https://blogs.law.harvard.edu/tech/rss https://this-is-fine.io/tags/external-secrets/ Recent content in External-Secrets on Fuchsbau https://this-is-fine.io/tags/external-secrets/ https://source.unsplash.com/2000x1322/?fox 1440 Hugo 0.125.4 de-DE Wed, 20 May 2026 22:26:11 UT https://this-is-fine.io/posts/20251121-volsync-restic-backups/ Fri, 21 Nov 2025 08:00:00 UT ff0x https://this-is-fine.io/posts/20251121-volsync-restic-backups/ Stateful apps need point-in-time copies and a copy off the cluster. The lab uses VolSync with the restic mover: Kubernetes creates a VolumeSnapshot, VolSync runs restic against it, and encrypted data lands in a remote repository. The restic URL and password live in Vault and reach the cluster through External Secrets. VolSync sits in the middle: you already run the CSI snapshot controller and a storage class that supports snapshots (Rook-Ceph block volumes in the lab). VolSync watches a ReplicationSource, triggers on a schedule, and spins up a short-lived mover job. You get off-site copies without shelling into pods to run restic by hand. Infrastructure