Update content for md

11 files changed, 246 insertions, 83 deletions

diff --git a/about/resources.md b/about/resources.md
index 9cebf3f7..7c43c76d 100644
--- a/about/resources.md
+++ b/about/resources.md
@@ -35,60 +35,60 @@ You won't find any links on this site because, over time, the links will break.
 
 In random order:
 
-* Concurrency in Go; Katherine Cox-Buday; O'Reilly
-* The Pragmatic Programmer; David Thomas; Addison-Wesley
-* The Kubernetes Book; Nigel Poulton; Unabridged Audiobook
-* DNS and BIND; Cricket Liu; O'Reilly
-* Modern Perl; Chromatic ; Onyx Neon Press
-* 100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications
-* DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible
-* Data Science at the Command Line; Jeroen Janssens; O'Reilly
-* The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible
-* Effective Java; Joshua Bloch; Addison-Wesley Professional
-* Terraform Cookbook; Mikael Krief; Packt Publishing
-* Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly
-* 21st Century C: C Tips from the New School; Ben Klemens; O'Reilly
-* Site Reliability Engineering; How Google runs production systems; O'Reilly
-* Raku Recipes; J.J. Merelo; Apress
-* The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton
-* Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly
-* 97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly
-* Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press
-* Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers 
 * Ultimate Go Notebook; Bill Kennedy
+* Pro Puppet; James Turnbull, Jeffrey McCune; Apress
+* Leanring eBPF; Liz Rice; O'Reilly
 * The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional
+* Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications
+* Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press
+* Effective Java; Joshua Bloch; Addison-Wesley Professional
+* The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton
+* Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly
+* DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible
+* The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress
+* 21st Century C: C Tips from the New School; Ben Klemens; O'Reilly
 * Developing Games in Java; David Brackeen and others...; New Riders
+* Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly
+* The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible
+* Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers 
+* Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson
+* The Kubernetes Book; Nigel Poulton; Unabridged Audiobook
+* Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers
+* Java ist auch eine Insel; Christian Ullenboom; 
 * Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner
+* Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly
+* Data Science at the Command Line; Jeroen Janssens; O'Reilly
+* Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly
+* Terraform Cookbook; Mikael Krief; Packt Publishing
+* Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt 
+* Concurrency in Go; Katherine Cox-Buday; O'Reilly
+* The Pragmatic Programmer; David Thomas; Addison-Wesley
+* The Docker Book; James Turnbull; Kindle
+* Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press
+* Perl New Features; Joshua McAdams, brian d foy; Perl School
 * C++ Programming Language; Bjarne Stroustrup;
-* Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press
-* Effective awk programming; Arnold Robbins; O'Reilly
-* The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress
-* Systemprogrammierung in Go; Frank Müller; dpunkt
-* Pro Puppet; James Turnbull, Jeffrey McCune; Apress
-* Leanring eBPF; Liz Rice; O'Reilly
 * Higher Order Perl; Mark Dominus; Morgan Kaufmann
-* Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly
-* Java ist auch eine Insel; Christian Ullenboom; 
 * Raku Fundamentals; Moritz Lenz; Apress
-* Perl New Features; Joshua McAdams, brian d foy; Perl School
+* Site Reliability Engineering; How Google runs production systems; O'Reilly
+* Raku Recipes; J.J. Merelo; Apress
+* Modern Perl; Chromatic ; Onyx Neon Press
+* 97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly
+* Systemprogrammierung in Go; Frank Müller; dpunkt
+* DNS and BIND; Cricket Liu; O'Reilly
 * Polished Ruby Programming; Jeremy Evans; Packt Publishing
-* Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson
-* Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt 
-* Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly
+* Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly
+* 100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications
+* Effective awk programming; Arnold Robbins; O'Reilly
 * Funktionale Programmierung; Peter Pepper; Springer
-* Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers
-* Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications
-* The Docker Book; James Turnbull; Kindle
-* Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly
 
 ## Technical references
 
 I didn't read them from the beginning to the end, but I am using them to look up things. The books are in random order:
 
