From 9210c8e8ed1cc33931bac44eb89d62a78f7e4a67 Mon Sep 17 00:00:00 2001
From: Sascha Grunert <sgrunert@suse.com>
Date: Thu, 27 Aug 2020 09:48:36 +0200
Subject: [PATCH 1/3] kubernetes: 1.18.8 -> 1.19.1

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
---
 pkgs/applications/networking/cluster/kubernetes/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/cluster/kubernetes/default.nix b/pkgs/applications/networking/cluster/kubernetes/default.nix
index 91fa9e8b4ff3..691effa39232 100644
--- a/pkgs/applications/networking/cluster/kubernetes/default.nix
+++ b/pkgs/applications/networking/cluster/kubernetes/default.nix
@@ -15,13 +15,13 @@ with lib;
 
 stdenv.mkDerivation rec {
   pname = "kubernetes";
-  version = "1.18.8";
+  version = "1.19.1";
 
   src = fetchFromGitHub {
     owner = "kubernetes";
     repo = "kubernetes";
     rev = "v${version}";
-    sha256 = "1dswgxxbybwllf2lf89saarsrn4pkb2617wycim07cd7i1l1dv5n";
+    sha256 = "1wnlw2rl14q7cb8shhldbavdamvl3w3mlfvymwfvmvxfxzhrjlaq";
   };
 
   nativeBuildInputs = [ removeReferencesTo makeWrapper which go rsync go-bindata ];

From 35f7a3347c3844dc2f41d66a6fb898d9d45d15b9 Mon Sep 17 00:00:00 2001
From: Sascha Grunert <sgrunert@suse.com>
Date: Mon, 31 Aug 2020 13:07:58 +0200
Subject: [PATCH 2/3] kubernetes: fix certificate generation

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
---
 nixos/modules/services/cluster/kubernetes/pki.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix
index 4275563f1a36..933ae481e968 100644
--- a/nixos/modules/services/cluster/kubernetes/pki.nix
+++ b/nixos/modules/services/cluster/kubernetes/pki.nix
@@ -20,7 +20,7 @@ let
         size = 2048;
     };
     CN = top.masterAddress;
-    hosts = cfg.cfsslAPIExtraSANs;
+    hosts = [top.masterAddress] ++ cfg.cfsslAPIExtraSANs;
   });
 
   cfsslAPITokenBaseName = "apitoken.secret";
@@ -228,7 +228,8 @@ in
             };
             private_key = cert.privateKeyOptions;
             request = {
-              inherit (cert) CN hosts;
+              hosts = [cert.CN] ++ cert.hosts;
+              inherit (cert) CN;
               key = {
                 algo = "rsa";
                 size = 2048;

From f3db33e5229b4863021c3f2463fac43a04ddb5df Mon Sep 17 00:00:00 2001
From: Sascha Grunert <sgrunert@suse.com>
Date: Thu, 10 Sep 2020 13:05:39 +0200
Subject: [PATCH 3/3] Add NixOS 20.03 release note for Kubernetes v1.19.x

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
---
 nixos/doc/manual/release-notes/rl-2009.xml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml
index 8a2d15660180..19617f9aa13c 100644
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@@ -1125,5 +1125,20 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
      </para>
    </listitem>
   </itemizedlist>
+  <itemizedlist>
+   <listitem>
+    <para />
+    <para>
+        Kubernetes has been upgraded to 1.19.1, which also means that the
+        golang version to build it has been bumped to 1.15. This may have
+        consequences for your existing clusters and their certificates. Please
+        consider
+        <link xlink:href="https://relnotes.k8s.io/?markdown=93264">
+            the release notes for Kubernetes 1.19 carefully
+        </link>
+        before upgrading.
+    </para>
+   </listitem>
+  </itemizedlist>
  </section>
 </section>