Update content for md

1 files changed, 0 insertions, 91 deletions

diff --git a/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.md b/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.md
index 67bc6c50..1dca3454 100644
--- a/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.md
+++ b/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.md
@@ -89,97 +89,6 @@ We could have used Tailscale for an easy to set up and manage the WireGuard netw
 [https://www.wireguard.com/](https://www.wireguard.com/)  
 [https://tailscale.com/](https://tailscale.com/)  
 
-# f3s: Kubernetes with FreeBSD - Part 5: WireGuard mesh network
-
-> Published at 2025-05-11T11:35:57+03:00
-
-This is the fifth blog post about my f3s series for my self-hosting demands in my home lab. f3s? The "f" stands for FreeBSD, and the "3s" stands for k3s, the Kubernetes distribution I will use on FreeBSD-based physical machines.
-
-I will post a new entry every month or so (there are too many other side projects for more frequent updates — I bet you can understand).
-
-These are all the posts so far:
-
-[2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage](./2024-11-17-f3s-kubernetes-with-freebsd-part-1.md)  
-[2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation](./2024-12-03-f3s-kubernetes-with-freebsd-part-2.md)  
-[2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts](./2025-02-01-f3s-kubernetes-with-freebsd-part-3.md)  
-[2025-04-05 f3s: Kubernetes with FreeBSD - Part 4: Rocky Linux Bhyve VMs](./2025-04-05-f3s-kubernetes-with-freebsd-part-4.md)  
-[2025-05-11 f3s: Kubernetes with FreeBSD - Part 5: WireGuard mesh network (You are currently reading this)](./2025-05-11-f3s-kubernetes-with-freebsd-part-5.md)  
-[2025-07-14 f3s: Kubernetes with FreeBSD - Part 6: Storage](./2025-07-14-f3s-kubernetes-with-freebsd-part-6.md)  
-
-[![f3s logo](./f3s-kubernetes-with-freebsd-part-1/f3slogo.png "f3s logo")](./f3s-kubernetes-with-freebsd-part-1/f3slogo.png)  
-
-> ChatGPT generated logo.
-
-Let's begin...
-
-## Table of Contents
-
-* [⇢ f3s: Kubernetes with FreeBSD - Part 5: WireGuard mesh network](#f3s-kubernetes-with-freebsd---part-5-wireguard-mesh-network)
-* [⇢ ⇢ Introduction](#introduction)
-* [⇢ ⇢ ⇢ Expected traffic flow](#expected-traffic-flow)
-* [⇢ ⇢ Deciding on WireGuard](#deciding-on-wireguard)
-* [⇢ ⇢ Base configuration](#base-configuration)
-* [⇢ ⇢ ⇢ FreeBSD](#freebsd)
-* [⇢ ⇢ ⇢ Rocky Linux](#rocky-linux)
-* [⇢ ⇢ ⇢ OpenBSD](#openbsd)
-* [⇢ ⇢ WireGuard configuration](#wireguard-configuration)
-* [⇢ ⇢ ⇢ Example `wg0.conf`](#example-wg0conf)
-* [⇢ ⇢ ⇢ NAT traversal and keepalive](#nat-traversal-and-keepalive)
-* [⇢ ⇢ ⇢ Preshared key](#preshared-key)
-* [⇢ ⇢ Mesh network generator](#mesh-network-generator)
-* [⇢ ⇢ ⇢ `wireguardmeshgenerator.yaml`](#wireguardmeshgeneratoryaml)
-* [⇢ ⇢ ⇢ `wireguardmeshgenerator.rb` overview](#wireguardmeshgeneratorrb-overview)
-* [⇢ ⇢ Invoking the mesh network generator](#invoking-the-mesh-network-generator)
-* [⇢ ⇢ ⇢ Generating the `wg0.conf` files and keys](#generating-the-wg0conf-files-and-keys)
-* [⇢ ⇢ ⇢ Installing the `wg0.conf` files](#installing-the-wg0conf-files)
-* [⇢ ⇢ ⇢ Re-generating mesh and installing the `wg0.conf` files again](#re-generating-mesh-and-installing-the-wg0conf-files-again)
-* [⇢ ⇢ Happy WireGuard-ing](#happy-wireguard-ing)
-* [⇢ ⇢ Conclusion](#conclusion)
-
-## Introduction
-
-By default, traffic within my home LAN, including traffic inside a k3s cluster, is not encrypted. While it resides in the "secure" home LAN, adopting a zero-trust policy means encryption is still preferable to ensure confidentiality and security. So we decide to secure all the traffic of all f3s participating hosts by building a mesh network of all participating hosts:
-
-[![Full mesh network](./f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh.svg "Full mesh network")](./f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh.svg)  
-
-Whereas `f0`, `f1`, and `f2` are the FreeBSD base hosts, `r0`, `r1`, and `r2` are the Rocky Linux Bhyve VMs, and `blowfish` and `fishfinger` are two OpenBSD systems running on the internet (as mentioned in the first blog of this series—these systems are already built; in fact, this very blog is served by those OpenBSD systems).
