From ca810b0bfc23818f828c9ba7b7fb07dbee1cbccd Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Fri, 26 Dec 2025 00:42:07 +0200 Subject: Update content for html --- gemfeed/2025-10-02-f3s-kubernetes-with-freebsd-part-7.html | 11 ++++++++++- gemfeed/atom.xml | 13 +++++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) (limited to 'gemfeed') diff --git a/gemfeed/2025-10-02-f3s-kubernetes-with-freebsd-part-7.html b/gemfeed/2025-10-02-f3s-kubernetes-with-freebsd-part-7.html index 6591ab80..cad77deb 100644 --- a/gemfeed/2025-10-02-f3s-kubernetes-with-freebsd-part-7.html +++ b/gemfeed/2025-10-02-f3s-kubernetes-with-freebsd-part-7.html @@ -128,7 +128,10 @@ by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> 
[root@r0 ~]# curl -sfL https://get.k3s.io | K3S_TOKEN=$(cat ~/.k3s_token) \
-        sh -s - server --cluster-init --tls-san=r0.wg0.wan.buetow.org
+        sh -s - server --cluster-init \
+        --node-ip=192.168.2.120 \
+        --advertise-address=192.168.2.120 \
+        --tls-san=r0.wg0.wan.buetow.org
 [INFO]  Finding release for channel stable
 [INFO]  Using v1.32.6+k3s1 as release
 .
@@ -137,6 +140,8 @@ http://www.gnu.org/software/src-highlite -->
 [INFO]  systemd: Starting k3s

+Note: The --node-ip and --advertise-address flags are important to ensure that the embedded etcd cluster communicates over the WireGuard interface (192.168.2.x) rather than the LAN interface (192.168.1.x). This ensures that all control plane traffic is encrypted via WireGuard.
+

Adding the remaining nodes to the cluster



Then I ran on the other two nodes r1 and r2:
@@ -147,10 +152,14 @@ http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> 
[root@r1 ~]# curl -sfL https://get.k3s.io | K3S_TOKEN=$(cat ~/.k3s_token) \
         sh -s - server --server https://r0.wg0.wan.buetow.org:6443 \
+        --node-ip=192.168.2.121 \
+        --advertise-address=192.168.2.121 \
         --tls-san=r1.wg0.wan.buetow.org
 
 [root@r2 ~]# curl -sfL https://get.k3s.io | K3S_TOKEN=$(cat ~/.k3s_token) \
         sh -s - server --server https://r0.wg0.wan.buetow.org:6443 \
+        --node-ip=192.168.2.122 \
+        --advertise-address=192.168.2.122 \
         --tls-san=r2.wg0.wan.buetow.org
 .
 .
diff --git a/gemfeed/atom.xml b/gemfeed/atom.xml
index b24e19bd..efe79606 100644
--- a/gemfeed/atom.xml
+++ b/gemfeed/atom.xml
@@ -1,6 +1,6 @@
 
 
-    2025-12-24T10:50:53+02:00
+    2025-12-26T00:40:44+02:00
     foo.zone feed
     To be in the .zone!
     
@@ -2659,7 +2659,10 @@ by Lorenzo Bettini
 http://www.lorenzobettini.it
 http://www.gnu.org/software/src-highlite -->
 
[root@r0 ~]# curl -sfL https://get.k3s.io | K3S_TOKEN=$(cat ~/.k3s_token) \
-        sh -s - server --cluster-init --tls-san=r0.wg0.wan.buetow.org
+        sh -s - server --cluster-init \
+        --node-ip=192.168.2.120 \
+        --advertise-address=192.168.2.120 \
+        --tls-san=r0.wg0.wan.buetow.org
 [INFO]  Finding release for channel stable
 [INFO]  Using v1.32.6+k3s1 as release
 .
@@ -2668,6 +2671,8 @@ http://www.gnu.org/software/src-highlite -->
 [INFO]  systemd: Starting k3s
 

 

+Note: The --node-ip and --advertise-address flags are important to ensure that the embedded etcd cluster communicates over the WireGuard interface (192.168.2.x) rather than the LAN interface (192.168.1.x). This ensures that all control plane traffic is encrypted via WireGuard.

+

 
Adding the remaining nodes to the cluster


 

 Then I ran on the other two nodes r1 and r2:

@@ -2678,10 +2683,14 @@ http://www.lorenzobettini.it
 http://www.gnu.org/software/src-highlite -->
 
[root@r1 ~]# curl -sfL https://get.k3s.io | K3S_TOKEN=$(cat ~/.k3s_token) \
         sh -s - server --server https://r0.wg0.wan.buetow.org:6443 \
+        --node-ip=192.168.2.121 \
+        --advertise-address=192.168.2.121 \
         --tls-san=r1.wg0.wan.buetow.org
 
 [root@r2 ~]# curl -sfL https://get.k3s.io | K3S_TOKEN=$(cat ~/.k3s_token) \
         sh -s - server --server https://r0.wg0.wan.buetow.org:6443 \
+        --node-ip=192.168.2.122 \
+        --advertise-address=192.168.2.122 \
         --tls-san=r2.wg0.wan.buetow.org
 .
 .
-- 
cgit v1.2.3