差異處

這裏顯示兩個版本的差異處。

連向這個比對檢視

兩邊的前次修訂版 前次修改
下次修改		 前次修改
tech:k3s [2025/11/26 13:51] – [3. 如何備份 Rancher Web UI] jonathantech:k3s [2026/03/06 11:22] (目前版本) – [7. 如何重啟 K3s cluster 主機] jonathan
行 440: 行 440:
 </cli> </cli>
  
 +=== 2-1 如何建立給其他服務通用的 SSL 憑證 ===
 +  - 在 DNS 建立一筆萬用記錄, 對應到 K3s Node 的 IP Exp. *.k3s.ichiayi.com -> 192.168.1.171
 +  - 沿用上面的 Cloudflare API Token Secret / ClusterIssuer 
 +  - 建立萬用字元憑證 Exp. *.k3s.ichiayi.com -> k3s-certificate.yaml <code yaml>
 +apiVersion: cert-manager.io/v1
 +kind: Certificate
 +metadata:
 +  name: wildcard-k3s-ichiayi-com
 +  namespace: default  # 或你要使用的 namespace
 +spec:
 +  secretName: wildcard-k3s-ichiayi-com-tls
 +  issuerRef:
 +    name: letsencrypt-prod
 +    kind: ClusterIssuer
 +  commonName: "*.k3s.ichiayi.com"
 +  dnsNames:
 +  - "*.k3s.ichiayi.com"
 +</code><cli>
 +kubectl apply -f k3s-certificate.yaml
 +</cli>
 ==== 3. 如何備份 Rancher Web UI ==== ==== 3. 如何備份 Rancher Web UI ====
   * 參考 - https://ranchermanager.docs.rancher.com/v2.13/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher   * 參考 - https://ranchermanager.docs.rancher.com/v2.13/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher
   - 透過 Web UI 的 App Chart 安裝 Rancher Backups \\ {{:tech:螢幕擷取畫面_2025-11-26_122727.png?600|}}   - 透過 Web UI 的 App Chart 安裝 Rancher Backups \\ {{:tech:螢幕擷取畫面_2025-11-26_122727.png?600|}}
   - 在選單新增的 Rancher Backups 選項點選 Buckups -> Create -> 選擇備份的目標 Exp. StorageClasses -> Edit YAML 設定每 8 小時備份一次 \\ {{:tech:螢幕擷取畫面_2025-11-26_134759.png|}} \\ {{:tech:螢幕擷取畫面_2025-11-26_123038.png?1000}}   - 在選單新增的 Rancher Backups 選項點選 Buckups -> Create -> 選擇備份的目標 Exp. StorageClasses -> Edit YAML 設定每 8 小時備份一次 \\ {{:tech:螢幕擷取畫面_2025-11-26_134759.png|}} \\ {{:tech:螢幕擷取畫面_2025-11-26_123038.png?1000}}
 +
 +==== 4. 如何進行 Rancher Web UI 更新 ====
 +  - 更新 Helm Repository<cli>helm repo update</cli>
 +  - 查看可用的版本<cli>helm search repo rancher-stable/rancher --versions</cli>
 +  - 備份當前配置<cli>kubectl get all -n cattle-system -o yaml > rancher-backup.yaml</cli>
 +  - 執行更新<cli>
 +helm upgrade rancher rancher-stable/rancher \
 +  --namespace cattle-system \
 +  --reuse-values
 +</cli>
 +  - 驗證更新狀態<cli>
 +kubectl -n cattle-system rollout status deploy/rancher
 +kubectl -n cattle-system get pods
 +</cli>
 +  * 更新過程中 Rancher UI 會暫時無法訪問
 +
 +==== 5. 如何設定與取消 K3s 自動更新 ====
 +=== 設定 K3s 自動更新 ===
 +  - 安裝 System Upgrade Controller<cli>
 +kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/latest/download/system-upgrade-controller.yaml
 +</cli>
 +  - 建立自動升級計畫(監看 k3s 的 stable channel 版本自動升級)<cli>
 +cat <<EOF | kubectl apply -f -
 +---
 +# Server 升級計畫
 +apiVersion: upgrade.cattle.io/v1
 +kind: Plan
 +metadata:
 +  name: server-plan
 +  namespace: system-upgrade
 +spec:
 +  concurrency: 1  # 一次升級一個節點
 +  cordon: true
 +  nodeSelector:
 +    matchExpressions:
 +    - key: node-role.kubernetes.io/control-plane
 +      operator: In
 +      values:
 +      - "true"
 +  serviceAccountName: system-upgrade
 +  upgrade:
 +    image: rancher/k3s-upgrade
 +  channel: https://update.k3s.io/v1-release/channels/stable
 +  drain:
