diff --git a/kubernetes/.gitignore b/kubernetes/.gitignore
new file mode 100644
index 0000000..e7515ec
--- /dev/null
+++ b/kubernetes/.gitignore
@@ -0,0 +1,5 @@
+pkg
+src
+*.zst*
+*.xz*
+*.tar.gz
\ No newline at end of file
diff --git a/kubernetes/10-kubeadm-kubelet.conf b/kubernetes/10-kubeadm-kubelet.conf
new file mode 100644
index 0000000..e8a629c
--- /dev/null
+++ b/kubernetes/10-kubeadm-kubelet.conf
@@ -0,0 +1,10 @@
+[Service]
+Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
+Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
+# "kubeadm init" and "kubeadm join" populate the KUBELET_KUBEADM_ARGS in this file
+EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
+# The KUBELET_ARGS can be sourced from this file
+# NOTE: Using the config.yaml is preferred
+EnvironmentFile=-/etc/kubernetes/kubelet.env
+ExecStart=
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_ARGS
diff --git a/kubernetes/50-kubelet-sysctl.conf b/kubernetes/50-kubelet-sysctl.conf
new file mode 100644
index 0000000..a5d9773
--- /dev/null
+++ b/kubernetes/50-kubelet-sysctl.conf
@@ -0,0 +1,2 @@
+# The file is provided as part of the kubeadm package
+net.ipv4.ip_forward = 1
diff --git a/kubernetes/PKGBUILD b/kubernetes/PKGBUILD
new file mode 100644
index 0000000..22620e3
--- /dev/null
+++ b/kubernetes/PKGBUILD
@@ -0,0 +1,238 @@
+# Maintainer: David Runge <dvzrv@archlinux.org>
+# Maintainer: Morten Linderud <foxboron@archlinux.org>
+
+pkgbase=kubernetes
+pkgname=(kube-apiserver kube-controller-manager kube-proxy kube-scheduler kubectl kubelet kubeadm)
+pkgver=1.23.0
+pkgrel=1
+pkgdesc="Production-Grade Container Scheduling and Management"
+arch=(x86_64 aarch64)
+url="https://kubernetes.io/"
+license=(Apache)
+depends=(glibc)
+makedepends=(cni-plugins conntrack-tools ethtool git go go-bindata go-md2man
+iptables-nft socat rsync)
+source=(
+  "https://github.com/kubernetes/kubernetes/archive/v${pkgver}/kubernetes-${pkgver}.tar.gz"
+  "${pkgbase}-1.23.0-gotags.patch"
+  "${pkgbase}-1.23.0-static_cgo_enabled.patch"
+  "10-kubeadm-kubelet.conf"
+  "50-kubelet-sysctl.conf"
+  "kubelet-modules.conf"
+  "kubelet.env"
+  "kubelet.service"
+  "kubernetes-sysusers.conf"
+  "kubernetes-tmpfiles.conf"
+  "kube-apiserver.env"
+  "kube-apiserver.service"
+  "kube-controller-manager.env"
+  "kube-controller-manager.service"
+  "kube-proxy.env"
+  "kube-proxy.service"
+  "kube-scheduler.env"
+  "kube-scheduler.service"
+)
+sha512sums=('a80c5416a29818d2535d1dd2e8bbb3f70c7674d218ccbfbffb5b1c6c632875ba6c960326d311f560ba91e38ff082c6beeb03dfeab9119f63a081af4df8041dd7'
+            'da59a9d6e3fd9625d2803e441f6f06c8b272ee5a220eb32426f09245e62c5f19bda324a752ead05111471f7ccd11fe9777630ae9b7ae387fcd94f65a7f1ed5b8'
+            'affcabbceadddb3f4178b9fba3e15f06bc6a21a6aa1c7b37c48defd1a81f674bc20198458ca7afdf1d979e2175d12648a70bb29d78ddaf7f5897241cd8d56dbe'
+            '5f7132636b6afe9f00dc450c58073c0829942fa44070e7ec5a2c227c485c83f076bdea081d207f926b44d02700be65bf19a61f5d8d1472edd480f980e6ffbc3a'
