13 files changed, 560 insertions, 356 deletions

diff --git a/about/resources.gmi b/about/resources.gmi
index 88aeed2e..904ed5d8 100644
--- a/about/resources.gmi
+++ b/about/resources.gmi
@@ -35,60 +35,60 @@ You won't find any links on this site because, over time, the links will break.
 
 In random order:
 
-* Concurrency in Go; Katherine Cox-Buday; O'Reilly
-* The Pragmatic Programmer; David Thomas; Addison-Wesley
-* The Kubernetes Book; Nigel Poulton; Unabridged Audiobook
-* DNS and BIND; Cricket Liu; O'Reilly
-* Modern Perl; Chromatic ; Onyx Neon Press
-* 100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications
-* DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible
-* Data Science at the Command Line; Jeroen Janssens; O'Reilly
-* The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible
-* Effective Java; Joshua Bloch; Addison-Wesley Professional
-* Terraform Cookbook; Mikael Krief; Packt Publishing
-* Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly
-* 21st Century C: C Tips from the New School; Ben Klemens; O'Reilly
-* Site Reliability Engineering; How Google runs production systems; O'Reilly
-* Raku Recipes; J.J. Merelo; Apress
-* The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton
-* Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly
-* 97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly
-* Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press
-* Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers 
 * Ultimate Go Notebook; Bill Kennedy
+* Pro Puppet; James Turnbull, Jeffrey McCune; Apress
+* Leanring eBPF; Liz Rice; O'Reilly
 * The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional
+* Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications
+* Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press
+* Effective Java; Joshua Bloch; Addison-Wesley Professional
+* The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton
+* Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly
+* DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible
+* The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress
+* 21st Century C: C Tips from the New School; Ben Klemens; O'Reilly
 * Developing Games in Java; David Brackeen and others...; New Riders
+* Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly
+* The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible
+* Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers 
+* Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson
+* The Kubernetes Book; Nigel Poulton; Unabridged Audiobook
+* Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers
+* Java ist auch eine Insel; Christian Ullenboom; 
 * Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner
+* Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly
+* Data Science at the Command Line; Jeroen Janssens; O'Reilly
+* Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly
+* Terraform Cookbook; Mikael Krief; Packt Publishing
+* Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt 
+* Concurrency in Go; Katherine Cox-Buday; O'Reilly
+* The Pragmatic Programmer; David Thomas; Addison-Wesley
+* The Docker Book; James Turnbull; Kindle
+* Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press
+* Perl New Features; Joshua McAdams, brian d foy; Perl School
 * C++ Programming Language; Bjarne Stroustrup;
-* Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press
-* Effective awk programming; Arnold Robbins; O'Reilly
-* The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress
-* Systemprogrammierung in Go; Frank Müller; dpunkt
-* Pro Puppet; James Turnbull, Jeffrey McCune; Apress
-* Leanring eBPF; Liz Rice; O'Reilly
 * Higher Order Perl; Mark Dominus; Morgan Kaufmann
-* Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly
-* Java ist auch eine Insel; Christian Ullenboom; 
 * Raku Fundamentals; Moritz Lenz; Apress
-* Perl New Features; Joshua McAdams, brian d foy; Perl School
+* Site Reliability Engineering; How Google runs production systems; O'Reilly
+* Raku Recipes; J.J. Merelo; Apress
+* Modern Perl; Chromatic ; Onyx Neon Press
+* 97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly
+* Systemprogrammierung in Go; Frank Müller; dpunkt
+* DNS and BIND; Cricket Liu; O'Reilly
 * Polished Ruby Programming; Jeremy Evans; Packt Publishing
-* Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson
-* Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt 
-* Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly
+* Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly
+* 100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications
+* Effective awk programming; Arnold Robbins; O'Reilly
 * Funktionale Programmierung; Peter Pepper; Springer
-* Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers
-* Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications
-* The Docker Book; James Turnbull; Kindle
-* Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly
 
 ## Technical references
 
 I didn't read them from the beginning to the end, but I am using them to look up things. The books are in random order:
 
-* The Linux Programming Interface; Michael Kerrisk; No Starch Press 
-* Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly
-* BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley
 * Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly
+* BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley
+* Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly
+* The Linux Programming Interface; Michael Kerrisk; No Starch Press 
 * Implementing Service Level Objectives; Alex Hidalgo; O'Reilly
 * Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley
 * Relayd and Httpd Mastery; Michael W Lucas
@@ -97,36 +97,36 @@ I didn't read them from the beginning to the end, but I am using them to look up
 
 In random order:
 
-* The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd
-* The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select
-* Slow Productivity; Cal Newport; Penguin Random House
-* The Power of Now; Eckhard Tolle; Yellow Kite
-* So Good They Can't Ignore You; Cal Newport; Business Plus
+* Influence without Authority; A. Cohen, D. Bradford; Wiley
 * Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly
+* So Good They Can't Ignore You; Cal Newport; Business Plus
+* The Bullet Journal Method; Ryder Carroll; Fourth Estate
+* The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK
+* Soft Skills; John Sommez; Manning Publications
 * Deep Work; Cal Newport; Piatkus
+* Digital Minimalism; Cal Newport; Portofolio Penguin
+* The Off Switch; Mark Cropley; Virgin Books
+* The Good Enough Job; Simone Stolzoff; Ebury Edge
+* Eat That Frog!; Brian Tracy; Hodder Paperbacks
+* The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books
+* Psycho-Cybernetics; Maxwell Maltz; Perigee Books
 * Never Split the Difference; Chris Voss, Tahl Raz; Random House Business
+* Ultralearning; Anna Laurent; Self-published via Amazon
+* Ultralearning; Scott Young; Thorsons
+* The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select
 * Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne
-* The Off Switch; Mark Cropley; Virgin Books
+* 101 Essays that change the way you think; Brianna Wiest; Audible
+* Slow Productivity; Cal Newport; Penguin Random House
 * Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion 
+* The Power of Now; Eckhard Tolle; Yellow Kite
+* The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook
+* The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd
+* Stop starting, start finishing; Arne Roock; Lean-Kanban University  
 * Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press
-* Influence without Authority; A. Cohen, D. Bradford; Wiley
-* The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books
-* Ultralearning; Scott Young; Thorsons
-* Ultralearning; Anna Laurent; Self-published via Amazon
-* The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK
-* The Good Enough Job; Simone Stolzoff; Ebury Edge
-* The Joy of Missing Out; Christina Crook; New Society Publishers
-* Staff Engineer: Leadership beyond the management track; Will Larson; Audible
-* Digital Minimalism; Cal Newport; Portofolio Penguin
 * Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing
-* The Bullet Journal Method; Ryder Carroll; Fourth Estate
-* The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook
-* 101 Essays that change the way you think; Brianna Wiest; Audible
+* Staff Engineer: Leadership beyond the management track; Will Larson; Audible
+* The Joy of Missing Out; Christina Crook; New Society Publishers
 * Atomic Habits; James Clear; Random House Business
-* Psycho-Cybernetics; Maxwell Maltz; Perigee Books
-* Stop starting, start finishing; Arne Roock; Lean-Kanban University  
-* Eat That Frog!; Brian Tracy; Hodder Paperbacks
-* Soft Skills; John Sommez; Manning Publications
 
 => ../notes/index.gmi Here are notes of mine for some of the books
 
@@ -134,29 +134,29 @@ In random order:
 
 Some of these were in-person with exams; others were online learning lectures only. In random order:
 
+* Structure and Interpretation of Computer Programs; Harold Abelson and more...; 
+* Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon
+* The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online
 * The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online
-* MySQL Deep Dive Workshop; 2-day on-site training
 * Ultimate Go Programming; Bill Kennedy; O'Reilly Online
+* F5 Loadbalancers Training; 2-day on-site training; F5, Inc. 
+* Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)
+* MySQL Deep Dive Workshop; 2-day on-site training
 * Functional programming lecture; Remote University of Hagen
 * Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training
-* Protocol buffers; O'Reilly Online
-* Structure and Interpretation of Computer Programs; Harold Abelson and more...; 
 * Scripting Vim; Damian Conway; O'Reilly Online
+* Protocol buffers; O'Reilly Online
 * Apache Tomcat Best Practises; 3-day on-site training
-* The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online
-* Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)
 * AWS Immersion Day; Amazon; 1-day interactive online training 
-* Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon
 * Developing IaC with Terraform (with Live Lessons); O'Reilly Online
-* F5 Loadbalancers Training; 2-day on-site training; F5, Inc. 
 * Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online
 
 ## Technical guides
 
 These are not whole books, but guides (smaller or larger) which I found very useful. in random order:
 
-* Raku Guide at https://raku.guide  
 * Advanced Bash-Scripting Guide 
+* Raku Guide at https://raku.guide  
 
 ## Podcasts
 
@@ -164,39 +164,39 @@ These are not whole books, but guides (smaller or larger) which I found very use
 
 In random order:
 
-* Dev Interrupted
 * Backend Banter
-* Cup o' Go [Golang]
-* Hidden Brain
-* Deep Questions with Cal Newport
-* The Pragmatic Engineer Podcast
+* The ProdCast (Google SRE Podcast)
 * Maintainable
+* Hidden Brain
 * Go Time (Changelog)
+* Dev Interrupted
+* The Pragmatic Engineer Podcast
 * Ship it (Changelog) 
-* The ProdCast (Google SRE Podcast)
+* Cup o' Go [Golang]
+* Deep Questions with Cal Newport
 
 ### Podcasts I liked
 
 I liked them but am not listening to them anymore. The podcasts have either "finished" (no more episodes) or I stopped listening to them due to time constraints or a shift in my interests.
 
