diff --git a/addons/Dockerfile b/addons/Dockerfile
index a7a76cb5ec..13e612c34b 100644
--- a/addons/Dockerfile
+++ b/addons/Dockerfile
@@ -7,16 +7,19 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
-
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
 # Build the manager binary
 FROM $BUILDER_BASE_IMAGE as builder
 WORKDIR /workspace
 # Copy the go source
 COPY ./ ./
 
-
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod go mod download
 
 # Build
@@ -26,7 +29,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/r
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 COPY --from=builder /workspace/addons/bin/manager .
 USER nonroot:nonroot
diff --git a/addons/Makefile b/addons/Makefile
index c8d49c6a62..2e039f6044 100644
--- a/addons/Makefile
+++ b/addons/Makefile
@@ -17,6 +17,11 @@ IMG_DEFAULT_NAME_TAG := $(IMG_DEFAULT_NAME):latest
 
 IMG_VERSION_OVERRIDE ?= $(shell git describe --always --dirty --tags)
 
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 ifeq ($(strip $(OCI_REGISTRY)),)
 	IMG ?= $(IMG_DEFAULT_NAME):$(IMG_VERSION_OVERRIDE)
 else
@@ -87,7 +92,7 @@ run: fmt vet ## Run locally
 
 .PHONY: docker-build
 docker-build: ## Build the docker image
-	cd .. && docker build -t $(IMG) -f addons/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" .
+	cd .. && docker build -t $(IMG) -f addons/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" --build-arg DISTROLESS_BASE_IMAGE="$(DISTROLESS_BASE_IMAGE)" --build-arg GOPROXY="$(GOPROXY)" --build-arg GOSUMDB="$(GOSUMDB)" .
 
 .PHONY: docker-push
 docker-push: ## Push the docker image
diff --git a/capabilities/Makefile b/capabilities/Makefile
index dcab9b6078..43708b6f98 100644
--- a/capabilities/Makefile
+++ b/capabilities/Makefile
@@ -17,6 +17,11 @@ endif
 
 CRD_OPTIONS ?= "crd"
 
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 all: manager
 
 # Run tests
@@ -68,7 +73,7 @@ endif
 
 .PHONY: docker-build
 docker-build:
-	cd .. && docker build -t $(IMG) -f capabilities/controller/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" .
+	cd .. && docker build -t $(IMG) -f capabilities/controller/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" --build-arg DISTROLESS_BASE_IMAGE="$(DISTROLESS_BASE_IMAGE)" --build-arg GOPROXY="$(GOPROXY)" --build-arg GOSUMDB="$(GOSUMDB)" .
 
 .PHONY: docker-publish
 docker-publish: ## Publish docker image
diff --git a/capabilities/controller/Dockerfile b/capabilities/controller/Dockerfile
index f22cfa7803..2f20397dff 100644
--- a/capabilities/controller/Dockerfile
+++ b/capabilities/controller/Dockerfile
@@ -4,6 +4,7 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
 
 # Build the manager binary
 FROM $BUILDER_BASE_IMAGE as builder
@@ -17,6 +18,10 @@ COPY apis/ apis/
 COPY cli/runtime cli/runtime
 
 WORKDIR capabilities/controller
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod go mod download
 
 # Build
@@ -26,7 +31,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/r
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 COPY --from=builder /workspace/capabilities/controller/manager .
 USER nonroot:nonroot
diff --git a/featuregates/Makefile b/featuregates/Makefile
index babc98016f..0650af2c3f 100644
--- a/featuregates/Makefile
+++ b/featuregates/Makefile
@@ -17,6 +17,11 @@ endif
 
 CRD_OPTIONS ?= "crd"
 
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 all: manager
 
 # Run tests
@@ -34,7 +39,7 @@ run:
 
 .PHONY: docker-build
 docker-build: ## Build docker image
-	cd ../ && docker build -t $(IMG) -f featuregates/controller/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" .
+	cd ../ && docker build -t $(IMG) -f featuregates/controller/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" --build-arg DISTROLESS_BASE_IMAGE="$(DISTROLESS_BASE_IMAGE)" --build-arg GOPROXY="$(GOPROXY)" --build-arg GOSUMDB="$(GOSUMDB)" .
 
