diff options
| -rw-r--r-- | about/resources.html | 206 | ||||
| -rw-r--r-- | gemfeed/2025-10-02-f3s-kubernetes-with-freebsd-part-7.html | 24 | ||||
| -rw-r--r-- | gemfeed/atom.xml | 26 | ||||
| -rw-r--r-- | index.html | 2 | ||||
| -rw-r--r-- | uptime-stats.html | 2 |
5 files changed, 136 insertions, 124 deletions
diff --git a/about/resources.html b/about/resources.html index 712bb49c..ab4fd1e3 100644 --- a/about/resources.html +++ b/about/resources.html @@ -50,112 +50,112 @@ <span>In random order:</span><br /> <br /> <ul> -<li>Terraform Cookbook; Mikael Krief; Packt Publishing</li> -<li>Raku Fundamentals; Moritz Lenz; Apress</li> -<li>Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly</li> -<li>Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson</li> -<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li> -<li>Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner</li> -<li>Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly</li> -<li>21st Century C: C Tips from the New School; Ben Klemens; O'Reilly</li> -<li>Effective awk programming; Arnold Robbins; O'Reilly</li> <li>Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook</li> +<li>Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner</li> +<li>Seeking SRE: Conversations About Running Production Systems at Scale; David N. Blank-Edelman; eBook</li> +<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li> +<li>Effective Java; Joshua Bloch; Addison-Wesley Professional</li> <li>The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress</li> -<li>97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly</li> -<li>The Kubernetes Book; Nigel Poulton; Unabridged Audiobook</li> -<li>Funktionale Programmierung; Peter Pepper; Springer</li> -<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li> +<li>Concurrency in Go; Katherine Cox-Buday; O'Reilly</li> +<li>Raku Recipes; J.J. Merelo; Apress</li> +<li>The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible</li> +<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li> +<li>Site Reliability Engineering; How Google runs production systems; O'Reilly</li> +<li>Leanring eBPF; Liz Rice; O'Reilly</li> +<li>Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly</li> <li>Perl New Features; Joshua McAdams, brian d foy; Perl School</li> -<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li> -<li>Polished Ruby Programming; Jeremy Evans; Packt Publishing</li> -<li>100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications</li> -<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li> -<li>Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly</li> +<li>Developing Games in Java; David Brackeen and others...; New Riders</li> <li>Data Science at the Command Line; Jeroen Janssens; O'Reilly</li> -<li>Ultimate Go Notebook; Bill Kennedy</li> -<li>Pro Puppet; James Turnbull, Jeffrey McCune; Apress</li> -<li>Effective Java; Joshua Bloch; Addison-Wesley Professional</li> -<li>Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press</li> +<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly</li> +<li>Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly</li> +<li>100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications</li> +<li>The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional</li> +<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li> +<li>Terraform Cookbook; Mikael Krief; Packt Publishing</li> <li>Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press</li> -<li>The Docker Book; James Turnbull; Kindle</li> +<li>Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly</li> +<li>Raku Fundamentals; Moritz Lenz; Apress</li> <li>Modern Perl; Chromatic ; Onyx Neon Press</li> +<li>Polished Ruby Programming; Jeremy Evans; Packt Publishing</li> +<li>Funktionale Programmierung; Peter Pepper; Springer</li> +<li>Pro Puppet; James Turnbull, Jeffrey