Admonition Migration

docs/cli/certificate.md

@@ -106,7 +106,7 @@ graph TD
 
 #### Using the Example Script
 
-:::important
+:::info Important
 If you want to sign the cluster CA certificates with an existing root CA using the example script, you must place the root and intermediate files in the target directory prior to running the script.
 If the files do not exist, the script will create new root and intermediate CA certificates.
 :::
@@ -142,7 +142,7 @@ If the script generated root and/or intermediate CA files, you should back up th
 To rotate custom CA certificates, use the `k3s certificate rotate-ca` subcommand.
 Updated files must be staged into a temporary directory, loaded into the datastore, and k3s must be restarted on all nodes to use the updated certificates.
 
-:::caution
+:::warning
 You must not overwrite the currently in-use data in `/var/lib/rancher/k3s/server/tls`.  
 Stage the updated certificates and keys into a separate directory.
 :::
@@ -185,7 +185,7 @@ The token may be stored in a `.env` file, systemd unit, or config.yaml, dependin
 To rotate the K3s-generated self-signed CA certificates, use the `k3s certificate rotate-ca` subcommand.
 Updated files must be staged into a temporary directory, loaded into the datastore, and k3s must be restarted on all nodes to use the updated certificates.
 
-:::caution
+:::warning
 You must not overwrite the currently in-use data in `/var/lib/rancher/k3s/server/tls`.  
 Stage the updated certificates and keys into a separate directory.
 :::
@@ -294,7 +294,7 @@ The service-account issuer key is an RSA private key used to sign service-accoun
 When rotating the service-account issuer key, at least one old key should be retained in the file so that existing service-account tokens are not invalidated.
 It can be rotated independent of the cluster CAs by using the `k3s certificate rotate-ca` to install only an updated `service.key` file that includes both the new and old keys.
 
-:::caution
+:::warning
 You must not overwrite the currently in-use data in `/var/lib/rancher/k3s/server/tls`.  
 Stage the updated key into a separate directory.
 :::

docs/cli/secrets-encrypt.md

@@ -19,7 +19,7 @@ K3s contains a CLI tool `secrets-encrypt`, which enables automatic control over
 - Rotating and deleting encryption keys
 - Reencrypting secrets
 
-:::caution
+:::warning
 Failure to follow proper procedure for rotating encryption keys can leave your cluster permanently corrupted. Proceed with caution.
 :::
 

docs/cli/token.md

@@ -55,7 +55,7 @@ The server token can be used to join both server and agent nodes to the cluster.
 
 The server token is also used as the [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) passphrase for the key used to encrypt confidential information that is persisted to the datastore, such as the secrets-encryption configuration, wireguard keys, and private keys for cluster CA certificates and service-account tokens. For this reason, the token must be backed up alongside the cluster datastore itself.
 
-:::caution
+:::warning
 Unless custom CA certificates are in use, only the short (password-only) token format can be used when starting the first server in the cluster. This is because the cluster CA hash cannot be known until after the server has generated the self-signed cluster CA certificates.
 :::
 

docs/datastore/backup-restore.md

@@ -5,7 +5,7 @@ weight: 26
 
 The way K3s is backed up and restored depends on which type of datastore is used.
 
-:::caution
+:::warning
 In addition to backing up the datastore itself, you must also back up the server token file at `/var/lib/rancher/k3s/server/token`.
 You must restore this file, or pass its value into the `--token` option, when restoring from backup.
 If you do not use the same token value when restoring, the snapshot will be unusable, as the token is used to encrypt confidential data within the datastore itself.

docs/datastore/datastore.md

@@ -26,7 +26,7 @@ K3s supports the following datastore options:
   * [MariaDB](https://mariadb.org/) (certified against version 10.6.8)
   * [PostgreSQL](https://www.postgresql.org/) (certified against versions 10.7, 11.5, and 14.2)
 
-:::caution Prepared Statement Support
+:::warning Prepared Statement Support
 K3s requires prepared statements support from the DB. This means that connection poolers such as [PgBouncer](https://www.pgbouncer.org/faq.html#how-to-use-prepared-statements-with-transaction-pooling) may require additional configuration to work with K3s.
 :::
 

docs/datastore/ha-embedded.md

@@ -3,7 +3,7 @@ title: "High Availability Embedded etcd"
 weight: 40
 ---
 
-:::caution
+:::warning
 Embedded etcd (HA) may have performance issues on slower disks such as Raspberry Pis running with SD cards.
 :::
 

docs/installation/network-options.md

@@ -138,7 +138,7 @@ Stable support is available as of [v1.23.7+k3s1](https://github.com/k3s-io/k3s/r
 
