let kubeprod create the dns zone

vmware-archive · Nov 10, 2018 · a430a75 · a430a75
1 parent 1a2ad9b
commit a430a75
Showing 1 changed file with 18 additions and 23 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -84,15 +84,15 @@ String gcpLabel(String s) {
     s.replaceAll(/[^a-zA-Z0-9_-]+/, '-').toLowerCase().take(62)
 }
 
-def runIntegrationTest(String description, String kubeprodArgs, String ginkgoArgs, Closure setup) {
+def runIntegrationTest(String description, String kubeprodArgs, String ginkgoArgs, Closure clusterSetup, Closure dnsSetup) {
     timeout(120) {
         // Regex of tests that are temporarily skipped.  Empty-string
         // to run everything.  Include pointers to tracking issues.
         def skip = ''
 
         withEnv(["KUBECONFIG=${env.WORKSPACE}/.kubeconf"]) {
 
-            setup()
+            clusterSetup()
 
             withEnv(["PATH+KTOOL=${tool 'kubectl'}"]) {
                 sh "kubectl version; kubectl cluster-info"
@@ -307,24 +307,13 @@ az aks create                      \
 
                                             sh "az aks get-credentials --name ${clusterName} --resource-group ${resourceGroup} --admin --file \$KUBECONFIG"
 
-                                            // create dns zone
-                                            sh "az network dns zone create --name ${dnsZone} --resource-group ${resourceGroup} --tags 'platform=${platform}' 'branch=${BRANCH_NAME}' 'build=${BUILD_URL}'"
-
-                                            // update SOA record for quicker updates
-                                            sh "az network dns record-set soa update --resource-group ${resourceGroup} --zone-name ${dnsZone} --expire-time 60 --retry-time 60 --refresh-time 60 --minimum-ttl 60"
-
-                                            // update glue records in parent zone
-                                            def nameServers = sh(returnStdout: true, script: "az network dns zone show --name ${dnsZone} --resource-group ${resourceGroup} --query nameServers")
-                                            insertGlueRecords(dnsPrefix, nameServers, "60", parentZone, parentZoneResourceGroup)
-
                                             waitForRollout("kube-system", 30)
                                         }
 
                                         // Reuse this service principal for externalDNS and oauth2.  A real (paranoid) production setup would use separate minimal service principals here.
                                         withCredentials([azureServicePrincipal('jenkins-bkpr-contributor-sp')]) {
                                             // NB: writeJSON doesn't work without approvals(?)
                                             // See https://issues.jenkins-ci.org/browse/JENKINS-44587
-
                                             writeFile([file: 'kubeprod-autogen.json', text: """
 {
   "dnsZone": "${dnsZone}",
@@ -354,6 +343,12 @@ az aks create                      \
 """
                                             ])
                                         }
+                                    }{
+                                        // update glue records in parent zone
+                                        container('az') {
+                                            def nameServers = sh(returnStdout: true, script: "az network dns zone show --name ${dnsZone} --resource-group ${resourceGroup} --query nameServers")
+                                            insertGlueRecords(dnsPrefix, nameServers, "60", parentZone, parentZoneResourceGroup)
+                                        }
                                     }
                                 }
                                 finally {
@@ -395,7 +390,6 @@ az aks create                      \
                                     def dnsPrefix = "${clusterName}"
                                     def adminEmail = "${clusterName}@${parentZone}"
                                     def dnsZone = "${dnsPrefix}.${parentZone}"
-                                    def dnsZoneName = ("bkpr-${dnsZone}").replaceAll(/[^a-zA-Z0-9-]/, '-').toLowerCase().take(30).replaceAll(/-$/, '')
 
                                     try {
                                         runIntegrationTest(platform, "gke --project=${project} --dns-zone=${dnsZone} --email=${adminEmail} --authz-domain=\"*\"", "--dns-suffix ${dnsZone}") {
@@ -410,17 +404,10 @@ gcloud container clusters create ${clusterName} \
  --zone ${zone} \
  --labels 'platform=${gcpLabel(platform)},branch=${gcpLabel(BRANCH_NAME)},build=${gcpLabel(BUILD_TAG)}'
 """
-                                                sh "gcloud container clusters get-credentials ${clusterName} --zone ${zone} --project ${project}"
-                                                sh "kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=\$(gcloud info --format='value(config.account)')"
 
-                                                // create dns Zone
-                                                sh "gcloud dns managed-zones create ${dnsZoneName} --dns-name=${dnsZone} --description=\"\" --project ${project}"
+                                                sh "gcloud container clusters get-credentials ${clusterName} --zone ${zone} --project ${project}"
 
-                                                // update glue records in parent zone
-                                                withEnv(["PATH+JQ=${tool 'jq'}"]) {
-                                                    def nameServers = sh(returnStdout: true, script: "gcloud dns managed-zones describe ${dnsZoneName} --project ${project} --format=json | jq -r .nameServers")
-                                                    insertGlueRecords(dnsPrefix, nameServers, "60", parentZone, parentZoneResourceGroup)
-                                                }
+                                                sh "kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=\$(gcloud info --format='value(config.account)')"
 
                                                 waitForRollout("kube-system", 30)
                                             }
@@ -453,6 +440,14 @@ gcloud container clusters create ${clusterName} \
 }
 """
                                             ])
+                                        }{
+                                            // update glue records in parent zone
+                                            container('gcloud') {
+                                                withEnv(["PATH+JQ=${tool 'jq'}"]) {
+                                                    def nameServers = sh(returnStdout: true, script: "gcloud dns managed-zones describe \$(gcloud dns managed-zones list --filter dnsName:${dnsZone} --format='value(name)' --project ${project}) --project ${project} --format=json | jq -r .nameServers")
+                                                    insertGlueRecords(dnsPrefix, nameServers, "60", parentZone, parentZoneResourceGroup)
+                                                }
+                                            }
                                         }
                                     }
                                     finally {