McCune; Apress</li> +<li>21st Century C: C Tips from the New School; Ben Klemens; O'Reilly</li> +<li>Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt </li> +<li>97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly</li> +<li>C++ Programming Language; Bjarne Stroustrup;</li> +<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li> +<li>Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson</li> <li>Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly</li> +<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li> +<li>Effective awk programming; Arnold Robbins; O'Reilly</li> +<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li> +<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li> +<li>Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press</li> +<li>The Kubernetes Book; Nigel Poulton; Unabridged Audiobook</li> <li>The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton</li> -<li>Leanring eBPF; Liz Rice; O'Reilly</li> -<li>Raku Recipes; J.J. Merelo; Apress</li> -<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly</li> -<li>C++ Programming Language; Bjarne Stroustrup;</li> -<li>Seeking SRE: Conversations About Running Production Systems at Scale; David N. Blank-Edelman; eBook</li> -<li>Concurrency in Go; Katherine Cox-Buday; O'Reilly</li> -<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li> -<li>The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional</li> -<li>Programming Ruby 3.3 (5th Edition); Noel Rappin, with Dave Thomas; The Pragmatic Bookshelf</li> <li>Java ist auch eine Insel; Christian Ullenboom; </li> -<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li> -<li>Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt </li> -<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li> +<li>Ultimate Go Notebook; Bill Kennedy</li> +<li>The Docker Book; James Turnbull; Kindle</li> +<li>Programming Ruby 3.3 (5th Edition); Noel Rappin, with Dave Thomas; The Pragmatic Bookshelf</li> <li>DNS and BIND; Cricket Liu; O'Reilly</li> -<li>The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible</li> -<li>Developing Games in Java; David Brackeen and others...; New Riders</li> -<li>Site Reliability Engineering; How Google runs production systems; O'Reilly</li> </ul><br /> <h2 style='display: inline' id='technical-references'>Technical references</h2><br /> <br /> <span>I didn't read them from the beginning to the end, but I am using them to look up things. The books are in random order:</span><br /> <br /> <ul> -<li>Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley</li> -<li>Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly</li> -<li>Implementing Service Level Objectives; Alex Hidalgo; O'Reilly</li> +<li>Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly</li> +<li>The Linux Programming Interface; Michael Kerrisk; No Starch Press </li> <li>BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley</li> <li>Relayd and Httpd Mastery; Michael W Lucas</li> +<li>Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley</li> +<li>Implementing Service Level Objectives; Alex Hidalgo; O'Reilly</li> +<li>Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly</li> <li>Go: Design Patterns for Real-World Projects; Mat Ryer; Packt</li> -<li>The Linux Programming Interface; Michael Kerrisk; No Starch Press </li> -<li>Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly</li> </ul><br /> <h2 style='display: inline' id='self-development-and-soft-skills-books'>Self-development and soft-skills books</h2><br /> <br /> <span>In random order:</span><br /> <br /> <ul> -<li>101 Essays that change the way you think; Brianna Wiest; Audiobook</li> -<li>Deep Work; Cal Newport; Piatkus</li> -<li>The Good Enough Job; Simone Stolzoff; Ebury Edge</li> -<li>Meditation for Mortals, Oliver Burkeman, Audiobook</li> -<li>The Software Engineer's Guidebook: Navigating senior, tech lead, and staff engineer positions at tech companies and startups; Gergely Orosz; Audiobook </li> -<li>Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press</li> -<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li> -<li>Ultralearning; Anna Laurent; Self-published via Amazon</li> -<li>Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook</li> -<li>Atomic Habits; James Clear; Random House Business</li> -<li>The Power of Now; Eckhard Tolle; Yellow Kite</li> +<li>Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne</li> +<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li> +<li>Ultralearning; Scott Young; Thorsons</li> <li>Soft Skills; John Sommez; Manning Publications</li> -<li>The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)</li> -<li>Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly</li> -<li>The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd</li> <li>Slow Productivity; Cal Newport; Penguin Random House</li> -<li>Stop starting, start finishing; Arne Roock; Lean-Kanban University </li> <li>Eat That Frog; Brian Tracy</li> -<li>97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook</li> -<li>Ultralearning; Scott Young; Thorsons</li> -<li>Solve for Happy; Mo Gawdat (RE-READ 1ST TIME)</li> -<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li> -<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li> -<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li> -<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook</li> -<li>The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook</li> -<li>Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne</li> -<li>The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books</li> -<li>The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook</li> +<li>Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook</li> +<li>Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press</li> +<li>The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)</li> <li>Influence without Authority; A. Cohen, D. Bradford; Wiley</li> -<li>The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK</li> -<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li> +<li>Meditation for Mortals, Oliver Burkeman, Audiobook</li> +<li>Ultralearning; Anna Laurent; Self-published via Amazon</li> <li>Digital Minimalism; Cal Newport; Portofolio Penguin</li> -<li>The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select</li> +<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li> +<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook</li> +<li>Stop starting, start finishing; Arne Roock; Lean-Kanban University </li> +<li>The Power of Now; Eckhard Tolle; Yellow Kite</li> <li>Getting Things Done; David Allen</li> -<li>So Good They Can't Ignore You; Cal Newport; Business Plus</li> <li>Never Split the Difference; Chris Voss, Tahl Raz; Random House Business</li> +<li>The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select</li> +<li>Solve for Happy; Mo Gawdat (RE-READ 1ST TIME)</li> +<li>Deep Work; Cal Newport; Piatkus</li> +<li>The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK</li> +<li>101 Essays that change the way you think; Brianna Wiest; Audiobook</li> +<li>The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook</li> +<li>The Good Enough Job; Simone Stolzoff; Ebury Edge</li> +<li>The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd</li> +<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li> +<li>Atomic Habits; James Clear; Random House Business</li> +<li>The Software Engineer's Guidebook: Navigating senior, tech lead, and staff engineer positions at tech companies and startups; Gergely Orosz; Audiobook </li> +<li>The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook</li> +<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li> +<li>Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly</li> <li>Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion</li> +<li>97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook</li> +<li>So Good They Can't Ignore You; Cal Newport; Business Plus</li> +<li>The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books</li> +<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li> </ul><br /> <a class='textlink' href='../notes/index.html'>Here are notes of mine for some of the books</a><br /> <br /> @@ -164,31 +164,31 @@ <span>Some of these were in-person with exams; others were online learning lectures only. In random order:</span><br /> <br /> <ul> -<li>Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training</li> -<li>Ultimate Go Programming; Bill Kennedy; O'Reilly Online</li> -<li>Structure and Interpretation of Computer Programs; Harold Abelson and more...; </li> -<li>Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon</li> -<li>Developing IaC with Terraform (with Live Lessons); O'Reilly Online</li> +<li>Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)</li> <li>Scripting Vim; Damian Conway; O'Reilly Online</li> -<li>F5 Loadbalancers Training; 2-day on-site training; F5, Inc. </li> -<li>Apache Tomcat Best Practises; 3-day on-site training</li> <li>MySQL Deep Dive Workshop; 2-day on-site training</li> <li>Functional programming lecture; Remote University of Hagen</li> -<li>The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online</li> <li>Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online</li> +<li>Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon</li> +<li>The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online</li> +<li>Ultimate Go Programming; Bill Kennedy; O'Reilly Online</li> +<li>AWS Immersion Day; Amazon; 1-day interactive online training </li> +<li>Structure and Interpretation of Computer Programs; Harold Abelson and more...; </li> +<li>F5 Loadbalancers Training; 2-day on-site training; F5, Inc. </li> +<li>Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training</li> <li>Protocol buffers; O'Reilly Online</li> +<li>Developing IaC with Terraform (with Live Lessons); O'Reilly Online</li> <li>The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online</li> -<li>Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)</li> -<li>AWS Immersion Day; Amazon; 1-day interactive online training </li> +<li>Apache Tomcat Best Practises; 3-day on-site training</li> </ul><br /> <h2 style='display: inline' id='technical-guides'>Technical guides</h2><br /> <br /> <span>These are not whole books, but guides (smaller or larger) which I found very useful. in random order:</span><br /> <br /> <ul> -<li>Advanced Bash-Scripting Guide </li> -<li>Raku Guide at https://raku.guide </li> <li>How CPUs work at https://cpu.land</li> +<li>Raku Guide at https://raku.guide </li> +<li>Advanced Bash-Scripting Guide </li> </ul><br /> <h2 style='display: inline' id='podcasts'>Podcasts</h2><br /> <br /> @@ -197,21 +197,21 @@ <span>In random order:</span><br /> <br /> <ul> -<li>The Pragmatic Engineer Podcast</li> -<li>Maintainable</li> -<li>Fork Around And Find Out</li> <li>Dev Interrupted</li> +<li>Maintainable</li> <li>Modern Mentor</li> -<li>Wednesday Wisdom</li> <li>Cup o' Go [Golang]</li> -<li>Deep Questions with Cal Newport</li> +<li>Fork Around And Find Out</li> <li>Fallthrough [Golang]</li> <li>The ProdCast (Google SRE Podcast)</li> +<li>Deep Questions with Cal Newport</li> <li>BSD Now [BSD]</li> +<li>The Changelog Podcast(s)</li> <li>Pratical AI</li> <li>Backend Banter</li> -<li>The Changelog Podcast(s)</li> <li>Hidden Brain</li> +<li>Wednesday Wisdom</li> +<li>The Pragmatic Engineer Podcast</li> </ul><br /> <h3 style='display: inline' id='podcasts-i-liked'>Podcasts I liked</h3><br /> <br /> @@ -219,39 +219,39 @@ <br /> <ul> <li>Java Pub House</li> +<li>Modern