-* The Linux Programming Interface; Michael Kerrisk; No Starch Press 
-* Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly
-* BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley
 * Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly
+* BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley
+* Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly
+* The Linux Programming Interface; Michael Kerrisk; No Starch Press 
 * Implementing Service Level Objectives; Alex Hidalgo; O'Reilly
 * Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley
 * Relayd and Httpd Mastery; Michael W Lucas
@@ -97,36 +97,36 @@ I didn't read them from the beginning to the end, but I am using them to look up
 
 In random order:
 
-* The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd
-* The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select
-* Slow Productivity; Cal Newport; Penguin Random House
-* The Power of Now; Eckhard Tolle; Yellow Kite
-* So Good They Can't Ignore You; Cal Newport; Business Plus
+* Influence without Authority; A. Cohen, D. Bradford; Wiley
 * Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly
+* So Good They Can't Ignore You; Cal Newport; Business Plus
+* The Bullet Journal Method; Ryder Carroll; Fourth Estate
+* The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK
+* Soft Skills; John Sommez; Manning Publications
 * Deep Work; Cal Newport; Piatkus
+* Digital Minimalism; Cal Newport; Portofolio Penguin
+* The Off Switch; Mark Cropley; Virgin Books
+* The Good Enough Job; Simone Stolzoff; Ebury Edge
+* Eat That Frog!; Brian Tracy; Hodder Paperbacks
+* The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books
+* Psycho-Cybernetics; Maxwell Maltz; Perigee Books
 * Never Split the Difference; Chris Voss, Tahl Raz; Random House Business
+* Ultralearning; Anna Laurent; Self-published via Amazon
+* Ultralearning; Scott Young; Thorsons
+* The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select
 * Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne
-* The Off Switch; Mark Cropley; Virgin Books
+* 101 Essays that change the way you think; Brianna Wiest; Audible
+* Slow Productivity; Cal Newport; Penguin Random House
 * Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion 
+* The Power of Now; Eckhard Tolle; Yellow Kite
+* The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook
+* The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd
+* Stop starting, start finishing; Arne Roock; Lean-Kanban University  
 * Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press
-* Influence without Authority; A. Cohen, D. Bradford; Wiley
-* The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books
-* Ultralearning; Scott Young; Thorsons
-* Ultralearning; Anna Laurent; Self-published via Amazon
-* The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK
-* The Good Enough Job; Simone Stolzoff; Ebury Edge
-* The Joy of Missing Out; Christina Crook; New Society Publishers
-* Staff Engineer: Leadership beyond the management track; Will Larson; Audible
-* Digital Minimalism; Cal Newport; Portofolio Penguin
 * Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing
-* The Bullet Journal Method; Ryder Carroll; Fourth Estate
-* The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook
-* 101 Essays that change the way you think; Brianna Wiest; Audible
+* Staff Engineer: Leadership beyond the management track; Will Larson; Audible
+* The Joy of Missing Out; Christina Crook; New Society Publishers
 * Atomic Habits; James Clear; Random House Business
-* Psycho-Cybernetics; Maxwell Maltz; Perigee Books
-* Stop starting, start finishing; Arne Roock; Lean-Kanban University  
-* Eat That Frog!; Brian Tracy; Hodder Paperbacks
-* Soft Skills; John Sommez; Manning Publications
 
 [Here are notes of mine for some of the books](../notes/index.md)  
 
@@ -134,29 +134,29 @@ In random order:
 
 Some of these were in-person with exams; others were online learning lectures only. In random order:
 
+* Structure and Interpretation of Computer Programs; Harold Abelson and more...; 
+* Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon
+* The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online
 * The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online
-* MySQL Deep Dive Workshop; 2-day on-site training
 * Ultimate Go Programming; Bill Kennedy; O'Reilly Online
+* F5 Loadbalancers Training; 2-day on-site training; F5, Inc. 
+* Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)
+* MySQL Deep Dive Workshop; 2-day on-site training
 * Functional programming lecture; Remote University of Hagen
 * Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training
-* Protocol buffers; O'Reilly Online
-* Structure and Interpretation of Computer Programs; Harold Abelson and more...; 
 * Scripting Vim; Damian Conway; O'Reilly Online
+* Protocol buffers; O'Reilly Online
 * Apache Tomcat Best Practises; 3-day on-site training
-* The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online
-* Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)
 * AWS Immersion Day; Amazon; 1-day interactive online training 
-* Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon
 * Developing IaC with Terraform (with Live Lessons); O'Reilly Online
-* F5 Loadbalancers Training; 2-day on-site training; F5, Inc. 
 * Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online
 
