New features

CloudBees now supports configuring a Configuration as Code (CasC) bundle location for adding controller CasC bundles to the operations center (BEE-10615)

A new Configuration as Code bundle location setting has been added to the Manage Jenkins Configure System screen and allows you to configure a local folder on the operations center server or an SCM repository for adding controller CasC bundles to the operations center’s internal storage.

Once you have added your controller CasC bundles to the operations center, you can configure how the bundles are synchronized with the operations center’s internal storage. This ensures any changes to the bundles are available to controllers using the CasC bundle. The following options are now available for synchronizing your CasC bundles with the operations center’s internal storage:

  • Manually synchronize CasC bundles: A new Load Configuration as Code bundles screen has been added to the operations center to manually synchronize CasC bundles. It is accessible from a new Load CasC bundles button in the left pane of the operations center’s dashboard.

  • Automatically synchronize CasC bundles using Polling: When configuring the Configuration as Code bundle location, Polling is enabled by default and checks for changes to CasC bundles in the local folder on the operations center server or in the SCM repository, based on the specified Polling interval.

  • Automatically synchronize CasC bundles from an SCM tool: You can also use an SCM webhook to automatically synchronize your CasC bundles stored in an SCM repository with the operations center’s internal storage.

The Configuration as Code bundle location and synchronizing CasC bundles with the operations center’s internal storage are Preview features. For more information, refer to Adding controller CasC bundles to the operations center.

When upgrading, if CasC controller bundles are detected in the $JENKINS_HOME/jcasc-bundles-store folder, the bundles are automatically added to the operations center’s internal storage and a local folder is automatically configured as the Configuration as Code bundle location on the Manage Jenkins Configure System screen. No changes are required to allow the bundles to continue to function as they did previously.

Feature enhancements

Require Kubernetes 1.19 or later (BEE-1208)

The minimum version of Kubernetes required to run CloudBees CI on modern cloud platforms is now 1.19. Support for older versions of Kubernetes is dropped. Refer to the Supported platforms for CloudBees CI on modern cloud platforms for more information.

Additionally, this update resolves known issues that may have led to failures when provisioning controllers or installing the operations center, if you used the AWS Load Balancer Controller.

Run sidecar injector certificate renewal check once every two weeks (BEE-14852)

The frequency of sidecar injector’s certificate renewal check was reduced from daily to once every two weeks.

Helm chart validation added (BEE-1415)

Helm v3 lets you validate Helm chart values in a chart’s values.yaml file using JSON schemas, which can be a useful way to validate input values.

In this release, schemas were added to the Helm chart to validate the CloudBees CI values.yaml file.

Connection details are now automatically added to client controller CasC bundles (BEE-8194)

When using a Java system property to configure a client controller using the casc-bundle-link.yaml file, the client controller’s connection details are now included in the client controller’s jenkins.yaml file and the client controller is automatically connected to the operations center.

Previously, you had to launch the operations center and manually connect the client controller in the UI.

For more information, refer to Setting up a client controller using CasC.

Migrating the Beekeeper Upgrade Asistant from async-http-client to okhttp (BEE-2912)

Previously, HTTP communication was managed by an old version of async-http-client.

In this release, the underlying HTTP library has been updated to use okhttp to provide support for Server Name Indication (SNI) and Java 11.

Support for dynamic persistent volume claim (PVC) added for volume pod templates (BEE-1420)

You can now use dynamic PVC for any volume declared in a pod template using the Kubernetes plugin.

CasC plugin validation has been improved (BEE-10526)

The plugins.yaml file in a CasC bundle is now validated to ensure plugins can be installed by verifying that all plugins included in the plugins.yaml file are in the CloudBees Assurance Program (CAP) as a Tier 1 or Tier 2 plugin. If a Tier 3 plugin is included in the plugins.yaml file, a validation is performed to verify the plugin is also included in the plugin-catalog.yaml file.

If a plugin is not in the CAP or the Tier 3 plugin is not included in the plugin-catalog.yaml file, a warning message is returned and the plugin is ignored.

The file system, CasC bundle descriptor, and CasC bundle content validation have been improved (BEE-10461)

The following CasC bundle validation processes have been improved and new CasC bundle validations have been added. If any of these conditions are not met, a validation error is returned.

  • The CasC bundle must be a folder and the folder must not be empty.

  • The bundle.yaml file must exist and include the required properties and formatting (id, apiVersion, and version).

