: true
targets:
- production
- staging
# Authentication and security
auth:
type: token
token_file: /etc/secrets/api-tokendrift detection dashboards Configuration
Setting up drift detection dashboards is essential for production reliability:
# Configure drift detection dashboards
# This ensures your setup handles production workloads correctly
# Key settings for drift detection dashboards:
# 1. Set appropriate resource limits
# 2. Configure health checks
# 3. Enable logging and monitoring
# 4. Set up backup and recovery
resources:
limits:
cpu: "2"
memory: "2Gi"
requests:
cpu: "500m"
memory: "512Mi"
healthCheck:
enabled: true
interval: 30s
timeout: 10sapproval workflows Integration
Integrating approval workflows provides visibility into system health and performance:
# Set up monitoring and alerting
# Prometheus metrics endpoint
metrics:
enabled: true
port: 9090
path: /metrics
# Alert rules
alerts:
- name: HighErrorRate
condition: error_rate > 0.05
duration: 5m
severity: critical
notify:
- slack
- email
# Dashboard integration
# Import provided Grafana dashboards for visual monitoringcost estimation
- Security: Always use TLS for communication, rotate credentials regularly, and follow the principle of least privilege
- High availability: Run multiple instances behind a load balancer for production workloads
- Backup: Regularly back up configuration and state data
- Updates: Keep the tool updated for security patches and new features
- Documentation: Maintain runbooks for common operations and incident response
Production Deployment
# Systemd service for production
[Unit]
Description=Spacelift Terraform Management
After=network.target docker.service
[Service]
Type=simple
User=appuser
ExecStart=/usr/local/bin/spacelift-terraform-management serve --config /etc/spacelift-terraform-management/config.yaml
Restart=always
RestartSec=5
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
# Enable and start
sudo systemctl enable --now spacelift-terraform-managementSummary
This tool streamlines collaborative workflows and policy-as-code with OPA workflows for DevOps teams. Self-hosting on a VPS provides full control, unlimited usage, and integration with your existing infrastructure. Start with the basic configuration, add monitoring early, and gradually adopt advanced features like approval workflows and cost estimation as your team matures its practices.