Merge pull request #728 from dmvolod/build-image-from-private-repo

🌱 Add ability to build operator images in a private docker registry

Author: k8s-ci-robot

Dockerfile

@@ -17,6 +17,9 @@
 # Build the manager binary
 # Run this with docker build --build-arg builder_image=<golang:x.y.z>
 ARG builder_image
+ARG deployment_base_image
+ARG deployment_base_image_tag
+ARG goprivate
 
 FROM ${builder_image} as builder
 WORKDIR /workspace
@@ -25,14 +28,16 @@ WORKDIR /workspace
 ARG goproxy=https://proxy.golang.org
 # Run this with docker build --build-arg package=./controlplane/kubeadm or --build-arg package=./bootstrap/kubeadm
 ENV GOPROXY=$goproxy
+ENV GOPRIVATE=$goprivate
 
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
 
 # Cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
-RUN --mount=type=cache,target=/go/pkg/mod \
+RUN --mount=type=secret,id=netrc,required=false,target=/root/.netrc \
+    --mount=type=cache,target=/go/pkg/mod \
   go mod download
 
 # Copy the sources
@@ -50,7 +55,7 @@ RUN --mount=type=cache,target=/go/pkg/mod \
   -o manager ${path}
 
 # Production image
-FROM gcr.io/distroless/static:nonroot
+FROM ${deployment_base_image}:${deployment_base_image_tag}
 WORKDIR /
 COPY --from=builder /workspace/manager .
 # Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies

Makefile

@@ -24,7 +24,8 @@ ROOT:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
 .DEFAULT_GOAL:=help
 
 GO_VERSION ?= 1.23.0
-GO_CONTAINER_IMAGE ?= docker.io/library/golang:$(GO_VERSION)
+GO_BASE_CONTAINER ?= docker.io/library/golang
+GO_CONTAINER_IMAGE = $(GO_BASE_CONTAINER):$(GO_VERSION)
 
 # Use GOPROXY environment variable if set
 GOPROXY := $(shell go env GOPROXY)
@@ -33,9 +34,21 @@ GOPROXY := https://proxy.golang.org
 endif
 export GOPROXY
 
+# Use GOPRIVATE environment variable if set
+GOPRIVATE := $(shell go env GOPRIVATE)
+export GOPRIVATE
+
+# Base docker images
+
+DOCKERFILE_CONTAINER_IMAGE ?= docker.io/docker/dockerfile:1.4
+DEPLOYMENT_BASE_IMAGE ?= gcr.io/distroless/static
+DEPLOYMENT_BASE_IMAGE_TAG ?= nonroot-${ARCH}
+
 # Active module mode, as we use go modules to manage dependencies
 export GO111MODULE=on
 
+BUILD_CONTAINER_ADDITIONAL_ARGS ?=
+
 # This option is for running docker manifest command
 export DOCKER_CLI_EXPERIMENTAL := enabled
 
@@ -372,13 +385,13 @@ modules: ## Runs go mod to ensure modules are up to date.
 
 .PHONY: docker-pull-prerequisites
 docker-pull-prerequisites:
-	docker pull docker.io/docker/dockerfile:1.4
+	docker pull $(DOCKERFILE_CONTAINER_IMAGE)
 	docker pull $(GO_CONTAINER_IMAGE)
-	docker pull gcr.io/distroless/static:latest
+	docker pull $(DEPLOYMENT_BASE_IMAGE):$(DEPLOYMENT_BASE_IMAGE_TAG)
 
 .PHONY: docker-build
 docker-build: docker-pull-prerequisites ## Build the docker image for controller-manager
-	docker build --build-arg builder_image=$(GO_CONTAINER_IMAGE) --build-arg goproxy=$(GOPROXY) --build-arg ARCH=$(ARCH) --build-arg LDFLAGS="$(LDFLAGS)" . -t $(CONTROLLER_IMG_TAG)
+	docker build $(BUILD_CONTAINER_ADDITIONAL_ARGS) --build-arg builder_image=$(GO_CONTAINER_IMAGE) --build-arg deployment_base_image=$(DEPLOYMENT_BASE_IMAGE) --build-arg deployment_base_image_tag=$(DEPLOYMENT_BASE_IMAGE_TAG) --build-arg goproxy=$(GOPROXY) --build-arg goprivate=$(GOPRIVATE) --build-arg ARCH=$(ARCH) --build-arg LDFLAGS="$(LDFLAGS)" . -t $(CONTROLLER_IMG_TAG)
 
 .PHONY: docker-push
 docker-push: ## Push the docker image