 .PHONY: docker-publish
 docker-publish: ## Publish docker image
diff --git a/featuregates/controller/Dockerfile b/featuregates/controller/Dockerfile
index e1a178dab3..f2b16440af 100644
--- a/featuregates/controller/Dockerfile
+++ b/featuregates/controller/Dockerfile
@@ -6,6 +6,7 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
 
 # Build the manager binary
 FROM $BUILDER_BASE_IMAGE as builder
@@ -21,6 +22,11 @@ COPY cli/runtime cli/runtime
 COPY capabilities/client capabilities/client
 
 WORKDIR featuregates/controller
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
+
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod go mod download
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
@@ -37,7 +43,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/r
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 COPY --from=builder /workspace/featuregates/controller/manager .
 USER nonroot:nonroot
diff --git a/object-propagation/Dockerfile b/object-propagation/Dockerfile
index 2a4c02e6c4..a8e082ec8c 100644
--- a/object-propagation/Dockerfile
+++ b/object-propagation/Dockerfile
@@ -7,6 +7,7 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
 
 # Build the manager binary
 FROM $BUILDER_BASE_IMAGE as builder
@@ -21,6 +22,10 @@ COPY object-propagation/go.mod object-propagation/go.mod
 COPY object-propagation/go.sum object-propagation/go.sum
 
 WORKDIR /workspace/object-propagation
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod go mod download
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
@@ -35,7 +40,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/r
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 COPY --from=builder /workspace/object-propagation/manager .
 USER nonroot:nonroot
diff --git a/object-propagation/Makefile b/object-propagation/Makefile
index 8d83ea0ee2..7999a705fd 100644
--- a/object-propagation/Makefile
+++ b/object-propagation/Makefile
@@ -15,6 +15,11 @@ else
 	IMG ?= $(OCI_REGISTRY)/$(IMG_DEFAULT_NAME):$(IMG_VERSION_OVERRIDE)
 endif
 
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 all: manager
 
 # Run tests
@@ -35,7 +40,7 @@ vet:
 
 .PHONY: docker-build
 docker-build: ## Build docker image
-	cd ../ && docker build -t $(IMG) -f object-propagation/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" .
+	cd ../ && docker build -t $(IMG) -f object-propagation/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" --build-arg DISTROLESS_BASE_IMAGE="$(DISTROLESS_BASE_IMAGE)" --build-arg GOPROXY="$(GOPROXY)" --build-arg GOSUMDB="$(GOSUMDB)" .
 
 .PHONY: docker-publish
 docker-publish: ## Publish docker image
diff --git a/pinniped-components/post-deploy/Dockerfile b/pinniped-components/post-deploy/Dockerfile
index 8b0508f413..d6f893f318 100644
--- a/pinniped-components/post-deploy/Dockerfile
+++ b/pinniped-components/post-deploy/Dockerfile
@@ -5,6 +5,7 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
 
 # Build the post-deploy binary
 FROM $BUILDER_BASE_IMAGE as builder
@@ -23,7 +24,10 @@ COPY post-deploy/cmd/ post-deploy/cmd/
 COPY post-deploy/pkg/ post-deploy/pkg/
 COPY post-deploy/Makefile post-deploy/Makefile
 #COPY .git/ .git/
-
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod make native -C post-deploy
 
 # Support older deployment YAMLs by providing symlink for the historic job name without -job.
@@ -32,7 +36,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/r
 RUN mkdir -p /tmp/links
 RUN ln -s /tkg-pinniped-post-deploy-job /tmp/links/tkg-pinniped-post-deploy
 
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 # Make sure to copy the symlink.
 COPY --from=builder /tmp/links/ .
diff --git a/pinniped-components/post-deploy/Makefile b/pinniped-components/post-deploy/Makefile
index 55b3893b21..718adaa6a1 100644
--- a/pinniped-components/post-deploy/Makefile
+++ b/pinniped-components/post-deploy/Makefile
@@ -10,6 +10,11 @@ GIT_VERSION ?= $(shell git describe --always --tags)
 GIT_REF_LONG = $(shell git rev-parse --verify HEAD)
 # Release version
 VERSION ?= $(GIT_VERSION)
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 
 .PHONY: test
 test: fmt vet ## Run tests
@@ -29,7 +34,7 @@ native: ## Build binary
 
