Mastodawn

Numerous technical and security improvements on the infrastructure that supports https://mstdn.dk

DNS simplified extensively by migrating public facing secondary nameservers to #NSD using #CatalogZones from PowerDNS + DNSDist.
#DNSSEC reenabled
#ExternalDNS and #CertManager configuration vastly simplified.
#Ingress controller migrated from #Nginx to #Traefik

Bottom line: https://sikkerpånettet.dk/ now gives the site a 100% #security score. There are still improvements to be made (weirdly enough) - specifically I'm looking into supporting DANE for #TLS certificate signatures in #DNS.

Now that's off the TODO-list :-)

#mstdndk

mstdn.dk

Just your average friendly Danish Mastodon server. New users tooting in Danish/English welcome. Administered from Denmark. Hosted on bare-metal Kubernetes in the EU.

Mastodon hosted on mstdn.dk

Show thread

Aaron Longchamps Aug 30, 2025

Figured out some more of the homelab Kubernetes fun tonight: I probably need an etcd operator on the cluster, responding on some-hostname:2379 so that the external-dns service can find what it needs. I don't have this setup yet so nothing is running on :2379.

I didn't see this mentioned in the docs so tomorrow I'll design something and see if I can get it working.

I also really should take some better notes, if only for my own documentation. Then I should probably redeploy my original infrastructure.

#homelab #kubernetes #etcd #dns #externaldns

Indiealexh Apr 24, 2025

I spent probably a weeks worth of hours learning more #kubernetes so I could save $60 a month.

I have a nice 3 node kube cluster with a 2 node #keepalived #haproxy TCP load balancer. All on #ARM VPS.

Haproxy ingress
#ExternalDNS operator
#CertManager
#RookCeph
#ArgoCD
#KeyCloak
#ValKey
#Mastodon
#CloudNativePG #Postgresql

Dentaku (Thomas Renger)Aug 4, 2024

Ha, funktioniert: LoadBalancer für #dovecot wird automatisch erzeugt, automatisch in DNS eingetragen und automatisch ein TLS-Zertifikat erzeugt. Langsam nimmt mein Mail-auf-Kubernetes-Setup Form an.

#k8s #externaldns #certmanager #rfc2136

Show thread

Saustrup Jul 16, 2023

Low hanging stateless fruits moved from ArgoCD to #FluxCD: #CertManager, #ExternalDNS, #Drone, #Stakater #Reloader. Those seem to be in working order. It's gonna take a bit of time moving the stateful projects though.

🌳ybaumy 🌳🐈‍⬛Oct 5, 2022

.. hmm .. #kubernetes #externaldns #hetzner support ^^

https://github.com/kubernetes-sigs/external-dns/issues/2660

Hetzner provider implementation · Issue #2660 · kubernetes-sigs/external-dns

In #2635, we had to drop the Hetzner provider, more context in #2653 . This issue if for reimplementing it in the future if the community will be interested in it.

GitHub