+            'ed5ba22b37eaa9f4950ff3b57d60dd7866fcd5b8bd5197eab3170470528e8d91379483d3eb724589e695184f9b0ed506ebaee73ecca0dc40afdb5f35e79d178a'
+            'c318b64a03da07dfe435b2d8c368e55b0ab567da78c57ed814a7864fa75aeac52b28cf562b4afd8daa52168af93b318c1fead557ee676e950af25d422c276a17'
+            '18aaf9e7d6964d633688b5e814f85af3a4fe7dfe3f0042ca04ca4811064cdbcdfbfb28021b15efe45f98cc9fbf1cf23a98972cdbcfd4871b165278a0a1179072'
+            'fb2cee7ebf303d8405abfe7934d20999882c855ae3280bf1bfbf4d3955d4592b221f009a0220e981b0243907f9392aa1f41db1993f9c1ae19a7af55ac8bde8f7'
+            'b3cc10f025ce59f19c21deed3476f309db2059ee48dd1467f64fdd5b198537c94a1b3eba822d6f8c79bfb394dccbd2ea5c8840f32900c8ba153900c2df77abd1'
+            'fbcde2b98c16a0841dd04e709834755f50bd52137685ec724dc5b2699b008b77bf03ecddf0781b9f837c0f392a84e70536bc579ca3f8329a8f5fceaa39dd018c'
+            'dcb0e59117f76d3230cc3666dedc8a171636816141af43802dc047a9d1855f66298d690259bc9b6b63d66c7488dcc4cb65f99c202d7b46705b70d0ad87644520'
+            'aa9ea75606faf5a70307b4afabba0a0b310429d26047f21902a29a7b05261a78a36aac0b4e04ce1cba898fbe8d93ab971068fa8d624e9fd4913b88a632b360e7'
+            'f1b8ea6a4a18fe6258fd45105b100db63a8a9151c0c6ee532569ba25cc5749f239afe8a5ee469d7a91f9d39c30cac8591936c65e3252b4278b1f422f98855d45'
+            'd0ffbbae151a64590709b8cb24547becfe809daf2fc2b1af22fcb1e1de87c419fa986dfe81cfab5bac8413554db1df59e6498c04eddba0ad8efec8889756511f'
+            'c5c16d97afc0fa455981a56794547a4e6e8a710b1b686ccf84645c8001a601fa41b624ad0009bf21e56ec2da35874ac7808731b4a5b9b0fd80fc188714708f23'
+            'dd4efa137462905f9e29a99d69b747ae35e58ba8152794bfa417325953dd5059bad96fabfabf73ce1ee2310dc4ab4d1b95c8d931d33b81c67addcb614a51be54'
+            'ba277f765959ddb8aa0dee5a86cd9df1f40fb3f6ea1001f24825dbf21bd9342981d13894301170431729f76e710f70c23481e4061c64be29517ff497490f1ef3'
+            '2c25c0e11a7b2d6d61e03f9afe7ba21f9497495ab02e85f2623ce8c71019fb8a1af16197ab3968d5da050c2188c3e67372aa43322ac91af84f7da61bf73596bc')
+b2sums=('3233f84a0628b7a3d0409b3f57f4e9a0a317f089d13d61a91af91b0736c978a8c2479b62164cbf5b0213a36ae63d7cb221e9ba91d9f29eb8599a1c396dce4fbc'
+        '1f6e88cc5817584c72fd2166d50217f06bf29c66b9317c7b9d1a331d8a8192ad189bdfb0e3f0c467916432e9e6a54891753324cfb9ac12396aee66a65dd851da'
+        'b06a21c5d4c349c8e9756022681085dc8a6bc4211a8e4700ccf10757a72a0da5e455f36adccfb41c1dd0d61d1df073c2a09e2074e10664f6de37a722c6d1401a'
+        'dbab30d7e1b566027fec9d6a95dd41ed8f64399c39aac07fb4513ce21050eeeb4a226adfd513f76921c305945dfa4a140602ede574dd5eb4cd287e0f2df21714'
+        '27a8dcbbe06fa7aea122fc87ca663710ae2179c995270d94e22c905422e2639f3c9c81eef6723467c76366062381d8bd65e84ef79f47fed7c240973a55f5cb0e'
+        'a03b8a2ce6a606068cad278c6b8039181968c132a935448bf45e1b3668357487da1528569ed582b107db0654a1614b784a73c726729aad42abed18a4c15ce5b6'
