Update infra docs: MetalLB IP allocation, Traefik LB, ServiceLB disable, new certs, HAProxy changes

infra/cert-manager.md

@@ -1,6 +1,6 @@
 ---
 title: cert-manager SSL 인증서 관리
-updated: 2026-03-12
+updated: 2026-03-26
 ---
 
 ## 인증
@@ -38,3 +38,26 @@ it.com은 TLD(도메인 레지스트리)이며 kaffa가 소유한 zone이 아님
 ## kr 도메인
 
 *.kr.inouter.com → kr1만
+
+## K3s cert-manager (Google Trust Services)
+
+ClusterIssuer: `google-trust-prod`, DNS-01 챌린지 (Cloudflare API).
+Secret: `cloudflare-api-token` (cert-manager 네임스페이스).
+reflector로 전체 네임스페이스에 TLS 시크릿 자동 복제.
+
+### 와일드카드 인증서 목록
+
+| Certificate | Secret | 도메인 |
+|------------|--------|--------|
+| wildcard-inouter | wildcard-inouter-tls | *.inouter.com |
+| wildcard-anvil-it-com | wildcard-anvil-it-com-tls | *.anvil.it.com |
+| wildcard-actions-it-com | wildcard-actions-it-com-tls | *.actions.it.com |
+| wildcard-ironclad-it-com | wildcard-ironclad-it-com-tls | *.ironclad.it.com |
+| wildcard-keepanker-cv | wildcard-keepanker-cv-tls | *.keepanker.cv |
+| wildcard-servidor-it-com | wildcard-servidor-it-com-tls | *.servidor.it.com |
+| wildcard-api-inouter | wildcard-api-inouter-tls | *.api.inouter.com |
+| wildcard-mcp-inouter | wildcard-mcp-inouter-tls | *.mcp.inouter.com |
+
+### Traefik Gateway 등록 인증서
+
+websecure 리스너에 등록: wildcard-inouter-tls, wildcard-anvil-it-com-tls, wildcard-actions-it-com-tls, wildcard-api-inouter-tls, wildcard-mcp-inouter-tls