argocd/manifests/kube-state-metrics-ringtail/kustomization.yaml

@@ -6,4 +6,5 @@ resources:
   - service.yaml
 images:
   - name: registry.k8s.io/kube-state-metrics/kube-state-metrics
-    newTag: v2.18.0
+    newName: registry.ops.eblu.me/blumeops/kube-state-metrics
+    newTag: v2.18.0-e2e35cc-nix

argocd/manifests/kube-state-metrics/kustomization.yaml

@@ -6,4 +6,5 @@ resources:
   - service.yaml
 images:
   - name: registry.k8s.io/kube-state-metrics/kube-state-metrics
-    newTag: v2.18.0
+    newName: registry.ops.eblu.me/blumeops/kube-state-metrics
+    newTag: v2.18.0-e2e35cc

containers/kube-state-metrics/Dockerfile

@@ -0,0 +1,44 @@
+# kube-state-metrics — Kubernetes state metrics exporter
+# Two-stage build: Go binary, Alpine runtime
+
+ARG CONTAINER_APP_VERSION=2.18.0
+ARG KSM_VERSION=v${CONTAINER_APP_VERSION}
+ARG KSM_COMMIT=ab562f78ebf4cb97cc2f87c1235e457076035d16
+
+FROM golang:alpine3.22 AS build
+
+ARG KSM_VERSION
+ARG KSM_COMMIT
+RUN apk add --no-cache build-base git
+
+RUN mkdir /app && cd /app \
+    && git init \
+    && git remote add origin https://forge.ops.eblu.me/mirrors/kube-state-metrics.git \
+    && git fetch --depth 1 origin ${KSM_COMMIT} \
+    && git checkout FETCH_HEAD
+
+WORKDIR /app
+
+ENV CGO_ENABLED=0
+
+RUN go build \
+    -o /kube-state-metrics \
+    -ldflags "-s -w -X k8s.io/kube-state-metrics/v2/pkg/version.Version=${KSM_VERSION}"
+
+FROM alpine:3.22
+
+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="kube-state-metrics"
+LABEL org.opencontainers.image.description="Generates metrics about the state of Kubernetes objects"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"
+
+RUN apk --no-cache add ca-certificates tzdata
+
+COPY --from=build /kube-state-metrics /usr/bin/kube-state-metrics
+
+EXPOSE 8080 8081
+
+USER 65534
+ENTRYPOINT ["/usr/bin/kube-state-metrics"]

containers/kube-state-metrics/default.nix

@@ -0,0 +1,59 @@
+# Nix-built kube-state-metrics
+# Builds v2.18.0 from forge mirror
+# Built with dockerTools.buildLayeredImage for efficient layer caching
+{ pkgs ? import <nixpkgs> { } }:
+
+let
+  version = "2.18.0";
+
+  src = pkgs.fetchgit {
+    url = "https://forge.ops.eblu.me/mirrors/kube-state-metrics.git";
+    rev = "v${version}";
+    hash = "sha256-oLkIjc6VC3hTrFg9LmgSUtwt4ek0dT7h2u2DfNRx5Gg=";
+  };
+
+  kube-state-metrics = pkgs.buildGoModule {
+    inherit src version;
+    pname = "kube-state-metrics";
+    vendorHash = "sha256-ccP34lywpQnIx3R5IyGURuvb4ijNfCu2VVAeVjBrN0w=";
+
+    doCheck = false;
+
+    subPackages = [ "." ];
+
+    ldflags = [
+      "-s"
+      "-w"
+      "-X k8s.io/kube-state-metrics/v2/pkg/version.Version=v${version}"
+    ];
+
+    meta = with pkgs.lib; {
+      description = "Generates metrics about the state of Kubernetes objects";
+      homepage = "https://github.com/kubernetes/kube-state-metrics";
+      license = licenses.asl20;
+      mainProgram = "kube-state-metrics";
+    };
+  };
+in
+
+pkgs.dockerTools.buildLayeredImage {
+  name = "blumeops/kube-state-metrics";
+  contents = [
+    kube-state-metrics
+    pkgs.cacert
+    pkgs.tzdata
+  ];
+
+  config = {
+    Entrypoint = [ "${kube-state-metrics}/bin/kube-state-metrics" ];
+    Env = [
+      "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+      "TZDIR=${pkgs.tzdata}/share/zoneinfo"
+    ];
+    ExposedPorts = {
+      "8080/tcp" = { };
+      "8081/tcp" = { };
+    };
+    User = "65534";
+  };
+}

docs/changelog.d/localize-kube-state-metrics.infra.md

@@ -0,0 +1 @@
+Build kube-state-metrics container locally (Dockerfile + nix) from forge mirror, replacing upstream registry.k8s.io image on both indri and ringtail.