 ## Technical guides
 
 These are not whole books, but guides (smaller or larger) which I found very useful. in random order:
 
-* Raku Guide at https://raku.guide  
 * Advanced Bash-Scripting Guide 
+* Raku Guide at https://raku.guide  
 
 ## Podcasts
 
@@ -164,39 +164,39 @@ These are not whole books, but guides (smaller or larger) which I found very use
 
 In random order:
 
-* Dev Interrupted
 * Backend Banter
-* Cup o' Go [Golang]
-* Hidden Brain
-* Deep Questions with Cal Newport
-* The Pragmatic Engineer Podcast
+* The ProdCast (Google SRE Podcast)
 * Maintainable
+* Hidden Brain
 * Go Time (Changelog)
+* Dev Interrupted
+* The Pragmatic Engineer Podcast
 * Ship it (Changelog) 
-* The ProdCast (Google SRE Podcast)
+* Cup o' Go [Golang]
+* Deep Questions with Cal Newport
 
 ### Podcasts I liked
 
 I liked them but am not listening to them anymore. The podcasts have either "finished" (no more episodes) or I stopped listening to them due to time constraints or a shift in my interests.
 
-* Modern Mentor
 * Java Pub House
-* FLOSS weekly
 * CRE: Chaosradio Express [german]
+* FLOSS weekly
+* Modern Mentor
 
 ## Newsletters I like
 
 This is a mix of tech and non-tech newsletters I am subscribed to. In random order:
 
 * The Imperfectionist
-* Golang Weekly
+* The Valuable Dev
+* byteSizeGo
 * VK Newsletter
+* Register Spill
 * Andreas Brandhorst Newsletter (Sci-Fi author)
-* byteSizeGo
+* Golang Weekly
 * Applied Go Weekly Newsletter
-* Register Spill
 * Ruby Weekly
-* The Valuable Dev
 
 # Formal education
 
diff --git a/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.md b/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.md
index 60df5a1b..10fc37cc 100644
--- a/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.md
+++ b/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.md
@@ -402,5 +402,6 @@ Other *BSD related posts are:
 [2022-10-30 Installing DTail on OpenBSD](./2022-10-30-installing-dtail-on-openbsd.md)  
 [2024-01-13 One reason why I love OpenBSD](./2024-01-13-one-reason-why-i-love-openbsd.md)  
 [2024-04-01 KISS high-availability with OpenBSD](./2024-04-01-KISS-high-availability-with-OpenBSD.md)  
+[2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1](./2024-11-17-f3s-kubernetes-with-freebsd-part-1.md)  
 
 [Back to the main site](../)  
diff --git a/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.md b/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.md
index 35870c2c..c870ccab 100644
--- a/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.md
+++ b/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.md
@@ -681,5 +681,6 @@ Other *BSD related posts are:
 [2022-10-30 Installing DTail on OpenBSD](./2022-10-30-installing-dtail-on-openbsd.md)  
 [2024-01-13 One reason why I love OpenBSD](./2024-01-13-one-reason-why-i-love-openbsd.md)  
 [2024-04-01 KISS high-availability with OpenBSD](./2024-04-01-KISS-high-availability-with-OpenBSD.md)  
+[2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1](./2024-11-17-f3s-kubernetes-with-freebsd-part-1.md)  
 
 [Back to the main site](../)  
diff --git a/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.md b/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.md
index f598189b..91f3b2cd 100644
--- a/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.md
+++ b/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.md
@@ -56,5 +56,6 @@ Other *BSD related posts are:
 [2022-10-30 Installing DTail on OpenBSD](./2022-10-30-installing-dtail-on-openbsd.md)  
 [2024-01-13 One reason why I love OpenBSD (You are currently reading this)](./2024-01-13-one-reason-why-i-love-openbsd.md)  
 [2024-04-01 KISS high-availability with OpenBSD](./2024-04-01-KISS-high-availability-with-OpenBSD.md)  
+[2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1](./2024-11-17-f3s-kubernetes-with-freebsd-part-1.md)  
 
