obsidian/infra/gateway-api.md

---
title: K3s Gateway API 마이그레이션
updated: 2026-03-21
tags: [k3s, traefik, gateway-api]
---

## 개요

K3s Ingress → Gateway API 전환 완료 (2026-03-21). Traefik v3.6.9의 Gateway API provider 사용.

## Traefik 설정

HelmChartConfig로 Gateway API provider 활성화:

```yaml
providers:
  kubernetesGateway:
    enabled: true
gateway:
  listeners:
    web:
      namespacePolicy:
        from: All
    websecure:
      port: 8443
      protocol: HTTPS
      certificateRefs:
        - name: wildcard-inouter-com-tls
          namespace: cert-manager
      namespacePolicy:
        from: All
```

## Gateway

- GatewayClass: `traefik` (traefik.io/gateway-controller)
- Gateway: `traefik-gateway` (kube-system)
- Listeners: web (HTTP 8000) + websecure (HTTPS 8443)
- TLS: cert-manager의 wildcard-inouter-com-tls 참조
- ReferenceGrant: cert-manager → kube-system (Secret 참조 허용)

## HTTPRoute 목록

| Namespace | Name | Hosts | Port |
|-----------|------|-------|------|
| anvil | nginx-anvil | anvil.local, gnu.anvil.it.com | 80 |
| argocd | argocd-server | argocd.inouter.com | 80 (insecure 모드) |
| ironclad | nginx-ironclad | ironclad.local | 80 |
| openmemory | openmemory-mcp | mem0.inouter.com | 8765 |
| searxng | searxng | searxng.inouter.com | 8080 |
| tools | cloud-api-emulator | emul.actions.it.com | 3000 |
| tools | cloud-api-linode | linode.actions.it.com | 3001 |
| tools | cloud-api-vultr | vultr.actions.it.com | 3002 |
| tools | n8n | n8n.inouter.com | 5678 |
| tools | namecheap-api | namecheap-api.anvil.it.com | 80 |
| tools | nocodb | nocodb.inouter.com | 8080 |
| tools | vultr-api | vultr-api.anvil.it.com | 80 |
| vault | vault-mcp | hcv.inouter.com (/mcp) | 8080 |
| vault | vault-ui | hcv.inouter.com (/) | 8200 |

## ArgoCD 변경사항

argocd-server를 insecure 모드로 변경 (configmap `argocd-cmd-params-cm`에 `server.insecure: "true"`). TLS 종료를 Gateway에서 처리.

## 주의사항

- Gateway/GatewayClass를 수동 생성하면 Helm upgrade 실패 (ownership metadata 충돌)
- HelmChartConfig로만 설정할 것
- `namespacePolicy.from: All` 필수 (기본값은 Same)
- ArgoCD가 관리하는 Ingress를 삭제하면 재생성될 수 있으니 Application 확인 필요