From 62cb274735f6e62aa5816ea6cc6297b0b7d3acc5 Mon Sep 17 00:00:00 2001
From: OG T <ogt@WOOOMacMiniM4.local>
Date: Thu, 9 Apr 2026 23:36:36 +0800
Subject: [PATCH] =?UTF-8?q?feat(host=5Faggregator+k8s):=20=E6=96=B0?=
 =?UTF-8?q?=E5=A2=9E=20121=20K3s=20Worker=20=E4=B8=BB=E6=A9=9F=E7=9B=A3?=
 =?UTF-8?q?=E6=8E=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

HOST_CONFIGS 加入 192.168.0.121(K3s Worker):
- K3s API tcp:6443
- awoooi-api NodePort tcp:32334
- awoooi-web NodePort tcp:32335

NetworkPolicy 補開 121 egress: 6443/32334/32335
NodePort 服務實際在 121(mon1)，非 120(mon)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 apps/api/src/services/host_aggregator.py | 11 +++++++++--
 k8s/awoooi-prod/02-network-policy.yaml   | 13 +++++++++++++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/apps/api/src/services/host_aggregator.py b/apps/api/src/services/host_aggregator.py
index 2238a3dd..7e1fcc52 100644
--- a/apps/api/src/services/host_aggregator.py
+++ b/apps/api/src/services/host_aggregator.py
@@ -303,8 +303,15 @@ HOST_CONFIGS = {
             ("K3s API", 6443, "tcp", None),  # tcp 可達 (https /healthz 401 誤判)
         ],
     },
-    # NOTE: NodePort 32335 只在 192.168.0.121，不在 120
-    # 拓撲圖顯示歸屬 120(master)，但 probe 用 121
+    "192.168.0.121": {
+        "name": "K3s Worker",
+        "role": HostRole.K3S,
+        "services": [
+            ("K3s API", 6443, "tcp", None),
+            ("awoooi-api", 32334, "tcp", None),   # NodePort 在 121
+            ("awoooi-web", 32335, "tcp", None),   # NodePort 在 121
+        ],
+    },
     "192.168.0.188": {
         "name": "AI+Web 中心",
         "role": HostRole.AI_WEB,
diff --git a/k8s/awoooi-prod/02-network-policy.yaml b/k8s/awoooi-prod/02-network-policy.yaml
index df1a8003..77373104 100644
--- a/k8s/awoooi-prod/02-network-policy.yaml
+++ b/k8s/awoooi-prod/02-network-policy.yaml
@@ -183,6 +183,19 @@ spec:
         - protocol: TCP
           port: 6443
 
+    # 允許訪問 192.168.0.121 K3s Worker (mon1)
+    # 2026-04-09 新增: NodePort 32334(API)/32335(Web) 在 121 上，host probe 需要
+    - to:
+        - ipBlock:
+            cidr: 192.168.0.121/32
+      ports:
+        - protocol: TCP
+          port: 6443
+        - protocol: TCP
+          port: 32334
+        - protocol: TCP
+          port: 32335
+
     # 允許 DNS 解析
     # 2026-03-26 修復: 使用 namespaceSelector 明確指定 kube-system
     # ADR-011 Appendix B: CoreDNS 只有 k8s-app=kube-dns 標籤，不要加其他標籤要求