 [Back to the main site](../)  
diff --git a/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.md b/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.md
index 84875f62..881d66d1 100644
--- a/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.md
+++ b/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.md
@@ -307,5 +307,6 @@ Other *BSD and KISS related posts are:
 [2023-10-29 KISS static web photo albums with `photoalbum.sh`](./2023-10-29-kiss-static-web-photo-albums-with-photoalbum.sh.md)  
 [2024-01-13 One reason why I love OpenBSD](./2024-01-13-one-reason-why-i-love-openbsd.md)  
 [2024-04-01 KISS high-availability with OpenBSD (You are currently reading this)](./2024-04-01-KISS-high-availability-with-OpenBSD.md)  
+[2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1](./2024-11-17-f3s-kubernetes-with-freebsd-part-1.md)  
 
 [Back to the main site](../)  
diff --git a/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.md b/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.md
new file mode 100644
index 00000000..6aae0ab2
--- /dev/null
+++ b/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.md
@@ -0,0 +1,157 @@
+# f3s: Kubernetes with FreeBSD - Setting the stage - Part 1
+
+> Published at 2024-11-16T23:08:10+02:00
+
+This is the first blog post about my f3s series for my self-hosting demands in my home lab. f3s? The "f" stands for FreeBSD, and the "3s" stands for k3s, the Kubernetes distribution I will use on FreeBSD-based physical machines.
+
+I will post a new entry every month or so (there are too many other side projects for more frequent updates—I bet you can understand).
+
+[2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1 (You are currently reading this)](./2024-11-17-f3s-kubernetes-with-freebsd-part-1.md)  
+
+[![f3s logo](./f3s-kubernetes-with-freebsd-part-1/f3slogo.png "f3s logo")](./f3s-kubernetes-with-freebsd-part-1/f3slogo.png)  
+
+Let's begin...
+
+## Table of Contents
+
+* [⇢ f3s: Kubernetes with FreeBSD - Setting the stage - Part 1](#f3s-kubernetes-with-freebsd---setting-the-stage---part-1)
+* [⇢ ⇢ Why this setup?](#why-this-setup)
+* [⇢ ⇢ The infrastructure](#the-infrastructure)
+* [⇢ ⇢ ⇢ Physical FreeBSD nodes and Linux VMs](#physical-freebsd-nodes-and-linux-vms)
+* [⇢ ⇢ ⇢ Kubernetes with k3s ](#kubernetes-with-k3s-)
+* [⇢ ⇢ ⇢ HA volumes for k3s with HAST/ZFS and NFS](#ha-volumes-for-k3s-with-hastzfs-and-nfs)
+* [⇢ ⇢ ⇢ OpenBSD/`relayd` to the rescue for external connectivity](#openbsdrelayd-to-the-rescue-for-external-connectivity)
+* [⇢ ⇢ Data integrity](#data-integrity)
+* [⇢ ⇢ ⇢ Periodic backups](#periodic-backups)
+* [⇢ ⇢ ⇢ Power protection](#power-protection)
+* [⇢ ⇢ Monitoring: Keeping an Eye on Everything](#monitoring-keeping-an-eye-on-everything)
+* [⇢ ⇢ ⇢ Prometheus and Grafana](#prometheus-and-grafana)
+* [⇢ ⇢ ⇢ Gogios: My Custom Alerting System](#gogios-my-custom-alerting-system)
+* [⇢ ⇢ What's after this all?](#what-s-after-this-all)
+
+## Why this setup?
+
+Look at my previous setup, which was great to learn Terraform and AWS, but the setup is too expensive. Costs are under control there, but only because I am shutting down all containers after use (so they are offline ninety per cent of the time and still cost around 20 bucks monthly). With the new setup, I could run all containers 24/7 at home, which would still be cheaper for electricity consumption.
+
+[From `babylon5.buetow.org` to `.cloud`](https://foo.zone/gemfeed/2024-02-04-from-babylon5.buetow.org-to-.cloud.html)  
+
+Migrating off all my containers from AWS ECS means I need a reliable and scalable environment to host my workloads. I wanted something:
+
+* To self-host all my open-source apps (Docker containers).
+* Fully under my control (goodbye cloud vendor lock-in).
+* Secure and redundant.
+* Cost-efficient (after the initial hardware investment).
+* Something I can poke around with and also pick up new skills.
+
+## The infrastructure
+
+This is still in progress, and I need to own the hardware. But in this first part of the blog series, I will outline what I intend to do.
+
+[![Diagram](./f3s-kubernetes-with-freebsd-part-1/diagram.png "Diagram")](./f3s-kubernetes-with-freebsd-part-1/diagram.png)  
+
+### Physical FreeBSD nodes and Linux VMs
+
+The setup starts with three physical FreeBSD nodes. On these, I'm running Rocky Linux virtual machines with bhyve. Why Linux VMs in FreeBSD and not Linux directly? I want to leverage the great ZFS integration in FreeBSD (among other features), and I have been using FreeBSD for a while in my home lab. And with bhyve, there is a very performant hypervisor available which makes the Linux VMs de-facto run at native speed (another use case of mine would be maybe running a Windows bhyve VM on one of the nodes - but out of scope for this blog series).