-* Modern Mentor
 * Java Pub House
-* FLOSS weekly
 * CRE: Chaosradio Express [german]
+* FLOSS weekly
+* Modern Mentor
 
 ## Newsletters I like
 
 This is a mix of tech and non-tech newsletters I am subscribed to. In random order:
 
 * The Imperfectionist
-* Golang Weekly
+* The Valuable Dev
+* byteSizeGo
 * VK Newsletter
+* Register Spill
 * Andreas Brandhorst Newsletter (Sci-Fi author)
-* byteSizeGo
+* Golang Weekly
 * Applied Go Weekly Newsletter
-* Register Spill
 * Ruby Weekly
-* The Valuable Dev
 
 # Formal education
 
diff --git a/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.gmi b/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.gmi
index dc28d940..a3d06706 100644
--- a/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.gmi
+++ b/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.gmi
@@ -402,5 +402,6 @@ Other *BSD related posts are:
 => ./2022-10-30-installing-dtail-on-openbsd.gmi 2022-10-30 Installing DTail on OpenBSD
 => ./2024-01-13-one-reason-why-i-love-openbsd.gmi 2024-01-13 One reason why I love OpenBSD
 => ./2024-04-01-KISS-high-availability-with-OpenBSD.gmi 2024-04-01 KISS high-availability with OpenBSD
+=> ./2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi 2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1
 
 => ../ Back to the main site
diff --git a/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.gmi b/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.gmi
index a0523378..15eaa6bb 100644
--- a/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.gmi
+++ b/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.gmi
@@ -681,5 +681,6 @@ Other *BSD related posts are:
 => ./2022-10-30-installing-dtail-on-openbsd.gmi 2022-10-30 Installing DTail on OpenBSD
 => ./2024-01-13-one-reason-why-i-love-openbsd.gmi 2024-01-13 One reason why I love OpenBSD
 => ./2024-04-01-KISS-high-availability-with-OpenBSD.gmi 2024-04-01 KISS high-availability with OpenBSD
+=> ./2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi 2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1
 
 => ../ Back to the main site
diff --git a/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.gmi b/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.gmi
index 5cdb2fe0..857640ec 100644
--- a/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.gmi
+++ b/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.gmi
@@ -56,5 +56,6 @@ Other *BSD related posts are:
 => ./2022-10-30-installing-dtail-on-openbsd.gmi 2022-10-30 Installing DTail on OpenBSD
 => ./2024-01-13-one-reason-why-i-love-openbsd.gmi 2024-01-13 One reason why I love OpenBSD (You are currently reading this)
 => ./2024-04-01-KISS-high-availability-with-OpenBSD.gmi 2024-04-01 KISS high-availability with OpenBSD
+=> ./2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi 2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1
 
 => ../ Back to the main site
diff --git a/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.gmi b/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.gmi
index 70d36c16..7e0fcf88 100644
--- a/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.gmi
+++ b/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.gmi
@@ -307,5 +307,6 @@ Other *BSD and KISS related posts are:
 => ./2023-10-29-kiss-static-web-photo-albums-with-photoalbum.sh.gmi 2023-10-29 KISS static web photo albums with `photoalbum.sh`
 => ./2024-01-13-one-reason-why-i-love-openbsd.gmi 2024-01-13 One reason why I love OpenBSD
 => ./2024-04-01-KISS-high-availability-with-OpenBSD.gmi 2024-04-01 KISS high-availability with OpenBSD (You are currently reading this)
+=> ./2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi 2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1
 
