diff options
| author | Paul Buetow <paul@buetow.org> | 2026-02-05 11:52:21 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-02-05 12:13:08 +0200 |
| commit | 2abd85d2d78bc66c87a08490446e8ec70607139f (patch) | |
| tree | 8e024f9ee88c1c264407e177a85a0d7b73c66dc3 | |
| parent | 4359ae65896c573d3b50768bfa9dc216737e0858 (diff) | |
Add update notice for LAN ingress feature
Added update notice at the beginning of the blog post to inform
readers about the LAN ingress feature addition in February 2026.
The notice references the new section and summarizes key features.
| -rw-r--r-- | gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl b/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl index 01d3b7f5..4e280cdd 100644 --- a/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl +++ b/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl @@ -45,6 +45,20 @@ $ cd f3s/prometheus/ The deployment concepts and architecture remain the same—only the deployment method changed from imperative (`helm install/upgrade`) to declarative (GitOps with ArgoCD). +## Update: LAN Ingress Support (February 2026) + +**Update (2026-02-05):** This blog post has been updated to include a new section on exposing services via LAN ingress. The original blog post focused on external access through OpenBSD edge relays. The new section documents how to: + +* Expose services on the local network using LAN-specific ingresses (`*.f3s.lan.foo.zone`) +* Leverage the existing FreeBSD CARP failover infrastructure for high availability +* Configure FreeBSD `relayd` for TCP forwarding (Layer 4) instead of TLS termination +* Use cert-manager with self-signed certificates for LAN TLS offloading via Traefik +* Achieve zero-downtime CARP failover (tested and validated) + +This enhancement complements the existing external access method without requiring MetalLB or other LoadBalancer implementations. The f3s infrastructure now has three distinct TLS offloaders: OpenBSD relayd for external traffic, Traefik (k3s) for LAN HTTPS, and stunnel for NFS-over-TLS. + +See the new "### Exposing services via LAN ingress" section under "### Exposing Grafana via ingress" for complete details. + ## Persistent storage recap All observability components need persistent storage so that metrics and logs survive pod restarts. As covered in Part 6 of this series, the cluster uses NFS-backed persistent volumes: |