Update infra docs: MetalLB IP allocation, Traefik LB, ServiceLB disable, new certs, HAProxy changes

2026-03-26 14:04:58 +09:00
parent 140631b36a
commit 15386945c3
5 changed files with 49 additions and 21 deletions
--- a/infra/metallb.md
+++ b/infra/metallb.md
@@ -8,6 +8,7 @@ tags: [infra, k3s, metallb, networking]

 K3s 클러스터에 LoadBalancer 타입 서비스를 제공하는 베어메탈 로드밸런서.
 NodePort 난립 문제를 해결하기 위해 도입 (2026-03-26).
+K3s 내장 ServiceLB(Klipper)는 비활성화 (`--disable servicelb`, kr2/kr1 config.yaml).

 ## 배포 정보

@@ -28,11 +29,16 @@ NodePort 난립 문제를 해결하기 위해 도입 (2026-03-26).
 | 192.168.9.50 | apisix-gateway | apisix | 80, 443 |
 | 192.168.9.51 | sshpiper | sshpiper | 2222 |
 | 192.168.9.52 | teleport-cluster | teleport | 443 |
+| 192.168.9.53 | traefik | kube-system | 80, 443 |
+
+## DNS 매핑
+
+- `k3s.inouter.com` → 192.168.9.53 (Traefik LB, 이전 3노드 IP에서 변경)
+- `teleport.inouter.com` → 52.79.45.166 (relay4wd 경유)

 ## 설정

 ```yaml
-# IPAddressPool
 apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
@@ -41,8 +47,7 @@ metadata:
 spec:
  addresses:
    - 192.168.9.50-192.168.9.59
-
-# L2Advertisement
+---
 apiVersion: metallb.io/v1beta1
 kind: L2Advertisement
 metadata:
@@ -61,16 +66,16 @@ kubectl get l2advertisement -n metallb-system   # L2 광고 확인
 kubectl get svc --all-namespaces -o wide | grep LoadBalancer  # LB 서비스 목록
 ```

-## NodePort → LoadBalancer 이전 기록 (2026-03-26)
+## 이전 기록 (2026-03-26)

-| Service | Before (NodePort) | After (LoadBalancer) |
-|---------|-------------------|---------------------|
-| apisix-gateway | 30233, 31137 | 192.168.9.50 (80/443) |
-| sshpiper | 31840 | 192.168.9.51 (2222) |
-| teleport-cluster | ClusterIP → LB | 192.168.9.52 (443) |
-| argocd-server | 30080, 30443 | ClusterIP (Traefik Ingress) |
-| anvil/ssh-server | 30023 | ClusterIP (추후 통합) |
-| ironclad/ssh-server | 30022 | ClusterIP (추후 통합) |
-| ironclad/nginx | 30297 | ClusterIP (추후 Traefik) |
+| Service | Before | After |
+|---------|--------|-------|
+| traefik | hostPort 80/443 | LoadBalancer 192.168.9.53 |
+| apisix-gateway | NodePort 30233/31137 | LoadBalancer 192.168.9.50 |
+| sshpiper | NodePort 31840 | LoadBalancer 192.168.9.51 |
+| teleport-cluster | ClusterIP | LoadBalancer 192.168.9.52 |
+| argocd-server | NodePort 30080/30443 | ClusterIP (Traefik Ingress) |
+| ironclad/* | NodePort | 삭제 (오사카에서 서빙) |
+| anvil/* | NodePort | 삭제 |

-HAProxy 백엔드도 NodePort → MetalLB IP로 변경 완료.
+HAProxy 백엔드: 3노드 roundrobin → MetalLB IP 단일 엔드포인트로 변경.