k3s_1_23: 1.23.6+k3s1 -> 1.23.16+k3s1

    githubId = 2242427;

    name = "Yoann Ono";

  };

  yajo = {

    email = "yajo.sk8@gmail.com";

    github = "yajo";

    githubId = 973709;

    name = "Jairo Llopis";

  };

  yana = {

    email = "yana@riseup.net";

    github = "yanalunaterra";

From 6f53bd36a40da4c71486e3b79f6e32d53d6eea5d Mon Sep 17 00:00:00 2001

From: Euan Kemp <euank@euank.com>

Date: Thu, 3 Feb 2022 23:50:40 -0800

Subject: [PATCH 2/2] scrips/download: strip downloading, just package CRD

The CRD packaging is a complicated set of commands, so let's reuse it.

---

 scripts/download | 10 ++--------

 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/scripts/download b/scripts/download

index 5effc0562a..82361803ee 100755

--- a/scripts/download

+++ b/scripts/download

@@ -24,12 +24,6 @@ rm -rf ${CONTAINERD_DIR}

 mkdir -p ${CHARTS_DIR}

 mkdir -p ${DATA_DIR}

-curl --compressed -sfL https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-${ARCH}.tar | tar xf - --exclude=bin/socat

-

-git clone --single-branch --branch=${VERSION_RUNC} --depth=1 https://github.com/opencontainers/runc ${RUNC_DIR}

-

-git clone --single-branch --branch=${VERSION_CONTAINERD} --depth=1 https://github.com/k3s-io/containerd ${CONTAINERD_DIR}

-

 setup_tmp() {

     TMP_DIR=$(mktemp -d --tmpdir=${CHARTS_DIR})

     cleanup() {

@@ -44,8 +38,8 @@ setup_tmp() {

 download_and_package_traefik () {

   echo "Downloading Traefik Helm chart from ${TRAEFIK_URL}"

-  curl -sfL ${TRAEFIK_URL} -o ${TMP_DIR}/${TRAEFIK_FILE}

-  code=$?

+  # nixpkgs: copy in our known traefik chart instead

+  cp $TRAEFIK_CHART_FILE ${TMP_DIR}/${TRAEFIK_FILE}

   if [ $code -ne 0 ]; then

     echo "Error: Failed to download Traefik Helm chart!"

-- 

2.34.1

{

    traefik-crd  = {

        url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-20.3.1+up20.3.0.tgz";

        sha256 = "1775vjldvqvhzdbzanxhbaqbmkih09yb91im651q8bc7z5sb9ckn";

    };

    traefik = {

        url = "https://k3s.io/k3s-charts/assets/traefik/traefik-20.3.1+up20.3.0.tgz";

        sha256 = "1rj0f0n0vgjcbzfwzhqmsd501i2f6vw145w9plbp8gwdyzmg2nc6";

    };

}

# Those pieces of software we entirely ignore upstream's handling of, and just

# make sure they're in the path if desired.

let

  k3sVersion = "1.23.6+k3s1";     # k3s git tag

  k3sCommit = "418c3fa858b69b12b9cefbcff0526f666a6236b9"; # k3s git commit at the above version

  k3sRepoSha256 = "0fmw491dn5mpi058mr7sij51i5m4qg2grx30cnl3h2v4s0sdkx2i";

  k3sVendorSha256 = "sha256-iHg5ySMaiSWXs98YGmxPwdZr4zdBIFma12dNEuf30Hs=";

  k3sVersion = "1.23.16+k3s1";     # k3s git tag

  k3sCommit = "64b0feeb36c2a26976a364a110f23ebcf971f976"; # k3s git commit at the above version

  k3sRepoSha256 = "sha256-H6aaYa5OYAaD5hjSi8+RNXiP1zhRZCgKXQA6eU7AWBk=";

  k3sVendorSha256 = "sha256-+xygljXp27NahsHSgoigMANBQCRwGFYwGHQEwlI9YsQ=";

  # taken from ./manifests/traefik.yaml, extracted from '.spec.chart' https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/download#L9

  # The 'patch' and 'minor' versions are currently hardcoded as single digits only, so ignore the trailing two digits. Weird, I know.

  traefikChartVersion = "10.19.3";

  traefikChartSha256 = "04zg5li957svgscdmkzmzjkwljaljyav68rzxmhakkwgav6q9058";

