build: update Dockerfiles from network-operator-25.10.x branch

Signed-off-by: Fred Rolland <frolland@nvidia.com>

Author: rollandf

Dockerfile.nvidia

@@ -16,17 +16,23 @@
 
 ARG BASE_IMAGE_GO_DISTROLESS_DEV
 
-FROM golang:1.23 AS builder
+FROM golang:1.25 AS builder
+
+ARG GOPROXY
+ENV GOPROXY=$GOPROXY
+
 WORKDIR /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator
 COPY . .
 RUN make _build-manager BIN_PATH=build/_output/cmd
 RUN make _build-sriov-network-operator-config-cleanup BIN_PATH=build/_output/cmd
 
 FROM ${BASE_IMAGE_GO_DISTROLESS_DEV:-nvcr.io/nvidia/distroless/go:v3.2.1-dev}
+USER 65532:65532
 COPY --from=builder /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator/build/_output/cmd/manager /usr/bin/sriov-network-operator
 COPY --from=builder /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator/build/_output/cmd/sriov-network-operator-config-cleanup /usr/bin/sriov-network-operator-config-cleanup
 COPY bindata /bindata
 # copy project sources into the container
 COPY . /src
 ENV OPERATOR_NAME=sriov-network-operator
+WORKDIR /
 CMD ["/usr/bin/sriov-network-operator"]

Dockerfile.sriov-network-config-daemon

@@ -7,7 +7,9 @@ FROM quay.io/centos/centos:stream9
 ARG MSTFLINT=mstflint
 # We have to ensure that pciutils is installed. This package is needed for mstfwreset to succeed.
 # xref pkg/vendors/mellanox/mellanox.go#L150
-RUN if [ "$(uname -m)" = "s390x" ]; then yum -y install hwdata pciutils; else yum -y install hwdata pciutils "${MSTFLINT}"; fi && yum clean all
+RUN ARCH_DEP_PKGS=$(if [ "$(uname -m)" != "s390x" ]; then echo -n ${MSTFLINT} ; fi) \
+  && yum -y install hwdata pciutils $ARCH_DEP_PKGS \
+  && yum clean all
 LABEL io.k8s.display-name="sriov-network-config-daemon" \
       io.k8s.description="This is a daemon that manage and config sriov network devices in Kubernetes cluster"
 COPY --from=builder /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator/build/_output/cmd/sriov-network-config-daemon /usr/bin/

Dockerfile.sriov-network-config-daemon-stig

@@ -1,13 +1,31 @@
-FROM golang:1.23 AS builder
+FROM golang:1.25 AS builder
+
+ARG GOPROXY
+ENV GOPROXY=$GOPROXY
+
 WORKDIR /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator
 COPY . .
 RUN make _build-sriov-network-config-daemon BIN_PATH=build/_output/cmd
 
 FROM nvcr.io/nvstaging/mellanox/ubuntu-pro-stig:24.04
-ARG MSTFLINT=mstflint
-# We have to ensure that pciutils is installed. This package is needed for mstfwreset to succeed.
+# We have to ensure that pciutils is installed. These packages are needed for mstfwreset to succeed.
 # xref pkg/vendors/mellanox/mellanox.go#L150
-RUN apt update && apt -y install hwdata pciutils mstflint
+RUN apt update && apt -y install hwdata pciutils curl
+
+ARG TARGETARCH
+ENV MFT_VERSION=4.33.0-169
+RUN case ${TARGETARCH} in \
+        amd64) ARCH=x86_64 ;; \
+        arm64) ARCH=arm64 ;; \
+        *) echo "Unsupported architecture: ${TARGETARCH}" && exit 1 ;; \
+    esac && \
+    curl -fsSL https://www.mellanox.com/downloads/MFT/mft-${MFT_VERSION}-${ARCH}-deb.tgz | tar -xz -C /tmp && \
+    cd /tmp/mft-${MFT_VERSION}-${ARCH}-deb && \
+    ./install.sh --without-kernel
+
+RUN ln -s $(which mlxconfig) /usr/bin/mstconfig
+RUN ln -s $(which mlxfwreset) /usr/bin/mstfwreset
+
 LABEL io.k8s.display-name="sriov-network-config-daemon" \
       io.k8s.description="This is a daemon that manage and config sriov network devices in Kubernetes cluster"
 COPY --from=builder /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator/build/_output/cmd/sriov-network-config-daemon /usr/bin/

Dockerfile.sriov-network-config-daemon.nvidia

@@ -17,15 +17,33 @@
 ARG BASE_IMAGE_DOCA_BASE_RT_HOST
 
 FROM golang:1.23 AS builder
+
+ARG GOPROXY
+ENV GOPROXY=$GOPROXY
+
 WORKDIR /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator
 COPY . .
 RUN make _build-sriov-network-config-daemon BIN_PATH=build/_output/cmd
 