Mentor</li> +<li>CRE: Chaosradio Express [german]</li> <li>Ship It (predecessor of Fork Around And Find Out)</li> <li>FLOSS weekly</li> -<li>CRE: Chaosradio Express [german]</li> <li>Go Time (predecessor of fallthrough)</li> -<li>Modern Mentor</li> </ul><br /> <h2 style='display: inline' id='newsletters-i-like'>Newsletters I like</h2><br /> <br /> <span>This is a mix of tech and non-tech newsletters I am subscribed to. In random order:</span><br /> <br /> <ul> -<li>The Pragmatic Engineer</li> -<li>Andreas Brandhorst Newsletter (Sci-Fi author)</li> -<li>VK Newsletter</li> -<li>The Imperfectionist</li> <li>byteSizeGo</li> -<li>Changelog News</li> +<li>Golang Weekly</li> <li>Register Spill</li> <li>The Valuable Dev</li> -<li>Ruby Weekly</li> -<li>Monospace Mentor</li> -<li>Golang Weekly</li> <li>Applied Go Weekly Newsletter</li> +<li>VK Newsletter</li> +<li>The Pragmatic Engineer</li> +<li>Monospace Mentor</li> +<li>Andreas Brandhorst Newsletter (Sci-Fi author)</li> +<li>Changelog News</li> +<li>Ruby Weekly</li> +<li>The Imperfectionist</li> </ul><br /> <h2 style='display: inline' id='magazines-i-liked'>Magazines I like(d)</h2><br /> <br /> <span>This is a mix of tech I like(d). I may not be a current subscriber, but now and then, I buy an issue. In random order:</span><br /> <br /> <ul> -<li>LWN (online only)</li> -<li>Linux User</li> <li>freeX (not published anymore)</li> +<li>LWN (online only)</li> <li>Linux Magazine</li> +<li>Linux User</li> </ul><br /> <h1 style='display: inline' id='formal-education'>Formal education</h1><br /> <br /> diff --git a/gemfeed/2025-10-02-f3s-kubernetes-with-freebsd-part-7.html b/gemfeed/2025-10-02-f3s-kubernetes-with-freebsd-part-7.html index d8081dd4..c38ee531 100644 --- a/gemfeed/2025-10-02-f3s-kubernetes-with-freebsd-part-7.html +++ b/gemfeed/2025-10-02-f3s-kubernetes-with-freebsd-part-7.html @@ -47,6 +47,13 @@ <li>⇢ ⇢ <a href='#automatic-failover-when-f3s-cluster-is-down'>Automatic failover when f3s cluster is down</a></li> <li>⇢ ⇢ <a href='#openbsd-httpd-fallback-configuration'>OpenBSD httpd fallback configuration</a></li> <li>⇢ <a href='#exposing-services-via-lan-ingress'>Exposing services via LAN ingress</a></li> +<li>⇢ ⇢ <a href='#architecture-overview'>Architecture overview</a></li> +<li>⇢ ⇢ <a href='#installing-cert-manager'>Installing cert-manager</a></li> +<li>⇢ ⇢ <a href='#configuring-freebsd-relayd-for-lan-access'>Configuring FreeBSD relayd for LAN access</a></li> +<li>⇢ ⇢ <a href='#adding-lan-ingress-to-services'>Adding LAN ingress to services</a></li> +<li>⇢ ⇢ <a href='#client-side-dns-and-ca-setup'>Client-side DNS and CA setup</a></li> +<li>⇢ ⇢ <a href='#scaling-to-other-services'>Scaling to other services</a></li> +<li>⇢ ⇢ <a href='#tls-offloaders-summary'>TLS offloaders summary</a></li> <li>⇢ <a href='#deploying-the-private-docker-image-registry'>Deploying the private Docker image registry</a></li> <li>⇢ ⇢ <a href='#prepare-the-nfs-backed-storage'>Prepare the NFS-backed storage</a></li> <li>⇢ ⇢ <a href='#install-or-upgrade-the-chart'>Install (or upgrade) the chart</a></li> @@ -901,7 +908,7 @@ http://www.gnu.org/software/src-highlite --> <br /> <span>The LAN ingress architecture leverages the existing FreeBSD CARP (Common Address Redundancy Protocol) failover infrastructure that's already in place for NFS-over-TLS (see Part 5). Instead of deploying MetalLB or another LoadBalancer implementation, we reuse the CARP virtual IP (<span class='inlinecode'>192.168.1.138</span>) by adding HTTP/HTTPS forwarding alongside the existing stunnel service on port 2323.