infra-hosts: Traefik 제거, APISIX 단독 게이트웨이로 업데이트

infra/infra-hosts.md

@@ -34,14 +34,13 @@ tags: [infra, network, kr-zone, openwrt]
 
 주요 네임스페이스: anvil, apisix, argocd, cert-manager, db, gitea, ironclad, kroki, longhorn-system, monitoring, mq, openmemory, rabbitmq-system, safeline, system-upgrade, tools, vault
 
-Traefik: DaemonSet (3노드), LoadBalancer 192.168.9.134/135/214:80,443,5672
+게이트웨이: APISIX 단독 (Traefik 완전 제거, 2026-03-25)
-- Gateway API 구현체 (experimentalChannel: true)
+- APISIX Deployment replicas 3, hostPort 9080/9443 바인딩
-- Gateway API experimental CRD 설치됨 (TCPRoute, UDPRoute, TLSRoute)
+- apisix-gateway Service: 80→9080, 443→9443
-- TCPRoute로 RabbitMQ(mq ns) 5672 노출 중
+- APISIX Ingress Controller 2.0.1 + Gateway API 기반 CRD 라우팅
+- CoreDNS hairpin rewrite: apisix-gateway.apisix.svc.cluster.local
 
-APISIX: Deployment (replicas 3, hostNetwork, strategy Recreate), 3노드 :9080/:9443 바인딩
+트래픽 흐름: 외부 → OpenWrt HAProxy (TCP 80/443) + nftables (UDP 443) → APISIX hostPort (9080/9443, 3노드) → K3s 서비스 → pods
-
-트래픽 흐름: 외부 → OpenWrt HAProxy (TCP 80/443) + nftables (UDP 443) → APISIX hostNetwork (9080/9443, 3노드) → K3s 서비스 → pods
 
 ### Helm 릴리스
 
@@ -54,8 +53,6 @@ APISIX: Deployment (replicas 3, hostNetwork, strategy Recreate), 3노드 :9080/:
 | longhorn | longhorn-system | longhorn-1.8.2 | v1.8.2 |
 | reflector | kube-system | reflector-10.0.18 | 10.0.18 |
 | safeline | safeline | safeline-10.1.0 | 9.3.2 |
-| traefik | kube-system | traefik-39.0.201 | v3.6.9 |
-| traefik-crd | kube-system | traefik-crd-39.0.201 | v3.6.9 |
 | rabbitmq-operator | rabbitmq-system | (kubectl apply) | - |
 | vault | vault | vault-0.32.0 | 1.21.2 |
 
@@ -194,7 +191,7 @@ Docker: `--runtime=nvidia` 또는 `--gpus all`로 GPU 사용. Podman: CDI 방식
   인터넷 → OpenWrt nftables DNAT(UDP :443) → APISIX hostNetwork(:9443, numgen mod 3 roundrobin) → K3s svc → pods
 
 내부 트래픽 흐름:
-  LAN → K3s/Traefik(192.168.9.x:80/443) → pods 직접
+  LAN → K3s/APISIX(192.168.9.x:9080/9443) → pods 직접
 ```
 
 - **게이트웨이**: OpenWrt 라우터 (root@192.168.9.1, SSH user: root)