 .PHONY: build-images
 build-images: ## Build tkg-pinniped-post-deploy docker images
-	VERSION=$(VERSION) ./hack/scripts/build-images.sh
+	VERSION=$(VERSION) DISTROLESS_BASE_IMAGE=$(DISTROLESS_BASE_IMAGE) ./hack/scripts/build-images.sh
 
 run:
 	go run ./cmd/job \
diff --git a/pinniped-components/post-deploy/hack/scripts/build-images.sh b/pinniped-components/post-deploy/hack/scripts/build-images.sh
index 38806e732a..d260f0c69b 100755
--- a/pinniped-components/post-deploy/hack/scripts/build-images.sh
+++ b/pinniped-components/post-deploy/hack/scripts/build-images.sh
@@ -20,14 +20,22 @@ FULL_IMAGE_TAR_NAME="${IMAGE_NAME}-${IMAGE_TAG}"
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 BUILDER_BASE_IMAGE="${BUILDER_BASE_IMAGE:-}"
+DISTROLESS_BASE_IMAGE="${DISTROLESS_BASE_IMAGE}"
+
 if [[ -z "${BUILDER_BASE_IMAGE}" ]];
 then
   docker build \
+    --build-arg DISTROLESS_BASE_IMAGE="${DISTROLESS_BASE_IMAGE}" \
+    --build-arg GOPROXY="${GOPROXY}" \
+    --build-arg GOSUMDB="${GOSUMDB}" \
     -t "${FULL_IMAGE_NAME}" \
     -f "${ROOT_DIR}"/Dockerfile ..
 else
   docker build \
     --build-arg BUILDER_BASE_IMAGE="${BUILDER_BASE_IMAGE}" \
+    --build-arg DISTROLESS_BASE_IMAGE="${DISTROLESS_BASE_IMAGE}" \
+    --build-arg GOPROXY="${GOPROXY}" \
+    --build-arg GOSUMDB="${GOSUMDB}" \
     -t "${FULL_IMAGE_NAME}" \
     -f "${ROOT_DIR}"/Dockerfile ..
 fi
diff --git a/pinniped-components/tanzu-auth-controller-manager/Dockerfile b/pinniped-components/tanzu-auth-controller-manager/Dockerfile
index 84a2bbde09..93f421be31 100644
--- a/pinniped-components/tanzu-auth-controller-manager/Dockerfile
+++ b/pinniped-components/tanzu-auth-controller-manager/Dockerfile
@@ -7,6 +7,7 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
 
 # Build the tanzu-auth-controller-manager binary
 FROM $BUILDER_BASE_IMAGE as builder
@@ -15,6 +16,10 @@ WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
 RUN  --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod go mod download
 
 # Copy the source
@@ -26,7 +31,7 @@ ARG LD_FLAGS
 ENV LD_FLAGS="$LD_FLAGS "'-extldflags "-static"'
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -ldflags "$LD_FLAGS" -o tanzu-auth-controller-manager .
 
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 COPY --from=builder /workspace/tanzu-auth-controller-manager .
 USER nonroot:nonroot
diff --git a/pinniped-components/tanzu-auth-controller-manager/Makefile b/pinniped-components/tanzu-auth-controller-manager/Makefile
index d9090075f7..5c8a3bb1c3 100644
--- a/pinniped-components/tanzu-auth-controller-manager/Makefile
+++ b/pinniped-components/tanzu-auth-controller-manager/Makefile
@@ -30,6 +30,11 @@ IMG_DEFAULT_NAME_TAG := $(IMG_DEFAULT_NAME):$(IMG_DEFAULT_TAG)
 
 IMG_VERSION_OVERRIDE ?= $(IMG_DEFAULT_TAG)
 
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 ifeq ($(strip $(OCI_REGISTRY)),)
 	IMG ?= $(IMG_DEFAULT_NAME):$(IMG_VERSION_OVERRIDE)
 else
@@ -38,7 +43,7 @@ endif
 
 .PHONY: docker-build
 docker-build: ## Build docker image
-	docker build -t $(IMG) -f Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" .
+	docker build -t $(IMG) -f Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" --build-arg DISTROLESS_BASE_IMAGE="$(DISTROLESS_BASE_IMAGE)" --build-arg GOPROXY="$(GOPROXY)" --build-arg GOSUMDB="$(GOSUMDB)" .
 
