Golang Dockerfile build dial tcp: lookup timeout报错解决方案

1、问题

构建fluentbit-operator工程manager模块docker镜像时报如下错误：

.......
Step 5/15 : RUN go mod download
 ---> Running in c54961171660
go: github.com/fsnotify/fsnotify@v1.4.9: Get "https://proxy.golang.org/github.com/fsnotify/fsnotify/@v/v1.4.9.mod": dial tcp: lookup proxy.golang.org on 114.114.114.114:53: read udp 172.17.0.3:56122->114.114.114.114:53: i/o timeout
The command '/bin/sh -c go mod download' returned a non-zero code: 1

由于github.com被墙了需要在Dockerfile里面配置go proxy（加上第四行、第五行）。

# Build the manager binary
FROM golang:1.16 as builder
 
ENV GO111MODULE=on
ENV GOPROXY=https://goproxy.cn
WORKDIR /workspace
# Copy the Go Modules manifests
COPY go.mod go.mod
COPY go.sum go.sum
# cache deps before building and copying source so that we don't need to re-download as much
# and so that source changes don't invalidate our downloaded layer
RUN go mod download
 
# Copy the go source
COPY cmd/manager/main.go main.go
COPY api api/
COPY controllers controllers/
COPY pkg pkg/
 
# Build
RUN CGO_ENABLED=0 GO111MODULE=on go build -a -o manager main.go
 
# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
FROM gcr.io/distroless/static:nonroot
WORKDIR /
COPY --from=builder /workspace/manager .
USER nonroot:nonroot
 
ENTRYPOINT ["/manager"]

注意：也可以配置GOPROXY=https://goproxy.io，但是推荐使用七牛云的“goproxy.cn”，因为“goproxy.io”也不一定可用。对于golang 1.13及以上版本，可直接如下这样：

1	`ENV GOPROXY=https://goproxy.cn,direct`

本来以为配置上go proxy后问题就解决了，没想到还是报错，错误如下：

.........
Step 6/16 : RUN go mod download
 ---> Running in 2184a16931ce
go: github.com/fsnotify/fsnotify@v1.4.9: Get "https://goproxy.cn/github.com/fsnotify/fsnotify/@v/v1.4.9.mod": dial tcp: lookup goproxy.cn on 114.114.114.114:53: read udp 172.17.0.3:57878->114.114.114.114:53: i/o timeout
The command '/bin/sh -c go mod download' returned a non-zero code: 1　　

2、解决方案

build的时候走到下载mod包会报错：go: github.com/fsnotify/fsnotify@v1.4.9: Get "https://goproxy.cn/github.com/fsnotify/fsnotify/@v/v1.4.9.mod": dial tcp: lookup goproxy.cn on 114.114.114.114:53: read udp 172.17.0.3:57936->114.114.114.114:53: i/o timeout。

开始以为代理问题，然后又怀疑DNS问题，最终排除了这两个部分，于是猜测容器里是不是不通外网？

还真是如此。

因为之前的build指令没有特殊指定网络，所以修正指令后如下：

1	`docker build --network host -f cmd/manager/Dockerfile -t fluentbit-operator:v3.0.2 .`

可以正常构建出镜像，注意即使加了--network host也需要给Dockerfile配置上go proxy,不然还会一直卡在go mod download这步。

[root@master1 fluentbit-operator]# docker build --network host -f cmd/manager/Dockerfile -t fluentbit-operator:v3.0.2 .
Sending build context to Docker daemon  3.433MB
Step 1/16 : FROM golang:1.16 as builder
 ---> 6c29725f0797
Step 2/16 : ENV GOPROXY=https://goproxy.cn,direct
 ---> Using cache
 ---> a42da36b2133
Step 3/16 : WORKDIR /workspace
 ---> Using cache
 ---> e94a28a954c8
Step 4/16 : COPY go.mod go.mod
 ---> Using cache
 ---> 46efc36bbe79
Step 5/16 : COPY go.sum go.sum
 ---> Using cache
 ---> 464a81322ee1
Step 6/16 : RUN go mod download
 ---> Running in 575c4b3c913b
Removing intermediate container 575c4b3c913b
 ---> d8bc52ee4e88
Step 7/16 : COPY cmd/manager/main.go main.go
 ---> 6692d247a63b
Step 8/16 : COPY api api/
 ---> 08e68ab13c7f
Step 9/16 : COPY controllers controllers/
 ---> 1cd6b203dfcf
Step 10/16 : COPY pkg pkg/
 ---> 3d5139bbca0c
Step 11/16 : RUN CGO_ENABLED=0 GO111MODULE=on go build -a -o manager main.go
 ---> Running in e7a230f68fa6
Removing intermediate container e7a230f68fa6
 ---> 0fc2cac8c59e
Step 12/16 : FROM katanomi/distroless-static:nonroot
 ---> 421f180b71d8
Step 13/16 : WORKDIR /
 ---> Running in 3b48c7462db1
Removing intermediate container 3b48c7462db1
 ---> e36670f657b6
Step 14/16 : COPY --from=builder /workspace/manager .
 ---> bfb2e41c4d55
Step 15/16 : USER nonroot:nonroot
 ---> Running in 7b036773eaa7
Removing intermediate container 7b036773eaa7
 ---> ca18c6d94eff
Step 16/16 : ENTRYPOINT ["/manager"]
 ---> Running in 0c5b4fc7fc85
Removing intermediate container 0c5b4fc7fc85
 ---> 8b625f2b5f13
Successfully built 8b625f2b5f13
Successfully tagged fluentbit-operator:v3.0.2