+
+[https://www.freebsd.org/](https://www.freebsd.org/)  
+[https://wiki.freebsd.org/bhyve](https://wiki.freebsd.org/bhyve)  
+
+I selected Rocky Linux because it comes with long-term support (I don't want to upgrade the VMs every 6 months). Rocky Linux 9 will reach its end of life in 2032, which is plenty of time! Of course, there will be minor upgrades, but nothing will significantly break my setup.
+
+[https://rockylinux.org/](https://rockylinux.org/)  
+[https://wiki.rockylinux.org/rocky/version/](https://wiki.rockylinux.org/rocky/version/)  
+
+Furthermore, I am already using "RHEL-family" related distros at work and Fedora on my main personal laptop. Rocky Linux belongs to the same type of Linux distribution family, so I already feel at home here. I also used Rocky 9 before I switched to AWS ECS. Now, I am switching back in one sense or another ;-)
+
+### Kubernetes with k3s 
+
+These Linux VMs form a three-node k3s Kubernetes cluster, where my containers will reside moving forward. The 3-node k3s cluster will be highly available (in `etcd` mode), and all apps will probably be deployed with Helm. Prometheus will also be running in k3s, collecting time-series metrics and handling monitoring. Additionally, a private Docker registry will be deployed into the k3s cluster, where I will store some of my self-created Docker images. k3s is the perfect distribution of Kubernetes for homelabbers due to its simplicity and the inclusion of the most useful features out of the box!
+
+[https://k3s.io/](https://k3s.io/)  
+
+### HA volumes for k3s with HAST/ZFS and NFS
+
+Persistent storage for the k3s cluster will be handled by highly available (HA) NFS shares backed by ZFS on the FreeBSD hosts. 
+
+On two of the three physical FreeBSD nodes, I will add a second SSD drive to each and dedicate it to a `pool` ZFS pool. With HAST (FreeBSD's solution for highly available storage), this `pool` will be replicated at the byte level to a standby node.
+
+A virtual IP (VIP) will point to the master node. When the master node goes down, the VIP will failover to the standby node, where the ZFS pool will be mounted. An NFS server will listen to both nodes. k3s will use the VIP to access the NFS shares.
+
+[https://wiki.freebsd.org/HighlyAvailableStorage](https://wiki.freebsd.org/HighlyAvailableStorage)  
+
+### OpenBSD/`relayd` to the rescue for external connectivity
+
+All apps should be reachable through the internet (e.g., from my phone or computer when travelling). For external connectivity and TLS management, I've got two OpenBSD VMs (one hosted by OpenBSD Amsterdam and another hosted by Hetzner) handling public-facing services like DNS, relaying traffic, and automating Let's Encrypt certificates. 
+
+All of this (every Linux VM to every OpenBSD box) will be connected via WireGuard tunnels, keeping everything private and secure. There will be 6 WireGuard tunnels (3 k3s nodes times two OpenBSD VMs).
+
+[https://en.wikipedia.org/wiki/WireGuard](https://en.wikipedia.org/wiki/WireGuard)  
+
+So, when I want to access a service running in k3s, I will hit an external DNS endpoint (with the authoritative DNS servers being the OpenBSD boxes). The DNS will resolve to the master OpenBSD VM (see my KISS highly-available with OpenBSD blog post), and from there, the `relayd` process (with a Let's Encrypt certificate—see my Let's Encrypt with OpenBSD and Rex blog post) will accept the TCP connection and forward it through the WireGuard tunnel to a reachable node port of one of the k3s nodes, thus serving the traffic.
+
+[KISS high-availability with OpenBSD](https://foo.zone/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html)  
+[Le's Encrypt with OpenBSD and Rex](https://foo.zone/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.html)  
+
+The OpenBSD setup described here already exists and is ready to use. The only thing that does not yet exist is the configuration of `relayd` to forward requests to k3s through the WireGuard tunnel(s).
+
+## Data integrity
+
+### Periodic backups
+
+Let's face it, backups are non-negotiable. 
+
+On the HAST master node, incremental and encrypted ZFS snapshots are created daily and automatically backed up to AWS S3 Glacier Deep Archive via CRON. I have a bunch of scripts already available, which I currently use for a similar purpose on my FreeBSD Home NAS server (an old ThinkPad T440 with an external USB drive enclosure, which I will eventually retire when the HAST setup is ready). I will copy them and slightly modify them to fit the purpose.