+        '50d5c0c235037b389ee7d5883ebe256287a0e53aba70f3d3571e460b029e8c4ec1a44ae7f08a8aca136504d9728f8a4ce768676ec5110af4a61ff8f19839faeb'
+        'fc2f424e0ccbeb21267bfcb4045ab7214af51b983495ff7baf6032e2395307873b220a95e5f29c7bc9e709cde246356f4a4d2c77521d8766d574ed3d5e5e362b'
+        '588c2c61496fa93392122e6927877df42826ab94b922e962b8541968d3baca343c699e9f244001782c9fc42ff84b684659aa1f29dde79dac66cd38b4b0499257'
+        'b2dda66fb2ddb5ab63059c63773c56c035c51c9cb9856860340eb52d89796d7c109d4cff7d76a482aef8674c83b5fb389095b7d78c3b3217d7624366697f5d83'
+        '4a3454dc3ad105fe17fd2620b2627e8949776176a7601216d77017fd276315852a3a584bea4f45c127ff250640e02ad319db006ef681b784f87039f7ee098bec'
+        'a8bf21df4fae1854bd394529323bb4252095d98551d6133bf239b58abf6d58f0cd048236b4f9d2481e06204a4e072c284c36aa202c889dec2c684c92facbae28'
+        'e57662608a39a59cc9079c5e6276fb6936dcf6f4a9b95c38606dd325f51e6a03e866f272ef231b46697aa5a342869443b2884f44b3152edc3e9a4199ae3f961f'
+        'b3ca3299b9bbc450c50fb59f60b68029b1abbdd9f0e01e823710dd203a00f5457f4a8cccfeef9ef083e2875b36fb3712af9fcda6ce911c68ca22831e8e1b4298'
+        '082474a56525f7ea52315fbf9d765081d9f6bbd20ab4213bc2d2a6ddb8a3764987e365f08f157be6deec53f9c1bf2fb6c99595f5649c631e8610fcf81ed61eab'
+        '5ce796468c442d76f311d1c620576dcd2c784fcd40ecaa68ca3a6d7c089e8703506f712ee918f89ddb4debfe061cea3939fa4f2d2a77553dd1cd7aa4fae17729'
+        '4f35d3b5296839dd68885b924a41725a3479c2725c77887038c7d402a6aa754e37fe0d3697e746a1b65a5236f9e927df01e99a66d37d227cb801965575403788'
+        '95a5345e044b8fe9be01fc6230f20b3b12118c6f1fcc3e7ebbfd4d3a3d205dfb492ff0c11397d3dae9abc0cbba83c659ea23803b71c8e240dddc30bf4791dbc5')
+
+prepare() {
+  cd "${pkgbase}-${pkgver}"
+  # the -tags can only be a space separated list
+  patch -Np1 -i ../"${pkgbase}-1.23.0-gotags.patch"
+  # set static builds CGO_ENABLED=1 for full RELRO
+  patch -Np1 -i ../"${pkgbase}-1.23.0-static_cgo_enabled.patch"
+}
+
+build() {
+  cd "${pkgbase}-${pkgver}"
+  export CGO_CPPFLAGS="${CPPFLAGS}"
+  export CGO_CFLAGS="${CFLAGS}"
+  export CGO_CXXFLAGS="${CXXFLAGS}"
+  export CGO_LDFLAGS="${LDFLAGS}"
+  export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
+  # NOTE: this also ensures the binaries have full RELRO
+  export GOLDFLAGS="-linkmode=external"
+
+  export GOARCH="$(go env GOARCH)"
+
+  make all KUBE_VERBOSE=5
+
+  # shell completion
+  local _binary
+  for _binary in {kubeadm,kubectl}; do
+    "_output/bin/${_binary}" completion bash > "_output/${_binary}"
+    "_output/bin/${_binary}" completion zsh > "_output/_${_binary}"
+  done
+  _output/bin/kubectl completion zsh > _output/kubectl.fish
+
+  # docs
+  hack/update-generated-docs.sh
+}
+
+package_kubeadm() {
+  pkgdesc='A tool for quickly installing Kubernetes and setting up a secure cluster'
+  groups=(kubernetes-tools)
+  depends+=(crictl)
+  install="${pkgname}.install"
+
+  cd "${pkgbase}-${pkgver}"
+  install -vDm 755 "_output/local/bin/linux/${GOARCH}/${pkgname}" -t "$pkgdir/usr/bin"
