Introduction
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionSystem requirementsVerifying Docker imagesInstalling operations centerInstalling client controllersInstalling build agentsVerifying build componentsVerifying WAR files
IntroductionHA (active/active) fundamentalsInstallation on modern cloud platforms (active/active)Installation on traditional platforms (active/active)HA (active/active) considerationsSpecific High Availability (active/passive) installation for CloudBees CI on traditional platforms
Introduction
IntroductionPipeline termsPipeline project typesCloudBees Pipeline benefits
IntroductionUsing Pipeline development utilitiesDetermining plugin compatibilityPipeline best practices
IntroductionPrerequisitesCreating your first PipelineSelecting agentsCreating Pipelines in SCMCreating Pipelines in Web UIUsing Pipeline as Code
IntroductionConfig Adv ScriptedConfig Build StageConfig Deploy StageConfig Optional Step ArgsConfig Test StageCreating JenkinsfileCustomizing ParametersHandling FailuresString InterpolationUsing Multiple AgentsWorking With The Env
IntroductionManaging artifactsTracing artifactsTriggering jobs with a simple webhookRestoring filesVisualizing PipelineInserting checkpointsSecuring PipelinesConfiguring Pipelines with user-scoped credentialsUsing Pipeline PoliciesSpecifying a matrix of one or more dimensionsConverting a Freestyle project to a Declarative PipelinePipeline builds and HA (active/active)
IntroductionRestarting aborted buildsLong-running buildsSkip next buildConsolidated Build View pluginCloudBees Quiet Start pluginCloudBees Template pluginCloudBees Git Validated Merge pluginCloudBees Workspace Caching
IntroductionTrigger a job with a notification event using Cross Team CollaborationEnable external notification events with external HTTP endpointsCluster-wide copy artifactsCluster-wide job triggers
IntroductionSetting up a Pipeline Template CatalogDefining Pipeline Template CatalogsSetting Up A Pipeline TemplateUsing parameters in template.yamlManaging multibranch Pipeline options in template.yamlManaging Pipeline Template Catalogs in bulkExample full Maven/Java app Jenkinsfile
IntroductionUsing Declarative Pipeline syntaxUsing Scripted Pipeline syntax
IntroductionBranch SourceBitbucketGitBranch Property StrategyExamples
CloudBees Docker Build and Publish pluginCloudBees Docker TraceabilityDocker Pipeline pluginCloudBees Docker Hub/Registry Notification plugin
Introduction
Introduction
IntroductionGetting startedNavigating the operations centerProvisioning managed controllers in multiple Kubernetes clustersProvisioning agents in a separate Kubernetes cluster from a managed controllerProvisioning a controller in a different namespace than the operations centerProvisioning a controller in a different OpenShift project than the operations centerManaging controllersManage controllers in specific Kubernetes namespacesMigrating an existing managed controller to High Availability (HA)Managing agentsShared agentsShared configurationShared cloud configurationTrigger restrictionsChanging NFS storage locationQuiet startMove/Copy/PromoteCluster operationsInbound agentsUsing KanikoUsing Buildkit (docker buildx)Sidecar injector for self-signed certificates on KubernetesSidecar injector for self-signed certificates on OpenShiftUsing auto-scaling nodes on EKSUsing auto-scaling nodes on GKECloudBees Amazon Web Services Deploy EngineAmazon Web Services CLI PluginCloud Foundry CLI PluginIntegrate OpenShift CLIServiceNow integrationCreating projects based on GitHub repository structureUsing GitHub App authenticationWikiText pluginController Lifecycle Notifications Plugin
IntroductionGetting startedNavigating the Operations CenterManaging client controllersMigrating from High Availability (active/passive) to High Availability (active/active) on CloudBees CI on traditional platformsManaging agentsShared agentsShared configurationShared cloud configurationTrigger restrictionsQuiet startMove/Copy/PromoteCluster operationsJava web start agentsServiceNow integrationCreating projects based on GitHub repository structureUsing GitHub App authenticationWikiText plugin
Introduction
