From adf0367ef8194467fa65e94a2394e458ae90bcad Mon Sep 17 00:00:00 2001 From: kappa Date: Mon, 6 Apr 2026 08:08:58 +0900 Subject: [PATCH] =?UTF-8?q?infra-hosts:=20K3s=20kine=20=EB=A1=9C=EC=BB=AC?= =?UTF-8?q?=20=EC=9D=B4=EC=A0=84,=20APISIX=20etcd=20=ED=86=B5=ED=95=A9,=20?= =?UTF-8?q?HAProxy=20PostgreSQL=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.6 (1M context) --- infra/infra-hosts.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/infra/infra-hosts.md b/infra/infra-hosts.md index 7b21966..e662a16 100644 --- a/infra/infra-hosts.md +++ b/infra/infra-hosts.md @@ -1,6 +1,6 @@ --- title: 인프라 호스트 및 네트워크 -updated: 2026-04-04 +updated: 2026-04-06 tags: [infra, network, kr-zone, openwrt] --- @@ -37,13 +37,15 @@ tags: [infra, network, kr-zone, openwrt] 게이트웨이: Traefik (메인) + APISIX (SafeLine WAF 전용), 2026-03-25 전환 - Traefik DaemonSet, MetalLB LoadBalancer 192.168.9.53 + Gateway API - APISIX Deployment **replica 2**, MetalLB LoadBalancer 192.168.9.50, SafeLine WAF chaitin-waf 플러그인 연동, Admin API 수동 관리 -- APISIX etcd StatefulSet **replica 3** (HA, 2026-04-04 업그레이드) +- APISIX etcd: 통합 etcd 클러스터 사용 (K3s 내 StatefulSet 삭제, 2026-04-06). prefix `/apisix-seoul` - CoreDNS hairpin rewrite: traefik.kube-system.svc.cluster.local +- K3s 데이터스토어: kine → HAProxy(192.168.9.1:5432) → Patroni PostgreSQL Leader 자동 감지 (Supabase에서 로컬 이전, 2026-04-05) 트래픽 흐름: - 일반: 외부 → OpenWrt HAProxy(:80/:443) → MetalLB Traefik(192.168.9.53:80/443) → K3s 서비스 - WAF: 외부 → OpenWrt HAProxy(:9080/:9443) → MetalLB APISIX(192.168.9.50:80/443) → SafeLine WAF → K3s 서비스 - SafeLine 실시간: SafeLine 차단 → PG NOTIFY → safeline-listener(kr2) → CrowdSec(:8088) → 즉시 IP 밴 +- K3s kine: K3s → HAProxy(192.168.9.1:5432) → Patroni Leader PostgreSQL ### Helm 릴리스