k3s_1_24: 1.24.4+k3s1 -> 1.24.10+k3s1

This is essentially the same as 7cf8b72ddd5628843b6d239a58b645a185532825, but for 1.24.

3 files changed, 34 insertions, 69 deletions

diff --git a/pkgs/applications/networking/cluster/k3s/1_24/0001-script-download-strip-downloading-just-package-CRD.patch b/pkgs/applications/networking/cluster/k3s/1_24/0001-script-download-strip-downloading-just-package-CRD.patch
deleted file mode 100644
index 115fd6824772..000000000000
--- a/pkgs/applications/networking/cluster/k3s/1_24/0001-script-download-strip-downloading-just-package-CRD.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 6f53bd36a40da4c71486e3b79f6e32d53d6eea5d Mon Sep 17 00:00:00 2001
-From: Euan Kemp <euank@euank.com>
-Date: Thu, 3 Feb 2022 23:50:40 -0800
-Subject: [PATCH 2/2] scrips/download: strip downloading, just package CRD
-
-The CRD packaging is a complicated set of commands, so let's reuse it.
----
- scripts/download | 10 ++--------
- 1 file changed, 2 insertions(+), 8 deletions(-)
-
-diff --git a/scripts/download b/scripts/download
-index 5effc0562a..82361803ee 100755
---- a/scripts/download
-+++ b/scripts/download
-@@ -24,12 +24,6 @@ rm -rf ${CONTAINERD_DIR}
- mkdir -p ${CHARTS_DIR}
- mkdir -p ${DATA_DIR}
- 
--curl --compressed -sfL https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-${ARCH}.tar | tar xf - --exclude=bin/socat
--
--git clone --single-branch --branch=${VERSION_RUNC} --depth=1 https://github.com/opencontainers/runc ${RUNC_DIR}
--
--git clone --single-branch --branch=${VERSION_CONTAINERD} --depth=1 https://github.com/k3s-io/containerd ${CONTAINERD_DIR}
--
- setup_tmp() {
-     TMP_DIR=$(mktemp -d --tmpdir=${CHARTS_DIR})
-     cleanup() {
-@@ -44,8 +38,8 @@ setup_tmp() {
- 
- download_and_package_traefik () {
-   echo "Downloading Traefik Helm chart from ${TRAEFIK_URL}"
--  curl -sfL ${TRAEFIK_URL} -o ${TMP_DIR}/${TRAEFIK_FILE}
--  code=$?
-+  # nixpkgs: copy in our known traefik chart instead
-+  cp $TRAEFIK_CHART_FILE ${TMP_DIR}/${TRAEFIK_FILE}
- 
-   if [ $code -ne 0 ]; then
-     echo "Error: Failed to download Traefik Helm chart!"
--- 
-2.34.1
-
diff --git a/pkgs/applications/networking/cluster/k3s/1_24/chart-versions.nix b/pkgs/applications/networking/cluster/k3s/1_24/chart-versions.nix
new file mode 100644
index 000000000000..8c40604d0f1c
--- /dev/null
+++ b/pkgs/applications/networking/cluster/k3s/1_24/chart-versions.nix
@@ -0,0 +1,10 @@
+{
+    traefik-crd  = {
+        url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-20.3.1+up20.3.0.tgz";
+        sha256 = "1775vjldvqvhzdbzanxhbaqbmkih09yb91im651q8bc7z5sb9ckn";
+    };
+    traefik = {
+        url = "https://k3s.io/k3s-charts/assets/traefik/traefik-20.3.1+up20.3.0.tgz";
+        sha256 = "1rj0f0n0vgjcbzfwzhqmsd501i2f6vw145w9plbp8gwdyzmg2nc6";
+    };
+}
diff --git a/pkgs/applications/networking/cluster/k3s/1_24/default.nix b/pkgs/applications/networking/cluster/k3s/1_24/default.nix
index 9ebac6b7448e..2ff642f35111 100644
--- a/pkgs/applications/networking/cluster/k3s/1_24/default.nix
+++ b/pkgs/applications/networking/cluster/k3s/1_24/default.nix
@@ -47,30 +47,32 @@
 # Those pieces of software we entirely ignore upstream's handling of, and just
 # make sure they're in the path if desired.
 let
-  k3sVersion = "1.24.4+k3s1";     # k3s git tag
-  k3sCommit = "c3f830e9b9ed8a4d9d0e2aa663b4591b923a296e"; # k3s git commit at the above version
-  k3sRepoSha256 = "00ns6n7jxnacah8ahndhgdb160prgsqhswbb5809kkgvig7k8b27";
-  k3sVendorSha256 = "sha256-ReZvJCgxqffG2H39JlynGPUBSV5ngPkRtAoZ++OQZZI=";
+  k3sVersion = "1.24.10+k3s1";     # k3s git tag
+  k3sCommit = "546a94e9ae1c3be6f9c0dcde32a6e6672b035bc8"; # k3s git commit at the above version
+  k3sRepoSha256 = "sha256-HfkGb3GtR2wQkVIze26aFh6A6W0fegr8ovpSel7oujQ=";
+  k3sVendorSha256 = "sha256-YAerisDr/knlKPaO2fVMZA4FUpwshFmkpi3mJAmLqKM=";
 
