fix: update HAProxy backend to MetalLB LoadBalancer IPs (not NodePort)

2026-04-04 12:00:47 +09:00
parent ddccd693b2
commit dd43daaa0e
1 changed files with 5 additions and 5 deletions
--- a/infra/infra-hosts.md
+++ b/infra/infra-hosts.md
@@ -17,7 +17,7 @@ tags: [infra, network, kr-zone, openwrt]
 | incus-kr1 | 100.84.111.28 | Incus+K3s 호스트 (서울) | GTX 1080 Ti, K3s control-plane (LAN 192.168.9.214), default 프로젝트 |
 | incus-kr2 | 100.119.109.41 | Incus+K3s 호스트 (서울) | K3s control-plane (LAN 192.168.9.135), default, inbest 프로젝트 |
 | incus-hp2 | 100.100.52.34 | Incus+K3s 호스트 (서울) | Xeon E5-2670 32코어, 188GB RAM, K3s control-plane (LAN 192.168.9.134), default, inbest 프로젝트 |
-| openwrt-gw | 100.66.60.66 | OpenWrt 라우터 (서울) | HAProxy: 80/443 → Traefik hostPort (3노드), 9080/9443 → APISIX NodePort 30233/31137 (3노드) |
+| openwrt-gw | 100.66.60.66 | OpenWrt 라우터 (서울) | HAProxy: 80/443 → MetalLB Traefik(192.168.9.53), 9080/9443 → MetalLB APISIX(192.168.9.50) |
 | sandbox-tokyo | 100.79.87.48 | [[netbis]] 예비 APISIX Gateway (도쿄, Linode) | APISIX 3.15.0 + etcd, 공인 139.162.71.52, netbis 도메인 DR용 |
 | relay4wd (sandbox-kr2) | 100.103.161.4 | APISIX Gateway (서울, AWS Lightsail) | 공인 52.79.45.166, inbest 포트포워딩, Docker APISIX 3.15.0, Debian 12, nano $5/월, SSH: `ssh -p 2222 admin@relay4wd` (Vault CA), 포트 22는 SFTPGo 리다이렉트 |
 | synology | LAN 192.168.9.100 / 192.168.205.100 (2.5G) | NAS (시놀로지) | Tailscale 미사용, LAN 접근 |
@@ -35,13 +35,13 @@ tags: [infra, network, kr-zone, openwrt]
 주요 네임스페이스: anvil, apisix, argocd, cert-manager, db, gitea, ironclad, kroki, longhorn-system, monitoring, mq, openmemory, rabbitmq-system, safeline, system-upgrade, tools, vault

 게이트웨이: Traefik (메인) + APISIX (SafeLine WAF 전용), 2026-03-25 전환
- Traefik DaemonSet, hostPort 80/443 + Gateway API
- APISIX Deployment replica 1, SafeLine WAF chaitin-waf 플러그인 연동, Admin API 수동 관리
+- Traefik DaemonSet, MetalLB LoadBalancer 192.168.9.53 + Gateway API
+- APISIX Deployment replica 1, MetalLB LoadBalancer 192.168.9.50, SafeLine WAF chaitin-waf 플러그인 연동, Admin API 수동 관리
 - CoreDNS hairpin rewrite: traefik.kube-system.svc.cluster.local

 트래픽 흐름:
- 일반: 외부 → OpenWrt HAProxy(:80/:443) → Traefik hostPort(80/443, 3노드) → K3s 서비스
- WAF: 외부 → OpenWrt HAProxy(:9080/:9443) → APISIX NodePort(30233/31137, 3노드) → K3s 서비스
+- 일반: 외부 → OpenWrt HAProxy(:80/:443) → MetalLB Traefik(192.168.9.53:80/443) → K3s 서비스
+- WAF: 외부 → OpenWrt HAProxy(:9080/:9443) → MetalLB APISIX(192.168.9.50:80/443) → SafeLine WAF → K3s 서비스

 ### Helm 릴리스