From 544f2026e899a1154e4acd67a9e7f98be15a9b48 Mon Sep 17 00:00:00 2001 From: kappa Date: Tue, 14 Apr 2026 16:01:00 +0900 Subject: [PATCH] =?UTF-8?q?infra/infra-hosts:=20MetalLB=20pool=20=EC=84=B9?= =?UTF-8?q?=EC=85=98=20=EC=B6=94=EA=B0=80=20=EB=B0=8F=20.50-.99=EB=A1=9C?= =?UTF-8?q?=20=ED=99=95=EC=9E=A5=20=EB=B0=98=EC=98=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 기존: 192.168.9.50-59 (10개, 6/10 할당) - 확장: 192.168.9.50-99 (50개, .56-.99 여유) - DHCP 범위(.100-249) 충돌 없음, .50-.99 ARP 스캔 clean - 확장 절차 및 현재 할당 테이블 문서화 --- infra/infra-hosts.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/infra/infra-hosts.md b/infra/infra-hosts.md index 9eb17e3..612f09d 100644 --- a/infra/infra-hosts.md +++ b/infra/infra-hosts.md @@ -37,6 +37,28 @@ tags: [infra, network, kr-zone, openwrt] > vault ns는 빈 상태로 ClusterIP 서비스(`vault-external`)만 잔존 — 실제 Vault 서버는 jp1 incus 컨테이너 (아래 "서비스 위치" 참조). 게이트웨이: 두 독립 LoadBalancer 병렬 운영 — Traefik (MetalLB VIP 192.168.9.53, 메인 라우팅 14 HTTPRoute + 5 legacy IngressRoute) + APISIX (MetalLB VIP 192.168.9.50, 2026-03-25 축소 이후 `juiceshop.keepanker.cv` 1 route · chaitin-waf SafeLine 통합) + +### MetalLB IPAddressPool + +| 항목 | 값 | +|---|---| +| Pool | `default-pool`: **`192.168.9.50-192.168.9.99`** (50개, 2026-04-14 확장 전 `.50-.59`) | +| L2Advertisement | `default` → default-pool | +| 할당 전략 | autoAssign=true (별도 `metallb.universe.tf/loadBalancerIPs` annotation 미사용) | +| DHCP 범위 | `192.168.9.100-249` (OpenWrt, 충돌 없음) | + +현재 할당 (2026-04-14): +| IP | 서비스 | +|----|--------| +| .50 | apisix/apisix-gateway | +| .51 | sshpiper/sshpiper | +| .52 | teleport/teleport-cluster | +| .53 | kube-system/traefik | +| .54 | gitea/gitea-ssh | +| .55 | sftpgo/sftpgo | +| .56-.99 | **여유 44개** | + +확장 절차: `kubectl -n metallb-system patch ipaddresspool default-pool --type=merge -p '{"spec":{"addresses":[""]}}'`. - Traefik DaemonSet, MetalLB LoadBalancer 192.168.9.53 + Gateway API - APISIX Deployment **replica 2**, MetalLB LoadBalancer 192.168.9.50, SafeLine WAF chaitin-waf 플러그인 연동, Admin API 수동 관리 - APISIX etcd: K3s 내부 apisix-etcd StatefulSet 3 replicas, prefix `/apisix`