 .PHONY: docker-publish
 docker-publish: ## Publish docker image
diff --git a/pkg/v1/tkr/Dockerfile b/pkg/v1/tkr/Dockerfile
index 7d83033695..695ce193f3 100644
--- a/pkg/v1/tkr/Dockerfile
+++ b/pkg/v1/tkr/Dockerfile
@@ -5,6 +5,7 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
 
 # Build the manager binary
 FROM $BUILDER_BASE_IMAGE as builder
@@ -19,6 +20,10 @@ COPY pkg/v1/tkr/go.mod pkg/v1/tkr/go.mod
 COPY pkg/v1/tkr/go.sum pkg/v1/tkr/go.sum
 
 WORKDIR /workspace/pkg/v1/tkr
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod go mod download
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
@@ -33,7 +38,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/r
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 COPY --from=builder /workspace/pkg/v1/tkr/manager .
 USER nonroot:nonroot
diff --git a/pkg/v1/tkr/Makefile b/pkg/v1/tkr/Makefile
index ac92ce26c4..f976903797 100644
--- a/pkg/v1/tkr/Makefile
+++ b/pkg/v1/tkr/Makefile
@@ -6,6 +6,11 @@ include ../../../common.mk
 IMG ?= tkr-controller-manager:latest
 CRD_OPTIONS ?= "crd"
 
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 all: manager
 
 # Run tests
@@ -61,4 +66,4 @@ fakes: ## Generate fake files for go unit tests
 
 .PHONY: docker-build
 docker-build:
-	cd ../../../ && docker build -t $(IMG) -f pkg/v1/tkr/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" .
+	cd ../../../ && docker build -t $(IMG) -f pkg/v1/tkr/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" --build-arg DISTROLESS_BASE_IMAGE="$(DISTROLESS_BASE_IMAGE)" --build-arg GOPROXY="$(GOPROXY)" --build-arg GOSUMDB="$(GOSUMDB)" .
diff --git a/tkg/vsphere-template-resolver/Dockerfile b/tkg/vsphere-template-resolver/Dockerfile
index b7794ae350..b22f545eb2 100644
--- a/tkg/vsphere-template-resolver/Dockerfile
+++ b/tkg/vsphere-template-resolver/Dockerfile
@@ -5,6 +5,7 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
 
 # Build the manager binary
 FROM $BUILDER_BASE_IMAGE as builder
@@ -27,6 +28,10 @@ COPY tkg/go.mod tkg/go.mod
 COPY tkg/go.sum tkg/go.sum
 
 WORKDIR /workspace/tkg
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod go mod download
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
@@ -41,7 +46,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/r
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 COPY --from=builder /workspace/tkg/manager .
 USER nonroot:nonroot
diff --git a/tkg/vsphere-template-resolver/Makefile b/tkg/vsphere-template-resolver/Makefile
index 1792d636dd..7b733ef358 100644
--- a/tkg/vsphere-template-resolver/Makefile
+++ b/tkg/vsphere-template-resolver/Makefile
@@ -9,6 +9,11 @@ IMG_DEFAULT_NAME_TAG := $(IMG_DEFAULT_NAME):$(IMG_DEFAULT_TAG)
 
 IMG_VERSION_OVERRIDE ?= $(IMG_DEFAULT_TAG)
 
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 ifeq ($(strip $(OCI_REGISTRY)),)
 	IMG ?= $(IMG_DEFAULT_NAME):$(IMG_VERSION_OVERRIDE)
 else
@@ -35,7 +40,7 @@ vet:
 
 .PHONY: docker-build
 docker-build: ## Build docker image
-	cd ../../ && docker build -t $(IMG) -f tkg/vsphere-template-resolver/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" .
+	cd ../../ && docker build -t $(IMG) -f tkg/vsphere-template-resolver/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" --build-arg DISTROLESS_BASE_IMAGE="$(DISTROLESS_BASE_IMAGE)" --build-arg GOPROXY="$(GOPROXY)" --build-arg GOSUMDB="$(GOSUMDB)" .
 