 :::
 
-:::caution Known Issue 
+:::warning Known Issue 
 
 Before 1.27, Kubernetes [Issue #111695](https://github.com/kubernetes/kubernetes/issues/111695) causes the Kubelet to ignore the node IPv6 addresses if you have a dual-stack environment and you are not using the primary network interface for cluster traffic. To avoid this bug, use 1.27 or newer or add the following flag to both K3s servers and agents:
 
@@ -162,7 +162,7 @@ Note that you may configure any valid `cluster-cidr` and `service-cidr` values,
 
 If you are using a custom CNI plugin, i.e. a CNI plugin other than Flannel, the additional configuration may be required. Please consult your plugin's dual-stack documentation and verify if network policies can be enabled.
 
-:::caution Known Issue
+:::warning Known Issue
 When defining cluster-cidr and service-cidr with IPv6 as the primary family, the node-ip of all cluster members should be explicitly set, placing node's desired IPv6 address as the first address. By default, the kubelet always uses IPv4 as the primary address family.
 :::
 
@@ -172,7 +172,7 @@ When defining cluster-cidr and service-cidr with IPv6 as the primary family, the
 Available as of [v1.22.9+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.22.9%2Bk3s1)
 :::
 
-:::caution Known Issue
+:::warning Known Issue
 If your IPv6 default route is set by a router advertisement (RA), you will need to set the sysctl `net.ipv6.conf.all.accept_ra=2`; otherwise, the node will drop the default route once it expires. Be aware that accepting RAs could increase the risk of [man-in-the-middle attacks](https://github.com/kubernetes/kubernetes/issues/91507).
 :::
 
@@ -186,11 +186,11 @@ Single-stack IPv6 clusters (clusters without IPv4) are supported on K3s using th
 
 A K3s cluster can still be deployed on nodes which do not share a common private network and are not directly connected (e.g. nodes in different public clouds). There are two options to achieve this: the embedded k3s multicloud solution and the integration with the `tailscale` VPN provider.
 
-:::caution Warning
+:::warning
 The latency between nodes will increase as external connectivity requires more hops. This will reduce the network performance and could also impact the health of the cluster if latency is too high.
 :::
 
-:::caution Warning
+:::warning
 Embedded etcd is not supported in this type of deployment. If using embedded etcd, all server nodes must be reachable to each other via their private IPs. Agents may be distributed over multiple networks, but all servers should be in the same location.
 :::
 
@@ -258,7 +258,7 @@ or provide that information in a file and use the parameter:
 
 Optionally, if you have your own Tailscale server (e.g. headscale), you can connect to it by appending `,controlServerURL=$URL` to the vpn-auth parameters
 
-:::caution Warning
+:::warning
 
 If you plan on running several K3s clusters using the same tailscale network, please create appropriate [ACLs](https://tailscale.com/kb/1018/acls/) to avoid IP conflicts or use different podCIDR subnets for each cluster.
 

docs/installation/requirements.md

@@ -21,7 +21,7 @@ K3s is available for the following architectures:
 - arm64/aarch64
 - s390x
 
-:::caution ARM64 Page Size
+:::warning ARM64 Page Size
 
 Prior to May 2023 releases (v1.24.14+k3s1, v1.25.10+k3s1, v1.26.5+k3s1, v1.27.2+k3s1), on `aarch64/arm64` systems, the OS must use a 4k page size. **RHEL9**, **Ubuntu**, **Raspberry PI OS**, and **SLES** all meet this requirement.
 

docs/installation/uninstall.md

@@ -3,7 +3,7 @@ title: Uninstalling K3s
 weight: 61
 ---
 
-:::caution
+:::warning
 Uninstalling K3s deletes the local cluster data, configuration, and all of the scripts and CLI tools.  
 It does not remove any data from external datastores, or created by pods using external Kubernetes storage volumes.
 :::

docs/release-notes/v1.24.X.md

@@ -4,7 +4,7 @@ hide_table_of_contents: true
 
 # v1.24.X
 
-:::caution Upgrade Notice
+:::warning Upgrade Notice
 Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#urgent-upgrade-notes).
 :::
 
@@ -35,7 +35,7 @@ Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent U
 <!-- v1.24.17+k3s1 -->
 This release updates Kubernetes to v1.24.17, and fixes a number of issues.
 
