Running Mastodon in the Lab (Fediverse Stack)

Mastodon is a federated microblog server: local timelines plus ActivityPub links to other instances. Running it means managing state (PostgreSQL, media, cache) and edge (HTTPS and /.well-known for discovery). The lab instance is at https://mastodon.this-is-fine.social.

It ships as a Helm release through Flux, same GitOps style as the rest of the lab.

Federation is the interesting part socially and technically. Other servers discover you through HTTPS hostnames and /.well-known endpoints; if DNS or TLS drifts, federation breaks even when the pod is healthy. That is why the lab treats edge (Gateway API, cert-manager, external-dns) as first-class dependencies, not an afterthought.

Software map

Request path

Internet
  -> mastodon.this-is-fine.social (HTTPRoute)
  -> Mastodon (Helm)
       PostgreSQL (CNPG)
       Dragonfly (cache)
       object storage (Rook S3)

Federation needs stable DNS and valid TLS — see Mastodon federation notes. SMTP, VAPID, and secretKeyBase sync from Vault through External Secrets, like other lab apps.

Media attachments land in object storage (Rook’s S3-compatible endpoint) so the web pods do not fill local disks with uploads. PostgreSQL holds accounts and timelines; Dragonfly backs Redis-shaped caching Mastodon expects. None of those pieces are optional if you want a instance that survives real use.

Capacity and backups

Mastodon is not a small Deployment: size CPU, memory, and database disk from upstream guidance. Database backups (CNPG) and optional PVC backups (VolSync) are separate choices.

Other fediverse apps (for example Pixelfed) can share the namespace; this article stays on Mastodon.

Further reading: ActivityPub, Mastodon releases.