diff --git a/infrastructure/system-upgrades/kubernetes.yaml b/infrastructure/system-upgrades/kubernetes.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5bfd9268cbc8f60d136449fb6a93c98951b8df45
--- /dev/null
+++ b/infrastructure/system-upgrades/kubernetes.yaml
@@ -0,0 +1,62 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kubernetes-upgrade
+  namespace: system-upgrade
+type: Opaque
+stringData:
+  kubernetes-version: "1.21"
+  setup-copr.sh: |
+    #!/bin/bash
+    set -e
+    set -x
+    secrets="$(dirname "$0")"
+    systemd-run --same-dir --wait --collect --service-type=exec dnf install -y dnf-plugins-core
+    systemd-run --same-dir --wait --collect --service-type=exec dnf copr enable -y "sheogorath/kubernetes-$(cat $secrets/kubernetes-version)"
+  kubernetes-upgrade.sh: |
+    #!/bin/bash
+    set -e
+    set -x
+    secrets="$(dirname "$0")"
+    systemd-run --same-dir --wait --collect --service-type=exec dnf upgrade -y kubernetes kubernetes-kubeadm
+    kubeadm upgrade apply --yes
+  upgrade.sh: |
+    #!/bin/bash
+    set -e
+    set -x
+    secrets="$(dirname "$0")"
+    $secrets/setup-copr.sh
+    $secrets/kubernetes-upgrade.sh
+---
+apiVersion: upgrade.cattle.io/v1
+kind: Plan
+metadata:
+  name: kubernetes-upgrade
+  namespace: system-upgrade
+spec:
+  concurrency: 1
+  nodeSelector:
+    matchExpressions:
+      - key: feature.node.kubernetes.io/system-os_release.ID
+        operator: In
+        values:
+          - fedora
+      - key: feature.node.kubernetes.io/system-os_release.VERSION_ID.major
+        operator: In
+        values:
+          - "35"
+  serviceAccountName: system-upgrade
+  secrets:
+    - name: kubernetes-upgrade
+      path: /host/run/system-upgrade/secrets/kubernetes-upgrade
+  drain:
+    deleteLocalData: true
+    ignoreDaemonSets: true
+    force: false
+  version: "1.21"
+  upgrade:
+    image: docker.io/library/fedora:35
+    command: ["chroot", "/host"]
+    args: ["sh", "/run/system-upgrade/secrets/kubernetes-upgrade/upgrade.sh"]
+