 => ../ Back to the main site
diff --git a/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi b/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi
new file mode 100644
index 00000000..a0784bc6
--- /dev/null
+++ b/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi
@@ -0,0 +1,157 @@
+# f3s: Kubernetes with FreeBSD - Setting the stage - Part 1
+
+> Published at 2024-11-16T23:08:10+02:00
+
+This is the first blog post about my f3s series for my self-hosting demands in my home lab. f3s? The "f" stands for FreeBSD, and the "3s" stands for k3s, the Kubernetes distribution I will use on FreeBSD-based physical machines.
+
+I will post a new entry every month or so (there are too many other side projects for more frequent updates—I bet you can understand).
+
+=> ./2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi 2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1 (You are currently reading this)
+
+=> ./f3s-kubernetes-with-freebsd-part-1/f3slogo.png f3s logo
+
+Let's begin...
+
+## Table of Contents
+
+* ⇢ f3s: Kubernetes with FreeBSD - Setting the stage - Part 1
+* ⇢ ⇢ Why this setup?
+* ⇢ ⇢ The infrastructure
+* ⇢ ⇢ ⇢ Physical FreeBSD nodes and Linux VMs
+* ⇢ ⇢ ⇢ Kubernetes with k3s 
+* ⇢ ⇢ ⇢ HA volumes for k3s with HAST/ZFS and NFS
+* ⇢ ⇢ ⇢ OpenBSD/`relayd` to the rescue for external connectivity
+* ⇢ ⇢ Data integrity
+* ⇢ ⇢ ⇢ Periodic backups
+* ⇢ ⇢ ⇢ Power protection
+* ⇢ ⇢ Monitoring: Keeping an Eye on Everything
+* ⇢ ⇢ ⇢ Prometheus and Grafana
+* ⇢ ⇢ ⇢ Gogios: My Custom Alerting System
+* ⇢ ⇢ What's after this all?
+
+## Why this setup?
+
+Look at my previous setup, which was great to learn Terraform and AWS, but the setup is too expensive. Costs are under control there, but only because I am shutting down all containers after use (so they are offline ninety per cent of the time and still cost around 20 bucks monthly). With the new setup, I could run all containers 24/7 at home, which would still be cheaper for electricity consumption.
+
+=> https://foo.zone/gemfeed/2024-02-04-from-babylon5.buetow.org-to-.cloud.html From `babylon5.buetow.org` to `.cloud`
+
+Migrating off all my containers from AWS ECS means I need a reliable and scalable environment to host my workloads. I wanted something:
+
+* To self-host all my open-source apps (Docker containers).
+* Fully under my control (goodbye cloud vendor lock-in).
+* Secure and redundant.
+* Cost-efficient (after the initial hardware investment).
+* Something I can poke around with and also pick up new skills.
+
+## The infrastructure
+
+This is still in progress, and I need to own the hardware. But in this first part of the blog series, I will outline what I intend to do.
+
+=> ./f3s-kubernetes-with-freebsd-part-1/diagram.png Diagram
+
+### Physical FreeBSD nodes and Linux VMs
+
+The setup starts with three physical FreeBSD nodes. On these, I'm running Rocky Linux virtual machines with bhyve. Why Linux VMs in FreeBSD and not Linux directly? I want to leverage the great ZFS integration in FreeBSD (among other features), and I have been using FreeBSD for a while in my home lab. And with bhyve, there is a very performant hypervisor available which makes the Linux VMs de-facto run at native speed (another use case of mine would be maybe running a Windows bhyve VM on one of the nodes - but out of scope for this blog series).
+
+=> https://www.freebsd.org/
+=> https://wiki.freebsd.org/bhyve
+
+I selected Rocky Linux because it comes with long-term support (I don't want to upgrade the VMs every 6 months). Rocky Linux 9 will reach its end of life in 2032, which is plenty of time! Of course, there will be minor upgrades, but nothing will significantly break my setup.
+
+=> https://rockylinux.org/
+=> https://wiki.rockylinux.org/rocky/version/
+
+Furthermore, I am already using "RHEL-family" related distros at work and Fedora on my main personal laptop. Rocky Linux belongs to the same type of Linux distribution family, so I already feel at home here. I also used Rocky 9 before I switched to AWS ECS. Now, I am switching back in one sense or another ;-)
+
+### Kubernetes with k3s 
+
+These Linux VMs form a three-node k3s Kubernetes cluster, where my containers will reside moving forward. The 3-node k3s cluster will be highly available (in `etcd` mode), and all apps will probably be deployed with Helm. Prometheus will also be running in k3s, collecting time-series metrics and handling monitoring. Additionally, a private Docker registry will be deployed into the k3s cluster, where I will store some of my self-created Docker images. k3s is the perfect distribution of Kubernetes for homelabbers due to its simplicity and the inclusion of the most useful features out of the box!
+
+=> https://k3s.io/
+
+### HA volumes for k3s with HAST/ZFS and NFS
+
+Persistent storage for the k3s cluster will be handled by highly available (HA) NFS shares backed by ZFS on the FreeBSD hosts. 
+
+On two of the three physical FreeBSD nodes, I will add a second SSD drive to each and dedicate it to a `pool` ZFS pool. With HAST (FreeBSD's solution for highly available storage), this `pool` will be replicated at the byte level to a standby node.
+
+A virtual IP (VIP) will point to the master node. When the master node goes down, the VIP will failover to the standby node, where the ZFS pool will be mounted. An NFS server will listen to both nodes. k3s will use the VIP to access the NFS shares.
+
+=> https://wiki.freebsd.org/HighlyAvailableStorage
+
+### OpenBSD/`relayd` to the rescue for external connectivity
+
+All apps should be reachable through the internet (e.g., from my phone or computer when travelling). For external connectivity and TLS management, I've got two OpenBSD VMs (one hosted by OpenBSD Amsterdam and another hosted by Hetzner) handling public-facing services like DNS, relaying traffic, and automating Let's Encrypt certificates. 
+
+All of this (every Linux VM to every OpenBSD box) will be connected via WireGuard tunnels, keeping everything private and secure. There will be 6 WireGuard tunnels (3 k3s nodes times two OpenBSD VMs).
+
+=> https://en.wikipedia.org/wiki/WireGuard
+
+So, when I want to access a service running in k3s, I will hit an external DNS endpoint (with the authoritative DNS servers being the OpenBSD boxes). The DNS will resolve to the master OpenBSD VM (see my KISS highly-available with OpenBSD blog post), and from there, the `relayd` process (with a Let's Encrypt certificate—see my Let's Encrypt with OpenBSD and Rex blog post) will accept the TCP connection and forward it through the WireGuard tunnel to a reachable node port of one of the k3s nodes, thus serving the traffic.
+
+=> https://foo.zone/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html KISS high-availability with OpenBSD
+=> https://foo.zone/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.html Le's Encrypt with OpenBSD and Rex
+
+The OpenBSD setup described here already exists and is ready to use. The only thing that does not yet exist is the configuration of `relayd` to forward requests to k3s through the WireGuard tunnel(s).
+
+## Data integrity
+
+### Periodic backups
+
+Let's face it, backups are non-negotiable. 
+
+On the HAST master node, incremental and encrypted ZFS snapshots are created daily and automatically backed up to AWS S3 Glacier Deep Archive via CRON. I have a bunch of scripts already available, which I currently use for a similar purpose on my FreeBSD Home NAS server (an old ThinkPad T440 with an external USB drive enclosure, which I will eventually retire when the HAST setup is ready). I will copy them and slightly modify them to fit the purpose.
+
+=> https://www.freshports.org/sysutils/zfstools
+
+The backup scripts also perform some zpool scrubbing now and then. A scrub once in a while keeps the trouble away.
+
+### Power protection
+
+Power outages are regularly in my area, so a UPS keeps the infrastructure running during short outages and protects the hardware. I'm still trying to decide which hardware to get, and I still need one, as my previous NAS is simply an older laptop that already has a battery for power outages. However, there are plenty of options to choose from. My main criterion is that the UPS should be silent, as the whole setup will be installed in an upper shelf unit in my daughter's room. ;-)
+
+## Monitoring: Keeping an Eye on Everything
+
+Robust monitoring is vital to any infrastructure, especially one as distributed as mine. I've thought about a setup that ensures I'll always be aware of what's happening in my environment.
+
+### Prometheus and Grafana
+
+Inside the k3s cluster, Prometheus will be deployed to handle metrics collection. It will be configured to scrape data from my Kubernetes workloads, nodes, and any services I monitor. Prometheus also integrates with Alertmanager to generate alerts based on predefined thresholds or conditions.
+
+=> https://prometheus.io
+
+For visualization, Grafana will be deployed alongside Prometheus. Grafana lets me build dynamic, customizable dashboards that provide a real-time view of everything from resource utilization to application performance. Whether it's keeping track of CPU load, memory usage, or the health of Kubernetes pods, Grafana has it covered. This will also make troubleshooting easier, as I can quickly pinpoint where issues are arising.
+
+=> https://grafana.com
+
+### Gogios: My Custom Alerting System
+
+Alerts generated by Prometheus are forwarded to Alertmanager, which I will configure to work with Gogios, a lightweight monitoring and alerting system I wrote myself. Gogios runs on one of my OpenBSD VMs. At regular intervals, Gogios scrapes the alerts generated in the k3s cluster and notifies me via Email.
+
+=> https://foo.zone/gemfeed/2023-06-01-kiss-server-monitoring-with-gogios.html KISS server monitoring with Gogios
+
+Ironically, I implemented Gogios to avoid using more complex alerting systems like Prometheus, but here we go—it integrates well now.
+
+## What's after this all?
+
+This setup is just the beginning. Some ideas I'm thinking about for the future:
+
+* Adding more FreeBSD nodes (in different physical locations, maybe at my wider family's places?) for better redundancy. (HA storage then might be trickier)
+* Deploying more Docker apps (data-intensive ones, like a picture gallery, my entire audiobook catalogue, or even a music server) to k3s.
+
+For now, though, I'm focused on completing the migration from AWS ECS and getting all my Docker containers running smoothly in k3s.
+
+What's your take on self-hosting? Are you planning to move away from managed cloud services? Stay tuned for the second part of this series, where I will likely write about the hardware and the OS setups.
+
+Other *BSD-related posts:
+
+=> ./2016-04-09-jails-and-zfs-on-freebsd-with-puppet.gmi 2016-04-09 Jails and ZFS with Puppet on FreeBSD
+=> ./2022-07-30-lets-encrypt-with-openbsd-and-rex.gmi 2022-07-30 Let's Encrypt with OpenBSD and Rex
+=> ./2022-10-30-installing-dtail-on-openbsd.gmi 2022-10-30 Installing DTail on OpenBSD
+=> ./2024-01-13-one-reason-why-i-love-openbsd.gmi 2024-01-13 One reason why I love OpenBSD
+=> ./2024-04-01-KISS-high-availability-with-OpenBSD.gmi 2024-04-01 KISS high-availability with OpenBSD
+=> ./2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi 2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1 (You are currently reading this)
+
+E-Mail your comments to `paul@nospam.buetow.org` :-)
+
+=> ../ Back to the main site
diff --git a/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi.tpl b/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi.tpl
new file mode 100644
index 00000000..2e8848d4
--- /dev/null
+++ b/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi.tpl
@@ -0,0 +1,137 @@
+# f3s: Kubernetes with FreeBSD - Setting the stage - Part 1
+
+> Published at 2024-11-16T23:08:10+02:00
+
+This is the first blog post about my f3s series for my self-hosting demands in my home lab. f3s? The "f" stands for FreeBSD, and the "3s" stands for k3s, the Kubernetes distribution I will use on FreeBSD-based physical machines.
+
+I will post a new entry every month or so (there are too many other side projects for more frequent updates—I bet you can understand).
+
+<< template::inline::index f3s-kubernetes-with-freebsd-part
+
+=> ./f3s-kubernetes-with-freebsd-part-1/f3slogo.png f3s logo
+
+Let's begin...
+
+<< template::inline::toc
+
+## Why this setup?
+
+Look at my previous setup, which was great to learn Terraform and AWS, but the setup is too expensive. Costs are under control there, but only because I am shutting down all containers after use (so they are offline ninety per cent of the time and still cost around 20 bucks monthly). With the new setup, I could run all containers 24/7 at home, which would still be cheaper for electricity consumption.
+
+=> https://foo.zone/gemfeed/2024-02-04-from-babylon5.buetow.org-to-.cloud.html From `babylon5.buetow.org` to `.cloud`
+