-
-As we can see from the graph, it is a true full-mesh network, where every host has a VPN tunnel to every other host. The benefit is that we do not need to route traffic through intermediate hosts (significantly simplifying the routing configuration). However, the downside is that there is some overhead in configuring and managing all the tunnels.
-
-For simplicity, we also establish VPN tunnels between `f0 <-> r0`, `f1 <-> r1`, and `f2 <-> r2`. Technically, this wouldn't be strictly required since the VMs `rN` are running on the hosts `fN`, and no network traffic is leaving the box. However, it simplifies the configuration as we don't have to account for exceptions, and we are going to automate the mesh network configuration anyway (read on).
-
-### Expected traffic flow
-
-The traffic is expected to flow between the host groups through the mesh network as follows: 
-
-* `fN <-> rN`: The traffic between the FreeBSD hosts and the Rocky Linux VMs will be routed through the VPN tunnels for persistent storage. In a later post in this series, we will set up an NFS server on the `fN` hosts. 
-* `fN <-> blowfish,fishfinger`: The traffic between the FreeBSD hosts and the OpenBSD host `blowfish,fishfinger` will be routed through the VPN tunnels for management. We may want to log in via the internet to set it up remotely. The VPN tunnel will also be used for monitoring purposes.
-* `rN <-> blowfish,fishfinger`: The traffic between the Rocky Linux VMs and the OpenBSD host `blowfish,fishfinger` will be routed through the VPN tunnels for usage traffic. Since k3s will be running on the `rN` hosts, the OpenBSD servers will route the traffic through `relayd` to the services running in Kubernetes.
-* `fN <-> fM`: The traffic between the FreeBSD hosts may be later used for data replication for the NFS storage.
-* `rN <-> rM`: The traffic between the Rocky Linux VMs will later be used by the k3s cluster itself, as every `rN` will be a Kubernetes worker node.
-* `blowfish <-> fishfinger`: The traffic between the OpenBSD hosts isn't strictly required for this setup, but I set it up anyway for future use cases.
-
-We won't cover all the details in this blog post, as we only focus on setting up the Mesh network in this blog post. Subsequent posts in this series will cover the other details.
-
-## Deciding on WireGuard
-
-I have decided to use WireGuard as the VPN technology for this purpose.
-
-WireGuard is a lightweight, modern, and secure VPN protocol designed for simplicity, speed, and strong cryptography. It is an excellent choice due to its minimal codebase, ease of configuration, high performance, and robust security, utilizing state-of-the-art encryption standards. WireGuard is supported on various operating systems, and its implementations are compatible with each other. Therefore, establishing WireGuard VPN tunnels between FreeBSD, Linux, and OpenBSD is seamless. This cross-platform availability makes it suitable for setups like the one described in this blog series.
-
-We could have used Tailscale for an easy to set up and manage the WireGuard network, but the benefits of creating our own mesh network are:
-
-* Learning about WireGuard configuration details
-* Have full control over the setup
-* Don't rely on an external provider like Tailscale (even if some of the components are open-source)
-* Have even more fun along the way
-* WireGuard is easy to configure on my target operating systems and, therefore, easier to maintain in the long run.
-* There are no official Tailscale packages available for OpenBSD and FreeBSD. However, getting Tailscale running on these systems is still possible, though some tinkering would be required. Instead, we use that tinkering time to set up WireGuard tunnels ourselves.
-
-[https://en.wikipedia.org/wiki/WireGuard](https://en.wikipedia.org/wiki/WireGuard)  
-[https://www.wireguard.com/](https://www.wireguard.com/)  
-[https://tailscale.com/](https://tailscale.com/)  
-
 [![WireGuard Logo](./f3s-kubernetes-with-freebsd-part-5/wireguard.svg "WireGuard Logo")](./f3s-kubernetes-with-freebsd-part-5/wireguard.svg)  
 
 ## Base configuration