Add MetalLB/Teleport docs, update APISIX/sshpiper/OpenWrt for NodePort→LoadBalancer migration

2026-03-26 12:00:30 +09:00
parent 259ebe8434
commit 140631b36a
5 changed files with 148 additions and 9 deletions
--- a/infra/metallb.md
+++ b/infra/metallb.md
@@ -0,0 +1,76 @@
+---
+title: MetalLB (K3s LoadBalancer)
+updated: 2026-03-26
+tags: [infra, k3s, metallb, networking]
+---
+
+## 개요
+
+K3s 클러스터에 LoadBalancer 타입 서비스를 제공하는 베어메탈 로드밸런서.
+NodePort 난립 문제를 해결하기 위해 도입 (2026-03-26).
+
+## 배포 정보
+
+| 항목 | 값 |
+|------|-----|
+| Namespace | metallb-system |
+| Chart | metallb/metallb |
+| Helm repo | https://metallb.github.io/metallb |
+| 모드 | L2 Advertisement |
+| IP 풀 | 192.168.9.50 - 192.168.9.59 (10개) |
+| Speaker | DaemonSet (노드당 1개, 3개) |
+| Controller | Deployment (1개) |
+
+## IP 할당 현황
+
+| IP | Service | Namespace | Port |
+|----|---------|-----------|------|
+| 192.168.9.50 | apisix-gateway | apisix | 80, 443 |
+| 192.168.9.51 | sshpiper | sshpiper | 2222 |
+| 192.168.9.52 | teleport-cluster | teleport | 443 |
+
+## 설정
+
+```yaml
+# IPAddressPool
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: default-pool
+  namespace: metallb-system
+spec:
+  addresses:
+    - 192.168.9.50-192.168.9.59
+
+# L2Advertisement
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: default
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+    - default-pool
+```
+
+## 관리 명령
+
+```bash
+kubectl get ipaddresspool -n metallb-system     # IP 풀 확인
+kubectl get l2advertisement -n metallb-system   # L2 광고 확인
+kubectl get svc --all-namespaces -o wide | grep LoadBalancer  # LB 서비스 목록
+```
+
+## NodePort → LoadBalancer 이전 기록 (2026-03-26)
+
+| Service | Before (NodePort) | After (LoadBalancer) |
+|---------|-------------------|---------------------|
+| apisix-gateway | 30233, 31137 | 192.168.9.50 (80/443) |
+| sshpiper | 31840 | 192.168.9.51 (2222) |
+| teleport-cluster | ClusterIP → LB | 192.168.9.52 (443) |
+| argocd-server | 30080, 30443 | ClusterIP (Traefik Ingress) |
+| anvil/ssh-server | 30023 | ClusterIP (추후 통합) |
+| ironclad/ssh-server | 30022 | ClusterIP (추후 통합) |
+| ironclad/nginx | 30297 | ClusterIP (추후 Traefik) |
+
+HAProxy 백엔드도 NodePort → MetalLB IP로 변경 완료.