+Migrating off all my containers from AWS ECS means I need a reliable and scalable environment to host my workloads. I wanted something:
+
+* To self-host all my open-source apps (Docker containers).
+* Fully under my control (goodbye cloud vendor lock-in).
+* Secure and redundant.
+* Cost-efficient (after the initial hardware investment).
+* Something I can poke around with and also pick up new skills.
+
+## The infrastructure
+
+This is still in progress, and I need to own the hardware. But in this first part of the blog series, I will outline what I intend to do.
+
+=> ./f3s-kubernetes-with-freebsd-part-1/diagram.png Diagram
+
+### Physical FreeBSD nodes and Linux VMs
+
+The setup starts with three physical FreeBSD nodes. On these, I'm running Rocky Linux virtual machines with bhyve. Why Linux VMs in FreeBSD and not Linux directly? I want to leverage the great ZFS integration in FreeBSD (among other features), and I have been using FreeBSD for a while in my home lab. And with bhyve, there is a very performant hypervisor available which makes the Linux VMs de-facto run at native speed (another use case of mine would be maybe running a Windows bhyve VM on one of the nodes - but out of scope for this blog series).
+
+=> https://www.freebsd.org/
+=> https://wiki.freebsd.org/bhyve
+
+I selected Rocky Linux because it comes with long-term support (I don't want to upgrade the VMs every 6 months). Rocky Linux 9 will reach its end of life in 2032, which is plenty of time! Of course, there will be minor upgrades, but nothing will significantly break my setup.
+
+=> https://rockylinux.org/
+=> https://wiki.rockylinux.org/rocky/version/
+
+Furthermore, I am already using "RHEL-family" related distros at work and Fedora on my main personal laptop. Rocky Linux belongs to the same type of Linux distribution family, so I already feel at home here. I also used Rocky 9 before I switched to AWS ECS. Now, I am switching back in one sense or another ;-)
+
+### Kubernetes with k3s 
+
+These Linux VMs form a three-node k3s Kubernetes cluster, where my containers will reside moving forward. The 3-node k3s cluster will be highly available (in `etcd` mode), and all apps will probably be deployed with Helm. Prometheus will also be running in k3s, collecting time-series metrics and handling monitoring. Additionally, a private Docker registry will be deployed into the k3s cluster, where I will store some of my self-created Docker images. k3s is the perfect distribution of Kubernetes for homelabbers due to its simplicity and the inclusion of the most useful features out of the box!
+
+=> https://k3s.io/
+
+### HA volumes for k3s with HAST/ZFS and NFS
+
+Persistent storage for the k3s cluster will be handled by highly available (HA) NFS shares backed by ZFS on the FreeBSD hosts. 
+
+On two of the three physical FreeBSD nodes, I will add a second SSD drive to each and dedicate it to a `pool` ZFS pool. With HAST (FreeBSD's solution for highly available storage), this `pool` will be replicated at the byte level to a standby node.
+
+A virtual IP (VIP) will point to the master node. When the master node goes down, the VIP will failover to the standby node, where the ZFS pool will be mounted. An NFS server will listen to both nodes. k3s will use the VIP to access the NFS shares.
+
+=> https://wiki.freebsd.org/HighlyAvailableStorage
+
+### OpenBSD/`relayd` to the rescue for external connectivity
+
+All apps should be reachable through the internet (e.g., from my phone or computer when travelling). For external connectivity and TLS management, I've got two OpenBSD VMs (one hosted by OpenBSD Amsterdam and another hosted by Hetzner) handling public-facing services like DNS, relaying traffic, and automating Let's Encrypt certificates. 
+
+All of this (every Linux VM to every OpenBSD box) will be connected via WireGuard tunnels, keeping everything private and secure. There will be 6 WireGuard tunnels (3 k3s nodes times two OpenBSD VMs).
+
+=> https://en.wikipedia.org/wiki/WireGuard
+
+So, when I want to access a service running in k3s, I will hit an external DNS endpoint (with the authoritative DNS servers being the OpenBSD boxes). The DNS will resolve to the master OpenBSD VM (see my KISS highly-available with OpenBSD blog post), and from there, the `relayd` process (with a Let's Encrypt certificate—see my Let's Encrypt with OpenBSD and Rex blog post) will accept the TCP connection and forward it through the WireGuard tunnel to a reachable node port of one of the k3s nodes, thus serving the traffic.
+
+=> https://foo.zone/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html KISS high-availability with OpenBSD
+=> https://foo.zone/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.html Le's Encrypt with OpenBSD and Rex
+
+The OpenBSD setup described here already exists and is ready to use. The only thing that does not yet exist is the configuration of `relayd` to forward requests to k3s through the WireGuard tunnel(s).
+
+## Data integrity
+
+### Periodic backups
+
+Let's face it, backups are non-negotiable. 
+
+On the HAST master node, incremental and encrypted ZFS snapshots are created daily and automatically backed up to AWS S3 Glacier Deep Archive via CRON. I have a bunch of scripts already available, which I currently use for a similar purpose on my FreeBSD Home NAS server (an old ThinkPad T440 with an external USB drive enclosure, which I will eventually retire when the HAST setup is ready). I will copy them and slightly modify them to fit the purpose.
+
+=> https://www.freshports.org/sysutils/zfstools
+
+The backup scripts also perform some zpool scrubbing now and then. A scrub once in a while keeps the trouble away.
+
+### Power protection
+
+Power outages are regularly in my area, so a UPS keeps the infrastructure running during short outages and protects the hardware. I'm still trying to decide which hardware to get, and I still need one, as my previous NAS is simply an older laptop that already has a battery for power outages. However, there are plenty of options to choose from. My main criterion is that the UPS should be silent, as the whole setup will be installed in an upper shelf unit in my daughter's room. ;-)
+
+## Monitoring: Keeping an Eye on Everything
+
+Robust monitoring is vital to any infrastructure, especially one as distributed as mine. I've thought about a setup that ensures I'll always be aware of what's happening in my environment.
+
+### Prometheus and Grafana
+
+Inside the k3s cluster, Prometheus will be deployed to handle metrics collection. It will be configured to scrape data from my Kubernetes workloads, nodes, and any services I monitor. Prometheus also integrates with Alertmanager to generate alerts based on predefined thresholds or conditions.
+
+=> https://prometheus.io
+
+For visualization, Grafana will be deployed alongside Prometheus. Grafana lets me build dynamic, customizable dashboards that provide a real-time view of everything from resource utilization to application performance. Whether it's keeping track of CPU load, memory usage, or the health of Kubernetes pods, Grafana has it covered. This will also make troubleshooting easier, as I can quickly pinpoint where issues are arising.
+
+=> https://grafana.com
+
+### Gogios: My Custom Alerting System
+
+Alerts generated by Prometheus are forwarded to Alertmanager, which I will configure to work with Gogios, a lightweight monitoring and alerting system I wrote myself. Gogios runs on one of my OpenBSD VMs. At regular intervals, Gogios scrapes the alerts generated in the k3s cluster and notifies me via Email.
+
+=> https://foo.zone/gemfeed/2023-06-01-kiss-server-monitoring-with-gogios.html KISS server monitoring with Gogios
+
+Ironically, I implemented Gogios to avoid using more complex alerting systems like Prometheus, but here we go—it integrates well now.
+
+## What's after this all?
+
+This setup is just the beginning. Some ideas I'm thinking about for the future:
+
+* Adding more FreeBSD nodes (in different physical locations, maybe at my wider family's places?) for better redundancy. (HA storage then might be trickier)
+* Deploying more Docker apps (data-intensive ones, like a picture gallery, my entire audiobook catalogue, or even a music server) to k3s.
+
+For now, though, I'm focused on completing the migration from AWS ECS and getting all my Docker containers running smoothly in k3s.
+
+What's your take on self-hosting? Are you planning to move away from managed cloud services? Stay tuned for the second part of this series, where I will likely write about the hardware and the OS setups.
+
+Other *BSD-related posts:
+
+<< template::inline::index bsd
+
+E-Mail your comments to `paul@nospam.buetow.org` :-)
+
+=> ../ Back to the main site
diff --git a/gemfeed/atom.xml b/gemfeed/atom.xml
index 0371753b..00ee67b9 100644
--- a/gemfeed/atom.xml
+++ b/gemfeed/atom.xml
@@ -1,12 +1,185 @@
 <?xml version="1.0" encoding="utf-8"?>
 <feed xmlns="http://www.w3.org/2005/Atom">
-    <updated>2024-11-07T09:27:54+02:00</updated>
+    <updated>2024-11-16T23:08:11+02:00</updated>
     <title>foo.zone feed</title>
     <subtitle>To be in the .zone!</subtitle>
     <link href="gemini://foo.zone/gemfeed/atom.xml" rel="self" />
     <link href="gemini://foo.zone/" />
     <id>gemini://foo.zone/</id>
     <entry>
+        <title>f3s: Kubernetes with FreeBSD - Setting the stage - Part 1</title>
+        <link href="gemini://foo.zone/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi" />
+        <id>gemini://foo.zone/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi</id>
+        <updated>2024-11-16T23:08:10+02:00</updated>
+        <author>
+            <name>Paul Buetow aka snonux</name>
+            <email>paul@dev.buetow.org</email>
+        </author>
+        <summary>This is the first blog post about my f3s series for my self-hosting demands in my home lab. f3s? The 'f' stands for FreeBSD, and the '3s' stands for k3s, the Kubernetes distribution I will use on FreeBSD-based physical machines.</summary>
+        <content type="xhtml">
+            <div xmlns="http://www.w3.org/1999/xhtml">
+                <h1 style='display: inline' id='f3s-kubernetes-with-freebsd---setting-the-stage---part-1'>f3s: Kubernetes with FreeBSD - Setting the stage - Part 1</h1><br />
+<br />
+<span>This is the first blog post about my f3s series for my self-hosting demands in my home lab. f3s? The "f" stands for FreeBSD, and the "3s" stands for k3s, the Kubernetes distribution I will use on FreeBSD-based physical machines.</span><br />
+<br />
+<span>I will post a new entry every month or so (there are too many other side projects for more frequent updates—I bet you can understand).</span><br />
+<br />
+<a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1 (You are currently reading this)</a><br />
+<br />
+<a href='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png'><img alt='f3s logo' title='f3s logo' src='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png' /></a><br />
+<br />
+<span>Let&#39;s begin...</span><br />
+<br />
+<h2 style='display: inline' id='table-of-contents'>Table of Contents</h2><br />
+<br />
+<ul>
+<li><a href='#f3s-kubernetes-with-freebsd---setting-the-stage---part-1'>f3s: Kubernetes with FreeBSD - Setting the stage - Part 1</a></li>
+<li>⇢ <a href='#why-this-setup'>Why this setup?</a></li>
+<li>⇢ <a href='#the-infrastructure'>The infrastructure</a></li>
+<li>⇢ ⇢ <a href='#physical-freebsd-nodes-and-linux-vms'>Physical FreeBSD nodes and Linux VMs</a></li>
+<li>⇢ ⇢ <a href='#kubernetes-with-k3s-'>Kubernetes with k3s </a></li>
+<li>⇢ ⇢ <a href='#ha-volumes-for-k3s-with-hastzfs-and-nfs'>HA volumes for k3s with HAST/ZFS and NFS</a></li>
+<li>⇢ ⇢ <a href='#openbsdrelayd-to-the-rescue-for-external-connectivity'>OpenBSD/<span class='inlinecode'>relayd</span> to the rescue for external connectivity</a></li>
+<li>⇢ <a href='#data-integrity'>Data integrity</a></li>
+<li>⇢ ⇢ <a href='#periodic-backups'>Periodic backups</a></li>
+<li>⇢ ⇢ <a href='#power-protection'>Power protection</a></li>
+<li>⇢ <a href='#monitoring-keeping-an-eye-on-everything'>Monitoring: Keeping an Eye on Everything</a></li>
+<li>⇢ ⇢ <a href='#prometheus-and-grafana'>Prometheus and Grafana</a></li>
+<li>⇢ ⇢ <a href='#gogios-my-custom-alerting-system'>Gogios: My Custom Alerting System</a></li>
+<li>⇢ <a href='#what-s-after-this-all'>What&#39;s after this all?</a></li>
+</ul><br />
+<h2 style='display: inline' id='why-this-setup'>Why this setup?</h2><br />
+<br />
+<span>Look at my previous setup, which was great to learn Terraform and AWS, but the setup is too expensive. Costs are under control there, but only because I am shutting down all containers after use (so they are offline ninety per cent of the time and still cost around 20 bucks monthly). With the new setup, I could run all containers 24/7 at home, which would still be cheaper for electricity consumption.</span><br />
+<br />
