差異處

這裏顯示兩個版本的差異處。

--- tech:k3s [2025/11/26 11:41] – [NFS Subdir External Provisioner (動態佈建)] jonathan
+++ tech:k3s [2026/03/06 11:22] (目前版本) – [7. 如何重啟 K3s cluster 主機] jonathan
@@ 行 315: / 行 315: @@
 kubectl get pvc app1-data-pvc -n default
-# 查看 Pod 內的掛載情況
+# 查看 Pod-name
-kubectl exec -it <pod-name> -n default -- df -h
+kubectl get pods -n default | grep app1
+# 查看 Pod 內的掛載情況 Exp. app1-584b58d766-qwrqk
+kubectl exec -it app1-584b58d766-qwrqk -n default -- df -h
 # 測試寫入
-kubectl exec -it <pod-name> -n default -- sh -c "echo 'test' > /data/test.txt"
+kubectl exec -it app1-584b58d766-qwrqk -n default -- sh -c "echo 'test' > /data/test.txt"
 # 在 NFS Server 上確認
-# 檢查檔案是否出現在 192.168.1.159:/swarmdata/app1/data/test.txt
+# 檢查檔案是否出現在 192.168.1.159:/swarmdata/default/app1-data-pvc/test.txt
 </cli>
@@ 行 437: / 行 440: @@
 </cli>
+=== 2-1 如何建立給其他服務通用的 SSL 憑證 ===
+  - 在 DNS 建立一筆萬用記錄, 對應到 K3s Node 的 IP Exp. *.k3s.ichiayi.com -> 192.168.1.171
+  - 沿用上面的 Cloudflare API Token Secret / ClusterIssuer
+  - 建立萬用字元憑證 Exp. *.k3s.ichiayi.com -> k3s-certificate.yaml <code yaml>
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-k3s-ichiayi-com
+  namespace: default  # 或你要使用的 namespace
+spec:
+  secretName: wildcard-k3s-ichiayi-com-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  commonName: "*.k3s.ichiayi.com"
+  dnsNames:
+  - "*.k3s.ichiayi.com"
+</code><cli>
+kubectl apply -f k3s-certificate.yaml
+</cli>
+==== 3. 如何備份 Rancher Web UI ====
+  * 參考 - https://ranchermanager.docs.rancher.com/v2.13/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher
+  - 透過 Web UI 的 App Chart 安裝 Rancher Backups \\ {{:tech:螢幕擷取畫面_2025-11-26_122727.png?600|}}
+  - 在選單新增的 Rancher Backups 選項點選 Buckups -> Create -> 選擇備份的目標 Exp. StorageClasses -> Edit YAML 設定每 8 小時備份一次 \\ {{:tech:螢幕擷取畫面_2025-11-26_134759.png|}} \\ {{:tech:螢幕擷取畫面_2025-11-26_123038.png?1000}}
+==== 4. 如何進行 Rancher Web UI 更新 ====
+  - 更新 Helm Repository<cli>helm repo update</cli>
+  - 查看可用的版本<cli>helm search repo rancher-stable/rancher --versions</cli>
+  - 備份當前配置<cli>kubectl get all -n cattle-system -o yaml > rancher-backup.yaml</cli>
+  - 執行更新<cli>
+helm upgrade rancher rancher-stable/rancher \
+  --namespace cattle-system \
+  --reuse-values
+</cli>
+  - 驗證更新狀態<cli>
+kubectl -n cattle-system rollout status deploy/rancher
+kubectl -n cattle-system get pods
+</cli>
+  * 更新過程中 Rancher UI 會暫時無法訪問
+==== 5. 如何設定與取消 K3s 自動更新 ====
+=== 設定 K3s 自動更新 ===
+  - 安裝 System Upgrade Controller<cli>
+kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/latest/download/system-upgrade-controller.yaml
+</cli>
+  - 建立自動升級計畫(監看 k3s 的 stable channel 版本自動升級)<cli>
+cat <<EOF | kubectl apply -f -
+---
+# Server 升級計畫
+apiVersion: upgrade.cattle.io/v1
+kind: Plan
+metadata:
+  name: server-plan
+  namespace: system-upgrade
+spec:
+  concurrency: 1  # 一次升級一個節點
+  cordon: true
+  nodeSelector:
+    matchExpressions:
+    - key: node-role.kubernetes.io/control-plane
+      operator: In
+      values:
+      - "true"
