https://blogs.law.harvard.edu/tech/rss https://this-is-fine.io/tags/rook-ceph/ Recent content in Rook-Ceph on Fuchsbau https://this-is-fine.io/tags/rook-ceph/ https://source.unsplash.com/2000x1322/?fox 1440 Hugo 0.125.4 de-DE Wed, 20 May 2026 22:26:12 UT https://this-is-fine.io/posts/20251121-mastodon-fediverse/ Fri, 21 Nov 2025 11:00:00 UT ff0x https://this-is-fine.io/posts/20251121-mastodon-fediverse/ Mastodon is a federated microblog server: local timelines plus ActivityPub links to other instances. Running it means managing state (PostgreSQL, media, cache) and edge (HTTPS and /.well-known for discovery). The lab instance is at https://mastodon.this-is-fine.social. It ships as a Helm release through Flux, same GitOps style as the rest of the lab. Federation is the interesting part socially and technically. Other servers discover you through HTTPS hostnames and /.well-known endpoints; if DNS or TLS drifts, federation breaks even when the pod is healthy. That is why the lab treats edge (Gateway API, cert-manager, external-dns) as first-class dependencies, not an afterthought. Infrastructure https://this-is-fine.io/posts/20251121-volsync-restic-backups/ Fri, 21 Nov 2025 08:00:00 UT ff0x https://this-is-fine.io/posts/20251121-volsync-restic-backups/ Stateful apps need point-in-time copies and a copy off the cluster. The lab uses VolSync with the restic mover: Kubernetes creates a VolumeSnapshot, VolSync runs restic against it, and encrypted data lands in a remote repository. The restic URL and password live in Vault and reach the cluster through External Secrets. VolSync sits in the middle: you already run the CSI snapshot controller and a storage class that supports snapshots (Rook-Ceph block volumes in the lab). VolSync watches a ReplicationSource, triggers on a schedule, and spins up a short-lived mover job. You get off-site copies without shelling into pods to run restic by hand. Infrastructure