+<a class='textlink' href='https://foo.zone/gemfeed/2024-02-04-from-babylon5.buetow.org-to-.cloud.html'>From <span class='inlinecode'>babylon5.buetow.org</span> to <span class='inlinecode'>.cloud</span></a><br />
+<br />
+<span>Migrating off all my containers from AWS ECS means I need a reliable and scalable environment to host my workloads. I wanted something:</span><br />
+<br />
+<ul>
+<li>To self-host all my open-source apps (Docker containers).</li>
+<li>Fully under my control (goodbye cloud vendor lock-in).</li>
+<li>Secure and redundant.</li>
+<li>Cost-efficient (after the initial hardware investment).</li>
+<li>Something I can poke around with and also pick up new skills.</li>
+</ul><br />
+<h2 style='display: inline' id='the-infrastructure'>The infrastructure</h2><br />
+<br />
+<span>This is still in progress, and I need to own the hardware. But in this first part of the blog series, I will outline what I intend to do.</span><br />
+<br />
+<a href='./f3s-kubernetes-with-freebsd-part-1/diagram.png'><img alt='Diagram' title='Diagram' src='./f3s-kubernetes-with-freebsd-part-1/diagram.png' /></a><br />
+<br />
+<h3 style='display: inline' id='physical-freebsd-nodes-and-linux-vms'>Physical FreeBSD nodes and Linux VMs</h3><br />
+<br />
+<span>The setup starts with three physical FreeBSD nodes. On these, I&#39;m running Rocky Linux virtual machines with bhyve. Why Linux VMs in FreeBSD and not Linux directly? I want to leverage the great ZFS integration in FreeBSD (among other features), and I have been using FreeBSD for a while in my home lab. And with bhyve, there is a very performant hypervisor available which makes the Linux VMs de-facto run at native speed (another use case of mine would be maybe running a Windows bhyve VM on one of the nodes - but out of scope for this blog series).</span><br />
+<br />
+<a class='textlink' href='https://www.freebsd.org/'>https://www.freebsd.org/</a><br />
+<a class='textlink' href='https://wiki.freebsd.org/bhyve'>https://wiki.freebsd.org/bhyve</a><br />
+<br />
+<span>I selected Rocky Linux because it comes with long-term support (I don&#39;t want to upgrade the VMs every 6 months). Rocky Linux 9 will reach its end of life in 2032, which is plenty of time! Of course, there will be minor upgrades, but nothing will significantly break my setup.</span><br />
+<br />
+<a class='textlink' href='https://rockylinux.org/'>https://rockylinux.org/</a><br />
+<a class='textlink' href='https://wiki.rockylinux.org/rocky/version/'>https://wiki.rockylinux.org/rocky/version/</a><br />
+<br />
+<span>Furthermore, I am already using "RHEL-family" related distros at work and Fedora on my main personal laptop. Rocky Linux belongs to the same type of Linux distribution family, so I already feel at home here. I also used Rocky 9 before I switched to AWS ECS. Now, I am switching back in one sense or another ;-)</span><br />
+<br />
+<h3 style='display: inline' id='kubernetes-with-k3s-'>Kubernetes with k3s </h3><br />
+<br />
+<span>These Linux VMs form a three-node k3s Kubernetes cluster, where my containers will reside moving forward. The 3-node k3s cluster will be highly available (in <span class='inlinecode'>etcd</span> mode), and all apps will probably be deployed with Helm. Prometheus will also be running in k3s, collecting time-series metrics and handling monitoring. Additionally, a private Docker registry will be deployed into the k3s cluster, where I will store some of my self-created Docker images. k3s is the perfect distribution of Kubernetes for homelabbers due to its simplicity and the inclusion of the most useful features out of the box!</span><br />
+<br />
+<a class='textlink' href='https://k3s.io/'>https://k3s.io/</a><br />
+<br />
+<h3 style='display: inline' id='ha-volumes-for-k3s-with-hastzfs-and-nfs'>HA volumes for k3s with HAST/ZFS and NFS</h3><br />
+<br />
+<span>Persistent storage for the k3s cluster will be handled by highly available (HA) NFS shares backed by ZFS on the FreeBSD hosts. </span><br />
+<br />
+<span>On two of the three physical FreeBSD nodes, I will add a second SSD drive to each and dedicate it to a <span class='inlinecode'>pool</span> ZFS pool. With HAST (FreeBSD&#39;s solution for highly available storage), this <span class='inlinecode'>pool</span> will be replicated at the byte level to a standby node.</span><br />
+<br />
+<span>A virtual IP (VIP) will point to the master node. When the master node goes down, the VIP will failover to the standby node, where the ZFS pool will be mounted. An NFS server will listen to both nodes. k3s will use the VIP to access the NFS shares.</span><br />
+<br />
+<a class='textlink' href='https://wiki.freebsd.org/HighlyAvailableStorage'>https://wiki.freebsd.org/HighlyAvailableStorage</a><br />
+<br />
+<h3 style='display: inline' id='openbsdrelayd-to-the-rescue-for-external-connectivity'>OpenBSD/<span class='inlinecode'>relayd</span> to the rescue for external connectivity</h3><br />
+<br />
+<span>All apps should be reachable through the internet (e.g., from my phone or computer when travelling). For external connectivity and TLS management, I&#39;ve got two OpenBSD VMs (one hosted by OpenBSD Amsterdam and another hosted by Hetzner) handling public-facing services like DNS, relaying traffic, and automating Let&#39;s Encrypt certificates. </span><br />
+<br />
+<span>All of this (every Linux VM to every OpenBSD box) will be connected via WireGuard tunnels, keeping everything private and secure. There will be 6 WireGuard tunnels (3 k3s nodes times two OpenBSD VMs).</span><br />
+<br />
+<a class='textlink' href='https://en.wikipedia.org/wiki/WireGuard'>https://en.wikipedia.org/wiki/WireGuard</a><br />
+<br />
+<span>So, when I want to access a service running in k3s, I will hit an external DNS endpoint (with the authoritative DNS servers being the OpenBSD boxes). The DNS will resolve to the master OpenBSD VM (see my KISS highly-available with OpenBSD blog post), and from there, the <span class='inlinecode'>relayd</span> process (with a Let&#39;s Encrypt certificate—see my Let&#39;s Encrypt with OpenBSD and Rex blog post) will accept the TCP connection and forward it through the WireGuard tunnel to a reachable node port of one of the k3s nodes, thus serving the traffic.</span><br />
+<br />
+<a class='textlink' href='https://foo.zone/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html'>KISS high-availability with OpenBSD</a><br />
+<a class='textlink' href='https://foo.zone/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.html'>Le&#39;s Encrypt with OpenBSD and Rex</a><br />
+<br />
+<span>The OpenBSD setup described here already exists and is ready to use. The only thing that does not yet exist is the configuration of <span class='inlinecode'>relayd</span> to forward requests to k3s through the WireGuard tunnel(s).</span><br />
+<br />
+<h2 style='display: inline' id='data-integrity'>Data integrity</h2><br />
+<br />
+<h3 style='display: inline' id='periodic-backups'>Periodic backups</h3><br />
+<br />
+<span>Let&#39;s face it, backups are non-negotiable. </span><br />
+<br />
+<span>On the HAST master node, incremental and encrypted ZFS snapshots are created daily and automatically backed up to AWS S3 Glacier Deep Archive via CRON. I have a bunch of scripts already available, which I currently use for a similar purpose on my FreeBSD Home NAS server (an old ThinkPad T440 with an external USB drive enclosure, which I will eventually retire when the HAST setup is ready). I will copy them and slightly modify them to fit the purpose.</span><br />
+<br />
+<a class='textlink' href='https://www.freshports.org/sysutils/zfstools'>https://www.freshports.org/sysutils/zfstools</a><br />
+<br />
+<span>The backup scripts also perform some zpool scrubbing now and then. A scrub once in a while keeps the trouble away.</span><br />
+<br />
+<h3 style='display: inline' id='power-protection'>Power protection</h3><br />
+<br />
+<span>Power outages are regularly in my area, so a UPS keeps the infrastructure running during short outages and protects the hardware. I&#39;m still trying to decide which hardware to get, and I still need one, as my previous NAS is simply an older laptop that already has a battery for power outages. However, there are plenty of options to choose from. My main criterion is that the UPS should be silent, as the whole setup will be installed in an upper shelf unit in my daughter&#39;s room. ;-)</span><br />
+<br />
+<h2 style='display: inline' id='monitoring-keeping-an-eye-on-everything'>Monitoring: Keeping an Eye on Everything</h2><br />
+<br />
+<span>Robust monitoring is vital to any infrastructure, especially one as distributed as mine. I&#39;ve thought about a setup that ensures I&#39;ll always be aware of what&#39;s happening in my environment.</span><br />
+<br />
+<h3 style='display: inline' id='prometheus-and-grafana'>Prometheus and Grafana</h3><br />
+<br />
+<span>Inside the k3s cluster, Prometheus will be deployed to handle metrics collection. It will be configured to scrape data from my Kubernetes workloads, nodes, and any services I monitor. Prometheus also integrates with Alertmanager to generate alerts based on predefined thresholds or conditions.</span><br />
+<br />
+<a class='textlink' href='https://prometheus.io'>https://prometheus.io</a><br />
+<br />
+<span>For visualization, Grafana will be deployed alongside Prometheus. Grafana lets me build dynamic, customizable dashboards that provide a real-time view of everything from resource utilization to application performance. Whether it&#39;s keeping track of CPU load, memory usage, or the health of Kubernetes pods, Grafana has it covered. This will also make troubleshooting easier, as I can quickly pinpoint where issues are arising.</span><br />
+<br />
+<a class='textlink' href='https://grafana.com'>https://grafana.com</a><br />
+<br />
+<h3 style='display: inline' id='gogios-my-custom-alerting-system'>Gogios: My Custom Alerting System</h3><br />
+<br />
+<span>Alerts generated by Prometheus are forwarded to Alertmanager, which I will configure to work with Gogios, a lightweight monitoring and alerting system I wrote myself. Gogios runs on one of my OpenBSD VMs. At regular intervals, Gogios scrapes the alerts generated in the k3s cluster and notifies me via Email.</span><br />
+<br />
+<a class='textlink' href='https://foo.zone/gemfeed/2023-06-01-kiss-server-monitoring-with-gogios.html'>KISS server monitoring with Gogios</a><br />
+<br />
+<span>Ironically, I implemented Gogios to avoid using more complex alerting systems like Prometheus, but here we go—it integrates well now.</span><br />
+<br />
+<h2 style='display: inline' id='what-s-after-this-all'>What&#39;s after this all?</h2><br />
+<br />
+<span>This setup is just the beginning. Some ideas I&#39;m thinking about for the future:</span><br />
+<br />
+<ul>
+<li>Adding more FreeBSD nodes (in different physical locations, maybe at my wider family&#39;s places?) for better redundancy. (HA storage then might be trickier)</li>
+<li>Deploying more Docker apps (data-intensive ones, like a picture gallery, my entire audiobook catalogue, or even a music server) to k3s.</li>
+</ul><br />
+<span>For now, though, I&#39;m focused on completing the migration from AWS ECS and getting all my Docker containers running smoothly in k3s.</span><br />
+<br />
+<span>What&#39;s your take on self-hosting? Are you planning to move away from managed cloud services? Stay tuned for the second part of this series, where I will likely write about the hardware and the OS setups.</span><br />
+<br />
+<span>Other *BSD-related posts:</span><br />
+<br />
+<a class='textlink' href='./2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html'>2016-04-09 Jails and ZFS with Puppet on FreeBSD</a><br />
+<a class='textlink' href='./2022-07-30-lets-encrypt-with-openbsd-and-rex.html'>2022-07-30 Let&#39;s Encrypt with OpenBSD and Rex</a><br />
+<a class='textlink' href='./2022-10-30-installing-dtail-on-openbsd.html'>2022-10-30 Installing DTail on OpenBSD</a><br />
+<a class='textlink' href='./2024-01-13-one-reason-why-i-love-openbsd.html'>2024-01-13 One reason why I love OpenBSD</a><br />
+<a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br />
+<a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1 (You are currently reading this)</a><br />
+<br />
+<span>E-Mail your comments to <span class='inlinecode'>paul@nospam.buetow.org</span> :-)</span><br />
+<br />
+<a class='textlink' href='../'>Back to the main site</a><br />
+            </div>
+        </content>
+    </entry>
+    <entry>
         <title>'Staff Engineer' book notes</title>
         <link href="gemini://foo.zone/gemfeed/2024-10-24-staff-engineer-book-notes.gmi" />
         <id>gemini://foo.zone/gemfeed/2024-10-24-staff-engineer-book-notes.gmi</id>
@@ -2465,6 +2638,7 @@ http://www.gnu.org/software/src-highlite -->
 <a class='textlink' href='./2023-10-29-kiss-static-web-photo-albums-with-photoalbum.sh.html'>2023-10-29 KISS static web photo albums with <span class='inlinecode'>photoalbum.sh</span></a><br />
