CloudBees Compliance v1.51.0

Released: July 14, 2025

Upgrade notes

Perform the following steps when upgrading your installation to the latest release:

A new cbc-release-1.51.0-bundle.zip is provided with this release, which contains example example.tfvars, secrets-example.tfvars, and the relevant .tf files to show the variable definitions and default values. It also includes values-example.yaml for the app-deploy, along with the latest infra-setup.sh, app-deploy.sh, and a new Python script to generate the CloudFormation template for use with CasC (configuration as code).

The .tfvars and Helm values-env.yaml have been simplified in this release, and should be compared to the examples provided in the release bundle .zip file. Changes have been noted below for information.

Terraform

  • EKS version 1.32 is now the default supported version.

  • The following .tfvars now read from the default values, and should be commented out:

    • nat_count

    • ec2_neo4j_availability_zone

    • aws_accessible_namespaces

  • The KMS Key for ui-field-encryption has been removed.

  • The following infra modules need to be applied:

    • kms-infra

      • To remove the deprecated KMS Key.

    • eks-infra

      • To upgrade the EKS cluster from 1.31 to 1.32.

    • iam-infra

      • To remove obsolete internal IAM roles and policies.

    • secret-infra

      • To apply changes in secrets.

Helm

  • Added new UI module ui-authorisation service.

  • Upgraded Grafana from 10.3.1 to 11.2.10.

  • Upgraded Helmwave from v0.41.6 to v0.42.1.

  • Helm values-env.yaml structure has been simplified.

  • The values for the following charts have been merged into a single values file called cbc-tools/values-<env>.yaml. Most values for these modules have been migrated to default values:

    • cbc-keycloak

    • external-secrets

    • ingress-nginx

    • internal-nginx-ingress

    • istio-base

    • istiod

    • metrics-server

    • tempo

  • Amazon KMS keys and storage bucket values have been migrated to default values.

  • Most of the common domains to whitelist have been migrated to default values. A new value called whitelistedClientDomains has been introduced to manage organisation-specific domains, such as:

.cbc.example.com,.example.com

  • Common values, such as the below, have been moved to default values:

    • `grafana-agent-traces

    • Kubernetes Job for provider-service-data-refresh, plugin-registration and keycloak-management.

    • globalEnvVars, such as fips and proxy.

    • `defaultSidecar values.

    • Amazon RDS and EKS volumes.

    • The port number for RDS, Redis & Neo4j.