From e7665c384557096338ccbb58caba4022f6f74946 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Thu, 5 Feb 2026 12:03:07 +0200 Subject: Add /etc/hosts DNS configuration for LAN services Updated client-side setup section to include DNS configuration. Added instructions for adding /etc/hosts entries pointing LAN service domains to the CARP VIP (192.168.1.138). Renamed section from 'Client-side CA trust' to 'Client-side DNS and CA setup' to reflect both DNS and certificate configuration. --- ...25-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl b/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl index 7a054ed6..4011e017 100644 --- a/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl +++ b/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.gmi.tpl @@ -375,9 +375,23 @@ HTTP/2 302 location: /login ``` -*Client-side CA trust*: +*Client-side DNS and CA setup*: -Since the LAN certificates are self-signed, clients need to trust the CA. Export the CA certificate: +To access LAN services, clients need DNS entries and must trust the self-signed CA. + +Add DNS entries to `/etc/hosts` on your laptop: + +```sh +$ sudo tee -a /etc/hosts << 'EOF' +# f3s LAN services +192.168.1.138 grafana.f3s.lan.foo.zone +192.168.1.138 navidrome.f3s.lan.foo.zone +EOF +``` + +The CARP VIP `192.168.1.138` provides high availability—traffic automatically fails over to the backup host if the master goes down. + +Export the self-signed CA certificate: ```sh $ kubectl get secret selfsigned-ca-secret -n cert-manager -o jsonpath='{.data.ca\.crt}' | \ -- cgit v1.2.3