+  serviceAccountName: system-upgrade
+  upgrade:
+    image: rancher/k3s-upgrade
+  channel: https://update.k3s.io/v1-release/channels/stable
+  drain:
+    force: false
+    ignoreDaemonSets: true
+    deleteLocalData: true
+    timeout: 300s  # 5 分鐘超時
+---
+# Agent 升級計畫
+apiVersion: upgrade.cattle.io/v1
+kind: Plan
+metadata:
+  name: agent-plan
+  namespace: system-upgrade
+spec:
+  concurrency: 1  # 一次只升級一個 agent
+  cordon: true
+  nodeSelector:
+    matchExpressions:
+    - key: node-role.kubernetes.io/control-plane
+      operator: DoesNotExist
+  prepare:
+    args:
+    - prepare
+    - server-plan
+    image: rancher/k3s-upgrade
+  serviceAccountName: system-upgrade
+  upgrade:
+    image: rancher/k3s-upgrade
+  channel: https://update.k3s.io/v1-release/channels/stable
+  drain:
+    force: false
+    ignoreDaemonSets: true
+    deleteLocalData: true
+    timeout: 300s
+EOF
+</cli>
+  - 查看升級進度<cli>
+# 查看升級計畫
+kubectl get plans -n system-upgrade
+# 查看升級任務
+kubectl get jobs -n system-upgrade
+# 查看節點狀態
+watch kubectl get nodes
+</cli>
+    * ++看執行命令的輸出結果|<cli>
+jonathan@k3s-master-171:~$ kubectl get plans -n system-upgrade
+NAME          IMAGE                 CHANNEL                                            VERSION   COMPLETE   MESSAGE
+agent-plan    rancher/k3s-upgrade   https://update.k3s.io/v1-release/channels/stable             False
+server-plan   rancher/k3s-upgrade   https://update.k3s.io/v1-release/channels/stable             False
+jonathan@k3s-master-171:~$ kubectl get jobs -n system-upgrade
+NAME                                                              STATUS    COMPLETIONS   DURATION   AGE
+apply-agent-plan-on-k3s-worker-173-with-776e91b05dc4d9c78-42442   Running   0/1           27s        27s
+apply-server-plan-on-k3s-master-171-with-776e91b05dc4d9c7-b57b4   Running   0/1           27s        27s
+jonathan@k3s-master-171:~$ kubectl get jobs -n system-upgrade
+NAME                                                              STATUS     COMPLETIONS   DURATION   AGE
+apply-agent-plan-on-k3s-worker-172-with-776e91b05dc4d9c78-0fa71   Running    0/1           42s        42s
+apply-agent-plan-on-k3s-worker-173-with-776e91b05dc4d9c78-42442   Complete   1/1           2m59s      3m42s
+apply-server-plan-on-k3s-master-171-with-776e91b05dc4d9c7-b57b4   Complete   1/1           80s        3m42s
+jonathan@k3s-master-171:~$ kubectl get jobs -n system-upgrade
+NAME                                                              STATUS     COMPLETIONS   DURATION   AGE
+apply-agent-plan-on-k3s-worker-172-with-776e91b05dc4d9c78-0fa71   Complete   1/1           87s        3m57s
+apply-agent-plan-on-k3s-worker-173-with-776e91b05dc4d9c78-42442   Complete   1/1           2m59s      6m57s
+apply-server-plan-on-k3s-master-171-with-776e91b05dc4d9c7-b57b4   Complete   1/1           80s        6m57s
+</cli>++
+    * ++看 Rancher Cluster Nodes 的畫面|{{:tech:螢幕擷取畫面_2025-12-13_094446.png|}}\\{{:tech:螢幕擷取畫面_2025-12-13_100652.png|}}++
+=== 取消 K3s 自動更新 ===