 .PHONY: docker-publish
 docker-publish: ## Publish docker image
diff --git a/tkr/controller/tkr-source/Dockerfile b/tkr/controller/tkr-source/Dockerfile
index e70a34ccfe..f60195f561 100644
--- a/tkr/controller/tkr-source/Dockerfile
+++ b/tkr/controller/tkr-source/Dockerfile
@@ -5,6 +5,7 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
 
 # Build the manager binary
 FROM $BUILDER_BASE_IMAGE as builder
@@ -28,6 +29,12 @@ COPY tkr/go.sum tkr/go.sum
 
 WORKDIR /workspace/tkr
 
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
+
+
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod go mod download
 
 # cache deps before building and copying source so that we don't need to re-download as much
@@ -45,7 +52,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/r
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 COPY --from=builder /workspace/tkr/manager .
 USER nonroot:nonroot
diff --git a/tkr/controller/tkr-source/Makefile b/tkr/controller/tkr-source/Makefile
index 3337e44ae0..abe8fcadbe 100644
--- a/tkr/controller/tkr-source/Makefile
+++ b/tkr/controller/tkr-source/Makefile
@@ -9,6 +9,11 @@ IMG_DEFAULT_NAME_TAG := $(IMG_DEFAULT_NAME):$(IMG_DEFAULT_TAG)
 
 IMG_VERSION_OVERRIDE ?= $(IMG_DEFAULT_TAG)
 
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 ifeq ($(strip $(OCI_REGISTRY)),)
 	IMG ?= $(IMG_DEFAULT_NAME):$(IMG_VERSION_OVERRIDE)
 else
@@ -35,7 +40,7 @@ vet:
 
 .PHONY: docker-build
 docker-build: ## Build docker image
-	cd ../../../ && docker build -t $(IMG) -f tkr/controller/tkr-source/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" .
+	cd ../../../ && docker build -t $(IMG) -f tkr/controller/tkr-source/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" --build-arg DISTROLESS_BASE_IMAGE="$(DISTROLESS_BASE_IMAGE)" --build-arg GOPROXY="$(GOPROXY)" --build-arg GOSUMDB="$(GOSUMDB)" .
 
 .PHONY: docker-publish
 docker-publish: ## Publish docker image
diff --git a/tkr/controller/tkr-status/Dockerfile b/tkr/controller/tkr-status/Dockerfile
index a7fb2376a5..9a48954705 100644
--- a/tkr/controller/tkr-status/Dockerfile
+++ b/tkr/controller/tkr-status/Dockerfile
@@ -5,6 +5,7 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
 
 # Build the manager binary
 FROM $BUILDER_BASE_IMAGE as builder
@@ -19,6 +20,10 @@ COPY tkr/go.mod tkr/go.mod
 COPY tkr/go.sum tkr/go.sum
 
 WORKDIR /workspace/tkr
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod go mod download
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
@@ -33,7 +38,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/r
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 COPY --from=builder /workspace/tkr/manager .
 USER nonroot:nonroot
diff --git a/tkr/controller/tkr-status/Makefile b/tkr/controller/tkr-status/Makefile
index 2e4d78847e..7831739ca3 100644
--- a/tkr/controller/tkr-status/Makefile
+++ b/tkr/controller/tkr-status/Makefile
@@ -15,6 +15,11 @@ else
 	IMG ?= $(OCI_REGISTRY)/$(IMG_DEFAULT_NAME):$(IMG_VERSION_OVERRIDE)
 endif
 
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 all: manager
 
 # Run tests
@@ -35,7 +40,7 @@ vet:
 
 .PHONY: docker-build
 docker-build: ## Build docker image
-	cd ../../../ && docker build -t $(IMG) -f tkr/controller/tkr-status/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" .
+	cd ../../../ && docker build -t $(IMG) -f tkr/controller/tkr-status/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" --build-arg DISTROLESS_BASE_IMAGE="$(DISTROLESS_BASE_IMAGE)" --build-arg GOPROXY="$(GOPROXY)" --build-arg GOSUMDB="$(GOSUMDB)" .
 
 .PHONY: docker-publish
 docker-publish: ## Publish docker image
diff --git a/tkr/webhook/cluster/tkr-resolver/Dockerfile b/tkr/webhook/cluster/tkr-resolver/Dockerfile
index f5974a980b..b32f472b50 100644
--- a/tkr/webhook/cluster/tkr-resolver/Dockerfile
+++ b/tkr/webhook/cluster/tkr-resolver/Dockerfile
@@ -6,6 +6,7 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
 
 # Build the manager binary
 FROM $BUILDER_BASE_IMAGE as builder
@@ -20,7 +21,12 @@ COPY tkr/go.mod tkr/go.mod
 COPY tkr/go.sum tkr/go.sum
 
