From 02aaedf54abcd27c687e045b287abfd730313d3e Mon Sep 17 00:00:00 2001
From: Victor Hang <vhvictorhang@gmail.com>
Date: Fri, 4 Oct 2024 20:40:28 +0200
Subject: [PATCH] =?UTF-8?q?chore=20=F0=9F=A7=B9:=20upgrade=20k8s=20to=201.?=
 =?UTF-8?q?31.0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Victor Hang <vhvictorhang@gmail.com>
---
 .github/workflows/build-frieren.yaml |  1 -
 .github/workflows/build-gojo.yaml    |  1 -
 README.md                            | 34 ++++++++++++++++++++++++++++
 base.nix                             | 14 ++++++++++--
 nixosModules/kubernetes/default.nix  | 24 ++++++++++++++++----
 nixosModules/kubernetes/kubeadm.nix  |  3 ++-
 nixosModules/kubernetes/kubelet.nix  |  3 ++-
 npins/sources.json                   | 12 ++++++++++
 8 files changed, 82 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/build-frieren.yaml b/.github/workflows/build-frieren.yaml
index 3324d55..a5f1c76 100644
--- a/.github/workflows/build-frieren.yaml
+++ b/.github/workflows/build-frieren.yaml
@@ -48,6 +48,5 @@ jobs:
       - name: Build
         run: nix-build '<nixpkgs/nixos>' -A config.system.build.toplevel -I nixos-config=profiles/frieren/configuration.nix
       - name: Push
-        if: github.ref == 'refs/heads/main'
         run: |
           cachix push didactiklabs ./result
diff --git a/.github/workflows/build-gojo.yaml b/.github/workflows/build-gojo.yaml
index 2bea2a3..5c189a7 100644
--- a/.github/workflows/build-gojo.yaml
+++ b/.github/workflows/build-gojo.yaml
@@ -48,6 +48,5 @@ jobs:
       - name: Build
         run: nix-build '<nixpkgs/nixos>' -A config.system.build.toplevel -I nixos-config=profiles/gojo/configuration.nix
       - name: Push
-        if: github.ref == 'refs/heads/main'
         run: |
           cachix push didactiklabs ./result
diff --git a/README.md b/README.md
index 2427a25..f6feab3 100644
--- a/README.md
+++ b/README.md
@@ -17,3 +17,37 @@ Install or upgrade with a simple command:
 ```bash
 colmena apply
 ```
+
+#### - Kubernetes
+
+To upgrade kubernetes version you must do the following:
+
+##### Upgrade the control plane and kubelet configs
+
+Run this with this repo to update the pkgs pinning:
+
+```bash
+npins update kubeadm-pkgs
+colmena apply
+```
+
+Then for the first controlplane:
+
+```bash
+colmena exec --on <firstCP> "sudo kubeadm upgrade apply"
+```
+
+Then for others and workers:
+
+```bash
+colmena exec --on <worker01>,<worker02> "sudo kubeadm upgrade node"
+```
+
+##### Upgrade kubelet
+
+Now get back to the repo and run:
+
+```bash
+npins update kubelet-pkgs
+colmena apply
+```
diff --git a/base.nix b/base.nix
index 10bbb1d..81e3502 100644
--- a/base.nix
+++ b/base.nix
@@ -7,6 +7,8 @@
 let
   sources = import ./npins;
   pkgs = import sources.nixpkgs { };
+  kubelet-pkgs = import sources.kubelet-pkgs { };
+  kubeadm-pkgs = import sources.kubeadm-pkgs { };
   hostProfile = import ./profiles/${hostname} {
     inherit
       lib
@@ -22,7 +24,15 @@ in
     ./tools.nix
     (import "${sources.nixbook}//nixosModules/caCertificates.nix")
     ./nixosModules/k3s
-    ./nixosModules/kubernetes
+    (import ./nixosModules/kubernetes {
+      inherit
+        pkgs
+        config
+        lib
+        kubelet-pkgs
+        kubeadm-pkgs
+        ;
+    })
     (import ./nixosModules/networkManager.nix { inherit lib config pkgs; })
     (import "${sources.home-manager}/nixos")
     hostProfile
@@ -141,7 +151,7 @@ in
   };
   environment.systemPackages = [
     pkgs.git
-    pkgs.kubectl
+    kubelet-pkgs.kubectl
     pkgs.cilium-cli
     pkgs.coreutils
     pkgs.procps
diff --git a/nixosModules/kubernetes/default.nix b/nixosModules/kubernetes/default.nix
index 5b20b59..f8ab9da 100644
--- a/nixosModules/kubernetes/default.nix
+++ b/nixosModules/kubernetes/default.nix
@@ -1,6 +1,8 @@
 {
   config,
   pkgs,
+  kubelet-pkgs,
+  kubeadm-pkgs,
   lib,
   ...