+  # service override for kubelet.service
+  install -vDm 644 "../10-${pkgname}-kubelet.conf" \
+    "${pkgdir}/usr/lib/systemd/system/kubelet.service.d/10-${pkgname}.conf"
+  # shell completion
+  install -vDm 644 "_output/${pkgname}" -t "$pkgdir/usr/share/bash-completion/completions/"
+  install -vDm 644 "_output/_${pkgname}" -t "$pkgdir/usr/share/zsh/site-functions/"
+  # man pages
+  install -vDm 644 "docs/man/man1/${pkgname}"* -t "${pkgdir}/usr/share/man/man1/"
+}
+
+package_kubectl() {
+  pkgdesc='A command line tool for communicating with a Kubernetes API server'
+  groups=(kubernetes-tools)
+
+  cd "${pkgbase}-${pkgver}"
+  install -vDm 755 "_output/local/bin/linux/${GOARCH}/${pkgname}" -t "$pkgdir/usr/bin"
+  # man pages
+  install -vDm 644 "docs/man/man1/${pkgname}"* -t "$pkgdir/usr/share/man/man1"
+  # shell completion
+  install -vDm 644 "_output/${pkgname}" -t "$pkgdir/usr/share/bash-completion/completions/"
+  install -vDm 644 "_output/_${pkgname}" -t "$pkgdir/usr/share/zsh/site-functions/"
+  install -vDm 644 "_output/${pkgname}.fish" -t "$pkgdir/usr/share/fish/vendor_completions.d/"
+}
+
+package_kubelet() {
+  pkgdesc='An agent that runs on each node in a Kubernetes cluster making sure that containers are running in a Pod'
+  groups=(kubernetes-control-plane kubernetes-node)
+  depends+=(cni-plugins conntrack-tools ethtool iptables-nft socat)
+  optdepends=('containerd: for using the containerd container runtime'
+              'cri-o: for using the cri-o container runtime'
+              'docker: for using the docker container runtime')
+  backup=(etc/kubernetes/kubelet.env)
+  install=${pkgname}.install
+
+  cd "${pkgbase}-${pkgver}"
+  install -vDm 755 "_output/local/bin/linux/${GOARCH}/${pkgname}" -t "$pkgdir/usr/bin"
+  # config
+  install -vDm 644 "../${pkgname}.env" -t "$pkgdir/etc/kubernetes/"
+  # service
+  install -vDm 644 "../${pkgname}.service" -t "$pkgdir/usr/lib/systemd/system"
+  # modules
+  install -vDm 644 "../${pkgname}-modules.conf" \
+    "${pkgdir}/usr/lib/modules-load.d/${pkgname}.conf"
+  # sysctl
+  install -vDm 644 "../50-${pkgname}-sysctl.conf" \
+    "${pkgdir}/etc/sysctl.d/50-${pkgname}.conf"
+  # man pages
+  install -vDm 644 "docs/man/man1/${pkgname}"* -t "${pkgdir}/usr/share/man/man1/"
+  # NOTE: without this directory a node worker will emit error messages upon joining a cluster
+  install -vdm 700 "${pkgdir}/etc/kubernetes/manifests"
+}
+
+package_kube-apiserver() {
+  pkgdesc='Kubernetes control plane component exposing the Kubernetes API'
+  groups=(kubernetes-control-plane)
+  backup=(etc/kubernetes/kube-apiserver.env)
+
+  cd "${pkgbase}-${pkgver}"
+  install -vDm 755 "_output/local/bin/linux/${GOARCH}/${pkgname}" -t "$pkgdir/usr/bin"
+  # config
+  install -vDm 644 "../${pkgname}.env" -t "${pkgdir}/etc/kubernetes/"
+  # service
+  install -vDm 644 "../${pkgname}.service" -t "${pkgdir}/usr/lib/systemd/system/"
+  # sysusers.d
