- Introducing CloudBees Pipeline Policies as a Preview feature (CTR-767)
While administrators would like to enable their developers to use pipelines freely, they still may need to set some restrictions based on industry-specific regulatory compliance or general best practice principles. Pipeline Policies provide a central way to enforce best practices across pipeline projects. The plugin uses runtime validation that works for both scripted and declarative pipelines, allowing administrators to include warnings or block the execution of pipelines if policy rules are violated. This initial release of Pipeline Policies is aimed at helping users avoid antipatterns that can damage the stability of their masters.
This only affects installations that use the Pipeline Policies Plugin.
- S3 Publisher Plugin included in the CloudBees Assurance Program (FNDJEN-1852)
The 'S3 Publisher plugin' is now included in the CloudBees Assurance Program to guarantee its quality and integration inside CloudBees products. This plugin applies to all masters in CloudBees Jenkins Enterprise, CloudBees Jenkins Distribution, and CloudBees Core. It does not apply to the Operations Center.
The CloudBees Analytics Plugin collects metrics for analysis to help CloudBees make decisions about future product direction. The collected data is used to evaluate patterns of usage of our products.
For details about what data is collected, see Data collection for the CloudBees Analytics Plugin.
- Helm 3 is now supported (CPLT2-6146)
Helm 3 is now the recommended method to install CloudBees Core on modern cloud platforms. Installation via the CloudBees installer has been deprecated as of the release of CloudBees Core on modern cloud platforms 18.104.22.168.
OperationsCenter.HostNameis now optional (CPLT2-5856)
In prior versions of CloudBees Core on modern cloud platforms,
OperationsCenter.HostNamewas required when you installed CloudBees Core using Helm.
Starting with CloudBees Core on modern cloud platforms version 22.214.171.124,
OperationsCenter.HostNameis now optional. If you omit it, CloudBees Core on modern cloud platforms uses Ingresses using wildcard hostnames and can be accessed through any hostname.
- Support for authenticating with a remote GKE cluster (CPLT2-5818)
This enhancement provides support for Google service account credentials when connecting to remote Kubernetes clusters running on GKE.
- Optional support for Kubernetes Pod Security Policies (CPLT2-6112)
Kubernetes Pod Security Policies can now be enabled by providing
--set PodSecurityPolicy.Enabled=truewhen installing or upgrading the Helm chart.
Note that this enhancement conflicts with Kaniko setup because Kaniko requires root access.
- SSD is now the default on AKS (CPLT2-6182)
OperationsCenter.Platform=aks, the storage class now defaults automatically to
managed-premiumin order to leverage solid state drives (SSDs).
rbac.installCluster=falsestill produces cluster level resources (CPLT2-6200)
rbac.installCluster=falsewas not working as expected and cluster-wide resources were still generated.
This issue has been corrected so that when using
rbac.installCluster=false, no cluster-wide resource is generated, as expected.
- Kubernetes agent UI overlap (CPLT2-6185)
When using pod templates with a dynamic label, the generated name is long and overflows the widget.
This has been corrected so that the extra text now wraps to the next line.
- Explicitly specify Ingress class to avoid warning on GKE (CPLT2-5898)
On GKE, warnings were displayed about defined ingresses.
To prevent these warnings, specify an Ingress class explicitly to prevent the GKE Ingress controller from picking them up.
- Generate routes when specifying
helm templatetargeting OpenShift, Ingresses are generated instead of Routes. The reason is since 126.96.36.199, the chart relies on capabilities instead of
OperationsCenter.Platformto determine whether the target is OpenShift or Kubernetes.
In addition to Capabilities, which can be specified in the helm template command (
--api-versions route.openshift.io/v1), the generation will honor
OperationsCenter.Platform=openshiftto generate Routes. This is the same behavior as before 188.8.131.52.
- YAML parse error on
extra-configmap.yamlsuffered a rendering problem when a label was not specified.
The rendering of
extra-configmap.yamlis now correct whether a label is provided or not.