  # Based on the traefik charts here: https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/scripts/download#L29-L32

  # see also https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/manifests/traefik.yaml#L8-L16

  # At the time of writing, there are two traefik charts, and that's it

  charts = import ./chart-versions.nix;

  # taken from ./scripts/version.sh VERSION_ROOT https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L47

  k3sRootVersion = "0.11.0";

  k3sRootSha256 = "016n56vi09xkvjph7wgzb2m86mhd5x65fs4d11pmh20hl249r620";

  # taken from ./scripts/version.sh VERSION_ROOT https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/scripts/version.sh#L54

  k3sRootVersion = "0.12.1";

  k3sRootSha256 = "sha256-xCXbarWztnvW2xn3cGa84hie3OevVZeGEDWh+Uf3RBw=";

  # taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L45

  k3sCNIVersion = "1.0.1-k3s1";

  k3sCNISha256 = "11ihlzzdnqf9p21y0a4ckpbxac016nm7746dcykhj26ym9zxyv92";

  # taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/scripts/version.sh#L47

  k3sCNIVersion = "1.1.1-k3s1";

  k3sCNISha256 = "sha256-1Br7s+iMtfiPjM0EcNPuFdSlp9dVPjSG1UGuiPUfq5I=";

  # taken from go.mod, the 'github.com/containerd/containerd' line

  # run `grep github.com/containerd/containerd go.mod | head -n1 | awk '{print $4}'`

  containerdVersion = "1.5.11-k3s2";

  containerdSha256 = "16132snvrg8r0vwm6c0lz0q6fx686s2ix53nm3aka9a83xs75vf2";

  # https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/go.mod#L9

  containerdVersion = "1.5.16-k3s2-1-22";

  containerdSha256 = "sha256-PRrp05Jgx368Ox4hTC66lbCInWuex0OtAuCY4l8geqA=";

  # run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag

  # https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/go.mod#L19

  criCtlVersion = "1.22.0-k3s1";

  baseMeta = k3s.meta;

  ];

  # bundled into the k3s binary

  traefikChart = fetchurl {

    url = "https://helm.traefik.io/traefik/traefik-${traefikChartVersion}.tgz";

    sha256 = traefikChartSha256;

  };

  traefikChart = fetchurl charts.traefik;

  traefik-crdChart = fetchurl charts.traefik-crd;

  # so, k3s is a complicated thing to package

  # This derivation attempts to avoid including any random binaries from the

  # internet. k3s-root is _mostly_ binaries built to be bundled in k3s (which

    postInstall = ''

      mv $out/bin/server $out/bin/k3s

      pushd $out

      # taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/build#L105-L113

      # taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/scripts/build#L123-L131

      ln -s k3s ./bin/k3s-agent

      ln -s k3s ./bin/k3s-server

      ln -s k3s ./bin/k3s-etcd-snapshot

      ln -s k3s ./bin/k3s-secrets-encrypt

      ln -s k3s ./bin/k3s-certificate

      ln -s k3s ./bin/k3s-completion

      ln -s k3s ./bin/kubectl

      ln -s k3s ./bin/crictl

      ln -s k3s ./bin/ctr

  src = k3sRepo;

  vendorSha256 = k3sVendorSha256;

  patches = [

    ./0001-script-download-strip-downloading-just-package-CRD.patch

  ];

  postPatch = ''

    # Nix prefers dynamically linked binaries over static binary.

    ln -vsf ${k3sContainerd}/bin/* ./bin/

    rsync -a --no-perms --chmod u=rwX ${k3sRoot}/etc/ ./etc/

    mkdir -p ./build/static/charts

    # Note, upstream's chart has a 00 suffix. This seems to not matter though, so we're ignoring that naming detail.

    export TRAEFIK_CHART_FILE=${traefikChart}

    # place the traefik chart using their code since it's complicated

    # We trim the actual download, see patches

    ./scripts/download

    cp ${traefikChart} ./build/static/charts

    cp ${traefik-crdChart} ./build/static/charts

    export ARCH=$GOARCH

    export DRONE_TAG="v${k3sVersion}"

    description = "A lightweight Kubernetes distribution";

    license = licenses.asl20;

    homepage = "https://k3s.io";

    maintainers = with maintainers; [ euank mic92 superherointj ];

    maintainers = with maintainers; [ euank mic92 superherointj yajo ];

    platforms = platforms.linux;

  };