-:::caution IMPORTANT
+:::warning IMPORTANT
 This release includes support for remediating CVE-2023-32187, a potential Denial of Service attack vector on K3s servers. See https://github.com/k3s-io/k3s/security/advisories/GHSA-m4hf-6vgr-75r2 for more information, including mandatory steps necessary to harden clusters against this vulnerability.
 :::
 

docs/release-notes/v1.25.X.md

@@ -4,7 +4,7 @@ hide_table_of_contents: true
 
 # v1.25.X
 
-:::caution Upgrade Notice
+:::warning Upgrade Notice
 Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#urgent-upgrade-notes).
 :::
 

docs/release-notes/v1.26.X.md

@@ -4,7 +4,7 @@ hide_table_of_contents: true
 
 # v1.26.X
 
-:::caution Upgrade Notice
+:::warning Upgrade Notice
 Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#urgent-upgrade-notes).
 :::
 

docs/release-notes/v1.27.X.md

@@ -4,7 +4,7 @@ hide_table_of_contents: true
 
 # v1.27.X
 
-:::caution Upgrade Notice
+:::warning Upgrade Notice
 Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md#urgent-upgrade-notes).
 :::
 

docs/release-notes/v1.28.X.md

@@ -4,7 +4,7 @@ hide_table_of_contents: true
 
 # v1.28.X
 
-:::caution Upgrade Notice
+:::warning Upgrade Notice
 Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent Upgrade Notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.28.md#urgent-upgrade-notes).
 :::
 

docs/storage/storage.md

@@ -93,7 +93,7 @@ The status should be Bound for each.
 
 ## Setting up Longhorn
 
-:::caution
+:::warning
 
 Longhorn does not support ARM32.
 

i18n/kr/docusaurus-plugin-content-docs/current/cli/certificate.md

@@ -106,7 +106,7 @@ graph TD
 
 #### Using the Example Script
 
-:::important
+:::info 중요한
 If you want to sign the cluster CA certificates with an existing root CA using the example script, you must place the root and intermediate files in the target directory prior to running the script.
 If the files do not exist, the script will create new root and intermediate CA certificates.
 :::
@@ -142,7 +142,7 @@ If the script generated root and/or intermediate CA files, you should back up th
 To rotate custom CA certificates, use the `k3s certificate rotate-ca` subcommand.
 Updated files must be staged into a temporary directory, loaded into the datastore, and k3s must be restarted on all nodes to use the updated certificates.
 
-:::caution
+:::warning
 You must not overwrite the currently in-use data in `/var/lib/rancher/k3s/server/tls`.  
 Stage the updated certificates and keys into a separate directory.
 :::
@@ -185,7 +185,7 @@ The token may be stored in a `.env` file, systemd unit, or config.yaml, dependin
 To rotate the K3s-generated self-signed CA certificates, use the `k3s certificate rotate-ca` subcommand.
 Updated files must be staged into a temporary directory, loaded into the datastore, and k3s must be restarted on all nodes to use the updated certificates.
 
-:::caution
+:::warning
 You must not overwrite the currently in-use data in `/var/lib/rancher/k3s/server/tls`.  
 Stage the updated certificates and keys into a separate directory.
 :::
@@ -294,7 +294,7 @@ The service-account issuer key is an RSA private key used to sign service-accoun
 When rotating the service-account issuer key, at least one old key should be retained in the file so that existing service-account tokens are not invalidated.
 It can be rotated independent of the cluster CAs by using the `k3s certificate rotate-ca` to install only an updated `service.key` file that includes both the new and old keys.
 
-:::caution
+:::warning
 You must not overwrite the currently in-use data in `/var/lib/rancher/k3s/server/tls`.  
 Stage the updated key into a separate directory.
 :::

i18n/kr/docusaurus-plugin-content-docs/current/cli/secrets-encrypt.md

@@ -19,7 +19,7 @@ K3s contains a CLI tool `secrets-encrypt`, which enables automatic control over
 - Rotating and deleting encryption keys
 - Reencrypting secrets
 
-:::caution
+:::warning
 Failure to follow proper procedure for rotating encryption keys can leave your cluster permanently corrupted. Proceed with caution.
 :::
 

i18n/kr/docusaurus-plugin-content-docs/current/cli/token.md

@@ -55,7 +55,7 @@ The server token can be used to join both server and agent nodes to the cluster.
 