- Readiness and liveness probes (CPLT2-5622)
Kubernetes resources for Operations Center and Managed Masters defined “liveness probes”, which would ask a controller to restart the pod if it stopped responding to basic web requests, but no “readiness probes” to determine when a pod was up and running. This lapse would cause misleadingly positive statuses from Kubernetes tools for Jenkins-based pods that had actually just started their containers. It also prevented use of the native Ingress system on GKE.
Readiness probes were added for both Operations Center and Managed Masters. It is possible to customize the timeouts if a pod is known to take an unusually long time to start under normal conditions.
- Clean up use of profiles in CloudBees Core WAR files (CPLT2-6017)
Operations Center and Managed Master WARs for CloudBees Core on modern cloud platforms defined supposedly optional profiles for Kubernetes functionality, but then unconditionally enabled these profiles. Also, the Setup Wizard offered the option of installing a number of plugins that were actually installed unconditionally.
These profiles were removed, simplifying the plugin list and removing misleading options in the Setup Wizard.
- Managed Masters in folders do not hibernate (CPLT2-6077)
Managed Masters in operations center, such as Team Masters, would not hibernate correctly.
This issue has been resolved in this release.
- Deadlock between CJOC connection and Global Configuration save (CTR-1136)
If a master was connected to Operations Center while its global configuration was being saved via the web interface, the
master→operations centercommunication thread and the HTTP request thread would deadlock. This deadlock would result in a master that could not communicate with Operations Center and eventually, if more global configuration saves were performed, a master that was unresponsive to the HTTP(s) requests.
The code has been updated to make the locking order consistent in both approaches, removing this deadlock.
This only affects installations that use the Operations Center Client Plugin.
- The default Browsers role should grant View/Read (CTR-669)
Users who were assigned only the default Browsers role were unable to see all views, such as the pull requests tab of a GitHub multibranch project.
With this fix, users who are assigned the default Browsers role will now be granted the View/Read permission.
This only affects installations that use the CloudBees Role-Based Access Control Plugin.
- RBAC group configured on View disappears after editing the View (CTR-1029)
When an RBAC group configured on a View was modified, the group configuration was removed.
With this fix, the RBAC group related to the View remains after the View is modified.
This only affects installations that use the CloudBees Role-Based Access Control Plugin.
- Finish adding logging on SFTP with infradna-backup plugin (CTR-1042)
There was not enough information on job logging when using SFTP backup. With this fix, meaningful information has been added.
This only affects installations that use the CloudBees Backup Plugin.
- Checkpoint step prints a warning (NGPIPELINE-676)
Using the checkpoint step in a Pipeline incorrectly caused the following warning to be written to the build log: "expected to call WorkflowScript.checkpoint but wound up catching suspend?; see: https://www.jenkins.io/redirect/pipeline-cps-method-mismatches/".
A warning is no longer displayed when using the checkpoint step.
This only affects installations that use the CloudBees Pipeline: Groovy Checkpoint Plugin.
- Performance improvement of Display URL API plugin (NGPIPELINE-970,586)
The Display URL API plugin adds environment variables to builds containing the URL of the build in Jenkins. In order to compute the value of these variables, the plugin previously needed to load a large number of classes for each build, which could lead to performance issues. With this fix, the plugin no longer needs to perform significant class loading when contributing environment variables to builds.
This only affects installations that use the Display URL API plugin.
- Blue Ocean View failed in IE and Edge (NGPIPELINE-955)
Opening the Blue Ocean View with a Microsoft Edge or Internet Explorer browser failed. With this fix, the packaging of the Server Sent Events (SSE) Gateway Plugin no longer causes the Blue Ocean View to fail in IE and Microsoft Edge browsers.
This only affects installations that use the Server Sent Events (SSE) Gateway Plugin.
- Version 184.108.40.206 Form submissions are limited to 200000 characters (JENKINS-60409)
Users are unable to submit large forms to Jenkins. This issue can result in users being unable to make system configuration changes or replay pipelines, for example.
Workaround: Increase the max form size by passing
-Dorg.eclipse.jetty.server.Request.maxFormContentSize=-1as a Jenkins startup parameter.