panfactum / stack Goto Github PK

Prior Search

• I have already searched this project's issues to determine if a bug report has already been made.

What happened?

Currently unable to deploy authentik with an encrypted redis connection. This is caused by two issues:

(1) Authentik does not allow for passing the proper parameters for an encrypted redis connection: goauthentik/authentik#9123

(2) The Linkerd service mesh cannot be used due to this issue: linkerd/linkerd2#12382

Authentik will be enhancing their redis support in this PR, so we will revisit once this is available.

Version

main (development branch)

What primary components of the stack are you seeing the problem on?

terraform

Relevant log output

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Prior Search

• I have already searched this project's issues to determine if a bug report has already been made.

What happened?

When going to /docs/guides/bootstrapping/preparing-aws the next application crashes, seems like an issue with an image asset but takes down the whole site and any other open tabs

Version

main (development branch)

What primary components of the stack are you seeing the problem on?

website

Relevant log output

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Prior Search

• I have already searched this project's issues to determine if a bug report has already been made.

What happened?

The aws cli seems broken in the release of the NixOS package registry recommended in the docs. I've pinned back my NixOS version in the meantime but may be good to recommend a more stable version.

Version

main (development branch)

What primary components of the stack are you seeing the problem on?

nix, website

Relevant log output

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Prior Search

• I have already searched this project's issues to determine if a similar request has already been made.

What new functionality would you like to see?

Using Hashicorp Vault as a part of a self-hosted infrastructure stack might not be compatible with the Vault's updated BUSL license. If it turns out to be incompatible, replace Vault with the OSS vault fork: https://github.com/openbao.

How would you use this new functionality?

To keep the Stack license compliant.

What primary components of the stack would this impact?

terraform, nix, website, reference

Code of Conduct

• I agree to follow this project's Code of Conduct

Prior Search

• I have already searched this project's issues to determine if a similar request has already been made.

What new functionality would you like to see?

aws_eks_access_entries provides a mechanism to deploy access directly in the aws_eks module, and we can eliminate the kube_rbac module entirely.

How would you use this new functionality?

See above

What primary components of the stack would this impact?

terraform, website, reference

Code of Conduct

• I agree to follow this project's Code of Conduct

Prior Search

• I have already searched this project's issues to determine if a bug report has already been made.

What happened?

When migrating from the non-flake version of the stack and attempting to set environment variables it seems as if there are conflicts from an unknown file. Potentially as a result of a previous devenv set up in the same file location

Version

main (development branch)

What primary components of the stack are you seeing the problem on?

nix

Relevant log output

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Prior Search

• I have already searched this project's issues to determine if a similar request has already been made.

What new functionality would you like to see?

Add the pvc-autoresizer functionality to take care of automatically adjusting the underlying PVC storage.

How would you use this new functionality?

It would eliminate manual maintenance and monitoring to ensure that PVCs are large enough to hold the containing data

What primary components of the stack would this impact?

terraform

Code of Conduct

• I agree to follow this project's Code of Conduct

Prior Search

• I have already searched this project's issues to determine if a similar request has already been made.

What new functionality would you like to see?

Currently, the fck-nat configuration forces us to spin down NAT nodes prior to launching new nodes in the same AZ. Ideally, we would launch the new nodes while the old nodes are still running and then simply update the routing table rules in realtime to reduce downtime to a few seconds vs minutes.

How would you use this new functionality?

During fck-nat node upgrades

What primary components of the stack would this impact?

terraform

Code of Conduct

• I agree to follow this project's Code of Conduct

Prior Search

• I have already searched this project's issues to determine if a similar request has already been made.

What new functionality would you like to see?

With the recent changes to terraform's license, it is unclear whether using more recent versions of terraform within the Panfactum stack would violate the new licenses "embedded use" policy. It seems likely. As a result, we should migrate to opentofu once 1.7 is released.

How would you use this new functionality?

Same as terraform

What primary components of the stack would this impact?

terraform, nix, website, reference

Code of Conduct

• I agree to follow this project's Code of Conduct

See https://terragrunt.gruntwork.io/docs/features/scaffold/#scaffold

Prior Search

• I have already searched this project's issues to determine if a similar request has already been made.

What new functionality would you like to see?

Allow users to choose to use AWS NAT Gateway instead of our EC2 NAT nodes in the aws_vpc module

How would you use this new functionality?

For users who want to pay more money to AWS in exchange for eliminating some of the minor limitations of fck-nat

What primary components of the stack would this impact?

terraform

Code of Conduct

• I agree to follow this project's Code of Conduct