 The server token is also used as the [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) passphrase for the key used to encrypt confidential information that is persisted to the datastore, such as the secrets-encryption configuration, wireguard keys, and private keys for cluster CA certificates and service-account tokens. For this reason, the token must be backed up alongside the cluster datastore itself.
 
-:::caution
+:::warning
 Unless custom CA certificates are in use, only the short (password-only) token format can be used when starting the first server in the cluster. This is because the cluster CA hash cannot be known until after the server has generated the self-signed cluster CA certificates.
 :::
 

i18n/kr/docusaurus-plugin-content-docs/current/datastore/backup-restore.md

@@ -5,7 +5,7 @@ weight: 26
 
 The way K3s is backed up and restored depends on which type of datastore is used.
 
-:::caution
+:::warning
 In addition to backing up the datastore itself, you must also back up the server token file at `/var/lib/rancher/k3s/server/token`.
 You must restore this file, or pass its value into the `--token` option, when restoring from backup.
 If you do not use the same token value when restoring, the snapshot will be unusable, as the token is used to encrypt confidential data within the datastore itself.

i18n/kr/docusaurus-plugin-content-docs/current/datastore/ha-embedded.md

@@ -12,7 +12,7 @@ Experimental support as of [v1.19.1+k3s1](https://github.com/k3s-io/k3s/releases
 Embedded etcd replaced experimental Dqlite in the K3s v1.19.1 release. This is a breaking change. Please note that upgrades from experimental Dqlite to embedded etcd are not supported. If you attempt an upgrade it will not succeed and data will be lost.
 :::
 
-:::caution
+:::warning
 Embedded etcd (HA) may have performance issues on slower disks such as Raspberry Pis running with SD cards.
 :::
 

i18n/kr/docusaurus-plugin-content-docs/current/installation/network-options.md

@@ -122,7 +122,7 @@ Stable support is available as of [v1.23.7+k3s1](https://github.com/k3s-io/k3s/r
 
 :::
 
-:::caution Known Issue 
+:::warning Known Issue 
 
 Kubernetes v1.24 and v1.25 include [an issue](https://github.com/kubernetes/kubernetes/issues/111695) that ignores the node IPv6 addresses if you have a dual-stack environment and you are not using the primary network interface for cluster traffic. To avoid this bug, add the following flag to both K3s servers and agents:
 
@@ -152,7 +152,7 @@ If you are using a custom CNI plugin, i.e. a CNI plugin other than Flannel, the
 Available as of [v1.22.9+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.22.9%2Bk3s1)
 :::
 
-:::caution Known Issue
+:::warning Known Issue
 If your IPv6 default route is set by a router advertisement (RA), you will need to set the sysctl `net.ipv6.conf.all.accept_ra=2`; otherwise, the node will drop the default route once it expires. Be aware that accepting RAs could increase the risk of [man-in-the-middle attacks](https://github.com/kubernetes/kubernetes/issues/91507).
 :::
 