IntroductionTrust modelPod Security AdmissionCentrally managing security for controllersCyberark Credential Provider PluginHashiCorp Vault PluginEnabling advanced use cases: cross controller triggers and bulk operationsRestricting access and delegating administration with Role-Based Access ControlCreating secure folders with Role-Based Access Control Auto ConfigurerRestricting job triggersSetting up operations center access controlsSetting up access controls on connected controllersTesting the SSH connection to an agentConfiguring restricted credentials with the CloudBees Restricted Credentials pluginFoldersFolders PlusInjecting secrets into buildsManaging build agents with Nodes Plus pluginExtended security settingsEnhanced credentials maskingUnderstanding Beekeeper security warningsPreventing unauthorized interaction between buildsSecurity recommendationsUsing single sign-on (SSO)CloudBees CI integration with Microsoft Entra IDoperations center specific permissionsAuthentication mappingExample configurationsDelegating administrationData collection for the CloudBees Analytics PluginExternal secrets managementReplacing an expired certificateList of URLs that need accessBlocking access to URL patterns using the CloudBees Request Filter PluginServing resources from JenkinsVerifying Helm Charts Published with a Signature
IntroductionConfiguring network requirementsCentrally managing security for controllersCyberark Credential Provider PluginHashiCorp Vault PluginEnabling advanced use cases: cross-controller triggers and bulk operationsRestricting access and delegating administration with Role-Based Access ControlCreating secure folders with Role-Based Access Control Auto ConfigurerRestricting job triggersTesting the SSH connection to an agentConfiguring restricted credentials with the CloudBees Restricted Credentials pluginFoldersFolders PlusInjecting secrets into buildsManaging build agents with Nodes Plus pluginUnderstanding Beekeeper security warningsPreventing unauthorized interaction between buildsSecurity recommendationsExtended security settingsUsing single sign-on (SSO)CloudBees CI integration with Microsoft Entra IDOperations Center specific permissionsAuthentication mappingExample configurationsDelegating administrationData collection for the CloudBees Analytics PluginExternal secrets managementList of URLs that need accessBlocking access to URL patterns using the CloudBees Request Filter PluginServing resources from Jenkins
Introduction
IntroductionExplaining $JENKINS_HOMEBest practices for backup and restoreBacking up manuallyRestoring manuallyRestoring credentialsUsing the CloudBees Backup PluginScheduling your backups in the CloudBees Backup PluginRestoring from CloudBees Backup PluginBackup and restore on KubernetesBackup and restore on AWSUsing Velero for backup and restore of Kubernetes clustersUsing cluster operations to run backups
IntroductionGetting the CLI toolUsing the CLI toolExamples of usageConfiguring multiple client controllersConfiguring an alias for the Jenkins CLI toolConfiguring the Jenkins CLI tool to work with non-TrustStore SSL certificatesCasC bundle management on operations center
CloudBees Inactive Items Plugin
Jenkins Health Advisor by CloudBees
CloudBees Pull Request Builder for GitHub plugin
Count and monitor user licenses with the CloudBees User Activity Monitoring plugin
Introduction
CasC fundamentals
CasC requirements
CasC permissions
IntroductionGetting startedCreating a bundleConfiguring the operations center on modern platformsConfiguring the operations center on traditional platformsRetrieving bundles using SCMUpdating a bundleBundle update timing for the operations centerViewing the operations center update logCreating itemsConfiguring RBACDetermining plugin compatibilityTroubleshooting
IntroductionGetting startedCreating a bundleAdding controller bundles to the operations centerUpdating a bundleBundle update timing for controllersViewing the controller update logConfiguring bundle availabilitySetting up a managed controllerSetting up a client controllerCreating itemsConfiguring RBACDetermining plugin compatibilityAdvanced topicsTroubleshooting
Plugin management with CasC
CasC CLI commands
CasC HTTP API
Support policies

