Images: Rework. (1/3)

Makefile

@@ -232,19 +232,21 @@ misspell:  ## Check for spelling errors.
 run-ingress-controller: ## Run the ingress controller locally using a kubectl proxy connection.
 	@build/run-ingress-controller.sh
 
-.PHONY: ensure-buildx
-ensure-buildx:
-	./hack/init-buildx.sh
+.PHONY: builder
+builder:
+	docker buildx create --name $(BUILDER) --bootstrap --use || :
+	docker buildx inspect $(BUILDER)
 
 .PHONY: show-version
 show-version:
 	echo -n $(TAG)
 
+BUILDER ?= ingress-nginx
 PLATFORMS ?= amd64 arm arm64
 BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64
 
 .PHONY: release # Build a multi-arch docker image
-release: ensure-buildx clean
+release: builder clean
 	echo "Building binaries..."
 	$(foreach PLATFORM,$(PLATFORMS), echo -n "$(PLATFORM)..."; ARCH=$(PLATFORM) make build;)
 

cloudbuild.yaml

@@ -2,13 +2,11 @@ options:
   # Ignore Prow provided substitutions.
   substitution_option: ALLOW_LOOSE
 steps:
-  - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d
-    env:
-      - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx
-      - REPO_INFO=https://github.com/kubernetes/ingress-nginx
-      - COMMIT_SHA=${_PULL_BASE_SHA}
-      - BUILD_ID=${BUILD_ID}
-    entrypoint: bash
-    args:
-      - -c
-      - gcloud auth configure-docker && make release
+- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d
+  env:
+  - REPO_INFO=https://github.com/kubernetes/ingress-nginx
+  - COMMIT_SHA=${_PULL_BASE_SHA}
+  - BUILD_ID=${BUILD_ID}
+  entrypoint: make
+  args:
+  - release

images/Makefile

@@ -1,4 +1,4 @@
-# Copyright 2024 The Kubernetes Authors.
+# Copyright 2025 The Kubernetes Authors. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,75 +12,51 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-.DEFAULT_GOAL:=build
-
-# set default shell
-SHELL=/bin/bash -o pipefail -o errexit
-
-DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
-INIT_BUILDX=$(DIR)/../hack/init-buildx.sh
-
-
-BASE_IMAGE = $(shell cat $(DIR)/../NGINX_BASE)
-
-# The env below is called GO_VERSION and not GOLANG_VERSION because 
-# the gcb image we use to build already defines GOLANG_VERSION and is a 
-# really old version
-GO_VERSION = $(shell cat $(DIR)/../GOLANG_VERSION)
-
-REGISTRY ?= local
 NAME ?=
 
-IMAGE = $(REGISTRY)/$(NAME)
+BUILDER ?= ingress-nginx
+PLATFORMS ?= linux/amd64,linux/arm,linux/arm64
+REGISTRY ?= us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx
+IMAGE ?= $(REGISTRY)/$(NAME)
 TAG ?= $(shell cat $(NAME)/TAG)
 
+DIR = $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+BASE_IMAGE ?= $(shell cat $(DIR)/../NGINX_BASE)
+GOLANG_VERSION ?= $(shell cat $(DIR)/../GOLANG_VERSION)
 EXTRAARGS ?= $(shell cat $(NAME)/EXTRAARGS)
 
+.PHONY: builder
+builder:
+	docker buildx create --name $(BUILDER) --bootstrap || :
+	docker buildx inspect $(BUILDER)
 
-# required to enable buildx
-export DOCKER_CLI_EXPERIMENTAL=enabled
-
-# build with buildx
-PLATFORMS?=linux/amd64,linux/arm,linux/arm64
-OUTPUT=
-PROGRESS=plain
-
-
-precheck:
-ifndef NAME
-	$(error NAME variable is required)
-endif
-
-build: precheck ensure-buildx
+.PHONY: build
+build: builder
 	docker buildx build \
-		--label=org.opencontainers.image.source=https://github.com/kubernetes/ingress-nginx \
-		--label=org.opencontainers.image.licenses=Apache-2.0 \
-		--label=org.opencontainers.image.description="Ingress NGINX $(NAME) image" \
+		--builder $(BUILDER) \
+		--platform $(PLATFORMS) \
+		--label org.opencontainers.image.description="Ingress NGINX $(NAME)" \
+		--label org.opencontainers.image.source="https://github.com/kubernetes/ingress-nginx" \
+		--label org.opencontainers.image.licenses="Apache-2.0" \
 		--build-arg BASE_IMAGE=$(BASE_IMAGE) \
-		--build-arg GOLANG_VERSION=$(GO_VERSION) \
-		--platform=${PLATFORMS} $(OUTPUT) \
-		--progress=$(PROGRESS) \
-		--pull $(EXTRAARGS) \
-		-t $(IMAGE):$(TAG) $(NAME)/rootfs
-
-# push the cross built image
-push: OUTPUT=--push
+		--build-arg GOLANG_VERSION=$(GOLANG_VERSION) \
+		$(EXTRAARGS) \
+		$(NAME)/rootfs \
+		--tag $(IMAGE):$(TAG) \
+		$(OUTPUT)
+
+.PHONY: push
+push: OUTPUT = --push
 push: build
 
-test: precheck
+.PHONY: test
+test:
 	cd $(NAME)/rootfs && go test ./...
 