-  # taken from ./manifests/traefik.yaml, extracted from '.spec.chart' https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/download#L9
-  # The 'patch' and 'minor' versions are currently hardcoded as single digits only, so ignore the trailing two digits. Weird, I know.
-  traefikChartVersion = "10.19.3";
-  traefikChartSha256 = "04zg5li957svgscdmkzmzjkwljaljyav68rzxmhakkwgav6q9058";
+  # Based on the traefik charts here: https://github.com/k3s-io/k3s/blob/v1.24.10%2Bk3s1/scripts/download#L29-L32
+  # see also https://github.com/k3s-io/k3s/blob/v1.24.10%2Bk3s1/manifests/traefik.yaml#L8-L16
+  # At the time of writing, there are two traefik charts, and that's it
+  charts = import ./chart-versions.nix;
 
-  # taken from ./scripts/version.sh VERSION_ROOT https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L47
-  k3sRootVersion = "0.11.0";
-  k3sRootSha256 = "016n56vi09xkvjph7wgzb2m86mhd5x65fs4d11pmh20hl249r620";
+  # taken from ./scripts/version.sh VERSION_ROOT https://github.com/k3s-io/k3s/blob/v1.24.10%2Bk3s1/scripts/version.sh#L56
+  k3sRootVersion = "0.12.1";
+  k3sRootSha256 = "sha256-xCXbarWztnvW2xn3cGa84hie3OevVZeGEDWh+Uf3RBw=";
 
-  # taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L45
+  # taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.24.10%2Bk3s1/scripts/version.sh#L49
   k3sCNIVersion = "1.1.1-k3s1";
   k3sCNISha256 = "14mb3zsqibj1sn338gjmsyksbm0mxv9p016dij7zidccx2rzn6nl";
 
   # taken from go.mod, the 'github.com/containerd/containerd' line
   # run `grep github.com/containerd/containerd go.mod | head -n1 | awk '{print $4}'`
-  containerdVersion = "1.5.13-k3s1";
-  containerdSha256 = "09bj4ghwbsj9whkv1d5icqs52k64m449j8b73dmak2wz62fbzbvp";
+  # https://github.com/k3s-io/k3s/blob/v1.24.10%2Bk3s1/go.mod#L10
+  containerdVersion = "1.5.16-k3s1";
+  containerdSha256 = "sha256-dxC44qE1A20Hd2j77Ir9Sla8xncttswWIuGGM/5FWi8=";
 
   # run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag
+  # https://github.com/k3s-io/k3s/blob/v1.24.10%2Bk3s1/go.mod#L18
   criCtlVersion = "1.24.0-k3s1";
 
   baseMeta = k3s.meta;
@@ -93,10 +95,9 @@ let
   ];
 
   # bundled into the k3s binary
-  traefikChart = fetchurl {
-    url = "https://helm.traefik.io/traefik/traefik-${traefikChartVersion}.tgz";
-    sha256 = traefikChartSha256;
-  };
+  traefikChart = fetchurl charts.traefik;
+  traefik-crdChart = fetchurl charts.traefik-crd;
+
   # so, k3s is a complicated thing to package
   # This derivation attempts to avoid including any random binaries from the
   # internet. k3s-root is _mostly_ binaries built to be bundled in k3s (which
@@ -180,12 +181,13 @@ let
     postInstall = ''
       mv $out/bin/server $out/bin/k3s
       pushd $out
-      # taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/build#L105-L113
+      # taken verbatim from https://github.com/k3s-io/k3s/blob/v1.24.10%2Bk3s1/scripts/build#L123-L131
       ln -s k3s ./bin/k3s-agent
       ln -s k3s ./bin/k3s-server
       ln -s k3s ./bin/k3s-etcd-snapshot
       ln -s k3s ./bin/k3s-secrets-encrypt
       ln -s k3s ./bin/k3s-certificate
+      ln -s k3s ./bin/k3s-completion
       ln -s k3s ./bin/kubectl
       ln -s k3s ./bin/crictl
       ln -s k3s ./bin/ctr
@@ -218,10 +220,6 @@ buildGoModule rec {
   src = k3sRepo;
   vendorSha256 = k3sVendorSha256;
 
-  patches = [
-    ./0001-script-download-strip-downloading-just-package-CRD.patch
-  ];
-
   postPatch = ''
     # Nix prefers dynamically linked binaries over static binary.
 
@@ -290,11 +288,9 @@ buildGoModule rec {
     ln -vsf ${k3sContainerd}/bin/* ./bin/
     rsync -a --no-perms --chmod u=rwX ${k3sRoot}/etc/ ./etc/
     mkdir -p ./build/static/charts
-    # Note, upstream's chart has a 00 suffix. This seems to not matter though, so we're ignoring that naming detail.
-    export TRAEFIK_CHART_FILE=${traefikChart}
-    # place the traefik chart using their code since it's complicated
-    # We trim the actual download, see patches
-    ./scripts/download
+
+    cp ${traefikChart} ./build/static/charts
+    cp ${traefik-crdChart} ./build/static/charts
 
     export ARCH=$GOARCH
     export DRONE_TAG="v${k3sVersion}"