Controller Lifecycle Notifications Plugin

5 minute read

The Controller Lifecycle Notifications plugin sends webhooks from the operations center to a configured endpoint based on the managed controller state changes, such as provisioned and deprovisioned.

Configuration

The plugin is configured under Manage Jenkins > Controller Lifecycle Notifications. Custom webhook data can be configured for a specific controller under the configuration page for that controller item in the operations center.

Figures 1-4 show examples of how to configure the Controller Lifecycle Notifications plugin, enable the Controller Lifecycle Notifications, add the custom webhook data, and complete the configuration.

Configure Controller Lifecycle Notifications plugin
Figure 1. Configure Controller Lifecycle Notifications plugin
Enable Controller Lifecycle Notifications
Figure 2. Enable Controller Lifecycle Notifications
Add custom webhook data
Figure 3. Add custom webhook data
Complete Controller Lifecycle Notifications configuration
Figure 4. Complete Controller Lifecycle Notifications configuration

Solution

When the managed controller’s lifecycle is updated, an event is sent to an external webhook. This webhook and the service behind it are not part of CloudBees CI and are not provided by CloudBees.

To secure the communication to the webhook, you must use a mutual TLS authentication (mTLS) by using a certificate that is known to CloudBees CI.

The content of the event is JSON-formatted and uniquely identifies the managed controller that is the source of the event. To provide the identity of the managed controller, its name, domain, and the operations center it belongs to will be part of the event.

The event also contains an additional customizable data field, statically provided for each managed controller item in the Controller Lifecycle Notifications Managed Controller property available on the custom data page shown in Figure 3. This data does not need any computation from the CloudBees CI products and will be sent to the event as is.

Additional data is provided for each managed controller item in the the Controller Lifecycle Notifications Managed Controller property.

The webhook endpoint is provided at the operations center level, in a dedicated administration page.

If you use a CloudBees CasC bundle for the operations center, the version of the bundle is included in the webhook payload. Refer to the following example:

{
    "status": "PROVISIONING",
    "id": "b905b61a-0286-4479-ad81-3aad2c732641",
    "timestamp": "2024-07-08T17:16:35.990023Z",
    "controller": {
        "name": "mc",
        "displayName": "mc",
        "domain": "mc",
        "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
    },
    "operationsCenter": {
        "url": "http://localhost:52215/jenkins/",
        "cascBundleVersion": "1.2.3"
    }
}

Use Cases

With the introduction of the Controller Lifecycle Notifications plugin, you can easily automate actions when a lifecycle event occurs. The following use cases are supported:

  • Provision/deprovision

    • When a CasC bundle is updated and reloaded by the operations center and when a managed controller is provisioned or deprovisioned, a notification is sent to an external webhook.

    • If an error occurs during provisioning or deprovisioning, a notification is sent to an external webhook.

The status names that are supported by the Controller Lifecycle Notifications plugin are listed in the following table.

Status names and descriptions

The following table shows the status names and descriptions.

Table 1. Status names, descriptions, and example payloads
Status name Definition Example payload

CONNECTED

Sent when a controller connects to the operations center after its health check endpoint is reachable from the operations center.

 
    {
        "status": "CONNECTED",
        "id": "abe72f31-4c34-4566-afd2-0397b199160e",
        "timestamp": "2024-07-08T14:38:09.939789Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc0",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        }
    }

DEPROVISIONED

Sent when the operations center completes a request to deprovision a controller.

 
    {
        "status": "DEPROVISIONED",
        "id": "4f3e725a-f0e0-4e2d-b397-54b322668b80",
        "timestamp": "2024-07-08T14:38:19.302125Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        }
    }

DEPROVISIONING

Sent when the operations center initiates a request to deprovision a controller.

 
    {
        "status": "DEPROVISIONING",
        "id": "962281f6-fe1e-4a0f-94cb-f44003c6422f",
        "timestamp": "2024-07-08T14:38:19.292175Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        }
    }

DEPROVISIONING_ERROR

Sent if the operations center encounters an error when it tries to deprovision a controller. It only includes fatal errors, such as the Kubernetes API being unreachable.

 
    {
        "status": "DEPROVISIONING_ERROR",
        "id": "bc1f0bc3-c104-4e5d-a8b9-5c74ce992539",
        "timestamp": "2024-07-09T06:41:57.708602Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
      },
      "operationsCenter": {
          "url": "http://localhost:51361/jenkins/"
      },
      "error": "java.lang.Exception: deprovision"
    }

DISCONNECTED

Sent when a controller disconnects from the operations center.

 
    {
        "status": "DISCONNECTED",
        "id": "bd0a669e-dddb-47f7-9275-09017ae0e591",
        "timestamp": "2024-07-08T14:38:10.082346Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        }
    }

PROVISIONED

Sent when the operations center completes a request to provision a controller. The underlying Kubernetes resource provisioning may still be incomplete.

 
    {
        "status": "PROVISIONED",
        "id": "0fa4c9b0-c7a5-4da8-94d9-ff82116a1ea7",
        "timestamp": "2024-07-08T14:37:59.084923Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        }
    }

PROVISIONING

Sent when the operations center initiates a request to provision a controller.