 }:
@@ -18,8 +20,22 @@ in
     };
   };
   imports = [
-    ./kubeadm.nix
-    ./kubelet.nix
+    (import ./kubeadm.nix {
+      inherit
+        pkgs
+        kubeadm-pkgs
+        config
+        lib
+        ;
+    })
+    (import ./kubelet.nix {
+      inherit
+        pkgs
+        kubelet-pkgs
+        config
+        lib
+        ;
+    })
   ];
   config = lib.mkIf cfg.kubernetes.enable {
     system = {
@@ -34,7 +50,7 @@ in
         # CSI expects "some" binaries to be included in "real" FHS path
         copyCSIbins.text = ''
           mkdir -p /usr/bin
-          cp ${pkgs.kubectl}/bin/kubectl /usr/bin/kubectl
+          cp ${kubelet-pkgs.kubectl}/bin/kubectl /usr/bin/kubectl
           cp ${pkgs.util-linux}/bin/blkid /usr/bin/blkid
           cp ${pkgs.util-linux}/bin/blockdev /usr/bin/blockdev
           cp ${pkgs.coreutils}/bin/cat /usr/bin/cat
@@ -100,7 +116,7 @@ in
             "-/etc/sysconfig/kubelet"
           ];
           ExecStart = [
-            "${pkgs.kubernetes}/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS"
+            "${kubelet-pkgs.kubernetes}/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS"
           ];
         };
         wantedBy = [ "multi-user.target" ];
diff --git a/nixosModules/kubernetes/kubeadm.nix b/nixosModules/kubernetes/kubeadm.nix
index 1ebfb9c..2281fcd 100644
--- a/nixosModules/kubernetes/kubeadm.nix
+++ b/nixosModules/kubernetes/kubeadm.nix
@@ -1,6 +1,7 @@
 {
   config,
   pkgs,
+  kubeadm-pkgs,
   lib,
   ...
 }:
@@ -8,7 +9,7 @@ let
   cfg = config.customNixOSModules;
   kubeadm = pkgs.runCommand "get-kubeadm" { nativeBuildInputs = [ ]; } ''
     mkdir -p $out/bin
-    cp ${pkgs.kubernetes}/bin/kubeadm $out/bin/
+    cp ${kubeadm-pkgs.kubernetes}/bin/kubeadm $out/bin/
   '';
 in
 {
diff --git a/nixosModules/kubernetes/kubelet.nix b/nixosModules/kubernetes/kubelet.nix
index 2eac4a5..213212f 100644
--- a/nixosModules/kubernetes/kubelet.nix
+++ b/nixosModules/kubernetes/kubelet.nix
@@ -1,6 +1,7 @@
 {
   config,
   pkgs,
+  kubelet-pkgs,
   lib,
   ...
 }:
@@ -8,7 +9,7 @@ let
   cfg = config.customNixOSModules;
   kubelet = pkgs.runCommand "get-kubelet" { nativeBuildInputs = [ ]; } ''
     mkdir -p $out/bin
-    cp ${pkgs.kubernetes}/bin/kubelet $out/bin/
+    cp ${kubelet-pkgs.kubernetes}/bin/kubelet $out/bin/
   '';
 in
 {
diff --git a/npins/sources.json b/npins/sources.json
index 3f186ac..4a364d1 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -27,6 +27,18 @@
       "url": "https://github.com/nix-community/home-manager/archive/2f23fa308a7c067e52dfcc30a0758f47043ec176.tar.gz",
       "hash": "00wp0s9b5nm5rsbwpc1wzfrkyxxmqjwsc1kcibjdbfkh69arcpsn"
     },
+    "kubeadm-pkgs": {
+      "type": "Channel",
+      "name": "nixos-unstable",
+      "url": "https://releases.nixos.org/nixos/unstable/nixos-24.11pre687768.27e30d177e57/nixexprs.tar.xz",
+      "hash": "17m6gfb9bwhdl679f1s2ish4j14q8m8c05c8gvzh7i5hcki51s1l"
+    },
+    "kubelet-pkgs": {
+      "type": "Channel",
+      "name": "nixos-unstable",
+      "url": "https://releases.nixos.org/nixos/unstable/nixos-24.11pre687768.27e30d177e57/nixexprs.tar.xz",
+      "hash": "17m6gfb9bwhdl679f1s2ish4j14q8m8c05c8gvzh7i5hcki51s1l"
+    },
     "nixbook": {
       "type": "Git",
       "repository": {