  • The bundle content must use YAML files or a structure of folders containing YAML files.

  • All files mentioned in the bundle.yaml file must exist in the bundle folder.

    In addition, if the following conditions are not met, a validation warning is returned.

  • All files in the bundle must be referenced directly or through a folder.

  • CasC bundles applied to the operations center must not contain a plugin-catalog.yaml file. If the bundle contains a plugin-catalog.yaml file, it is ignored.

Improved messages when a CasC bundle is validated (BEE-10452)

CasC bundle validation messages have been improved. A validation code has been added to help identify errors that occur when automation is configured to process log files. The details of the error are included in the log files.

When exporting CasC items, properties are now ordered (BEE-9579)

When exporting the CasC items.yaml file from the Configuration as Code export and update screen or when exporting individual CasC items from the left navigation pane, the exported YAML properties are now ordered. The first property is kind, followed by name. All other properties are ordered alphabetically. Previously, the exported properties were not ordered in a deterministic way.

The following plugins are now compatible with Guava 30+ (BEE-8506) (BEE-8512) (BEE-8513) (BEE-8516) (BEE-8521) (BEE-8524) (BEE-8526) (BEE-8529) (BEE-8543) (BEE-8546) (BEE-8555)

The following plugins were updated to be compatible with both current and upcoming Jenkins versions that have a newer Guava library.

  • CloudBees Unified UI

  • Operations center Monitoring

  • Operations center Context

  • Operations center Server

  • ESR Feeder

  • ESR Reporter

  • CloudBees CI ServiceNow Plugin

  • SAML

  • Google Kubernetes Engine

  • Antisamy Markup Formatter

  • Workflow CPS

Resolved issues

Pods were allocated thirteen environment variables, resulting in performance degradation (BEE-10642)

If there were too many managed controllers in a namespace, every pod was allocated thirteen environment variables for each controller, the operations center, the hibernation monitor, or any other Kubernetes service in the namespace. These variables were generally unused and could bloat both the build log and the program.dat file in each build record, reducing performance.

This issue has been resolved. These environment variables are now suppressed.

Pipeline builds may have been broken after restoring from a backup using Elastic Block Store (EBS) snapshots (BEE-10602)

Under certain conditions, including following a restore from a backup made using EBS snapshots, a Pipeline build could have been broken with the error message, ‘Unsupported protocol version 101’ with a stack trace mentioning ‘RiverReader.restorePickles’.

This issue has been resolved. This file corruption no longer occurs and the build resumes normally. The build may then fail/abort for a legitimate reason, such as a missing agent.

Attempts to create managed controllers in the operations center CasC items.yaml file often failed on a new CloudBees CI installation (BEE-14409)

Attempts to create managed controllers using the operations center CasC items.yaml file often failed for new CloudBees CI installations the first time the operations center started, due to the initialization order of some plugins.

This issue has been resolved. Restrictions on managed controller item creation that were intended for the UI have been suppressed during operations center startup.

The CloudBees Analytics Plugin cannot send data to segment so memory grows unbounded until it can be sent (BEE-2824)

The internal library used by the CloudBees Analytics Plugin to manage event data was lacking proper logic to deal with backpressure, resulting in ever-increasing memory consumption in some circumstances, like being offline.

The library is updated and properly configured to deal with backpressure without increasing the memory usage indefinitely by ignoring old data in case it cannot be processed fast enough.

Upgraded the Fabric8 Kubernetes Client to version 5.10.1 (BEE-9187)

The Fabric8 Kubernetes Client was upgraded to version 5.10.1 for the open source Kubernetes Plugin. The Master Provisioning Kubernetes plugin was upgraded to use the latest release of the Kubernetes API client.

This upgrade resolves an issue where Amazon EKS deployments that use CloudWatch were receiving authentication errors.

Removed the option to disable the agent-to-controller security subsystem (BEE-14275 and BEE-14277)

The Enable Agent > Controller Access Control toggle option was removed from the Global Security Settings. This option has been also been removed from Jenkins.

Removed Mesos Cloud plugin support (BEE-9953)

The Mesos Cloud plugin is no longer used by CloudBees CI, but there were some optional dependencies to it in the Operations Center Context plugin.

These dependencies have been removed as part of a technical debt cleanup effort.

Job/Configure permissions were incorrectly required (BEE-10113)

Users were incorrectly required to have Job/Configure permissions when selecting credentials for the non-blocking I/O SSH agent launcher.

