From 614226a66e9dd3d4fd4bac7a8c572d1a2a813ce3 Mon Sep 17 00:00:00 2001
From: Drew Newberry <anewberry@nvidia.com>
Date: Fri, 6 Mar 2026 01:15:20 -0800
Subject: [PATCH] chore(cluster): upgrade k3s to v1.35.2 and remove K3S_VERSION
 from mise.toml

Move the k3s version source of truth to Dockerfile.cluster ARG default
(v1.35.2-k3s1) and make the build scripts pass the build-arg only when
the environment variable is explicitly set. This simplifies the build
chain while still allowing CI or developers to override the version.
---
 architecture/build-containers.md          | 4 ++--
 architecture/cluster-single-node.md       | 2 +-
 architecture/system-architecture.md       | 2 +-
 deploy/docker/Dockerfile.cluster          | 2 +-
 mise.toml                                 | 1 -
 tasks/scripts/docker-build-cluster.sh     | 4 ++--
 tasks/scripts/docker-publish-multiarch.sh | 4 ++--
 7 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/architecture/build-containers.md b/architecture/build-containers.md
index d4e9d83e..1ef8dfc0 100644
--- a/architecture/build-containers.md
+++ b/architecture/build-containers.md
@@ -99,7 +99,7 @@ A k3s image with bundled Helm charts and Kubernetes manifests for single-contain
 
 **Defined in** `deploy/docker/Dockerfile.cluster`.
 
-**Base image:** `rancher/k3s:v1.29.8-k3s1` (configurable via `K3S_VERSION` build arg).
+**Base image:** `rancher/k3s:v1.35.2-k3s1` (configurable via `K3S_VERSION` build arg).
 
 **Layers added:**
 
@@ -368,7 +368,7 @@ After building, the script:
 |---|---|---|
 | `IMAGE_TAG` | `dev` | Tag for built images |
 | `RUST_BUILD_PROFILE` | `debug` | `debug` or `release` for sandbox builds |
-| `K3S_VERSION` | `v1.29.8-k3s1` | k3s version for cluster image |
+| `K3S_VERSION` | `v1.35.2-k3s1` | k3s version for cluster image (optional override; default in Dockerfile.cluster) |
 
 | `CLUSTER_NAME` | basename of `$PWD` | Name for local cluster deployment |
 | `DOCKER_PLATFORM` | (unset) | Target platform for multi-arch builds (e.g., `linux/amd64`) |
diff --git a/architecture/cluster-single-node.md b/architecture/cluster-single-node.md
index 208dc1c0..4849cb9e 100644
--- a/architecture/cluster-single-node.md
+++ b/architecture/cluster-single-node.md
@@ -238,7 +238,7 @@ After deploy, the CLI calls `save_active_cluster(name)`, writing the cluster nam
 The cluster image is defined in `deploy/docker/Dockerfile.cluster`:
 
 ```
-Base:  rancher/k3s:v1.29.8-k3s1
+Base:  rancher/k3s:v1.35.2-k3s1
 ```
 
 Layers added:
diff --git a/architecture/system-architecture.md b/architecture/system-architecture.md
index 67c47de4..643cee2f 100644
--- a/architecture/system-architecture.md
+++ b/architecture/system-architecture.md
@@ -17,7 +17,7 @@ graph TB
     %% ============================================================
     subgraph Cluster["NemoClaw Cluster Container (Docker)"]
 
-        subgraph K3s["k3s (v1.29.8-k3s1)"]
+        subgraph K3s["k3s (v1.35.2-k3s1)"]
             KubeAPI["Kubernetes API<br/>:6443"]
             HelmController["Helm Controller"]
             LocalPathProv["local-path-provisioner"]
diff --git a/deploy/docker/Dockerfile.cluster b/deploy/docker/Dockerfile.cluster
index ad84df67..1c5e7421 100644
--- a/deploy/docker/Dockerfile.cluster
+++ b/deploy/docker/Dockerfile.cluster
@@ -15,7 +15,7 @@
 # The helm charts are built by the docker:build:cluster mise task
 # and placed in deploy/docker/.build/ before this Dockerfile is built.
 
-ARG K3S_VERSION=v1.34.5-k3s1
+ARG K3S_VERSION=v1.35.2-k3s1
 FROM rancher/k3s:${K3S_VERSION}
 
 # Create directories for manifests, charts, and configuration
diff --git a/mise.toml b/mise.toml
index 25740178..0c0c8b91 100644
--- a/mise.toml
+++ b/mise.toml
@@ -38,7 +38,6 @@ SCCACHE_DIR = "{{config_root}}/.cache/sccache"
 NAV_PYPI_REPOSITORY_URL = "https://urm.nvidia.com/artifactory/api/pypi/nv-shared-pypi-local"
 
 # Shared build constants (overridable via environment)
-K3S_VERSION = "{{env.K3S_VERSION | default(value='v1.34.5-k3s1')}}"
 DOCKER_BUILDKIT = "1"
 
 [vars]
diff --git a/tasks/scripts/docker-build-cluster.sh b/tasks/scripts/docker-build-cluster.sh
index fc960a51..1d467918 100755
--- a/tasks/scripts/docker-build-cluster.sh
+++ b/tasks/scripts/docker-build-cluster.sh
@@ -7,7 +7,7 @@
 #
 # Environment:
 #   IMAGE_TAG                - Image tag (default: dev)
-#   K3S_VERSION              - k3s version (set by mise.toml [env])
+#   K3S_VERSION              - k3s version override (optional; default in Dockerfile.cluster)
 
 #   DOCKER_PLATFORM          - Target platform (optional)
 #   DOCKER_BUILDER           - Buildx builder name (default: auto-select)
@@ -68,7 +68,7 @@ docker buildx build \
   ${CACHE_ARGS[@]+"${CACHE_ARGS[@]}"} \
   -f deploy/docker/Dockerfile.cluster \
   -t ${IMAGE_NAME}:${IMAGE_TAG} \
-  --build-arg K3S_VERSION=${K3S_VERSION} \
+  ${K3S_VERSION:+--build-arg K3S_VERSION=${K3S_VERSION}} \
   ${OUTPUT_FLAG} \
   .
 
diff --git a/tasks/scripts/docker-publish-multiarch.sh b/tasks/scripts/docker-publish-multiarch.sh
index 9871009e..ef775dc5 100755
--- a/tasks/scripts/docker-publish-multiarch.sh
+++ b/tasks/scripts/docker-publish-multiarch.sh
@@ -11,7 +11,7 @@
 #
 # Environment:
 #   IMAGE_TAG                - Image tag (default: dev)
-#   K3S_VERSION              - k3s version (set by mise.toml [env])
+#   K3S_VERSION              - k3s version override (optional; default in Dockerfile.cluster)
 
 #   DOCKER_PLATFORMS         - Target platforms (default: linux/amd64,linux/arm64)
 #   RUST_BUILD_PROFILE       - Rust build profile for sandbox (default: release)
@@ -197,7 +197,7 @@ docker buildx build \
   --platform "${PLATFORMS}" \
   -f deploy/docker/Dockerfile.cluster \
   -t "${CLUSTER_IMAGE}:${IMAGE_TAG}" \
-  --build-arg K3S_VERSION=${K3S_VERSION} \
+  ${K3S_VERSION:+--build-arg K3S_VERSION=${K3S_VERSION}} \
   ${EXTRA_BUILD_FLAGS} \
   --push \
   .