-test-e2e: precheck
-	cd $(NAME) && ./hack/e2e.sh
-
-# enable buildx
-ensure-buildx:
-# this is required for cloudbuild
-ifeq ("$(wildcard $(INIT_BUILDX))","")
-	@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash
-else
-	@exec $(INIT_BUILDX)
-endif
-	@echo "done"
+.PHONY: test-e2e
+test-e2e:
+	cd $(NAME) && hack/e2e.sh
 
-.PHONY: build push ensure-buildx test test-e2e precheck
+.PHONY: clean
+clean:
+	docker buildx rm $(BUILDER) || :

images/nginx/Makefile

@@ -1,4 +1,4 @@
-# Copyright 2024 The Kubernetes Authors. All rights reserved.
+# Copyright 2025 The Kubernetes Authors. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,48 +12,37 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-.DEFAULT_GOAL:=build
-
-# set default shell
-SHELL=/bin/bash -o pipefail -o errexit
-
-DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
-INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
-
-# 0.0.0 shouldn't clobber any released builds
-SHORT_SHA ?=$(shell git rev-parse --short HEAD)
-TAG ?=$(shell cat TAG)
-
+BUILDER ?= ingress-nginx
+PLATFORMS ?= linux/amd64,linux/arm,linux/arm64
 REGISTRY ?= us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx
+IMAGE ?= $(REGISTRY)/nginx
+TAG ?= $(shell cat TAG)
 
-IMAGE = $(REGISTRY)/nginx
-
-# required to enable buildx
-export DOCKER_CLI_EXPERIMENTAL=enabled
+.PHONY: builder
+builder:
+	docker buildx create --name $(BUILDER) --bootstrap || :
+	docker buildx inspect $(BUILDER)
 
-# build with buildx
-PLATFORMS?=linux/amd64,linux/arm,linux/arm64
-OUTPUT=
-PROGRESS=plain
-build: ensure-buildx
+.PHONY: build
+build: builder
 	docker buildx build \
-		--platform=${PLATFORMS} $(OUTPUT) \
-		--progress=$(PROGRESS) \
-		--pull \
-		--tag $(IMAGE):$(TAG) rootfs
+		--builder $(BUILDER) \
+		--platform $(PLATFORMS) \
+		rootfs \
+		--tag $(IMAGE):$(TAG)
 
-# push the cross built image
-push: OUTPUT=--push
+# Pushing in the `build` target does not work as authentication times out after one hour.
+#
+# Therefore we need to build and push in separate commands.
+.PHONY: push
 push: build
-
-# enable buildx
-ensure-buildx:
-# this is required for cloudbuild
-ifeq ("$(wildcard $(INIT_BUILDX))","")
-	@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash
-else
-	@exec $(INIT_BUILDX)
-endif
-	@echo "done"
-
-.PHONY: build push ensure-buildx
+	docker buildx build \
+		--builder $(BUILDER) \
+		--platform $(PLATFORMS) \
+		rootfs \
+		--tag $(IMAGE):$(TAG) \
+		--push
+
+.PHONY: clean
+clean:
+	docker buildx rm $(BUILDER) || :

images/nginx/cloudbuild.yaml

@@ -4,11 +4,9 @@ options:
   # Ignore Prow provided substitutions.
   substitution_option: ALLOW_LOOSE
 steps:
-  - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d
-    env:
-      - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx
-    entrypoint: bash
-    args:
-      - -c
-      - gcloud auth configure-docker && cd images/nginx && make push
+- name: gcr.io/cloud-builders/docker
+  dir: images/nginx
+  entrypoint: make
+  args:
+  - push
 timeout: 7200s

images/nginx/rootfs/Dockerfile

@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM alpine:3.21 as builder
+FROM alpine:3.21 AS builder
 
 COPY . /
 

images/nginx/rootfs/build.sh

@@ -180,10 +180,6 @@ apk add \
 
 # apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/testing opentelemetry-cpp-dev
 
-# There is some bug with some platforms and git, so force HTTP/1.1
-git config --global http.version HTTP/1.1
-git config --global http.postBuffer 157286400
-
 mkdir -p /etc/nginx
 
 mkdir --verbose -p "$BUILD_PATH"