CloudBees Compliance v1.44.0

Released: March 12, 2025

Upgrade notes

Perform the following steps when upgrading your installation to the latest release:

Terraform

To support SMTP email sending from the new notification-service, add the following secret variables to the variables.tf file, then run secret-infra.

These values may be the same as the ones used by Keycloak for SMTP configuration.
SMTP_DISPLAYNAME = "The name displayed in the email from address. Eg. CloudBees Dev Environment" SMTP_SSL = "true" SMTP_STARTTLS = "true" SMTP_AUTH = "true" SMTP_FROM = "email address to use for the from attribute. Eg. no-reply@cloudbees.com" SMTP_REPLYTO = "email address to use for the replyto attribute. Eg. no-reply@cloudbees.com" SMTP_ENVELOPEFROM = "email address to use for the envelope from attribute. Eg. no-reply@cloudbees.com" SMTP_USER = "SMTP USERNAME" SMTP_PASSWORD = "SMTP PASSWORD" SMTP_PORT = "587" SMTP_HOST = "SMTP HOSTNAME Eg. smtp.sendgrid.net"
Helm
  1. To enable the notification service, add the following to values-<env>.yaml:

    ############################################################################################################ # notification-service ############################################################################################################ notificationService: enabled: true name: "notification-service" imageTag: "imbrium/notification-service:cbc-release-1.44.0" imagePullPolicy: Always replicas: 1 rdsCertVolume: true strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 autoscaling: enabled: false minReplicas: 2 maxReplicas: 4 targetCPUUtilizationPercentage: 60 targetMemoryUtilizationPercentage: 70 resources: limits: memory: 128Mi requests: cpu: 30m memory: 128Mi emptyDir: sizeLimit: 10Gi service: type: NodePort name: http-service port: 5001 sidecar: enabled: true hosts: - "kube-system/kube-dns.kube-system.svc.cluster.local" - "./*.amazonaws.com" - "./aws.amazon.com" - "./*.{{ $.Release.Namespace }}.svc.cluster.local" - "./mariadb.internal.${ENV}.cbc.beescloud.com" - "./smtp.sendgrid.net" dbMigration: name: "notification-service-migrate" imageTag: "imbrium/notification-service-migrate:cbc-release-1.44.0" database: ch_notification_service
  2. Add the value of the SMTP_HOST secret, for example - "./smtp.example.net", to notificationService.sidecar.hosts in values-<env>.yaml.

    • If it doesn’t already exist, also add it to global.project.whitelistedDomains.

  3. Add the following domains to whitelistedDomains in values-<env>.yaml:

    • qualysguard.qg1.apps.qualys.co.uk

    • qualysapi.qg1.apps.qualys.co.uk

    • graph.microsoft.us

    • login.microsoftonline.us

  4. For ui-auth-service in values-<env>.yaml:

    1. Set uiAuthServicc.resources.limits.memory to:

      resources: limits: memory: 2560Mi
    2. Add the following domains to uiAuthService.sidecar.hosts:

      - "./graph.microsoft.us" - "./login.microsoftonline.us"
    3. Add the following to uiAuthService.envVars:

      - name: NODE_OPTIONS value: "--max-old-space-size=2300"
    4. Add the following domains to uiReviewService.sidecar.hosts:

      - "./graph.microsoft.us" - "./login.microsoftonline.us"