 <a class='textlink' href='./2024-01-13-one-reason-why-i-love-openbsd.html'>2024-01-13 One reason why I love OpenBSD</a><br />
 <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD (You are currently reading this)</a><br />
+<a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1</a><br />
 <br />
 <a class='textlink' href='../'>Back to the main site</a><br />
             </div>
@@ -2821,6 +2995,7 @@ http://www.gnu.org/software/src-highlite -->
 <a class='textlink' href='./2022-10-30-installing-dtail-on-openbsd.html'>2022-10-30 Installing DTail on OpenBSD</a><br />
 <a class='textlink' href='./2024-01-13-one-reason-why-i-love-openbsd.html'>2024-01-13 One reason why I love OpenBSD (You are currently reading this)</a><br />
 <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br />
+<a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1</a><br />
 <br />
 <a class='textlink' href='../'>Back to the main site</a><br />
             </div>
@@ -7765,6 +7940,7 @@ rex commons
 <a class='textlink' href='./2022-10-30-installing-dtail-on-openbsd.html'>2022-10-30 Installing DTail on OpenBSD</a><br />
 <a class='textlink' href='./2024-01-13-one-reason-why-i-love-openbsd.html'>2024-01-13 One reason why I love OpenBSD</a><br />
 <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br />
+<a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Setting the stage - Part 1</a><br />
 <br />
 <a class='textlink' href='../'>Back to the main site</a><br />
             </div>
@@ -8826,276 +9002,4 @@ exec /usr/local/bin/dtailhealth --server localhost:2222
             </div>
         </content>
     </entry>
-    <entry>
-        <title>Computer operating systems I use(d)</title>
-        <link href="gemini://foo.zone/gemfeed/2022-02-04-computer-operating-systems-i-use.gmi" />
-        <id>gemini://foo.zone/gemfeed/2022-02-04-computer-operating-systems-i-use.gmi</id>
-        <updated>2022-02-04T09:58:22+00:00</updated>
-        <author>
-            <name>Paul Buetow aka snonux</name>
-            <email>paul@dev.buetow.org</email>
-        </author>
-        <summary>This is a list of Operating Systems I currently use. This list is in no particular order and also will be updated over time. The very first operating system I used was MS-DOS (mainly for games) and the very first Unix like operating system I used was SuSE Linux 5.3. My first smartphone OS was Symbian on a clunky Sony Ericsson device.</summary>
-        <content type="xhtml">
-            <div xmlns="http://www.w3.org/1999/xhtml">
-                <h1 style='display: inline' id='computer-operating-systems-i-used'>Computer operating systems I use(d)</h1><br />
-<br />
-<span class='quote'>Published at 2022-02-04T09:58:22+00:00; Updated at 2022-02-18</span><br />
-<br />
-<span>This is a list of Operating Systems I currently use. This list is in no particular order and also will be updated over time. The very first operating system I used was MS-DOS (mainly for games) and the very first Unix like operating system I used was SuSE Linux 5.3. My first smartphone OS was Symbian on a clunky Sony Ericsson device.</span><br />
-<br />
-<pre>
-              /(        )`
-              \ \___   / |
-              /- _  `-/  &#39;
-             (/\/ \ \   /\
-             / /   | `    \
-             O O   ) /    |
-             `-^--&#39;`&lt;     &#39;
-            (_.)  _  )   /
-             `.___/`    /
-               `-----&#39; /
-  &lt;----.     __ / __   \
-  &lt;----|====O)))==) \) /====
-  &lt;----&#39;    `--&#39; `.__,&#39; \
-               |        |
-                \       /
-           ______( (_  / \______
-  (FL)   ,&#39;  ,-----&#39;   |        \
-         `--{__________)        \/   "Berkeley Unix Daemon"
-</pre>
-<br />
-<h2 style='display: inline' id='table-of-contents'>Table of Contents</h2><br />
-<br />
-<ul>
-<li><a href='#computer-operating-systems-i-used'>Computer operating systems I use(d)</a></li>
-<li>⇢ <a href='#fedora-linux'>Fedora Linux</a></li>
-<li>⇢ <a href='#endeavouros'>EndeavourOS</a></li>
-<li>⇢ <a href='#freebsd'>FreeBSD</a></li>
-<li>⇢ <a href='#centos-7'>CentOS 7</a></li>
-<li>⇢ <a href='#openbsd'>OpenBSD</a></li>
-<li>⇢ <a href='#macos-proprietary'>macOS (proprietary)</a></li>
-<li>⇢ <a href='#lineageos-mobile'>LineageOS (mobile)</a></li>
-<li>⇢ <a href='#samsung-s-stock-android-mobile-proprietary'>Samsung&#39;s Stock Android (mobile proprietary)</a></li>
-<li>⇢ <a href='#ios-mobile-proprietary'>iOS (mobile proprietary)</a></li>
-<li>⇢ <a href='#other-oses'>Other OSes</a></li>
-<li>⇢ ⇢ <a href='#infinytime-smartwatch'>InfinyTime (smartwatch)</a></li>
-<li>⇢ ⇢ <a href='#motioneyeos'>motionEyeOS</a></li>
-<li>⇢ ⇢ <a href='#kobo-os-proprietary'>Kobo OS (proprietary)</a></li>
-<li>⇢ ⇢ <a href='#android-tv-proprietary'>Android TV (proprietary)</a></li>
-<li>⇢ <a href='#other-oses'>Other OSes..</a></li>
-<li>⇢ ⇢ <a href='#netbsd'>NetBSD</a></li>
-<li>⇢ ⇢ <a href='#other-oses-in-use'>Other OSes in use...</a></li>
-<li>⇢ ⇢ <a href='#other-oses-not-used-any-more'>Other OSes not used any more...</a></li>
-<li>⇢ ⇢ <a href='#other-oses-i-only-had-a-glance-at'>Other OSes I only had a glance at...</a></li>
-<li>⇢ ⇢ <a href='#other-oses-which-seem-interesting'>Other OSes which seem interesting...</a></li>
-</ul><br />
-<h2 style='display: inline' id='fedora-linux'>Fedora Linux</h2><br />
-<br />
-<span>Fedora Linux is the operating system I use on my primary (personal) laptop. It&#39;s a ThinkPad X1 Carbon Gen. 9. Lenovo which comes along with official Lenovo Linux support. I already noticed hardware firmware updates being installed directly through Fedora from Lenovo. Fedora is a real powerhouse, cutting-edge and reasonably stable at the same time. It&#39;s baked by Red Hat.</span><br />
-<br />
-<span>I also use Fedora on my Microsoft Surface Go 2 convertible tablet. Fedora works quite OK (and much better than Windows) on this device. It&#39;s also the perfect travel companion.</span><br />
-<br />
-<span>I use the GNOME Desktop on my Fedora boxes. I have memorized and customized a bunch of keyboard shortcuts. But the fact that I mostly work in the terminal (with tmux) makes the Desktop environment I use only secondary.</span><br />
-<br />
-<h2 style='display: inline' id='endeavouros'>EndeavourOS</h2><br />
-<br />
-<span>I installed EndeavourOS on my (older) ThinkPad X240 to try out an Arch based Linux distribution. I also could have installed plain Arch, but I don&#39;t see the point when there is EndeavourOS. EndeavourOS is as close as you can get to the plain Arch experience but with an easy installer. I am not saying that it&#39;s difficult to install plain Arch but it&#39;s, unless you are new to Linux and want to learn about the installation procedure, just waste of time in my humble opinion. Give Linux From Scratch a shot instead if you really want to learn about Linux.</span><br />
-<br />
-<a class='textlink' href='https://www.linuxfromscratch.org/'>https://www.linuxfromscratch.org/</a><br />
-<br />
-<span>On EndeavourOS, I use the Xfce desktop environment which feels very snappy and fast on the X240 (which I purchased back in 2014). Usually, I have my X240 standing right next to my work laptop and use it for playing music (mainly online radio streams), for personal note taking and occasional emailing and instant messaging.</span><br />
-<br />
-<span>As this is a rolling Linux distribution there are a lot of software updates coming through every day. Sometimes, it only takes a minute until the next version of a package is available. Honestly, I find that a bit annoying to constantly catch up with all the updates. As for now I will live with it and/or automate it a bit more. It&#39;ll be OK if it breaks occasionally, as this is not my primary laptop anyway. </span><br />
-<br />
-<span>Arch Linux and EndeavourOS are community distributions. This means, that there is no big corporation in the backyard lurking around. They won&#39;t give you the firmware updates for cutting edge hardware out of the box, though, but they are still a very good choice for hobbyist and also for older hardware where future firmware updates are less likely to happen.</span><br />
-<br />
-<span>I am very happy with the package availability through the official repository and AUR.</span><br />
-<br />
-<a class='textlink' href='https://endeavouros.com/'>https://endeavouros.com/</a><br />
-<br />
-<h2 style='display: inline' id='freebsd'>FreeBSD</h2><br />
-<br />
-<span>I have run FreeBSD in many occasions. Right after SuSE Linux, FreeBSD (around 4.x) was the second open source system I used in my life on regular basis. I didn&#39;t even go to university yet then I started using it :-). Also, a former employer of mine even allowed me to install FreeBSD on my main workstation (which I actually did and used it for a couple of years). </span><br />
-<br />
-<span>I remember it used to be a pain bootstrapping Java for FreeBSD due to the lack of pre-compiled binary packages. You had first to enable the Linux compatibility layer, then install Linux Java, and then compile FreeBSD Java with the bootstrapped Linux Java (yes, Java is mainly programmed in C++, but for some reason compiling Java for FreeBSD also required an installation of Java). Nowadays, there are ready OpenJDK binary packages you could install. So things have improved a lot since.</span><br />
-<br />
-<span>FreeBSD always had a place somewhere in my life:</span><br />
-<br />
-<ul>
-<li>On a Desktop PC (personal and work)</li>
-<li>On a Laptop</li>
-<li>On a webserver, FTP server, DNS server, mail server</li>
-<li>On a server offering FreeBSD jails to customers for rent</li>
-<li>As an experiment running Debian GNU/kFreeBSD inside of jails</li>
-</ul><br />
-<span>Debian GNU/kFreeBSD is now dead (same is my experiment)...</span><br />
-<br />
-<a class='textlink' href='https://www.debian.org/ports/kfreebsd-gnu/'>https://www.debian.org/ports/kfreebsd-gnu/</a><br />
-<br />
-<span>...but I still have saved and old uname output :-):</span><br />
-<br />
-<pre>
-[root@saturn /usr/jail/serv14/etc] # jexec 21 bash
-root@rhea:/ # uname -a
-GNU/kFreeBSD rhea.buetow.org 8.0-RELEASE-p5 FreeBSD 8.0-RELEASE-p5 #2: Sat Nov 27 13:10:09 CET
-  2010 root@saturn.buetow.org:/usr/obj/usr/srcs/freebsd.src8/src/sys/SERV10 x86 64 amd64 Intel(R)
-  Core(TM) i7 CPU 920 @ 2.67GHz GNU/kFreeBSD
-</pre>
-<br />
-<span>Currently, I use FreeBSD on my personal NAS server. The server is a regular PC with a bunch of hard drives and a ZFS RAIDZ (with 4x2TB drives) + a couple of external backup drives.</span><br />
-<br />
-<a class='textlink' href='https://www.FreeBSD.org'>https://www.FreeBSD.org</a><br />
-<br />
-<h2 style='display: inline' id='centos-7'>CentOS 7</h2><br />
-<br />
-<span>While CentOS 8 is already out of support, I still use CentOS 7 (which will receive security updates until 2024). CentOS 7 runs in a cloud VM and is the home to my personal NextCloud and Wallabag installations. You probably know already NextCloud. About Wallabag: It is a great free and open source alternative to Pocket (for reading articles from the web offline later). Yes, you can pay for a Wallabag subscription, but you can also host it for free on your own server.</span><br />
-<br />
-<a class='textlink' href='https://nextcloud.com'>NextCloud</a><br />
-<a class='textlink' href='https://www.wallabag.it/en'>Wallabag</a><br />
-<br />
-<span>The reason I use Linux and not *BSD at the moment for these services is Docker. With Docker, it&#39;s so easy-peasy to get these up and running. I will have to switch to another OS before CentOS 7 runs out of support, though. It might be CentOS Stream, Rocky Linux, or, more likely, I will use FreeBSD. On FreeBSD there isn&#39;t Docker, but what can be done is to create a self-contained Jail for each of the web-apps. </span><br />
-<br />
-<span>I have been using FreeBSD Jails for LAMP stacks before I started using CentOS. The reason why I switched to CentOS (it was still CentOS 6 at that time) in the first place was, that I wanted to try out something new.</span><br />
-<br />
-<a class='textlink' href='https://www.centos.org'>https://www.centos.org</a><br />
-<br />
-<h2 style='display: inline' id='openbsd'>OpenBSD</h2><br />
-<br />
-<span>I use two small OpenBSD "cloud" boxes for my "public facing internet front-ends". The services I run here are:</span><br />
-<br />
-<ul>
-<li>HTTP server (serving this site via https://foo.zone)</li>
-<li>Gemini server (serving this site via gemini://foo.zone)</li>
-<li>MTA server (for receiving E-Mails to my hosts)</li>
-<li>Authorative DNS server (for all of my "domains")</li>
-<li>Some personal/private git repositories (accessible only via SSH)</li>
-</ul><br />
