diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 3a738b70..b7090453 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -6,6 +6,17 @@ --- +## 2026-05-05 | drift-scanner CronJob 納入 ArgoCD baseline + +**背景**:重開機恢復後,K8s Deployments 與三個新納入的 CronJob 已跟到最新 image,但 `drift-scanner` 仍是手動套用的舊固定 SHA,會造成「服務健康、排程吃舊版」的冷啟動盲區。 + +**本次修補**: +- 將 `drift-scanner` manifest 移入 `k8s/awoooi-prod/12-cronjob-drift-scanner.yaml`,由 `k8s/awoooi-prod/kustomization.yaml` 納入 ArgoCD 管理。 +- `drift-scanner` image 改用 `192.168.0.110:5000/library/api:IMAGE_TAG_PLACEHOLDER`,讓 CD 的 kustomize image 注入同時覆蓋 drift 排程。 + +**驗證**: +- `kubectl kustomize k8s/awoooi-prod` 通過,build output 中 `drift-scanner` image 會被解析為目前 kustomization 的 `awoooi/api:c4854bb3...`。 + ## 2026-05-05 | 重開機後排程與 startup baseline 修復 **背景**:四台主機非預期重開機後,統帥要求確認所有服務、網站、工具、資料庫與排程都能正常恢復,不能只看容器 `healthy`。 diff --git a/k8s/drift-cronjob.yaml b/k8s/awoooi-prod/12-cronjob-drift-scanner.yaml similarity index 88% rename from k8s/drift-cronjob.yaml rename to k8s/awoooi-prod/12-cronjob-drift-scanner.yaml index 7bf44a0f..e8191f13 100644 --- a/k8s/drift-cronjob.yaml +++ b/k8s/awoooi-prod/12-cronjob-drift-scanner.yaml @@ -6,7 +6,7 @@ # 關聯設計: docs/superpowers/specs/2026-04-04-nemotron-active-defense-design.md 方向三 # 關聯 ADR: 待起草 ADR-057 # -# 部署: kubectl apply -f k8s/drift-cronjob.yaml -n awoooi-prod +# 部署: 由 ArgoCD 套用 k8s/awoooi-prod/kustomization.yaml # 手動觸發: kubectl create job --from=cronjob/drift-scanner drift-scan-manual -n awoooi-prod # 查看 log: kubectl logs -l job-name=drift-scanner -n awoooi-prod @@ -48,8 +48,11 @@ spec: containers: - name: drift-scanner # 使用 awoooi-api 鏡像(含 kubectl + Python 環境) - # 2026-04-09 Claude Sonnet 4.6: 改用內網 registry + 固定 SHA tag (禁止 latest) - image: 192.168.0.110:5000/awoooi/api:21567a7a6dbee7db2c0f59c265f80713ff5e6fe4 + # 2026-05-05 Codex: keep the API image placeholder so CD + # injects the same immutable tag used by API/worker. Leaving + # this CronJob on a fixed old tag made the schedule drift after + # reboot even when Deployments were healthy. + image: 192.168.0.110:5000/library/api:IMAGE_TAG_PLACEHOLDER imagePullPolicy: Always command: - python diff --git a/k8s/awoooi-prod/kustomization.yaml b/k8s/awoooi-prod/kustomization.yaml index 9ee862be..70d259c4 100644 --- a/k8s/awoooi-prod/kustomization.yaml +++ b/k8s/awoooi-prod/kustomization.yaml @@ -31,6 +31,7 @@ resources: - 13-cronjob-k3s-report.yaml - 14-cronjob-weekly-report.yaml - 15-cronjob-km-vectorize.yaml +- 12-cronjob-drift-scanner.yaml # 映像配置 (Tag 由 CI 動態注入) # Harbor 金庫: 110 主機 (192.168.0.110:5000)