 +    force: false
 +    ignoreDaemonSets: true
 +    deleteLocalData: true
 +    timeout: 300s  # 5 分鐘超時
 +---
 +# Agent 升級計畫
 +apiVersion: upgrade.cattle.io/v1
 +kind: Plan
 +metadata:
 +  name: agent-plan
 +  namespace: system-upgrade
 +spec:
 +  concurrency: 1  # 一次只升級一個 agent
 +  cordon: true
 +  nodeSelector:
 +    matchExpressions:
 +    - key: node-role.kubernetes.io/control-plane
 +      operator: DoesNotExist
 +  prepare:
 +    args:
 +    - prepare
 +    - server-plan
 +    image: rancher/k3s-upgrade
 +  serviceAccountName: system-upgrade
 +  upgrade:
 +    image: rancher/k3s-upgrade
 +  channel: https://update.k3s.io/v1-release/channels/stable
 +  drain:
 +    force: false
 +    ignoreDaemonSets: true
 +    deleteLocalData: true
 +    timeout: 300s
 +EOF
 +</cli>
 +  - 查看升級進度<cli>
 +# 查看升級計畫
 +kubectl get plans -n system-upgrade
 +
 +# 查看升級任務
 +kubectl get jobs -n system-upgrade
 +
 +# 查看節點狀態
 +watch kubectl get nodes
 +</cli>
 +    * ++看執行命令的輸出結果|<cli>
 +jonathan@k3s-master-171:~$ kubectl get plans -n system-upgrade
 +NAME          IMAGE                 CHANNEL                                            VERSION   COMPLETE   MESSAGE
 +agent-plan    rancher/k3s-upgrade   https://update.k3s.io/v1-release/channels/stable             False
 +server-plan   rancher/k3s-upgrade   https://update.k3s.io/v1-release/channels/stable             False
 +jonathan@k3s-master-171:~$ kubectl get jobs -n system-upgrade
 +NAME                                                              STATUS    COMPLETIONS   DURATION   AGE
 +apply-agent-plan-on-k3s-worker-173-with-776e91b05dc4d9c78-42442   Running   0/          27s        27s
 +apply-server-plan-on-k3s-master-171-with-776e91b05dc4d9c7-b57b4   Running   0/          27s        27s
 +jonathan@k3s-master-171:~$ kubectl get jobs -n system-upgrade
 +NAME                                                              STATUS     COMPLETIONS   DURATION   AGE
 +apply-agent-plan-on-k3s-worker-172-with-776e91b05dc4d9c78-0fa71   Running    0/1           42s        42s
 +apply-agent-plan-on-k3s-worker-173-with-776e91b05dc4d9c78-42442   Complete   1/          2m59s      3m42s
 +apply-server-plan-on-k3s-master-171-with-776e91b05dc4d9c7-b57b4   Complete   1/          80s        3m42s
 +jonathan@k3s-master-171:~$ kubectl get jobs -n system-upgrade
 +NAME                                                              STATUS     COMPLETIONS   DURATION   AGE
 +apply-agent-plan-on-k3s-worker-172-with-776e91b05dc4d9c78-0fa71   Complete   1/          87s        3m57s
 +apply-agent-plan-on-k3s-worker-173-with-776e91b05dc4d9c78-42442   Complete   1/          2m59s      6m57s
 +apply-server-plan-on-k3s-master-171-with-776e91b05dc4d9c7-b57b4   Complete   1/          80s        6m57s
 +</cli>++
 +    * ++看 Rancher Cluster Nodes 的畫面|{{:tech:螢幕擷取畫面_2025-12-13_094446.png|}}\\{{:tech:螢幕擷取畫面_2025-12-13_100652.png|}}++
 +
 +=== 取消 K3s 自動更新 ===
 +  - 刪除 Plan(停止所有自動升級)<cli>kubectl delete plan server-plan agent-plan -n system-upgrade</cli>