 FROM ${BASE_IMAGE_DOCA_BASE_RT_HOST:-nvcr.io/nvidia/doca/doca:3.1.0-base-rt-host}
-ARG MSTFLINT=mstflint
-# We have to ensure that pciutils is installed. This package is needed for mstfwreset to succeed.
+# We have to ensure that pciutils is installed. These packages are needed for mstfwreset to succeed.
 # xref pkg/vendors/mellanox/mellanox.go#L150
-RUN ARCH_DEP_PKGS=$(if [ "$(uname -m)" != "s390x" ]; then echo -n ${MSTFLINT} ; fi) && apt-get update && apt-get install -y hwdata pciutils $ARCH_DEP_PKGS && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y hwdata pciutils curl && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+ARG TARGETARCH
+ENV MFT_VERSION=4.33.0-169
+RUN case ${TARGETARCH} in \
+        amd64) ARCH=x86_64 ;; \
+        arm64) ARCH=arm64 ;; \
+        *) echo "Unsupported architecture: ${TARGETARCH}" && exit 1 ;; \
+    esac && \
+    curl -fsSL https://www.mellanox.com/downloads/MFT/mft-${MFT_VERSION}-${ARCH}-deb.tgz | tar -xz -C /tmp && \
+    cd /tmp/mft-${MFT_VERSION}-${ARCH}-deb && \
+    ./install.sh --without-kernel
+
+RUN ln -s $(which mlxconfig) /usr/bin/mstconfig
+RUN ln -s $(which mlxfwreset) /usr/bin/mstfwreset
+
 LABEL io.k8s.display-name="sriov-network-config-daemon" \
       io.k8s.description="This is a daemon that manage and config sriov network devices in Kubernetes cluster"
 COPY --from=builder /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator/build/_output/cmd/sriov-network-config-daemon /usr/bin/

Dockerfile.webhook

@@ -1,4 +1,4 @@
-FROM golang:1.25 AS builder
+FROM golang:1.23 AS builder
 WORKDIR /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator
 COPY . .
 RUN make _build-webhook BIN_PATH=build/_output/cmd

Dockerfile.webhook.nvidia

@@ -17,14 +17,18 @@
 ARG BASE_IMAGE_GO_DISTROLESS_DEV
 
 FROM golang:1.23 AS builder
+
+ARG GOPROXY
+ENV GOPROXY=$GOPROXY
+
 WORKDIR /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator
 COPY . .
 RUN make _build-webhook BIN_PATH=build/_output/cmd
 
 FROM ${BASE_IMAGE_GO_DISTROLESS_DEV:-nvcr.io/nvidia/distroless/go:v3.2.1-dev}
+USER 65532:65532
 LABEL io.k8s.display-name="sriov-network-webhook" \
       io.k8s.description="This is an admission controller webhook that mutates and validates customer resources of sriov network operator."
-USER 1001
 # copy project sources into the container
 COPY . /src
 COPY --from=builder /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator/build/_output/cmd/webhook /usr/bin/webhook

Makefile

@@ -32,6 +32,7 @@ export WATCH_NAMESPACE?=openshift-sriov-network-operator
 export HOME?=$(PWD)
 export GOPATH?=$(shell go env GOPATH)
 export GO111MODULE=on
+GOPROXY ?= $(shell go env GOPROXY)
 PKGS=$(shell go list ./... | grep -v -E '/vendor/|/test|/examples')
 TESTPKGS?=./...
 
@@ -71,9 +72,9 @@ clean:
 	@rm -rf $(BIN_DIR)
 
 image: ; $(info Building images...)
-	$(IMAGE_BUILDER) build -f $(DOCKERFILE) -t $(IMAGE_TAG) $(CURPATH) $(IMAGE_BUILD_OPTS)
-	$(IMAGE_BUILDER) build -f $(DOCKERFILE_CONFIG_DAEMON) -t $(CONFIG_DAEMON_IMAGE_TAG) $(CURPATH) $(IMAGE_BUILD_OPTS)
-	$(IMAGE_BUILDER) build -f $(DOCKERFILE_WEBHOOK) -t $(WEBHOOK_IMAGE_TAG) $(CURPATH) $(IMAGE_BUILD_OPTS)
+	$(IMAGE_BUILDER) build -f $(DOCKERFILE) -t $(IMAGE_TAG) $(CURPATH) GOPROXY="$(GOPROXY)" $(IMAGE_BUILD_OPTS)
+	$(IMAGE_BUILDER) build -f $(DOCKERFILE_CONFIG_DAEMON) -t $(CONFIG_DAEMON_IMAGE_TAG) $(CURPATH) GOPROXY="$(GOPROXY)" $(IMAGE_BUILD_OPTS)
+	$(IMAGE_BUILDER) build -f $(DOCKERFILE_WEBHOOK) -t $(WEBHOOK_IMAGE_TAG) $(CURPATH) GOPROXY="$(GOPROXY)" $(IMAGE_BUILD_OPTS)
 
 # Run tests
 test: generate lint manifests envtest