From f3c328f610d542a35fd52a61eefb732b4e663cce Mon Sep 17 00:00:00 2001
From: kaffa <kappa@inouter.com>
Date: Thu, 12 Mar 2026 01:48:56 -0700
Subject: [PATCH] =?UTF-8?q?vault:=20K3s=20HA=20=EB=B0=B0=ED=8F=AC,=20APISI?=
 =?UTF-8?q?X/BunnyCDN=20=EB=9D=BC=EC=9A=B0=ED=8A=B8=20=EC=B6=94=EA=B0=80?=
 =?UTF-8?q?=20(2026-03-12)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infra/apisix.md |  4 ++++
 infra/vault.md  | 15 +++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/infra/apisix.md b/infra/apisix.md
index 9d7b41f..a0e0e1d 100644
--- a/infra/apisix.md
+++ b/infra/apisix.md
@@ -27,6 +27,10 @@ APISIX 라우트 ID: twilio-jp-inouter-com → [[twilio]]
 
 [[gitea]]가 POST 미지원(AuthenticateNotImplemented, 404)하므로 APISIX에서 POST body 파라미터를 GET query string으로 변환
 
+## hcv.inouter.com 라우트
+
+APISIX 라우트 hcv-inouter-com → K3s Traefik (192.168.9.134/140/214:443, roundrobin, scheme https). upstream ID: hcv-inouter-com. [[vault]] UI/API 서빙. BunnyCDN pull zone inouter (ID 5316471)에 hostname 추가 완료 (2026-03-12).
+
 ## CrowdSec 로그 연동
 
 APISIX(osaka) CrowdSec 로그 연동 현황 (2026-03-01)
diff --git a/infra/vault.md b/infra/vault.md
index c000e87..45c60c1 100644
--- a/infra/vault.md
+++ b/infra/vault.md
@@ -3,6 +3,17 @@ title: Vault 시크릿 관리
 updated: 2026-03-12
 ---
 
+## K3s 배포
+
+HashiCorp Vault v1.21.2, K3s에 HA Raft 3노드로 배포 (Helm chart hashicorp/vault 0.32.0). namespace: vault. 스토리지: Longhorn 10Gi PVC. Unseal key 5개 (threshold 3), 키 파일: ~/vault-keys.json
+
+## 접근
+
+- UI/API: https://hcv.inouter.com
+- 트래픽 흐름: BunnyCDN (pull zone: inouter, ID 5316471) → SafeLine WAF → [[apisix]] (라우트 hcv-inouter-com) → K3s Traefik (192.168.9.134/140/214:443) → vault-active:8200
+- K3s Ingress: vault-ui (class traefik, TLS wildcard-inouter-com-tls)
+- APISIX upstream: hcv-inouter-com (roundrobin, 3노드 443)
+
 ## Root Token
 
 Vault root token은 만료 없음 (TTL: 0s)
@@ -15,6 +26,10 @@ Vault root token은 만료 없음 (TTL: 0s)
 
 NocoDB API 토큰: Vault secret/nocodb/api-token (필드: token, url, user)
 
+## MCP 서버
+
+vault-mcp-server v0.2.0 설치됨 (/usr/local/bin/vault-mcp-server)
+
 ## 관련 서비스
 
 [[cert-manager]], [[gitea]], [[irondesk]] 등에서 Vault 시크릿을 참조