</span><br /> <br /> -<span>*Architecture overview*:</span><br /> +<h3 style='display: inline' id='architecture-overview'>Architecture overview</h3><br /> <br /> <span>The LAN access path differs from external access:</span><br /> <br /> @@ -930,7 +937,7 @@ LAN → FreeBSD CARP VIP (192.168.1.138) <li>CARP provides automatic failover between f0 and f1</li> <li>No code changes to applications—just add a LAN ingress resource</li> </ul><br /> -<span>*Installing cert-manager*:</span><br /> +<h3 style='display: inline' id='installing-cert-manager'>Installing cert-manager</h3><br /> <br /> <span>First, install cert-manager to handle certificate lifecycle management for LAN services. The installation is automated with a Justfile:</span><br /> <br /> @@ -984,7 +991,7 @@ http://www.gnu.org/software/src-highlite --> kubectl apply -f - </pre> <br /> -<span>*Configuring FreeBSD relayd for LAN access*:</span><br /> +<h3 style='display: inline' id='configuring-freebsd-relayd-for-lan-access'>Configuring FreeBSD relayd for LAN access</h3><br /> <br /> <span>On both FreeBSD hosts (f0, f1), install and configure <span class='inlinecode'>relayd</span> for TCP forwarding:</span><br /> <br /> @@ -1013,7 +1020,7 @@ relay "lan_https" { } </pre> <br /> -<span>Note: The IP addresses <span class='inlinecode'>192.168.1.120-122</span> are the LAN IPs of the k3s nodes (r0, r1, r2), not their WireGuard IPs. FreeBSD <span class='inlinecode'>relayd</span> requires PF (Packet Filter) to be enabled. Create a minimal <span class='inlinecode'>/etc/pf.conf</span>:</span><br /> +<span class='quote'>Note: The IP addresses <span class='inlinecode'>192.168.1.120-122</span> are the LAN IPs of the k3s nodes (r0, r1, r2), not their WireGuard IPs. FreeBSD <span class='inlinecode'>relayd</span> requires PF (Packet Filter) to be enabled. Create a minimal <span class='inlinecode'>/etc/pf.conf</span>:</span><br /> <br /> <pre> # Basic PF rules for relayd @@ -1047,7 +1054,7 @@ _relayd relayd <font color="#000000">2903</font> <font color="#000000">12</f <br /> <span>Repeat the same configuration on f1. Both hosts will run <span class='inlinecode'>relayd</span> listening on the CARP VIP, but only the CARP MASTER will respond to traffic. When failover occurs, the new MASTER takes over seamlessly.</span><br /> <br /> -<span>*Adding LAN ingress to services*:</span><br /> +<h3 style='display: inline' id='adding-lan-ingress-to-services'>Adding LAN ingress to services</h3><br /> <br /> <span>To expose a service on the LAN, add a second Ingress resource to its Helm chart. Here's an example:</span><br /> <br /> @@ -1102,7 +1109,7 @@ HTTP/<font color="#000000">2</font> <font color="#000000">302</font> location: /app/ </pre> <br /> -<span>*Client-side DNS and CA setup*:</span><br /> +<h3 style='display: inline' id='client-side-dns-and-ca-setup'>Client-side DNS and CA setup</h3><br /> <br /> <span>To access LAN services, clients need DNS entries and must trust the self-signed CA.</span><br /> <br /> @@ -1142,14 +1149,13 @@ $ sudo update-ca-trust <br /> <span>After trusting the CA, browsers will accept the LAN certificates without warnings.</span><br /> <br /> -<span>*Scaling to other services*:</span><br /> +<h3 style='display: inline' id='scaling-to-other-services'>Scaling to other services</h3><br /> <br /> <span>The same pattern can be applied to any service. To add LAN access:</span><br /> <br /> <span>1. Copy the <span class='inlinecode'>f3s-lan-tls</span> secret to the service's namespace (if not already there)</span><br /> <span>2. Add a LAN Ingress resource using the pattern above</span><br /> <span>3. Configure DNS: <span class='inlinecode'>192.168.1.138 service.f3s.lan.foo.zone</span></span><br /> -<span>4. Commit and push (ArgoCD will deploy automatically)</span><br /> <br /> <span>No changes needed to:</span><br /> <br /> @@ -1158,7 +1164,7 @@ $ sudo update-ca-trust <li>cert-manager (wildcard cert covers all <span class='inlinecode'>*.f3s.lan.foo.zone</span>)</li> <li>CARP configuration (VIP shared by all services)</li> </ul><br /> -<span>*TLS offloaders summary*:</span><br /> +<h3 style='display: inline' id='tls-offloaders-summary'>TLS offloaders summary</h3><br /> <br /> <span>The f3s infrastructure now has three distinct TLS offloaders:</span><br /> <br /> diff --git a/gemfeed/atom.xml b/gemfeed/atom.xml index 84118011..ae6f88b2 100644 --- a/gemfeed/atom.xml +++ b/gemfeed/atom.