Use rsync to get source into build container

We also add "version" to all docker images and containers

This version is to be incremented manually when we change the shape of the build
image (like changing the golang version or the set of volumes in the data
container).  This will delete all older versions of images and containers when
the version is different.

build/build-image/Dockerfile

@@ -15,6 +15,8 @@
 # This file creates a standard build environment for building Kubernetes
 FROM gcr.io/google_containers/kube-cross:KUBE_BUILD_IMAGE_CROSS_TAG
 
+ADD localtime /etc/localtime
+
 # Mark this as a kube-build container
 RUN touch /kube-build-image
 
@@ -25,19 +27,13 @@ RUN chmod -R a+rwx /usr/local/go/pkg ${K8S_PATCHED_GOROOT}/pkg
 # of operations.
 ENV HOME /go/src/k8s.io/kubernetes
 WORKDIR ${HOME}
-# We have to mkdir the dirs we need, or else Docker will create them when we
-# mount volumes, and it will create them with root-only permissions.  The
-# explicit chmod of _output is required, but I can't really explain why.
-RUN mkdir -p ${HOME} ${HOME}/_output \
-    && chmod -R a+rwx ${HOME} ${HOME}/_output
-
-# Propagate the git tree version into the build image
-ADD kube-version-defs /kube-version-defs
-RUN chmod a+r /kube-version-defs
-ENV KUBE_GIT_VERSION_FILE /kube-version-defs
 
 # Make output from the dockerized build go someplace else
 ENV KUBE_OUTPUT_SUBPATH _output/dockerized
 
-# Upload Kubernetes source
-ADD kube-source.tar.gz /go/src/k8s.io/kubernetes/
+# Pick up version stuff here as we don't copy our .git over.
+ENV KUBE_GIT_VERSION_FILE ${HOME}/.dockerized-kube-version-defs
+
+ADD rsyncd.password /
+RUN chmod a+r /rsyncd.password
+ADD rsyncd.sh /

build/build-image/rsyncd.sh

@@ -0,0 +1,83 @@
+#!/bin/bash
+
+# Copyright 2016 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script will set up and run rsyncd to allow data to move into and out of
+# our dockerized build system.  This is used for syncing sources and changes of
+# sources into the docker-build-container.  It is also used to transfer built binaries
+# and generated files back out.
+#
+# When run as root (rare) it'll preserve the file ids as sent from the client.
+# Usually it'll be run as non-dockerized UID/GID and end up translating all file
+# ownership to that.
+
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# The directory that gets sync'd
+VOLUME=${HOME}
+
+# Assume that this is running in Docker on a bridge.  Allow connections from
+# anything on the local subnet.
+ALLOW=$(ip route | awk  '/^default via/ { reg = "^[0-9./]+ dev "$5 } ; $0 ~ reg { print $1 }')
+
+CONFDIR="/tmp/rsync.k8s"
+PIDFILE="${CONFDIR}/rsyncd.pid"
+CONFFILE="${CONFDIR}/rsyncd.conf"
+SECRETS="${CONFDIR}/rsyncd.secrets"
+
+mkdir -p "${CONFDIR}"
+
+if [[ -f "${PIDFILE}" ]]; then
+  PID=$(cat "${PIDFILE}")
+  echo "Cleaning up old PID file: ${PIDFILE}"
+  kill $PID &> /dev/null || true
+  rm "${PIDFILE}"
+fi
+
+PASSWORD=$(</rsyncd.password)
+
+cat <<EOF >"${SECRETS}"
+k8s:${PASSWORD}
+EOF
+chmod go= "${SECRETS}"
+
+USER_CONFIG=
+if [[ "$(id -u)" == "0" ]]; then
+  USER_CONFIG="  uid = 0"$'\n'"  gid = 0"
+fi
+
+cat <<EOF >"${CONFFILE}"
+pid file = ${PIDFILE}
+use chroot = no
+log file = /dev/stdout
+reverse lookup = no
+munge symlinks = no
+port = 8730
+[k8s]
+  numeric ids = true
+  $USER_CONFIG
+  hosts deny = *
+  hosts allow = ${ALLOW}
+  auth users = k8s
+  secrets file = ${SECRETS}
+  read only = false
+  path = ${VOLUME}
+  filter = - /.make/ - /.git/ - /_tmp/
+EOF
+
+exec /usr/bin/rsync --no-detach --daemon --config="${CONFFILE}" "$@"