Add /etc/hosts DNS configuration for LAN services

Updated client-side setup section to include DNS configuration.
Added instructions for adding /etc/hosts entries pointing LAN
service domains to the CARP VIP (192.168.1.138).

Renamed section from 'Client-side CA trust' to 'Client-side DNS
and CA setup' to reflect both DNS and certificate configuration.

1 files changed, 16 insertions, 2 deletions

diff --git a/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl b/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl
index 7a054ed6..4011e017 100644
--- a/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl
+++ b/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl
@@ -375,9 +375,23 @@ HTTP/2 302
 location: /login
 ```
 
-*Client-side CA trust*:
+*Client-side DNS and CA setup*:
 
-Since the LAN certificates are self-signed, clients need to trust the CA. Export the CA certificate:
+To access LAN services, clients need DNS entries and must trust the self-signed CA.
+
+Add DNS entries to `/etc/hosts` on your laptop:
+
+```sh
+$ sudo tee -a /etc/hosts << 'EOF'
+# f3s LAN services
+192.168.1.138  grafana.f3s.lan.foo.zone
+192.168.1.138  navidrome.f3s.lan.foo.zone
+EOF
+```
+
+The CARP VIP `192.168.1.138` provides high availability—traffic automatically fails over to the backup host if the master goes down.
+
+Export the self-signed CA certificate:
 
 ```sh
 $ kubectl get secret selfsigned-ca-secret -n cert-manager -o jsonpath='{.data.ca\.crt}' | \