+  install -vDm 644 "../kubernetes-sysusers.conf" "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
+  # tmpfiles.d
+  install -vDm 644 "../kubernetes-tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"
+  # man pages
+  install -vDm 644 "docs/man/man1/${pkgname}"* -t "${pkgdir}/usr/share/man/man1/"
+}
+
+package_kube-controller-manager() {
+  pkgdesc='Kubernetes control plane component that runs controller processes'
+  groups=(kubernetes-control-plane)
+  backup=(etc/kubernetes/${pkgname}.env)
+
+  cd "${pkgbase}-${pkgver}"
+  install -Dm 755 "_output/local/bin/linux/${GOARCH}/${pkgname}" -t "$pkgdir/usr/bin"
+  # config
+  install -vDm 644 "../${pkgname}.env" -t "${pkgdir}/etc/kubernetes/"
+  # service
+  install -vDm 644 "../${pkgname}.service" -t "${pkgdir}/usr/lib/systemd/system/"
+  # sysusers.d
+  install -vDm 644 "../kubernetes-sysusers.conf" "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
+  # tmpfiles.d
+  install -vDm 644 "../kubernetes-tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"
+  # man pages
+  install -vDm 644 "docs/man/man1/${pkgname}"* -t "${pkgdir}/usr/share/man/man1/"
+}
+
+package_kube-proxy() {
+  pkgdesc='Kubernetes network proxy that runs on each node'
+  groups=(kubernetes-control-plane kubernetes-node)
+  backup=(etc/kubernetes/${pkgname}.env)
+
+  cd "${pkgbase}-${pkgver}"
+  install -Dm 755 "_output/local/bin/linux/${GOARCH}/${pkgname}" -t "$pkgdir/usr/bin/"
+  # config
+  install -vDm 644 "../${pkgname}.env" -t "${pkgdir}/etc/kubernetes/"
+  # service
+  install -vDm 644 "../${pkgname}.service" -t "${pkgdir}/usr/lib/systemd/system/"
+  # man pages
+  install -vDm 644 "docs/man/man1/${pkgname}"* -t "${pkgdir}/usr/share/man/man1/"
+  install -vdm 755 "${pkgdir}/etc/kubernetes/"
+  install -vdm 755 "${pkgdir}/var/lib/${pkgname}/"
+}
+
+package_kube-scheduler() {
+  pkgdesc='Kubernetes control plane component watching over pods on nodes'
+  groups=(kubernetes-control-plane)
+  backup=(etc/kubernetes/${pkgname}.env)
+
+  cd "${pkgbase}-${pkgver}"
+  install -Dm 755 "_output/local/bin/linux/${GOARCH}/${pkgname}" -t "$pkgdir/usr/bin"
+  # config
+  install -vDm 644 "../${pkgname}.env" -t "${pkgdir}/etc/kubernetes/"
+  # service
+  install -vDm 644 "../${pkgname}.service" -t "${pkgdir}/usr/lib/systemd/system/"
+  # sysusers.d
+  install -vDm 644 "../kubernetes-sysusers.conf" "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
+  # tmpfiles.d
+  install -vDm 644 "../kubernetes-tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"
+  # man pages
+  install -vDm 644 "docs/man/man1/${pkgname}"* -t "${pkgdir}/usr/share/man/man1/"
+}
diff --git a/kubernetes/kube-apiserver.env b/kubernetes/kube-apiserver.env
new file mode 100644
index 0000000..a66a3a9
--- /dev/null
+++ b/kubernetes/kube-apiserver.env
@@ -0,0 +1,10 @@
+# Kubernetes kube-apiserver arguments
+#
+# The KUBE_APISERVER_ARGS environment variable is used to provide flags and
+# options to kube-apiserver when running kube-apiserver.service.
