CloudBees CI on modern cloud platforms 2.440.1.3

Rolling release: 2024-02-21

Based on Jenkins LTS 2.440.1

CloudBees CI release highlights

Watch video

What’s new in CloudBees CI 2.440.1.3

Watch video

New Features

Google Cloud Storage now available for Workspace Caching

CloudBees introduces Workspace Caching with Google Cloud Storage that allows pipelines caching artifacts on Google Storage and using them for upcoming builds.

This is due to two steps available for pipelines: readCache and writeCache. When these steps are used, the pipelines look for an available cache and use it if it is found. For new builds where caches do not exist, the pipelines will continue. For pull requests, the cache for the target branch is retrieved for the first build and used to create a cache dedicated for the pull request’s branch. Refer to CloudBees Workspace Cache Plugin for more information.

Controller Lifecycle Notifications

Controller Lifecycle Notifications allow an admin to configure a webhook and controllers to send notifications to an endpoint. These notifications contain status updates as a controller progresses through its lifecycle. These notifications support mutual TLS authentication and controller statuses such as connection, provisioning, starting, stopping, restarting, and errors. For the full list of statuses, refer to Controller Lifecycle Notifications Plugin.

Feature Enhancements

Support for Java 17

Support for Java 17 was added in this version. CloudBees recommends that you upgrade your instances to Java 17 as soon as possible for the best experience.

In the October 2024 release, support for Java 11 will be discontinued and you will be unable to run new versions of the product on Java 11. Releases that occurred during the support window for Java 11 will continue to run on Java 11.

For more information about how to migrate to Java 17, refer to Migrate to Java 17 on modern platforms or Migrate to Java 17 on traditional platforms.

CloudBees Pipeline Explorer advanced tree options

The Pipeline Explorer tree view now has options to show steps within stages. Users can show all the steps for a Pipeline or show only steps from a specific branch. The steps are distinguished by function name and you can search them from within the stage search box.

CloudBees Pipeline Explorer Feature Enhancements

The following enhancements have been made to the CloudBees Pipeline Explorer:

  • Configure a preferred build console provider

    Added a new "Console URL Provider" configuration option in Jenkins core, that now allows administrators and users to select a preferred build console provider. This provider replaces the classic console view when it follows any links to the build console from within Jenkins.

  • Jump to a specific line

    There are new controls that allow a user to jump to a specific line.

  • Related Builds supports autopolling

    Builds that are in progress in the Related Builds panel are updated with autopolling.

  • Add support for operations-center-context triggerRemoteJob step

    Added support for the operations-center-context triggerRemoteJob step.

    This enhancement is compatible High Availability (HA).

  • The name of the failing step included in the Unsuccessful Steps view

    The name of the failing step is now included in the Unsuccessful Steps view.

  • Improve performance of the CloudBees Pipeline Explorer by caching the FlowGraph

    Cache the flow graph computation in the CloudBees Pipeline Explorer to improve its performance.

Shared Agents and operations center credentials now use the HTTP transport by default

The remoting implementation of Shared Agents provisioning and operations center credentials has been replaced by the HTTP implementation. If you have any issues related to these features after this change, please contact CloudBees Support.

Display executors for all replicas

The executors widget now displays all computers and executors from any replica in a High Availability (HA) controller. When you browse from a computer that is connected to another replica, it is now transparently proxied to the owning replica.

New button added for rolling restart to the managed controller page in the operations center and rename buttons on the managed controller management page

There is a new Rolling Restart button which appears when the managed controller is in High Availability (HA) mode. Selecting the Rolling Restart button performs a rolling restart on the controller.

To make the buttons more understandable when using a managed controller on the management page, the following side buttons have been renamed as:

  • Stop to Deprovision

  • Start to Provision

  • Restart to Reprovision

Stricter Configuration as Code (CasC) Bundle API version validations

Previously, the required property apiVersion in bundle.yaml accepted any non-negative integer value. This has changed and the only allowed values for this property are now 1 and 2.

Configuration as Code (CasC) bundle validations can optionally be shown when running in "quiet mode"

The list of validations performed against a bundle is now shown in a "hidden" state when Quiet Mode is enabled for Configuration as Code (CasC) validation visualization mode.

RBAC files in Configuration as Code (CasC) bundles now support anchors

RBAC files in Configuration as Code (CasC) bundles did not support YAML anchors.

The anchors are now supported at any location in a rbac.yaml file. The anchor description element name must be prefixed by x-.

Forbid updating credentials ID in CyberArk, HashiCorp Vault and restricted credentials providers

Duplicate IDs in credentials could result in the deletion of incorrect credentials. This fix forbids the creation of credentials with similar IDs.

Resolved Issues

Unable to configure pod templates in the Operations center via the UI

In previous releases, the way pod templates were managed caused issues upstream where the Operations center was unable to manage pod templates from the UI.