+  - 刪除 Plan（停止所有自動升級）<cli>kubectl delete plan server-plan agent-plan -n system-upgrade</cli>
+  - 修改為固定版本 Exp. v1.33.6+k3s1（不再自動追蹤新版本）<cli>kubectl patch plan server-plan -n system-upgrade --type=merge -p '{"spec":{"version":"v1.33.6+k3s1","channel":null}}'</cli>
+  - 刪除整個 controller（完全停用）<cli>kubectl delete ns system-upgrade</cli>
+==== 6. 如何設定 K3s 自動更新結果透過 Discord 通知 ====
+  - 取得 Discord Webhook URL Exp. https://discord.com/api/webhooks/144xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxV5ffPyEp
+  - 修改配置並部署<cli>
+# 下載 k3s-discord-notifier.yaml
+curl -o k3s-discord-notifier.yaml https://raw.githubusercontent.com/tryweb/k3s/refs/heads/main/systools/k3s-discord-notifier.yaml
+# 替換你的 Discord Webhook URL Exp. https://discord.com/api/webhooks/144xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxV5ffPyEp
+sed -i 's|https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN|https://discord.com/api/webhooks/144xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxV5ffPyEp|' k3s-discord-notifier.yaml
+# 修改叢集名稱(可選) Exp. ichiayi K3s
+sed -i 's|我的 K3s 叢集|ichiayi K3s|' k3s-discord-notifier.yaml
+# 部署 Discord 通知
+kubectl apply -f k3s-discord-notifier.yaml
+</cli>
+  - 驗證部署<cli>
+# 檢查 notifier 是否運行
+kubectl get deployment -n system-upgrade k3s-upgrade-notifier
+# 查看日誌
+kubectl logs -n system-upgrade -l app=k3s-upgrade-notifier -f
+# 測試 Discord 升級成功通知
+cat <<EOF | kubectl apply -f -
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-notify-success
+  namespace: system-upgrade
+  labels:
+    upgrade.cattle.io/plan: "test-plan"
+    upgrade.cattle.io/node: "test-node"
+spec:
+  template:
+    metadata:
+      labels:
+        upgrade.cattle.io/plan: "test-plan"
+    spec:
+      containers:
+      - name: test
+        image: busybox
+        command: ["sh", "-c", "echo 'Upgrade successful'; sleep 5"]
+      restartPolicy: Never
+  backoffLimit: 0
+EOF
+# 測試 Discord 升級失敗通知
+cat <<EOF | kubectl apply -f -
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-notify-fail
+  namespace: system-upgrade
+  labels:
+    upgrade.cattle.io/plan: "test-plan"
+    upgrade.cattle.io/node: "test-node"
+spec:
+  template:
+    metadata:
+      labels:
+        upgrade.cattle.io/plan: "test-plan"
+    spec:
+      containers:
+      - name: test
+        image: busybox
+        command: ["sh", "-c", "echo 'Error: Upgrade failed!'; exit 1"]
+      restartPolicy: Never
+  backoffLimit: 0
+EOF
+清理測試 Job
+# 刪除測試 Job
+kubectl delete job test-notify-success test-notify-fail -n system-upgrade
+</cli>
+  * Discord 頻道應該可以看到這樣的測試通知訊息 \\ {{:tech:螢幕擷取畫面_2025-12-13_111255.png?1000|}}
+==== 7. 如何確認目前K3s 穩定版最新的版本 ====
+  * <cli>$ curl -s https://update.k3s.io/v1-release/channels/stable
+<a href="https://github.com/k3s-io/k3s/releases/tag/v1.34.5+k3s1">Found</a>.
+</cli>
+  * 穩定版 : **v1.34.5+k3s1**
+==== 8. 如何重啟 K3s cluster 主機 ====
+  * 原則 : 先重啟 Server 完成恢復服務後, 再來重啟 Worker(Agent)
+  * 可參考執行 [[tech/k3s/k3s-reboot-manager|k3s-reboot-manager.sh]] 這 script 來重啟
 {{tag>rancher k8s k3s}}