+# See `man 1 kube-apiserver` or `kube-apiserver --help` for further information.
+#
+# NOTE: When using kubeadm to bootstrap a cluster KUBE_APISERVER_ARGS will not
+# be considered, as kube-apiserver runs as a privileged system pod in that
+# case.
+KUBE_APISERVER_ARGS=
diff --git a/kubernetes/kube-apiserver.service b/kubernetes/kube-apiserver.service
new file mode 100644
index 0000000..917f26e
--- /dev/null
+++ b/kubernetes/kube-apiserver.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Kubernetes API Server
+Documentation=man:kube-apiserver(1)
+After=network.target
+After=etcd.service
+
+[Service]
+EnvironmentFile=-/etc/kubernetes/kube-apiserver.env
+User=kube
+ExecStart=/usr/bin/kube-apiserver $KUBE_APISERVER_ARGS
+Restart=on-failure
+Type=notify
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
diff --git a/kubernetes/kube-controller-manager.env b/kubernetes/kube-controller-manager.env
new file mode 100644
index 0000000..947d2c4
--- /dev/null
+++ b/kubernetes/kube-controller-manager.env
@@ -0,0 +1,11 @@
+# Kubernetes kube-controller-manager arguments
+#
+# The KUBE_CONTROLLER_MANAGER_ARGS environment variable is used to provide
+# flags and options to kube-controller-manager when running
+# kube-controller-manager.service.  See `man 1 kube-controller-manager` or
+# `kube-controller-manager --help` for further information.
+#
+# NOTE: When using kubeadm to bootstrap a cluster KUBE_CONTROLLER_MANAGER_ARGS
+# will not be considered, as kube-controller-manager runs as a privileged
+# system pod in that case.
+KUBE_CONTROLLER_MANAGER_ARGS=
diff --git a/kubernetes/kube-controller-manager.service b/kubernetes/kube-controller-manager.service
new file mode 100644
index 0000000..2af94b0
--- /dev/null
+++ b/kubernetes/kube-controller-manager.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kubernetes Controller Manager
+Documentation=man:kube-controller-manager(1)
+
+[Service]
+EnvironmentFile=-/etc/kubernetes/kube-controller-manager.env
+User=kube
+ExecStart=/usr/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_ARGS
+Restart=on-failure
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
diff --git a/kubernetes/kube-proxy.env b/kubernetes/kube-proxy.env
new file mode 100644
index 0000000..67677ef
--- /dev/null
+++ b/kubernetes/kube-proxy.env
@@ -0,0 +1,9 @@
+# Kubernetes kube-proxy arguments
+#
+# The KUBE_PROXY_ARGS environment variable is used to provide flags and
+# options to kube-proxy when running kube-proxy.service.
+# See `man 1 kube-proxy` or `kube-proxy --help` for further information.
+#
+# NOTE: When using kubeadm to bootstrap a cluster KUBE_PROXY_ARGS will not
+# be considered, as kube-proxy runs as a privileged system pod in that case.
