vault: K3s HA 배포, APISIX/BunnyCDN 라우트 추가 (2026-03-12)

2026-03-12 01:48:56 -07:00
parent c949f17fd7
commit f3c328f610
2 changed files with 19 additions and 0 deletions
--- a/infra/vault.md
+++ b/infra/vault.md
@@ -3,6 +3,17 @@ title: Vault 시크릿 관리
 updated: 2026-03-12
 ---

+## K3s 배포
+
+HashiCorp Vault v1.21.2, K3s에 HA Raft 3노드로 배포 (Helm chart hashicorp/vault 0.32.0). namespace: vault. 스토리지: Longhorn 10Gi PVC. Unseal key 5개 (threshold 3), 키 파일: ~/vault-keys.json
+
+## 접근
+
+- UI/API: https://hcv.inouter.com
+- 트래픽 흐름: BunnyCDN (pull zone: inouter, ID 5316471) → SafeLine WAF → [[apisix]] (라우트 hcv-inouter-com) → K3s Traefik (192.168.9.134/140/214:443) → vault-active:8200
+- K3s Ingress: vault-ui (class traefik, TLS wildcard-inouter-com-tls)
+- APISIX upstream: hcv-inouter-com (roundrobin, 3노드 443)
+
 ## Root Token

 Vault root token은 만료 없음 (TTL: 0s)
@@ -15,6 +26,10 @@ Vault root token은 만료 없음 (TTL: 0s)

 NocoDB API 토큰: Vault secret/nocodb/api-token (필드: token, url, user)

+## MCP 서버
+
+vault-mcp-server v0.2.0 설치됨 (/usr/local/bin/vault-mcp-server)
+
 ## 관련 서비스

 [[cert-manager]], [[gitea]], [[irondesk]] 등에서 Vault 시크릿을 참조