+
+[https://www.freshports.org/sysutils/zfstools](https://www.freshports.org/sysutils/zfstools)  
+
+The backup scripts also perform some zpool scrubbing now and then. A scrub once in a while keeps the trouble away.
+
+### Power protection
+
+Power outages are regularly in my area, so a UPS keeps the infrastructure running during short outages and protects the hardware. I'm still trying to decide which hardware to get, and I still need one, as my previous NAS is simply an older laptop that already has a battery for power outages. However, there are plenty of options to choose from. My main criterion is that the UPS should be silent, as the whole setup will be installed in an upper shelf unit in my daughter's room. ;-)
+
+## Monitoring: Keeping an Eye on Everything
+
+Robust monitoring is vital to any infrastructure, especially one as distributed as mine. I've thought about a setup that ensures I'll always be aware of what's happening in my environment.
+
+### Prometheus and Grafana
+
+Inside the k3s cluster, Prometheus will be deployed to handle metrics collection. It will be configured to scrape data from my Kubernetes workloads, nodes, and any services I monitor. Prometheus also integrates with Alertmanager to generate alerts based on predefined thresholds or conditions.
+
+[https://prometheus.io](https://prometheus.io)  
+
+For visualization, Grafana will be deployed alongside Prometheus. Grafana lets me build dynamic, customizable dashboards that provide a real-time view of everything from resource utilization to application performance. Whether it's keeping track of CPU load, memory usage, or the health of Kubernetes pods, Grafana has it covered. This will also make troubleshooting easier, as I can quickly pinpoint where issues are arising.
+
+[https://grafana.com](https://grafana.com)  
+
+### Gogios: My Custom Alerting System
+
+Alerts generated by Prometheus are forwarded to Alertmanager, which I will configure to work with Gogios, a lightweight monitoring and alerting system I wrote myself. Gogios runs on one of my OpenBSD VMs. At regular intervals, Gogios scrapes the alerts generated in the k3s cluster and notifies me via Email.
+
+[KISS server monitoring with Gogios](https://foo.zone/gemfeed/2023-06-01-kiss-server-monitoring-with-gogios.html)  
+
+Ironically, I implemented Gogios to avoid using more complex alerting systems like Prometheus, but here we go—it integrates well now.
+
+## What's after this all?
+
+This setup is just the beginning. Some ideas I'm thinking about for the future:
+
+* Adding more FreeBSD nodes (in different physical locations, maybe at my wider family's places?) for better redundancy. (HA storage then might be trickier)
+* Deploying more Docker apps (data-intensive ones, like a picture gallery, my entire audiobook catalogue, or even a music server) to k3s.
+
+For now, though, I'm focused on completing the migration from AWS ECS and getting all my Docker containers running smoothly in k3s.
+
+What's your take on self-hosting? Are you planning to move away from managed cloud services? Stay tuned for the second part of this series, where I will likely write about the hardware and the OS setups.
+
+Other *BSD-related posts:
+
+[2016-04-09 Jails and ZFS with Puppet on FreeBSD](./2016-04-09-jails-and-zfs-on-freebsd-with-puppet.md)  
+[2022-07-30 Let's Encrypt with OpenBSD and Rex](./2022-07-30-lets-encrypt-with-openbsd-and-rex.md)  
+[2022-10-30 Installing DTail on OpenBSD](./2022-10-30-installing-dtail-on-openbsd.md)  
+[2024-01-13 One reason why I love OpenBSD](./2024-01-13-one-reason-why-i-love-openbsd.md)  
+[2024-04-01 KISS high-availability with OpenBSD](./2024-04-01-KISS-high-availability-with-OpenBSD.md)  
+[2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1 (You are currently reading this)](./2024-11-17-f3s-kubernetes-with-freebsd-part-1.md)  
+
+E-Mail your comments to `paul@nospam.buetow.org` :-)
+
+[Back to the main site](../)  
diff --git a/gemfeed/f3s-kubernetes-with-freebsd-part-1/diagram.png b/gemfeed/f3s-kubernetes-with-freebsd-part-1/diagram.png
new file mode 100644
index 00000000..fa6b655a
--- /dev/null
+++ b/gemfeed/f3s-kubernetes-with-freebsd-part-1/diagram.png
diff --git a/gemfeed/f3s-kubernetes-with-freebsd-part-1/f3slogo.png b/gemfeed/f3s-kubernetes-with-freebsd-part-1/f3slogo.png
new file mode 100644
index 00000000..c9eb8945
--- /dev/null
+++ b/gemfeed/f3s-kubernetes-with-freebsd-part-1/f3slogo.png
diff --git a/gemfeed/index.md b/gemfeed/index.md
index a88036bf..1ce39023 100644
--- a/gemfeed/index.md
+++ b/gemfeed/index.md
@@ -2,6 +2,7 @@
 