+KUBE_PROXY_ARGS=
diff --git a/kubernetes/kube-proxy.service b/kubernetes/kube-proxy.service
new file mode 100644
index 0000000..1cd3e67
--- /dev/null
+++ b/kubernetes/kube-proxy.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kubernetes Kube-Proxy Server
+Documentation=man:kube-proxy(1)
+After=network.target
+
+[Service]
+EnvironmentFile=-/etc/kubernetes/kube-proxy.env
+ExecStart=/usr/bin/kube-proxy $KUBE_PROXY_ARGS
+Restart=on-failure
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
diff --git a/kubernetes/kube-scheduler.env b/kubernetes/kube-scheduler.env
new file mode 100644
index 0000000..d0ea9f4
--- /dev/null
+++ b/kubernetes/kube-scheduler.env
@@ -0,0 +1,10 @@
+# Kubernetes kube-scheduler arguments
+#
+# The KUBE_SCHEDULER_ARGS environment variable is used to provide flags and
+# options to kube-scheduler when running kube-scheduler.service.
+# See `man 1 kube-scheduler` or `kube-scheduler --help` for further information.
+#
+# NOTE: When using kubeadm to bootstrap a cluster KUBE_SCHEDULER_ARGS will not
+# be considered, as kube-scheduler runs as a privileged system pod in that
+# case.
+KUBE_SCHEDULER_ARGS=
diff --git a/kubernetes/kube-scheduler.service b/kubernetes/kube-scheduler.service
new file mode 100644
index 0000000..4414694
--- /dev/null
+++ b/kubernetes/kube-scheduler.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kubernetes Scheduler Plugin
+Documentation=man:kube-scheduler(1)
+
+[Service]
+EnvironmentFile=-/etc/kubernetes/kube-scheduler.env
+User=kube
+ExecStart=/usr/bin/kube-scheduler $KUBE_SCHEDULER_ARGS
+Restart=on-failure
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
diff --git a/kubernetes/kubeadm.install b/kubernetes/kubeadm.install
new file mode 100644
index 0000000..933f508
--- /dev/null
+++ b/kubernetes/kubeadm.install
@@ -0,0 +1,14 @@
+# arg 1:  the new package version
+post_install() {
+  printf "Switch on IP forwarding: sysctl net.ipv4.ip_forward=1\n"
+}
+
+## arg 1:  the new package version
+## arg 2:  the old package version
+post_upgrade() {
+  local _changelog_121="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.21.md#no-really-you-must-read-this-before-you-upgrade"
+  if [[ "$(vercmp "$2" "1.21.0-1")" -lt 0 ]]; then
+    printf "WARNING: Read important changelog notice:\n"
+    printf "         %s\n" "${_changelog_121}"
+  fi
+}
diff --git a/kubernetes/kubelet-modules.conf b/kubernetes/kubelet-modules.conf
new file mode 100644
index 0000000..a13fc17
--- /dev/null
+++ b/kubernetes/kubelet-modules.conf
@@ -0,0 +1 @@
+br_netfilter
diff --git a/kubernetes/kubelet.env b/kubernetes/kubelet.env
new file mode 100644
index 0000000..910ecca
--- /dev/null
+++ b/kubernetes/kubelet.env
@@ -0,0 +1,9 @@
+# Kubernetes kubelet arguments
+#
+# The KUBELET_ARGS environment variable is used to provide flags and options to
+# kubelet when running kubelet.service.
+# See `man 1 kubelet` or `kubelet --help` for further information.
+#
+# NOTE: When using kubeadm to bootstrap a cluster KUBELET_ARGS will be appended
+# to the kubeadm specific environment variables.
+KUBELET_ARGS=--cni-bin-dir=/usr/lib/cni
diff --git a/kubernetes/kubelet.install b/kubernetes/kubelet.install
new file mode 100644
index 0000000..7b0a14d
--- /dev/null
+++ b/kubernetes/kubelet.install
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+post_install() {
+  if ! grep "br_netfilter" /proc/modules; then
+    echo "Load the br_netfilter kernel module or reboot: modprobe br_netfilter."
+  fi
+  if [[ $(swapon --noheadings | wc -l) -ne 0 ]]; then
+    echo "WARNING: Disable swap before using kubelet.service."