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> - <updated>2026-02-05T21:12:19+02:00</updated> + <updated>2026-02-05T21:36:44+02:00</updated> <title>foo.zone feed</title> <subtitle>To be in the .zone!</subtitle> <link href="https://foo.zone/gemfeed/atom.xml" rel="self" /> @@ -4395,6 +4395,13 @@ p hash.values_at(:a, :c) <li>⇢ ⇢ <a href='#automatic-failover-when-f3s-cluster-is-down'>Automatic failover when f3s cluster is down</a></li> <li>⇢ ⇢ <a href='#openbsd-httpd-fallback-configuration'>OpenBSD httpd fallback configuration</a></li> <li>⇢ <a href='#exposing-services-via-lan-ingress'>Exposing services via LAN ingress</a></li> +<li>⇢ ⇢ <a href='#architecture-overview'>Architecture overview</a></li> +<li>⇢ ⇢ <a href='#installing-cert-manager'>Installing cert-manager</a></li> +<li>⇢ ⇢ <a href='#configuring-freebsd-relayd-for-lan-access'>Configuring FreeBSD relayd for LAN access</a></li> +<li>⇢ ⇢ <a href='#adding-lan-ingress-to-services'>Adding LAN ingress to services</a></li> +<li>⇢ ⇢ <a href='#client-side-dns-and-ca-setup'>Client-side DNS and CA setup</a></li> +<li>⇢ ⇢ <a href='#scaling-to-other-services'>Scaling to other services</a></li> +<li>⇢ ⇢ <a href='#tls-offloaders-summary'>TLS offloaders summary</a></li> <li>⇢ <a href='#deploying-the-private-docker-image-registry'>Deploying the private Docker image registry</a></li> <li>⇢ ⇢ <a href='#prepare-the-nfs-backed-storage'>Prepare the NFS-backed storage</a></li> <li>⇢ ⇢ <a href='#install-or-upgrade-the-chart'>Install (or upgrade) the chart</a></li> @@ -5249,7 +5256,7 @@ http://www.gnu.org/software/src-highlite --> <br /> <span>The LAN ingress architecture leverages the existing FreeBSD CARP (Common Address Redundancy Protocol) failover infrastructure that's already in place for NFS-over-TLS (see Part 5). Instead of deploying MetalLB or another LoadBalancer implementation, we reuse the CARP virtual IP (<span class='inlinecode'>192.168.1.138</span>) by adding HTTP/HTTPS forwarding alongside the existing stunnel service on port 2323.</span><br /> <br /> -<span>*Architecture overview*:</span><br /> +<h3 style='display: inline' id='architecture-overview'>Architecture overview</h3><br /> <br /> <span>The LAN access path differs from external access:</span><br /> <br /> @@ -5278,7 +5285,7 @@ LAN → FreeBSD CARP VIP (192.168.1.138) <li>CARP provides automatic failover between f0 and f1</li> <li>No code changes to applications—just add a LAN ingress resource</li> </ul><br /> -<span>*Installing cert-manager*:</span><br /> +<h3 style='display: inline' id='installing-cert-manager'>Installing cert-manager</h3><br /> <br /> <span>First, install cert-manager to handle certificate lifecycle management for LAN services. The installation is automated with a Justfile:</span><br /> <br /> @@ -5332,7 +5339,7 @@ http://www.gnu.org/software/src-highlite --> kubectl apply -f - </pre> <br /> -<span>*Configuring FreeBSD relayd for LAN access*:</span><br /> +<h3 style='display: inline' id='configuring-freebsd-relayd-for-lan-access'>Configuring FreeBSD relayd for LAN access</h3><br /> <br /> <span>On both FreeBSD hosts (f0, f1), install and configure <span class='inlinecode'>relayd</span> for TCP forwarding:</span><br /> <br /> @@ -5361,7 +5368,7 @@ relay "lan_https" { } </pre> <br /> -<span>Note: The IP addresses <span class='inlinecode'>192.168.1.120-122</span> are the LAN IPs of the k3s nodes (r0, r1, r2), not their WireGuard IPs. FreeBSD <span class='inlinecode'>relayd</span> requires PF (Packet Filter) to be enabled. Create a minimal <span class='inlinecode'>/etc/pf.conf</span>:</span><br /> +<span class='quote'>Note: The IP addresses <span class='inlinecode'>192.168.1.120-122</span> are the LAN IPs of the k3s nodes (r0, r1, r2), not their WireGuard IPs. FreeBSD <span class='inlinecode'>relayd</span> requires PF (Packet Filter) to be enabled. Create a minimal <span class='inlinecode'>/etc/pf.conf</span>:</span><br /> <br /> <pre> # Basic PF rules for relayd @@ -5395,7 +5402,7 @@ _relayd relayd <font color="#000000">2903</font> <font color="#000000">12</f <br /> <span>Repeat the same configuration on f1. Both hosts will run <span class='inlinecode'>relayd</span> listening on the CARP VIP, but only the CARP MASTER will respond to traffic. When failover occurs, the new MASTER takes over seamlessly.</span><br /> <br /> -<span>*Adding LAN ingress to services*:</span><br /> +<h3 style='display: inline' id='adding-lan-ingress-to-services'>Adding LAN ingress to services</h3><br /> <br /> <span>To expose a service on the LAN, add a second Ingress resource to its Helm chart. Here's an example:</span><br /> <br /> @@ -5450,7 +5457,7 @@ HTTP/<font color="#000000">2</font> <font color="#000000">302</font> location: /app/ </pre> <br /> -<span>*Client-side DNS and CA setup*:</span><br /> +<h3 style='display: inline' id='client-side-dns-and-ca-setup'>Client-side DNS and CA setup</h3><br /> <br /> <span>To access LAN services, clients need DNS entries and must trust the self-signed CA.</span><br /> <br /> @@ -5490,14 +5497,13 @@ $ sudo update-ca-trust <br /> <span>After trusting the CA, browsers will accept the LAN certificates without warnings.</span><br /> <br /> -<span>*Scaling to other services*:</span><br /> +<h3 style='display: inline' id='scaling-to-other-services'>Scaling to other services</h3><br /> <br /> <span>The same pattern can be applied to any service. To add LAN access:</span><br /> <br /> <span>1. Copy the <span class='inlinecode'>f3s-lan-tls</span> secret to the service's namespace (if not already there)</span><br /> <span>2. Add a LAN Ingress resource using the pattern above</span><br /> <span>3. Configure DNS: <span class='inlinecode'>192.168.1.138 service.f3s.lan.foo.zone</span></span><br /> -<span>4. Commit and push (ArgoCD will deploy automatically)</span><br /> <br /> <span>No changes needed to:</span><br /> <br /> @@ -5506,7 +5512,7 @@ $ sudo update-ca-trust <li>cert-manager (wildcard cert covers all <span class='inlinecode'>*.f3s.lan.foo.zone</span>)</li> <li>CARP configuration (VIP shared by all services)</li> </ul><br /> -<span>*TLS offloaders summary*:</span><br /> +<h3 style='display: inline' id='tls-offloaders-summary'>TLS offloaders summary</h3><br /> <br /> <span>The f3s infrastructure now has three distinct TLS offloaders:</span><br /> <br /> @@ -13,7 +13,7 @@ </p> <h1 style='display: inline' id='hello'>Hello!</h1><br /> <br /> -<span class='quote'>This site was generated at 2026-02-05T21:12:19+02:00 by <span class='inlinecode'>Gemtexter</span></span><br /> +<span class='quote'>This site was generated at 2026-02-05T21:36:44+02:00 by <span class='inlinecode'>Gemtexter</span></span><br /> <br /> <span>Welcome to the foo.zone!</span><br /> <br /> diff --git a/uptime-stats.html b/uptime-stats.html index cd8064ce..b2458ab3 100644 --- a/uptime-stats.html +++ b/uptime-stats.html @@ -13,7 +13,7 @@ </p> <h1 style='display: inline' id='my-machine-uptime-stats'>My machine uptime stats</h1><br /> <br /> -<span class='quote'>This site was last updated at 2026-02-05T21:12:19+02:00</span><br /> +<span class='quote'>This site was last updated at 2026-02-05T21:36:44+02:00</span><br /> <br /> <span>The following stats were collected via <span class='inlinecode'>uptimed</span> on all of my personal computers over many years and the output was generated by <span class='inlinecode'>guprecords</span>, the global uptime records stats analyser of mine.</span><br /> <br /> |