 WORKDIR /workspace/tkr
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod go mod download
+
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
 
@@ -34,7 +40,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/r
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 COPY --from=builder /workspace/tkr/manager .
 USER nonroot:nonroot
diff --git a/tkr/webhook/cluster/tkr-resolver/Makefile b/tkr/webhook/cluster/tkr-resolver/Makefile
index 25e3e03130..428b48ca99 100644
--- a/tkr/webhook/cluster/tkr-resolver/Makefile
+++ b/tkr/webhook/cluster/tkr-resolver/Makefile
@@ -15,6 +15,11 @@ else
 	IMG ?= $(OCI_REGISTRY)/$(IMG_DEFAULT_NAME):$(IMG_VERSION_OVERRIDE)
 endif
 
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 all: manager
 
 # Run tests
@@ -35,7 +40,7 @@ vet:
 
 .PHONY: docker-build
 docker-build: ## Build docker image
-	cd ../../../../ && docker build -t $(IMG) -f tkr/webhook/cluster/tkr-resolver/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" .
+	cd ../../../../ && docker build -t $(IMG) -f tkr/webhook/cluster/tkr-resolver/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" --build-arg DISTROLESS_BASE_IMAGE="$(DISTROLESS_BASE_IMAGE)" --build-arg GOPROXY="$(GOPROXY)" --build-arg GOSUMDB="$(GOSUMDB)" .
 
 .PHONY: docker-publish
 docker-publish: ## Publish docker image
diff --git a/tkr/webhook/tkr-conversion/Dockerfile b/tkr/webhook/tkr-conversion/Dockerfile
index e527dad410..4049f71f5c 100644
--- a/tkr/webhook/tkr-conversion/Dockerfile
+++ b/tkr/webhook/tkr-conversion/Dockerfile
@@ -7,6 +7,8 @@
 # Build from publicly reachable source by default, but allow people to re-build images on
 # top of their own trusted images.
 ARG BUILDER_BASE_IMAGE=golang:1.18
+ARG DISTROLESS_BASE_IMAGE=gcr.io/distroless/static:nonroot
+
 
 # Build the manager binary
 FROM $BUILDER_BASE_IMAGE as builder
@@ -21,6 +23,10 @@ COPY tkr/go.mod tkr/go.mod
 COPY tkr/go.sum tkr/go.sum
 
 WORKDIR /workspace/tkr
+ARG GOSUMDB
+ARG GOPROXY
+ENV GOSUMDB=$GOSUMDB
+ENV GOPROXY=$GOPROXY
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.local/share/golang --mount=type=cache,target=/go/pkg/mod go mod download
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
@@ -35,7 +41,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/r
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM $DISTROLESS_BASE_IMAGE
 WORKDIR /
 COPY --from=builder /workspace/tkr/manager .
 USER nonroot:nonroot
diff --git a/tkr/webhook/tkr-conversion/Makefile b/tkr/webhook/tkr-conversion/Makefile
index 945a497b16..5f32da94bc 100644
--- a/tkr/webhook/tkr-conversion/Makefile
+++ b/tkr/webhook/tkr-conversion/Makefile
@@ -15,6 +15,11 @@ else
 	IMG ?= $(OCI_REGISTRY)/$(IMG_DEFAULT_NAME):$(IMG_VERSION_OVERRIDE)
 endif
 
+#Adding Support for GOPROXY and GOSUMDB
+GOPROXY ?= "https://proxy.golang.org,direct"
+GOSUMDB ?= off
+DISTROLESS_BASE_IMAGE ?= gcr.io/distroless/static:nonroot
+
 all: manager
 
 # Run tests
@@ -35,7 +40,7 @@ vet:
 
 .PHONY: docker-build
 docker-build: ## Build docker image
-	cd ../../../ && docker build -t $(IMG) -f tkr/webhook/tkr-conversion/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" .
+	cd ../../../ && docker build -t $(IMG) -f tkr/webhook/tkr-conversion/Dockerfile --build-arg LD_FLAGS="$(LD_FLAGS)" --build-arg DISTROLESS_BASE_IMAGE="$(DISTROLESS_BASE_IMAGE)" --build-arg GOPROXY="$(GOPROXY)" --build-arg GOSUMDB="$(GOSUMDB)" .
 
 .PHONY: docker-publish
 docker-publish: ## Publish docker image