Exagone313 @Exagone313@share.elouworld.org

Hey, I'm looking for an Ingress for Kubernetes thas is built to be secure and to be used on self-hosted ("on-premise") clusters.

It must:

* Use certificates from secrets in another namespace (specified in advance) if possible without having access to all secrets in all namespaces
=> Those are wildcard Let's Encrypt certificates managed by cert-manager (until I find another application that doesn't read secrets of whole namespace), I want to deploy multiple applications and to re-use wildcard certificates.
=> I don't want to copy the certificates in multiple namespaces.
=> bye ingress-nginx, traefik or anything relying on the Ingress resource, not supporting that feature on purpose for "security" reasons that are never explained (tell me what I'm missing in RBAC).

* Offer a way to upgrade without any downtime on any connection (although I'll never notice that in my current setup), while using hostPort for ports 80 and 443 (just like I can do with nginx on host)
=> I don't want to use firewall rules on the host to redirect on a NodePort, unless you prove me there is no other way and it is a good practice (I don't want to loose source IP so it would be SNAT?).
=> Since I bind on host ports 80/443, I can't use rolling update, so it needs to update inside the container itself without restart.
=> Maybe it's possible to use SO_REUSEADDR to be able to run multiple pods on the same port?

* Be easy to use with a PodSecurityPolicy.
=> not with a lot of deployments with different service accounts

I'm starting to brainstorm that project since there is no solution to my madness :)

Je suis à la recherche d'un (ou plusieurs) article/dossier qui explique à un public non expérimenté la collecte des données personnelles, les échanges de ces données entre services et le système publicitaire des enchères, ainsi que le point de vue légal avec le RGPD. Un livre pourrait être pas mal mais ça semble plus difficile à partager et aborder dans ce cas-là.

J'ai les connaissances mais j'ai du mal à conseiller un document où tout est rédigé/expliqué correctement.

La config IPv6 qui ne fonctionne plus sur systemd-networkd, sans aucune raison, après reboot. Sympa. Et pas trouvé moyen de configurer ça manuellement.

My mastodon database got corrupted and I lost some rows in the "statuses" table (the biggest, which contains all messages).

Repairing the database itself was difficult and required help from #postgresql IRC channel on Freenode (thanks to RhodiumToad).

Then I had to dump it and restore it with missing data, which violated some foreign key constraints. I wanted to add the missing constraints (so I don't get issues during database migrations).

I removed associated data with queries such as:

delete from mentions r where r.status_id is not null and not exists (select x.id from statuses x where x.id = r.status_id);

I probably didn't loose my own messages since this is a very small fraction of the whole table.

Now I understand why it is important to make backups (and I'm thinking about leaving Scaleway, because it was probably a disk failure rather than a PostgreSQL bug).

Time to upgrade Mastodon...