@@ -189,11 +189,11 @@ systemctl restart k3s
 ```
 :::
 
-:::caution Warning
+:::warning
 The latency between nodes will increase as external connectivity requires more hops. This will reduce the network performance and could also impact the health of the cluster if latency is too high.
 :::
 
-:::caution Warning
+:::warning
 Embedded etcd will not use external IPs for communication. If using embedded etcd; all server nodes must be reachable to each other via their private IPs.
 :::
 

i18n/kr/docusaurus-plugin-content-docs/current/installation/uninstall.md

@@ -3,7 +3,7 @@ title: Uninstalling K3s
 weight: 61
 ---
 
-:::caution
+:::warning
 Uninstalling K3s deletes the local cluster data, configuration, and all of the scripts and CLI tools.  
 It does not remove any data from external datastores, or created by pods using external Kubernetes storage volumes.
 :::

i18n/kr/docusaurus-plugin-content-docs/current/storage/storage.md

@@ -95,7 +95,7 @@ kubectl get pvc
 
 ## Longhorn 구성하기
 
-:::caution
+:::warning
 
 Longhorn은 ARM32를 지원하지 않습니다.
 

i18n/zh/docusaurus-plugin-content-docs/current/cli/certificate.md

@@ -106,7 +106,7 @@ graph TD
 
 #### 使用示例脚本
 
-:::important
+:::info 重要的
 如果要使用示例脚本通过现有根 CA 来签发集群 CA 证书，则必须在运行脚本之前将根文件和中间文件放在目标目录中。
 如果文件不存在，脚本将创建新的根 CA 证书和中间 CA 证书。
 :::
@@ -142,7 +142,7 @@ curl -sL https://github.com/k3s-io/k3s/raw/master/contrib/util/generate-custom-c
 要轮换自定义 CA 证书，请使用 `k3s certificate rotate-ca` 子命令。
 更新后的文件必须暂存到一个临时目录中，加载到数据存储中，并且必须在所有节点上重启 K3s 才能使用更新后的证书。
 
-:::caution
+:::warning
 不要覆盖 `/var/lib/rancher/k3s/server/tls` 中正在使用的数据。  
 将更新的证书和密钥暂存到单独的目录中。
 :::
@@ -185,7 +185,7 @@ Token 可能存储在 `.env` 文件、systemd 单元或 config.yaml 中，具体
 要轮换 K3s 生成的自签名 CA 证书，请使用 `k3s certificate rotate-ca` 子命令。
 更新后的文件必须暂存到一个临时目录中，加载到数据存储中，并且必须在所有节点上重启 K3s 才能使用更新后的证书。
 
-:::caution
+:::warning
 不要覆盖 `/var/lib/rancher/k3s/server/tls` 中正在使用的数据。  
 将更新的证书和密钥暂存到单独的目录中。
 :::
@@ -294,7 +294,7 @@ service-account Issuer 密钥是用于签发 service-account Token 的 RSA 私
 轮换 service-account Issuer 密钥时，文件中至少应保留一个旧密钥，以免现有 service-account Token 失效。
 它可以通过使用 `k3s certificate rotate-ca` 独立于集群 CA 进行轮换，这样能仅安装包含新旧密钥的更新的 `service.key` 文件。
 
-:::caution
+:::warning
 不要覆盖 `/var/lib/rancher/k3s/server/tls` 中正在使用的数据。  
 将更新的密钥暂存到单独的目录中。
 :::

i18n/zh/docusaurus-plugin-content-docs/current/cli/secrets-encrypt.md

@@ -19,7 +19,7 @@ K3s 包含一个 CLI 工具 `secrets-encrypt`，可以自动控制以下内容
 - 轮换和删除加密密钥
 - 重新加密 Secret
 
-:::caution
+:::warning
 如果不遵循正确的加密密钥轮换程序，你的集群可能会永久损坏。因此，请谨慎操作。
 :::
 

i18n/zh/docusaurus-plugin-content-docs/current/cli/token.md

@@ -55,7 +55,7 @@ Server Token 可用于将 Server 和 Agent 节点加入集群。一旦创建了
 
 Server Token 还用作密钥的 [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) 密码，该密钥用于加密持久保存到数据存储的机密信息，例如 Secret 加密配置、wireguard 密钥，集群 CA 证书的私钥以及 service-account Token。因此，Token 必须与集群数据存储一起备份。
 
-:::caution
+:::warning
 除非使用了自定义 CA 证书，否则在启动集群的第一个 Server 时只能使用短 Token 格式（仅密码）。这是因为只有在 Server 生成自签名集群 CA 证书后才能知道集群 CA 哈希值。
 :::
 

i18n/zh/docusaurus-plugin-content-docs/current/datastore/backup-restore.md

@@ -5,7 +5,7 @@ weight: 26
 
 K3s 的备份和恢复方式取决于你使用的数据存储类型。
 
-:::caution
+:::warning
 除了备份数据存储本身，你还必须备份位于 `/var/lib/rancher/k3s/server/token` 的 Server Token 文件。
 使用备份进行恢复时，你必须恢复此文件，或将其值传递给 `--token` 选项。
 由于 Token 用于加密数据存储内的凭证数据，因此如果还原时没有使用相同的 Token 值，快照将无法使用。