Now, users are required to have Agent/Configure permissions when they select credentials for the non-blocking I/O SSH agent launcher. This issue has been resolved.

CloudBees SSH Build Agents plugin was using an outdated library (BEE-10495)

The CloudBees SSH Build Agents plugin was using an outdated library to manage the SSH connection.

The underlying libraries have been updated to a more recent version.

Shared configuration license check does not persist (BEE-472)

An error was occurring when a shared configuration contained a license usage alert. The license check would not persist in the shared configuration because controllers were being serialized with a class that is not allowed for XStream.

This issue has been resolved. Controllers are now serialized with a class that is allowed and the license check persists for the shared configuration.

CasC bundle validations were incorrectly applied before the bundle was downloaded (BEE-15039)

When checking the CasC bundle version using HttpLoader, bundle validations were triggered before the bundle was downloaded.

This issue has been resolved. All files in the CasC bundle are now downloaded before the validation is triggered.

Jenkins Configuration as Code files were ignored when reloading the CasC configuration (BEE-14486)

If you added more than one Jenkins configuration file to a CasC bundle that already contained a Jenkins configuration file, and then attempted to reload the configuration without restarting, the new Jenkins configuration files were ignored.

This issue has been resolved.

Pipeline builds interrupted by a controller restart or a backup/restore may not have been displayed in the administrative monitor by the Restart Aborted Builds plugin (BEE-13278)

Under certain conditions, if a Pipeline build was interrupted by a controller restart or a backup/restore, it was treated as a general failure and the aborted build was not displayed in the administrative monitor when using the Restart Aborted Builds plugin.

This issue has been resolved. The algorithm to detect builds aborted by relevant causes was expanded to include additional cases, such as restarting inside a non-resumable step like checkout, or a broken agent connection.

Freestyle job Build Environment settings were not supported by CasC item creation (BEE-12998)

Freestyle job Build Environment settings can now be exported and configured using CasC item creation.

The Download icon on the Export CasC Item screen was broken (BEE-12760)

The Download icon on the Export CasC item screen was broken.

This issue has been resolved.

GitHub Multibranch projects that attempted to access a public GitHub repository may have returned a NullPointerException (BEE-7306)

If a GitHub Multibranch repository or organization folder did not use credentials and attempted to access public GitHub repositories via an anonymous API, a NullPointerException may have been returned.

This issue has been resolved. A NullPointerException is no longer returned. A prompt is now provided to switch to GitHub App authentication, as if the project is authenticating via a personal access token.

Update SSE Gateway Plugin (BEE-14552)

The SSE Gateway Plugin was transitively listing a version of follow-redirects that had a known vulnerability. The library was updated to a version that does not contain the issue.

Known issues

Require Kubernetes 1.19 or later (BEE-1208)

The minimum version of Kubernetes required to run CloudBees CI on modern cloud platforms is now 1.19. Support for older versions of Kubernetes has been dropped. Refer to the Supported platforms for CloudBees CI on modern cloud platforms for more information.

When using CasC to create an operations center instance for the first time, managed controllers may not be automatically provisioned (BEE-15060)

If you use CasC to create an operations center instance for the first time and you also create managed controller items using CasC, a race condition may prevent managed controllers from being automatically provisioned. This will be corrected in a future version.

The operations center may run out of disk space if using a local folder as the Configuration as Code bundle location (BEE-15449)

If you use a local folder as the Configuration as Code bundle location and an error occurs, a backup folder is automatically added to the operations center. If the local folder contains other files that are not part of a CasC bundle (for example, read-only files, hidden files, or SCM control files), polling synchronization fails and the backup folder is never deleted. Eventually, the operations center may run out of disk space, resulting in a No space left on device exception.

To avoid this issue, you can either use an SCM as the Configuration as Code bundle location, or if using a local folder, ensure that only CasC bundles are stored in the local folder.

This will be corrected in a future version.

Git submodules are not supported when configuring an SCM as the Configuration as Code bundle location (BEE-15832)

If you configure an SCM as the Configuration as Code bundle location and select Recursively update submodules for the selected Project Repository, an exception is returned.

Duplicate Pipeline Template Catalogs in the Configuration as Code (CasC) for Controllers jenkins.yaml file on each instance restart (BEE-12722)

If a Pipeline Template Catalog is configured in the CasC jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported CasC configuration.