+  fi
+}
+
+post_upgrade() {
+  local _changelog_121="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.21.md#no-really-you-must-read-this-before-you-upgrade"
+  if [[ "$(vercmp "$2" "1.21.0-1")" -lt 0 ]]; then
+    printf "WARNING: Read important changelog notice:\n"
+    printf "         %s\n" "${_changelog_121}"
+  fi
+}
diff --git a/kubernetes/kubelet.service b/kubernetes/kubelet.service
new file mode 100644
index 0000000..e93876e
--- /dev/null
+++ b/kubernetes/kubelet.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=The Kubernetes Node Agent
+Documentation=https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
+
+[Service]
+ConfigurationDirectory=kubernetes
+CPUAccounting=true
+IPAccounting=true
+EnvironmentFile=-/etc/kubernetes/kubelet.env
+ExecStart=/usr/bin/kubelet $KUBELET_ARGS
+KillMode=process
+MemoryAccounting=true
+StartLimitInterval=0
+Restart=on-failure
+RestartSec=10
+RuntimeDirectory=kubelet
+StateDirectory=kubelet
+
+[Install]
+WantedBy=multi-user.target
diff --git a/kubernetes/kubernetes-1.23.0-gotags.patch b/kubernetes/kubernetes-1.23.0-gotags.patch
new file mode 100644
index 0000000..9cd27c8
--- /dev/null
+++ b/kubernetes/kubernetes-1.23.0-gotags.patch
@@ -0,0 +1,12 @@
+diff -ruN a/hack/lib/golang.sh b/hack/lib/golang.sh
+--- a/hack/lib/golang.sh	2021-12-07 19:08:39.000000000 +0100
++++ b/hack/lib/golang.sh	2021-12-08 23:59:38.948699522 +0100
+@@ -808,7 +808,7 @@
+ 
+     # extract tags if any specified in GOFLAGS
+     # shellcheck disable=SC2001
+-    gotags="selinux,notest,$(echo "${GOFLAGS:-}" | sed -ne 's|.*-tags=\([^-]*\).*|\1|p')"
++    gotags="selinux notest $(echo "${GOFLAGS:-}" | sed -ne 's|.*-tags=\([^-]*\).*|\1|p')"
+ 
+     local -a targets=()
+     local arg
diff --git a/kubernetes/kubernetes-1.23.0-static_cgo_enabled.patch b/kubernetes/kubernetes-1.23.0-static_cgo_enabled.patch
new file mode 100644
index 0000000..94b5cf5
--- /dev/null
+++ b/kubernetes/kubernetes-1.23.0-static_cgo_enabled.patch
@@ -0,0 +1,14 @@
+diff -ruN a/hack/lib/golang.sh b/hack/lib/golang.sh
+--- a/hack/lib/golang.sh	2021-12-07 19:08:39.000000000 +0100
++++ b/hack/lib/golang.sh	2021-12-09 18:53:23.588259078 +0100
+@@ -718,8 +718,8 @@
+       -ldflags "${goldflags:-}"
+       -tags "${gotags:-}"
+     )
+-    V=1 kube::log::info "> static build CGO_ENABLED=0: ${statics[*]}"
+-    CGO_ENABLED=0 kube::golang::build_some_binaries "${statics[@]}"
++    V=1 kube::log::info "> static build CGO_ENABLED=1: ${statics[*]}"
++    CGO_ENABLED=1 kube::golang::build_some_binaries "${statics[@]}"
+   fi
+ 
+   if [[ "${#nonstatics[@]}" != 0 ]]; then
diff --git a/kubernetes/kubernetes-sysusers.conf b/kubernetes/kubernetes-sysusers.conf
new file mode 100644
index 0000000..2025404
--- /dev/null
+++ b/kubernetes/kubernetes-sysusers.conf
@@ -0,0 +1 @@
+u kube - "User for Kubernetes services" - -
diff --git a/kubernetes/kubernetes-tmpfiles.conf b/kubernetes/kubernetes-tmpfiles.conf
new file mode 100644
index 0000000..d2dd633
--- /dev/null
+++ b/kubernetes/kubernetes-tmpfiles.conf
@@ -0,0 +1 @@
+d /run/kubernetes 750 root kube - -