CloudBees Compliance v1.44.0

Released: March 12, 2025

Upgrade notes

Perform the following steps when upgrading your installation to the latest release:

Terraform

To support SMTP email sending from the new notification-service, add the following secret variables to the variables.tf file, then run secret-infra.

These values may be the same as the ones used by Keycloak for SMTP configuration. 
SMTP_DISPLAYNAME  = "The name displayed in the email from address. Eg. CloudBees Dev Environment"
SMTP_SSL          = "true"
SMTP_STARTTLS     = "true"
SMTP_AUTH         = "true"
SMTP_FROM         = "email address to use for the from attribute. Eg. no-reply@cloudbees.com"
SMTP_REPLYTO      = "email address to use for the replyto attribute. Eg. no-reply@cloudbees.com"
SMTP_ENVELOPEFROM = "email address to use for the envelope from attribute. Eg. no-reply@cloudbees.com"
SMTP_USER         = "SMTP USERNAME"
SMTP_PASSWORD     = "SMTP PASSWORD"
SMTP_PORT         = "587"
SMTP_HOST         = "SMTP HOSTNAME Eg. smtp.sendgrid.net"
Helm

  1. To enable the notification service, add the following to values-<env>.yaml:

    ############################################################################################################
# notification-service
############################################################################################################

    notificationService:
      enabled: true
      name: "notification-service"
      imageTag: "imbrium/notification-service:cbc-release-1.44.0"
      imagePullPolicy: Always
      replicas: 1
      rdsCertVolume: true

      strategy:
        type: RollingUpdate
        rollingUpdate:
          maxSurge: 1
          maxUnavailable: 0

      autoscaling:
        enabled: false
        minReplicas: 2
        maxReplicas: 4
        targetCPUUtilizationPercentage: 60
        targetMemoryUtilizationPercentage: 70

      resources:
        limits:
          memory: 128Mi
        requests:
          cpu: 30m
          memory: 128Mi

      emptyDir:
        sizeLimit: 10Gi

      service:
        type: NodePort
        name: http-service
        port: 5001

      sidecar:
        enabled: true
        hosts:
        - "kube-system/kube-dns.kube-system.svc.cluster.local"
        - "./*.amazonaws.com"
        - "./aws.amazon.com"
        - "./*.{{ $.Release.Namespace }}.svc.cluster.local"
        - "./mariadb.internal.${ENV}.cbc.beescloud.com"
        - "./smtp.sendgrid.net"

      dbMigration:
        name: "notification-service-migrate"
        imageTag: "imbrium/notification-service-migrate:cbc-release-1.44.0"
        database: ch_notification_service

  2. Add the value of the SMTP_HOST secret, for example - "./smtp.example.net", to notificationService.sidecar.hosts in values-<env>.yaml.

    • If it doesn’t already exist, also add it to global.project.whitelistedDomains.

  3. Add the following domains to whitelistedDomains in values-<env>.yaml:

    • qualysguard.qg1.apps.qualys.co.uk

    • qualysapi.qg1.apps.qualys.co.uk

    • graph.microsoft.us

    • login.microsoftonline.us

  4. For ui-auth-service in values-<env>.yaml:

    1. Set uiAuthServicc.resources.limits.memory to:

      resources:
        limits:
          memory: 2560Mi

    2. Add the following domains to uiAuthService.sidecar.hosts:

              - "./graph.microsoft.us"
        - "./login.microsoftonline.us"

    3. Add the following to uiAuthService.envVars:

            - name: NODE_OPTIONS
        value: "--max-old-space-size=2300"

    4. Add the following domains to uiReviewService.sidecar.hosts:

              - "./graph.microsoft.us"
        - "./login.microsoftonline.us"