-<span>OpenBSD is a complete operating system. I love it due to it&#39;s "simplicity" and "correctness" and the good documentation (I love the manual pages in particular). OpenBSD is also known for its innovations in security. I must admin, though, that most Unix like operating system would be secure enough for my personal needs and that I don&#39;t really need to use OpenBSD here. But nevertheless, I think it&#39;s the ideal operating system for what I am using it for.</span><br />
-<br />
-<span>The only softwares which were not part of the base system and I had to install additionally were the Gemini server (vger) and Git, which both were available as pre-compiled OpenBSD binary packages. So, besides of these two packages, it is indeed a pretty complete operating system for my use case.</span><br />
-<br />
-<a class='textlink' href='https://www.openbsd.org'>https://www.openbsd.org</a><br />
-<br />
-<h2 style='display: inline' id='macos-proprietary'>macOS (proprietary)</h2><br />
-<br />
-<span>I have to use a MacBook Pro with macOS for work. What else can I say but that this would have never been my personal choice. At least macOS is a UNIX under the hood and comes with a decent terminal and there are plenty of terminal apps available via Brew. Some of the inner workings of macOS were actually forked from the FreeBSD project. </span><br />
-<br />
-<a class='textlink' href='https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/KernelProgramming/BSD/BSD.html'>developer.apple.com: BSD in macOS/Darwin</a><br />
-<br />
-<span>I find the macOS UI rather confusing.</span><br />
-<br />
-<h2 style='display: inline' id='lineageos-mobile'>LineageOS (mobile)</h2><br />
-<br />
-<span>At some point I got fed up with big tech, like Google and Samsung (or Apple, but personally I don&#39;t use Apple), spying on me. So I purchased a Google phone (a midrange Pixel phone) and installed LineageOS, a free and open source distribution of Android, on it. I don&#39;t have anything from Google installed on it (not even the play store, I install my apps from F-Droid). It&#39;s my daily driver since mid 2021 now. </span><br />
-<br />
-<span>So far the experience is not great but good. The main culprits are not having Google Maps, Google Gboard and the camera app. The latter lacks some features on LineageOS (e.g. No wide angle lens support). Also, I can&#39;t use my banking apps anymore. Sometimes apps crash for no apparent reason(s) but I get around it so far. I shouldn&#39;t spend so much time on my smartphone anyway! And the whole point of switching to LineageOS was to get away of big tech and therefore I should not complain :-). What I do like is that 95% the things I used to do on a proprietary mobile phone also can be done with LineageOS.</span><br />
-<br />
-<a class='textlink' href='./2021-08-01-on-being-pedantic-about-open-source.html'>Read also "The Midle Way" section of this blog post regarding smartphones.</a><br />
-<br />
-<span>There&#39;s also the excellent Termux app in the F-Droid store, which transforms the phone into a small Linux handheld device. I am able to run all of my Linux/Unix terminal apps with it.</span><br />
-<br />
-<a class='textlink' href='https://lineageos.org/'>https://lineageos.org/</a><br />
-<a class='textlink' href='https://termux.com/'>https://termux.com/</a><br />
-<br />
-<h2 style='display: inline' id='samsung-s-stock-android-mobile-proprietary'>Samsung&#39;s Stock Android (mobile proprietary)</h2><br />
-<br />
-<span>Unfortunatley, I still have to keep my proprietary Android phone around. Sometimes, I really need to use some proprietary apps which are only available form the Google play store and also require the Google services installed on the phone. I don&#39;t carry this phone around all the time and I only use it intentionally for very specific use cases. I think this is the best compromise I can make.</span><br />
-<br />
-<h2 style='display: inline' id='ios-mobile-proprietary'>iOS (mobile proprietary)</h2><br />
-<br />
-<span>I have to use an iPhone for work. I like the hardware but I hate the OS (you can also call it spyOS), but it&#39;s the necessarries evil, unfortunately. Apple is even worse than Google here (despite claiming for themselves to produce the most secure phone(s)). I don&#39;t have it with me all the time or switched off when I don&#39;t need it. I also find iOS quite unintuitive to use.</span><br />
-<br />
-<span>Being on-call for work means to to be reachable 24/7. This implies that the phone is carried around all the time (in an switched-on state). 1984 is now.</span><br />
-<a class='textlink' href='https://en.wikipedia.org/wiki/Nineteen_Eighty-Four'>https://en.wikipedia.org/wiki/Nineteen_Eighty-Four</a><br />
-<br />
-<h2 style='display: inline' id='other-oses'>Other OSes</h2><br />
-<br />
-<h3 style='display: inline' id='infinytime-smartwatch'>InfinyTime (smartwatch)</h3><br />
-<br />
-<span>I use it on my PineTime smartwatch. Other than checking the time and my step count, I really don&#39;t do anything else fancy with it (yet). </span><br />
-<br />
-<a class='textlink' href='https://www.pine64.org/pinetime/'>https://www.pine64.org/pinetime/</a><br />
-<a class='textlink' href='https://infinitime.io/'>https://infinitime.io/</a><br />
-<br />
-<h3 style='display: inline' id='motioneyeos'>motionEyeOS</h3><br />
-<br />
-<span>I usually install an army of RaspberryPi 3&#39;s in my house before I travel for a prolonged amount of time. All Pi&#39;s are equipped with an camera and have motionEyeOS (Linux based video surveillance system) installed. There&#39;s a neat Android app in the F-Droid store which let&#39;s me keep an eye on everything. I make the Pi&#39;s accessible from the internet via reverse SSH tunnels through one of my frontend servers.</span><br />
-<br />
-<a class='textlink' href='https://github.com/ccrisan/motioneyeos'>https://github.com/ccrisan/motioneyeos</a><br />
-<br />
-<h3 style='display: inline' id='kobo-os-proprietary'>Kobo OS (proprietary)</h3><br />
-<br />
-<span>I use a Kobo Forma as my e-reader device. I have started to switch off the Wifi and to only sideload DRM free ePubs on it. Even offline, it&#39;s a fully capable reader device. I wouldn&#39;t like the Kobo to call home to Rakuten. I would love to replace it one day with an open source e-reader alternative like the PineNote. There are also some interesting attempts installing postmarketOS Linux on Kobo devices. The latter boots already, but is far from being usable as a normal e-reader.</span><br />
-<br />
-<a class='textlink' href='https://www.pine64.org/pinenote/'>The PineNote</a><br />
-<a class='textlink' href='https://liliputing.com/2021/07/kobo-clara-hd-becomes-an-e-ink-linux-tablet-with-the-help-of-postmarketos.html'>Kobo Clara HD becomes an e-ink Linux tablet</a><br />
-<br />
-<span>But as a fall-back, someone could still use the good old dead tree format!</span><br />
-<br />
-<h3 style='display: inline' id='android-tv-proprietary'>Android TV (proprietary)</h3><br />
-<br />
-<span>An Android TV box is used for watching movies and series on Netflix and Amazon Prime video (yes, I am human too and rely once in a while on big tech streaming services). The Android TV box is currently in the process of being replaced by OSMC, though. Most services seem to work fine with OSMC, but didn&#39;t get around tinkering with Netflix and Amazon there yet.</span><br />
-<br />
-<a class='textlink' href='https://osmc.tv/'>https://osmc.tv/</a><br />
-<br />
-<h2 style='display: inline' id='other-oses'>Other OSes..</h2><br />
-<br />
-<span>This section is just for the sake of having a complete list of all OSes I used for some significant amount of time. I might not use all of them any more...</span><br />
-<br />
-<h3 style='display: inline' id='netbsd'>NetBSD</h3><br />
-<br />
-<span>I have been using NetBSD on an old Sun Sparcstation 10 as a student. I also have run NetBSD on a very old ThinkPad with 96MB!!! of RAM (even with X/evilWM). I also installed (but never really used) NetBSD on an HP Jornada 680. But that&#39;s all more than 10 years ago. I haven&#39;t looked at NetBSD for long time. I want to revive it on an "old" ThinkPad T450 of mine which I currently don&#39;t use.</span><br />
-<br />
-<a class='textlink' href='https://netbsd.org'>https://netbsd.org</a><br />
-<br />
-<h3 style='display: inline' id='other-oses-in-use'>Other OSes in use...</h3><br />
-<br />
-<a class='textlink' href='https://sailfish.org'>SailfishOS - Nice mobile OS, but unfortunately includes proprietary components</a><br />
-<a class='textlink' href='https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux'>Red Hat Enterprise Linux - Only for some work stuff</a><br />
-<br />
-<h3 style='display: inline' id='other-oses-not-used-any-more'>Other OSes not used any more...</h3><br />
-<br />
-<a class='textlink' href='https://en.opensuse.org/Archive:S.u.S.E._Linux_5.3'>SuSE Linux 5.3 - The first Linux OS I used</a><br />
-<a class='textlink' href='https://en.wikipedia.org/wiki/IRIX'>SGI&#39;s IRIX - On a SGI Onyx 3200</a><br />
-<a class='textlink' href='https://en.wikipedia.org/wiki/MeeGo'>MeeGo - On a Nokia N9</a><br />
-<a class='textlink' href='https://en.wikipedia.org/wiki/Microsoft_Windows'>Microsoft Windows</a><br />
-<a class='textlink' href='https://en.wikipedia.org/wiki/MS-DOS'>Microsoft DOS - With and without Windows 3.x</a><br />
-<a class='textlink' href='https://en.wikipedia.org/wiki/Symbian'>Symbian - The first smartphone OS I used </a><br />
-<a class='textlink' href='https://en.wikipedia.org/wiki/Wear_OS'>WearOS - On a Google smartwatch</a><br />
-<a class='textlink' href='https://www.debian.org'>Debian GNU/Linux - Rock solid, but atm. I prefer Fedora/EndeavourOS</a><br />
-<a class='textlink' href='https://www.ubuntu.com'>Ubuntu Linux (based on Debian)</a><br />
-<a class='textlink' href='https://www.linuxfromscratch.org/'>Linux from scratch - The best way to learn Linux</a><br />
-<a class='textlink' href='https://www.suse.com/products/server/'>SUSE Linux Enterprise - Only for some work stuff</a><br />
-<br />
-<h3 style='display: inline' id='other-oses-i-only-had-a-glance-at'>Other OSes I only had a glance at...</h3><br />
-<br />
-<a class='textlink' href='https://archiveos.org/opensolaris/'>OpenSolaris - Continuation of the open source version of Solaris</a><br />
-<a class='textlink' href='https://archlinuxarm.org/'>Arch Linux ARM</a><br />
-<a class='textlink' href='https://ecomstation.com/'>eComStation - Continuation of IBM OS/2</a><br />
-<a class='textlink' href='https://en.wikipedia.org/wiki/Minix'>MINIX</a><br />
-<a class='textlink' href='https://en.wikipedia.org/wiki/OpenVMS'>OpenVMS</a><br />
-<a class='textlink' href='https://en.wikipedia.org/wiki/OS/2'>IBM OS/2 Warp</a><br />
-<a class='textlink' href='https://freedos.org'>FreeDOS - Open source alternative to DOS</a><br />
-<a class='textlink' href='https://plan9.io/plan9/'>Plan9 </a><br />
-<a class='textlink' href='https://reactos.org/'>ReactOS - A Microsoft Windows open source clone</a><br />
-<a class='textlink' href='https://www.debian.org/ports/hurd/'>Debian GNU/Hurd - Debian on the GNU kernel</a><br />
-<a class='textlink' href='https://www.debian.org/ports/kfreebsd-gnu/'>Debian GNU/kFreeBSD - Debian on the FreeBSD kernel</a><br />
-<a class='textlink' href='https://www.gentoo.org'>Gentoo Linux</a><br />
-<a class='textlink' href='https://www.haiku-os.org/'>Haiku - A BeOS open source clone</a><br />
-<a class='textlink' href='https://www.oracle.com/solaris/solaris11/'>Sun Solaris (now owned by Oracle)</a><br />
-<a class='textlink' href='https://www.puredarwin.org/'>OpenDarwin ("now" PureDarwin) - Open source operating system based on the open parts of macOS</a><br />
-<br />
-<h3 style='display: inline' id='other-oses-which-seem-interesting'>Other OSes which seem interesting...</h3><br />
-<br />
-<a class='textlink' href='https://asteroidos.org/'>Asteroids OS - Open source smartphone OS</a><br />
-<a class='textlink' href='https://www.dragonflybsd.org/'>DragonFly BSD - Fork of FreeBSD 4</a><br />
-<a class='textlink' href='http://wiki.postmarketos.org/wiki/Phosh'>Phosh (on postmarketOS) - A true Linux shell for the smartphone</a><br />
-<br />
-<span>E-Mail your comments to <span class='inlinecode'>paul@nospam.buetow.org</span> :-)</span><br />
-<br />
-<a class='textlink' href='../'>Back to the main site</a><br />
-            </div>
-        </content>
-    </entry>
 </feed>
diff --git a/gemfeed/f3s-kubernetes-with-freebsd-part-1/diagram.png b/gemfeed/f3s-kubernetes-with-freebsd-part-1/diagram.png
new file mode 100644
index 00000000..fa6b655a
--- /dev/null
+++ b/gemfeed/f3s-kubernetes-with-freebsd-part-1/diagram.png
diff --git a/gemfeed/f3s-kubernetes-with-freebsd-part-1/f3slogo.png b/gemfeed/f3s-kubernetes-with-freebsd-part-1/f3slogo.png
new file mode 100644
index 00000000..c9eb8945
--- /dev/null
+++ b/gemfeed/f3s-kubernetes-with-freebsd-part-1/f3slogo.png
diff --git a/gemfeed/index.gmi b/gemfeed/index.gmi
index 5ab2cd01..187998b6 100644
--- a/gemfeed/index.gmi
+++ b/gemfeed/index.gmi
@@ -2,6 +2,7 @@
 
