Verified on k3s-ringtail:
- Sifaka NFS export /volume1/photos covers 192.168.1.0/24 +
100.64.0.0/10. Ringtail at 192.168.1.21 is in scope; no DSM rule
changes needed.
- nfs-test pod mounted the share, read existing library/ thumbs/
backups/ encoded-video/ profile/, wrote a temp file, deleted it.
- DNS resolution: sifaka → 192.168.1.203 (LAN). NFS traffic stays
off tailnet, avoiding the sifaka-tailscale-userspace concern.
- Committed PV + PVC bind on first apply (RWX, 2Ti).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Erich Blume
be5255d685