 
    {
        "status": "PROVISIONING",
        "id": "0a59d786-54e5-4795-b0ca-3e5d53829532",
        "timestamp": "2024-07-08T14:37:59.070354Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        }
    }

PROVISIONING_ERROR

Sent if the operations center encounters an error when it tries to provision a controller. It only includes fatal errors, such as the Kubernetes API being unreachable.

 
    {
        "status": "PROVISIONING_ERROR",
        "id": "d19efb93-3352-4fdc-9fd5-91e58be48ab0",
        "timestamp": "2024-07-08T14:56:38.227222Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        },
        "error": "java.lang.Exception: provision"
    }

RESTARTING

Sent when the operations center initiates a request to restart a controller.

 
    {
        "status": "RESTARTING",
        "id": "7e22edf7-6ac1-4f37-8b0a-8fb990561f43",
        "timestamp": "2024-07-08T14:38:10.088195Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        }
    }

RESTARTING_ERROR

Sent if the operations center encounters an error when it tries to restart a controller. It only includes fatal errors, such as the Kubernetes API being unreachable.

 
    {
        "status": "RESTARTING_ERROR",
        "id": "7442aca7-7208-4d5b-8cb7-608263541b8a",
        "timestamp": "2024-07-08T14:57:57.012394Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        },
        "error": "java.lang.Exception: restart"
    }

STARTED

Sent when the operations center completes a request to start a controller. The controller may not have started yet. This status can be sent when the controller does not start; for example, if it requests too much memory for the pod to be scheduled.

 
    {
        "status": "STARTED",
        "id": "1f7107fc-dfc6-4035-b963-76cd8d19da29",
        "timestamp": "2024-07-08T14:38:08.630101Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        }
    }

STARTED_BUT_DID_NOT_CONNECT

Sent if a STARTED webhook was sent, but the controller did not reach the CONNECTED state within 10 minutes.

 
    {
        "status": "STARTED_BUT_DID_NOT_CONNECT",
        "id": "144631d4-048e-4098-877b-8b0bb415904d",
        "timestamp": "2024-07-09T06:36:07.324678Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        },
        "error": "mc was started but it did not connect after 1 seconds"
    }

STARTING

Sent when the operations center initiates a request to start a controller.

 
    {
        "status": "STARTING",
        "id": "8b72cfcb-f36d-461a-a396-9aa17a73f950",
        "timestamp": "2024-07-08T14:37:59.098795Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        }
    }

STARTING_ERROR

Sent if the operations center encounters an error when it tries to start a controller. It only includes fatal errors, such as the Kubernetes API being unreachable.

 
    {
        "status": "STARTING_ERROR",
        "id": "5ca0f66a-83f4-423b-a6be-fed68d982c82",
        "timestamp": "2024-07-08T14:59:03.624873Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        },
        "error": "java.lang.Exception: start"
    }

STOPPED

Sent when the operations center completes a request to stop a controller.

 
    {
        "status": "STOPPED",
        "id": "a13be5a6-5bc6-485f-94c9-590fbf8ccea6",
        "timestamp": "2024-07-08T14:38:19.278223Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        }
    }

STOPPING

Sent when the operations center initiates a request to stop a controller.

 
    {
        "status": "STOPPING",
        "id": "357b9fd1-19ee-47c3-a286-99431bb5d513",
        "timestamp": "2024-07-08T14:38:18.441995Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        }
    }

STOPPING_ERROR

Sent if the operations center encounters an error when it tries to stop a controller. It only includes fatal errors, such as the Kubernetes API being unreachable.

 
    {
        "status": "STOPPING_ERROR",
        "id": "db432183-3e79-491e-b08a-ab2714146cd5",
        "timestamp": "2024-07-08T14:59:44.981816Z",
        "controller": {
            "name": "mc",
            "displayName": "mc",
            "url": "http://localhost:9090/jenkins/",
            "domain": "mc",
            "image": "cloudbees/cloudbees-core-mm:2.452.2.4"
        },
        "operationsCenter": {
            "url": "http://localhost:51361/jenkins/"
        },
        "error": "java.lang.Exception: stop"
    }

For information about the Controller Lifecycle Notifications plugin release notes, refer to Operations Center Plugins.

WikiText plugin