kaffa/obsidian
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

인프라 변경사항 반영: RabbitMQ Operator 설치, jp1 DB 정리, Galera 복구, DNS 전환, APISIX admin allow 확대

Browse Source
This commit is contained in:
kappa
2026-03-23 07:52:17 +09:00
parent 17b49d99f7
commit 4556453ec8
2 changed files with 25 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
infra/cloudflare.md
View File

@@ -1,11 +1,23 @@
--- ---
title: Cloudflare 서비스 title: Cloudflare 서비스
updated: 2026-03-12 updated: 2026-03-22
--- ---
## Zone ## Zone
Cloudflare zone: ironclad.it.com (zone ID: bc8761b398cc52cf731f804bd3cbf388) - ironclad.it.com (zone ID: bc8761b398cc52cf731f804bd3cbf388)
- inouter.com (zone ID: cd84743d9c61b97bada5ce903a29ae2b)
## inouter.com DNS 주요 레코드
- jarvis.inouter.com → CNAME actions.b-cdn.net (프록시 OFF, [[bunnycdn]] 경유)
- telegram-webhook.inouter.com → CNAME actions.b-cdn.net (프록시 OFF)
- vault.inouter.com → CNAME actions.b-cdn.net (프록시 OFF)
- desk-api.inouter.com → A 172.233.93.180 (프록시 ON, 오사카)
- nocodb.inouter.com → CNAME k3s.inouter.com (프록시 OFF)
- n8n.inouter.com → CNAME actions.b-cdn.net (프록시 OFF)
참고: Cloudflare Free 플랜은 서울에서 LA PoP로 라우팅됨. 서울 백엔드 서비스는 BunnyCDN(아시아 PoP)으로 전환함.
## Workers ## Workers

