ResinStack is a new and innovative project. As such there are certain limitations in the system right now that may affect your environment. This page documents these limitations.
AIO Bootstrap Loops
Right now there are two critical bootstrap loops of an All-In-One
(AIO) control plane. One loop is formed by using Consul for Vault
storage, which means Vault can’t be initialized until after the consul
ACL system is initialized. This will be resolved by the use of Vault
internal storage, which requires at minimum
to be resolved. Additionally, Vault’s raft subsystem needs to support
go-discover for truly
The second loop is formed via Nomad requiring a Vault token to be able
to issue tokens to tasks running within the cluster. This loop is
or an alternate solution with the same functionality.
Full TLS Everywhere
Similar to the AIO bootstrapping loops, running with TLS everywhere is not currently supported due to issues with needing to provision certificates prior to a certificate provisioning system being available. This can be worked around by generating certificates external to the cluster and including them in the configuration archive, the security of which is left as an exercise to the reader.
Current Docker Versions
The docker version is locked to the version available from LinuxKit, which typically lags by some amount behind the most recent version. It is possible that ResinStack will maintain a disjoint set of repos from those of LinuxKit to resolve this shortcoming.
Lack of Documentation
This is an easy one to fix. If you are interested in helping write documentation, contact us.