 ## To be in the .zone!
 
+[2024-11-17 - f3s: Kubernetes with FreeBSD - Setting the stage - Part 1](./2024-11-17-f3s-kubernetes-with-freebsd-part-1.md)  
 [2024-10-24 - 'Staff Engineer' book notes](./2024-10-24-staff-engineer-book-notes.md)  
 [2024-10-02 - Gemtexter 3.0.0 - Let's Gemtext again⁴](./2024-10-02-gemtexter-3.0.0-lets-gemtext-again-4.md)  
 [2024-09-07 - Site Reliability Engineering - Part 4: Onboarding for On-Call Engineers](./2024-09-07-site-reliability-engineering-part-4.md)  
diff --git a/index.md b/index.md
index 3be98ef9..0a6619aa 100644
--- a/index.md
+++ b/index.md
@@ -1,6 +1,6 @@
 # foo.zone
 
-> This site was generated at 2024-11-07T09:27:54+02:00 by `Gemtexter`
+> This site was generated at 2024-11-16T23:08:11+02:00 by `Gemtexter`
 
 Welcome to the foo.zone. Everything you read on this site is my personal opinion and experience. You can call me a Linux/*BSD enthusiast and hobbyist. I mainly write about tech, IT, programming and sometimes also about self-improvement here. Note that this blog usually does not overlap with what I do at my day job as a Site Reliability Engineer.
 
@@ -28,6 +28,7 @@ Welcome to the foo.zone. Everything you read on this site is my personal opinion
 
 ### Posts
 
+[2024-11-17 - f3s: Kubernetes with FreeBSD - Setting the stage - Part 1](./gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.md)  
 [2024-10-24 - 'Staff Engineer' book notes](./gemfeed/2024-10-24-staff-engineer-book-notes.md)  
 [2024-10-02 - Gemtexter 3.0.0 - Let's Gemtext again⁴](./gemfeed/2024-10-02-gemtexter-3.0.0-lets-gemtext-again-4.md)  
 [2024-09-07 - Site Reliability Engineering - Part 4: Onboarding for On-Call Engineers](./gemfeed/2024-09-07-site-reliability-engineering-part-4.md)  
diff --git a/uptime-stats.md b/uptime-stats.md
index 57baef70..f7bd9c47 100644
--- a/uptime-stats.md
+++ b/uptime-stats.md
@@ -1,6 +1,6 @@
 # My machine uptime stats
 
-> This site was last updated at 2024-11-07T09:27:53+02:00
+> This site was last updated at 2024-11-16T23:08:11+02:00
 
 The following stats were collected via `uptimed` on all of my personal computers over many years and the output was generated by `guprecords`, the global uptime records stats analyser of mine.