20
infra/infra-hosts.md
View File

@@ -1,6 +1,6 @@
--- ---
title: 인프라 호스트 및 네트워크 title: 인프라 호스트 및 네트워크
updated: 2026-03-18 updated: 2026-03-22
tags: [infra, network, kr-zone, openwrt] tags: [infra, network, kr-zone, openwrt]
--- ---
@@ -32,9 +32,9 @@ tags: [infra, network, kr-zone, openwrt]
| incus-kr1 | 192.168.9.214 | Debian 13 (trixie) | | incus-kr1 | 192.168.9.214 | Debian 13 (trixie) |
| incus-kr2 | 192.168.9.135 | Debian 13 (trixie) | | incus-kr2 | 192.168.9.135 | Debian 13 (trixie) |
주요 네임스페이스: anvil, apisix, argocd, cert-manager, db, gitea, ironclad, kroki, longhorn-system, openmemory, safeline, system-upgrade, tools, vault 주요 네임스페이스: anvil, apisix, argocd, cert-manager, db, gitea, ironclad, kroki, longhorn-system, mq, openmemory, rabbitmq-system, safeline, system-upgrade, tools, vault
Traefik: DaemonSet (3노드), LoadBalancer 192.168.9.134/135/214:80,443 Traefik: DaemonSet (3노드), LoadBalancer 192.168.9.134/135/214:80,443,5672
APISIX: Deployment (replicas 3, hostNetwork, strategy Recreate), 3노드 :9080/:9443 바인딩 APISIX: Deployment (replicas 3, hostNetwork, strategy Recreate), 3노드 :9080/:9443 바인딩
@@ -53,6 +53,7 @@ APISIX: Deployment (replicas 3, hostNetwork, strategy Recreate), 3노드 :9080/:
| safeline | safeline | safeline-10.1.0 | 9.3.2 | | safeline | safeline | safeline-10.1.0 | 9.3.2 |
| traefik | kube-system | traefik-39.0.201 | v3.6.9 | | traefik | kube-system | traefik-39.0.201 | v3.6.9 |
| traefik-crd | kube-system | traefik-crd-39.0.201 | v3.6.9 | | traefik-crd | kube-system | traefik-crd-39.0.201 | v3.6.9 |
| rabbitmq-operator | rabbitmq-system | (kubectl apply) | - |
| vault | vault | vault-0.32.0 | 1.21.2 | | vault | vault | vault-0.32.0 | 1.21.2 |
### ArgoCD Applications ### ArgoCD Applications
@@ -72,7 +73,7 @@ APISIX: Deployment (replicas 3, hostNetwork, strategy Recreate), 3노드 :9080/:
### kubectl 직접 관리 (Helm/ArgoCD 미적용) ### kubectl 직접 관리 (Helm/ArgoCD 미적용)
db, kroki, openmemory, system-upgrade db, kroki, mq (RabbitmqCluster CR), openmemory, system-upgrade
### TCP 튜닝 (3노드 공통) ### TCP 튜닝 (3노드 공통)
@@ -84,7 +85,7 @@ db, kroki, openmemory, system-upgrade
| 서비스 | 위치 | 접근 방법 | | 서비스 | 위치 | 접근 방법 |
|--------|------|-----------| |--------|------|-----------|
| [[apisix]] (오사카) | apisix-osaka (Linode, Docker) | SSH / Admin API | | [[apisix]] (오사카) | apisix-osaka (Linode, Docker) | SSH / Admin API |
| [[apisix]] (서울) | K3s 클러스터 (apisix ns, hostNetwork 3노드) | kubectl / Admin API (ClusterIP 10.43.70.216:9180) | | [[apisix]] (서울) | K3s 클러스터 (apisix ns, hostNetwork 3노드) | kubectl / Admin API (ClusterIP 10.43.70.216:9180, allow: 127.0.0.1/24 + 100.64.0.0/10 + 192.168.9.0/24 + 10.42.0.0/16) |
| Anvil | K3s 클러스터 (anvil ns): nginx(x2), php-fpm(x5), redis, ssh-server, proxysql | kubectl | | Anvil | K3s 클러스터 (anvil ns): nginx(x2), php-fpm(x5), redis, ssh-server, proxysql | kubectl |
| ArgoCD | K3s 클러스터 (argocd ns) | kubectl / NodePort 30080 | | ArgoCD | K3s 클러스터 (argocd ns) | kubectl / NodePort 30080 |
| cert-manager | K3s 클러스터 (cert-manager ns) | kubectl | | cert-manager | K3s 클러스터 (cert-manager ns) | kubectl |
@@ -109,6 +110,7 @@ db, kroki, openmemory, system-upgrade
| DB (분산) | etcd+mariadb+postgres 각 서울 노드 Incus 컨테이너 | incus exec | | DB (분산) | etcd+mariadb+postgres 각 서울 노드 Incus 컨테이너 | incus exec |
| etcd (relay4wd용) | jp1 (db), etcd-1 (10.253.102.11) | etcd 2379 | | etcd (relay4wd용) | jp1 (db), etcd-1 (10.253.102.11) | etcd 2379 |
| BunnyCDN | 외부 SaaS | BunnyCDN MCP 서버 / API | | BunnyCDN | 외부 SaaS | BunnyCDN MCP 서버 / API |
| RabbitMQ | K3s 클러스터 (mq ns): RabbitmqCluster Operator, ironclad vhost | kubectl, Traefik TCPRoute 5672 |
| [[backup]] | kr2 → NAS → R2 | systemd timer, rclone | | [[backup]] | kr2 → NAS → R2 | systemd timer, rclone |
## Incus 프로젝트 ## Incus 프로젝트
@@ -122,7 +124,7 @@ db, kroki, openmemory, system-upgrade
**agents 프로젝트**: anvil, awl, blacksmith, cloak, courier, flux, forge, irondesk, irondesk-openmemory, openclaw, rabbitmq, smelt, stamp, tally, web **agents 프로젝트**: anvil, awl, blacksmith, cloak, courier, flux, forge, irondesk, irondesk-openmemory, openclaw, rabbitmq, smelt, stamp, tally, web
**db 프로젝트**: etcd-1 (10.253.102.11), mariadb-1 (10.253.101.133), mariadb-2 (10.253.103.48), mariadb-3 (10.253.100.132), postgres-1 (10.253.102.35), postgres-2 (10.253.101.173), postgres-3 (10.253.103.116) **db 프로젝트**: etcd-1 (10.253.102.11)
**default 프로젝트**: baserow, crowdsec (10.253.100.240), cs-cf-worker-bouncer, dev-web, gitea-runner, hey, iac-route, infra-tool, juice-shop, k8s, pricing-api, ssh-test, sshpiper, telegram-web-client, tor-server, vaultwarden, voice-api **default 프로젝트**: baserow, crowdsec (10.253.100.240), cs-cf-worker-bouncer, dev-web, gitea-runner, hey, iac-route, infra-tool, juice-shop, k8s, pricing-api, ssh-test, sshpiper, telegram-web-client, tor-server, vaultwarden, voice-api
@@ -130,18 +132,18 @@ db, kroki, openmemory, system-upgrade
### kr1 컨테이너 ### kr1 컨테이너
**default 프로젝트**: etcd (10.100.3.7), mariadb-2 (10.100.3.64), postgres-2 (10.100.3.185) **default 프로젝트**: etcd (10.100.3.7), mariadb-2 (10.100.3.64)
### kr2 컨테이너 ### kr2 컨테이너
**default 프로젝트**: etcd (10.100.1.198), mariadb-3 (10.100.1.162), postgres-3 (10.100.1.83), cloudflared (10.100.1.95) **default 프로젝트**: etcd (10.100.1.198), mariadb-3 (10.100.1.162), cloudflared (10.100.1.95)
- safeline VM: 셧다운 (K3s safeline ns로 이전, 삭제 예정) - safeline VM: 셧다운 (K3s safeline ns로 이전, 삭제 예정)
**inbest 프로젝트**: mariadb10, nginx, php5, php8, phpmyadmin, sftp **inbest 프로젝트**: mariadb10, nginx, php5, php8, phpmyadmin, sftp
### hp2 컨테이너 ### hp2 컨테이너
**default 프로젝트**: etcd (10.100.2.11), mariadb-1 (10.100.2.234), postgres-1 (10.100.2.5), trader (10.100.2.9) **default 프로젝트**: etcd (10.100.2.11), jarvis (10.100.2.162), mariadb-1 (10.100.2.234), postgres-1 (10.100.2.5), trader (10.100.2.9)
## GPU ## GPU