feat(host_aggregator+k8s): 新增 121 K3s Worker 主機監控

HOST_CONFIGS 加入 192.168.0.121(K3s Worker):
- K3s API tcp:6443
- awoooi-api NodePort tcp:32334
- awoooi-web NodePort tcp:32335

NetworkPolicy 補開 121 egress: 6443/32334/32335
NodePort 服務實際在 121(mon1)，非 120(mon)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

apps/api/src/services/host_aggregator.py

@@ -303,8 +303,15 @@ HOST_CONFIGS = {
             ("K3s API", 6443, "tcp", None),  # tcp 可達 (https /healthz 401 誤判)
         ],
     },
-    # NOTE: NodePort 32335 只在 192.168.0.121，不在 120
-    # 拓撲圖顯示歸屬 120(master)，但 probe 用 121
+    "192.168.0.121": {
+        "name": "K3s Worker",
+        "role": HostRole.K3S,
+        "services": [
+            ("K3s API", 6443, "tcp", None),
+            ("awoooi-api", 32334, "tcp", None),   # NodePort 在 121
+            ("awoooi-web", 32335, "tcp", None),   # NodePort 在 121
+        ],
+    },
     "192.168.0.188": {
         "name": "AI+Web 中心",
         "role": HostRole.AI_WEB,

k8s/awoooi-prod/02-network-policy.yaml

@@ -183,6 +183,19 @@ spec:
         - protocol: TCP
           port: 6443
 
+    # 允許訪問 192.168.0.121 K3s Worker (mon1)
+    # 2026-04-09 新增: NodePort 32334(API)/32335(Web) 在 121 上，host probe 需要
+    - to:
+        - ipBlock:
+            cidr: 192.168.0.121/32
+      ports:
+        - protocol: TCP
+          port: 6443
+        - protocol: TCP
+          port: 32334
+        - protocol: TCP
+          port: 32335
+
     # 允許 DNS 解析
     # 2026-03-26 修復: 使用 namespaceSelector 明確指定 kube-system
     # ADR-011 Appendix B: CoreDNS 只有 k8s-app=kube-dns 標籤，不要加其他標籤要求