Run builds as the calling user

This means no 'sudo' is needed to copy files out.

build/build-image/Dockerfile

@@ -18,7 +18,14 @@ FROM gcr.io/google_containers/kube-cross:KUBE_BUILD_IMAGE_CROSS_TAG
 # Mark this as a kube-build container
 RUN touch /kube-build-image
 
-WORKDIR /go/src/k8s.io/kubernetes
+# TO run as non-root we sometimes need to rebuild go stdlib packages.
+RUN chmod -R a+rwx /usr/local/go/pkg
+
+# The kubernetes source is expected to be mounted here.  This will be the base
+# of operations.
+ENV HOME /go/src/k8s.io/kubernetes
+WORKDIR ${HOME}
+RUN chmod -R a+rwx ${HOME}
 
 # Propagate the git tree version into the build image
 ADD kube-version-defs /kube-version-defs

build/common.sh

@@ -565,6 +565,7 @@ function kube::build::ensure_data_container() {
       "${DOCKER[@]}" run
       "${DOCKER_DATA_MOUNT_ARGS[@]}"
       --name "${KUBE_BUILD_DATA_CONTAINER_NAME}"
+      --user "$(id -u):$(id -g)"
       "${KUBE_BUILD_IMAGE}"
       true
     )
@@ -583,6 +584,7 @@ function kube::build::run_build_command() {
 
   local -a docker_run_opts=(
     "--name=${KUBE_BUILD_CONTAINER_NAME}"
+    "--user=$(id -u):$(id -g)"
     "${DOCKER_MOUNT_ARGS[@]}"
   )
 
@@ -635,9 +637,10 @@ function kube::build::copy_output() {
     # Bug: https://github.com/docker/docker/pull/8509
     local -a docker_run_opts=(
       "--name=${KUBE_BUILD_CONTAINER_NAME}"
-       "${DOCKER_MOUNT_ARGS[@]}"
-       -d
-      )
+      "--user=$(id -u):$(id -g)"
+      "${DOCKER_MOUNT_ARGS[@]}"
+      -d
+    )
 
     local -ra docker_cmd=(
       "${DOCKER[@]}" run "${docker_run_opts[@]}" "${KUBE_BUILD_IMAGE}"