 ## To be in the .zone!
 
+=> ./2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi 2024-11-17 - f3s: Kubernetes with FreeBSD - Setting the stage - Part 1
 => ./2024-10-24-staff-engineer-book-notes.gmi 2024-10-24 - 'Staff Engineer' book notes
 => ./2024-10-02-gemtexter-3.0.0-lets-gemtext-again-4.gmi 2024-10-02 - Gemtexter 3.0.0 - Let's Gemtext again⁴
 => ./2024-09-07-site-reliability-engineering-part-4.gmi 2024-09-07 - Site Reliability Engineering - Part 4: Onboarding for On-Call Engineers
diff --git a/index.gmi b/index.gmi
index ee7b70fd..717618b3 100644
--- a/index.gmi
+++ b/index.gmi
@@ -1,6 +1,6 @@
 # foo.zone
 
-> This site was generated at 2024-11-07T09:27:54+02:00 by `Gemtexter`
+> This site was generated at 2024-11-16T23:08:11+02:00 by `Gemtexter`
 
 Welcome to the foo.zone. Everything you read on this site is my personal opinion and experience. You can call me a Linux/*BSD enthusiast and hobbyist. I mainly write about tech, IT, programming and sometimes also about self-improvement here. Note that this blog usually does not overlap with what I do at my day job as a Site Reliability Engineer.
 
@@ -28,6 +28,7 @@ Welcome to the foo.zone. Everything you read on this site is my personal opinion
 
 ### Posts
 
+=> ./gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.gmi 2024-11-17 - f3s: Kubernetes with FreeBSD - Setting the stage - Part 1
 => ./gemfeed/2024-10-24-staff-engineer-book-notes.gmi 2024-10-24 - 'Staff Engineer' book notes
 => ./gemfeed/2024-10-02-gemtexter-3.0.0-lets-gemtext-again-4.gmi 2024-10-02 - Gemtexter 3.0.0 - Let's Gemtext again⁴
 => ./gemfeed/2024-09-07-site-reliability-engineering-part-4.gmi 2024-09-07 - Site Reliability Engineering - Part 4: Onboarding for On-Call Engineers
diff --git a/uptime-stats.gmi b/uptime-stats.gmi
index 16042734..673b78c1 100644
--- a/uptime-stats.gmi
+++ b/uptime-stats.gmi
@@ -1,6 +1,6 @@
 # My machine uptime stats
 
-> This site was last updated at 2024-11-07T09:27:53+02:00
+> This site was last updated at 2024-11-16T23:08:11+02:00
 
 The following stats were collected via `uptimed` on all of my personal computers over many years and the output was generated by `guprecords`, the global uptime records stats analyser of mine.