Add MetalLB/Teleport docs, update APISIX/sshpiper/OpenWrt for NodePort→LoadBalancer migration

2026-03-26 12:00:30 +09:00
parent 259ebe8434
commit 140631b36a
5 changed files with 148 additions and 9 deletions
--- a/infra/teleport.md
+++ b/infra/teleport.md
@@ -0,0 +1,61 @@
+---
+title: Teleport (접근 관리)
+updated: 2026-03-26
+tags: [infra, teleport, k3s, security]
+---
+
+## 개요
+
+Gravitational Teleport — SSH/K8s/웹앱 접근 관리 플랫폼.
+
+## 배포 정보
+
+K3s 클러스터(kr3 컨텍스트)에 Helm으로 설치 (2026-03-26)
+
+| 항목 | 값 |
+|------|-----|
+| Namespace | teleport |
+| Chart | teleport/teleport-cluster 18.7.3 |
+| App | Teleport 18.7.3 |
+| Mode | standalone, multiplex |
+| Proxy | LoadBalancer 192.168.9.52:443 |
+| Auth | ClusterIP 3025/3026 |
+| TLS | wildcard-inouter-tls (cert-manager) |
+| Storage | Longhorn 5Gi |
+| 클러스터명 | teleport.inouter.com |
+| DNS | teleport.inouter.com → 52.79.45.166 (Cloudflare, proxied: false) |
+
+## 외부 접근 경로
+
+```
+teleport.inouter.com (52.79.45.166)
+  → relay4wd:443
+  → iptables REDIRECT :8443
+  → APISIX stream_route (teleport)
+  → 192.168.9.52:443 (MetalLB)
+  → Teleport proxy Pod
+```
+
+## 사용자
+
+| User | Roles |
+|------|-------|
+| admin | editor, access, auditor |
+
+## 관리 명령
+
+```bash
+# 사용자 목록
+kubectl exec -n teleport deploy/teleport-cluster-auth -- tctl users ls
+
+# 패스워드 리셋
+kubectl exec -n teleport deploy/teleport-cluster-auth -- tctl users reset <username>
+
+# Helm 설정
+helm get values teleport-cluster -n teleport
+```
+
+## 관련 문서
+
+- [[apisix]] — relay4wd stream_route로 Teleport 포워딩
+- [[sshpiper]] — SSH 리버스 프록시 (별도 서비스)