 +  - 修改為固定版本 Exp. v1.33.6+k3s1(不再自動追蹤新版本)<cli>kubectl patch plan server-plan -n system-upgrade --type=merge -p '{"spec":{"version":"v1.33.6+k3s1","channel":null}}'</cli>
 +  - 刪除整個 controller(完全停用)<cli>kubectl delete ns system-upgrade</cli>
 +
 +==== 6. 如何設定 K3s 自動更新結果透過 Discord 通知 ====
 +  - 取得 Discord Webhook URL Exp. https://discord.com/api/webhooks/144xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxV5ffPyEp
 +  - 修改配置並部署<cli>
 +# 下載 k3s-discord-notifier.yaml
 +curl -o k3s-discord-notifier.yaml https://raw.githubusercontent.com/tryweb/k3s/refs/heads/main/systools/k3s-discord-notifier.yaml
 +
 +# 替換你的 Discord Webhook URL Exp. https://discord.com/api/webhooks/144xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxV5ffPyEp
 +sed -i 's|https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN|https://discord.com/api/webhooks/144xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxV5ffPyEp|' k3s-discord-notifier.yaml
 +
 +# 修改叢集名稱(可選) Exp. ichiayi K3s
 +sed -i 's|我的 K3s 叢集|ichiayi K3s|' k3s-discord-notifier.yaml
 +
 +# 部署 Discord 通知
 +kubectl apply -f k3s-discord-notifier.yaml
 +</cli>
 +  - 驗證部署<cli>
 +# 檢查 notifier 是否運行
 +kubectl get deployment -n system-upgrade k3s-upgrade-notifier
 +
 +# 查看日誌
 +kubectl logs -n system-upgrade -l app=k3s-upgrade-notifier -f
 +
 +# 測試 Discord 升級成功通知
 +cat <<EOF | kubectl apply -f -
 +apiVersion: batch/v1
 +kind: Job
 +metadata:
 +  name: test-notify-success
 +  namespace: system-upgrade
 +  labels:
 +    upgrade.cattle.io/plan: "test-plan"
 +    upgrade.cattle.io/node: "test-node"
 +spec:
 +  template:
 +    metadata:
 +      labels:
 +        upgrade.cattle.io/plan: "test-plan"
 +    spec:
 +      containers:
 +      - name: test
 +        image: busybox
 +        command: ["sh", "-c", "echo 'Upgrade successful'; sleep 5"]
 +      restartPolicy: Never
 +  backoffLimit: 0
 +EOF
 +
 +# 測試 Discord 升級失敗通知
 +cat <<EOF | kubectl apply -f -
 +apiVersion: batch/v1
 +kind: Job
 +metadata:
 +  name: test-notify-fail
 +  namespace: system-upgrade
 +  labels:
 +    upgrade.cattle.io/plan: "test-plan"
 +    upgrade.cattle.io/node: "test-node"
 +spec:
 +  template:
 +    metadata:
 +      labels:
 +        upgrade.cattle.io/plan: "test-plan"
 +    spec:
 +      containers:
 +      - name: test
 +        image: busybox
 +        command: ["sh", "-c", "echo 'Error: Upgrade failed!'; exit 1"]
 +      restartPolicy: Never
 +  backoffLimit: 0
 +EOF
 +
 +
 +清理測試 Job
 +# 刪除測試 Job
 +kubectl delete job test-notify-success test-notify-fail -n system-upgrade
 +</cli>
 +  * Discord 頻道應該可以看到這樣的測試通知訊息 \\ {{:tech:螢幕擷取畫面_2025-12-13_111255.png?1000|}}
 +
 +==== 7. 如何確認目前K3s 穩定版最新的版本 ====
 +  * <cli>$ curl -s https://update.k3s.io/v1-release/channels/stable
 +<a href="https://github.com/k3s-io/k3s/releases/tag/v1.34.5+k3s1">Found</a>.
 +</cli>
 +  * 穩定版 : **v1.34.5+k3s1**
 +
 +==== 8. 如何重啟 K3s cluster 主機 ====
 +  * 原則 : 先重啟 Server 完成恢復服務後, 再來重啟 Worker(Agent)
 +  * 可參考執行 [[tech/k3s/k3s-reboot-manager|k3s-reboot-manager.sh]] 這 script 來重啟 
  
 {{tag>rancher k8s k3s}} {{tag>rancher k8s k3s}}
  
  • tech/k3s.1764136270.txt.gz
  • 上一次變更: 2025/11/26 13:51
  • jonathan