// the find
nginxinc/kic-reference-architectures
MARA: Modern Application Reference Architecture
A Pulumi-based reference architecture for deploying NGINX Ingress Controller on Kubernetes across AWS, DigitalOcean, and Linode. It wires together VPC/EKS/ECR provisioning, cert-manager, Prometheus, OpenTelemetry, and a sample bank app (Sirius) into one opinionated stack. Archived and unsupported as of 2025.
The multi-cloud abstraction is genuinely useful — a single automation layer targets AWS EKS, DigitalOcean, and Linode LKE without duplicating every Pulumi stack. The observability stack is well-thought-out: OTel collector configs for multiple backends (Lightstep, Prometheus, basic debug) are included rather than left as an exercise. Using Pulumi with Python instead of YAML-templating tools means the infrastructure code is actually testable — there are unit tests for the image build utilities. The modular directory layout (infrastructure, kubernetes, utility all separate) makes it easy to pull out individual pieces rather than having to take the whole thing.
It's archived and explicitly unsupported — the README says security vulnerabilities may go unaddressed, so you're on your own the moment something breaks. The dependency on a custom Sirius bank app demo means you're deploying someone else's toy app to prove the architecture works, which isn't useful if you have your own workload. The Pipfile.lock is committed but the Python version is pinned in a separate `.python-version` file with no enforcement mechanism — expect environment drift. There's no teardown documentation beyond a `destroy.sh` script, and the extras folder has a hardcoded `jwt.token` file committed to the repo, which is the kind of thing that causes incidents.