The pod templates can now be configured from the UI.

Form validation message on the managed controller manage page updated

As hibernation is now supported for a controller in High Availability (HA) mode, when the number of replicas is <1, the message on the Managed controller replicas field now says Replicas must be at least one.

Dynamic plugin installation is blocked on managed controllers with multiple replicas

A managed controller with multiple replicas force all new plugin installations to take effect only after a controller restart. That is normally done by accepting the option to trigger a rolling restart.

However, a managed controller with only one replica continues to allow dynamic plugin loading.

There is no change in behavior in the client controllers.

Inbound agent adoption could fail with “Unknown client name” error

Under certain race conditions, when a build that runs on a High Availability (HA) controller was adopted because the owning replica terminated, an inbound agent in use by that build can fail to reconnect (giving an “Unknown client name” error) ultimately hitting a 5m timeout.

Some background processes are now suspended after a replica begins shutdown that may have been responsible for the cluster losing track of the proper owner of the agent.

Inbound static agents might be passed to another HA controller replica inappropriately

Under certain conditions in a High Availability (HA) controller, a replica might be left waiting for an inbound static agent that was actually idle and connected to another replica. This issue has been resolved.

Honor preferred console URL for builds running on other HA replicas

When you run a High Availability (HA) controller, the builds that run on other replicas may be displayed in the history and executor widgets.

When you click the progress bar, it now navigates to a console variant, such as CloudBees Pipeline Explorer, according to the global and per-user configuration, whether the build is local or remote.

Changed Configuration as Code (CasC) item export download icon

The download icon was small and hard to find. It was changed to a standard Download button.

Allow CloudBees CI to read the bundle regardless of CasC Bundle Retriever failures

Regardless of a failure due to a non-existent bundle path, the previous CasC bundle is restored and available to CloudBees CI.

Links to CloudBees Pipeline Explorer from Pipeline Steps View take your tree view preferences into account when applying filters

When you navigate to the CloudBees Pipeline Explorer from the Pipeline Steps View for a node step and your preferences prevent node steps from being shown, the CloudBees Pipeline Explorer now activates the filter for the stage that contains the node step.

In the CloudBees Pipeline Explorer, the remote copy artifact fails if the file group ID exceeds the limit (> 2097151)

In the CloudBees Pipeline Explorer, when you copy the archived artifact from a local/remote job step, if the file group ID exceeds the limit (> 2097151), the step fails and is not copied.

You can now use group IDs that exceed the limits and successfully perform the copy.

Wrap the test names in the CloudBees Pipeline Explorer test insights drawer

In the CloudBees Pipeline Explorer, the test names in the test insights drawer are now wrapped.

Validate button does not work with non-default AppRole path for CloudBees HashiCorp Vault Plugin

The form used on connection tests did not pass on the AppRole path.

This issue is resolved. The form now passes the correct AppRole path.

Specific conditions leading to the deletion of running managed controllers led to partially deleted Kubernetes resources

Deletion of running managed controllers is forbidden. However, in some cases it was allowed and the Kubernetes resources for that controller were not properly deleted.

Managed controllers are now deprovisioned every time they are deleted.

Switching old icon for controller provisioning to a modern one to fix a too large icon in breadcrumbs

On top of using an old icon for controller provisioning, an issue made it appear bigger than expected in breadcrumbs.

The icon has been replaced by a modern symbol that is now displayed at the correct size everywhere.

Anchors validation should accept all kinds of objects

Previously, anchors validation only accepted object. Now, anchors validations accept all types of objects (string, number, object , boolean, or array).

Prevent deadlock when the websocket connection between a controller and the operations center is closed

There was a potential deadlock when the websocket connection between a controller and the operations center is closed.

This issue is resolved.

Known Issues

Duplicate Pipeline Template Catalogs in the Configuration as Code for controllers jenkins.yaml file on each instance restart

If a Pipeline Template Catalog is configured in the Configuration as Code jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported Configuration as Code configuration.

Operations center single sign-on broken on Java 17 when using an authenticated proxy

When running a connected controller on Java 17 with a proxy configured with username/password authentication, the operations center single sign-on fails due to a Java HTTP client limitation.

For more information, refer to CloudBees CI controller login issues with Java 17 and proxy setup.

Inconsistencies between some Configuration as Code (CasC) features and High Availability (HA)

When using Configuration as Code in controllers that run in High Availability (HA) mode, the CloudBees Configuration as Code Export and Update screen may display inconsistent information about the bundle along with two buttons: Restart and Reload. This is caused by information not being properly synchronized between replicas. Furthermore, users may experience the following problems when trying to use one of the two buttons on that page:

  • Automatic reload bundle: clicking this button shows an error message.

  • Skip new bundle version: clicking this button forces a restart and the instance will not start again.

While the fix for this issue is being worked on, we recommend the following if you are using Configuration as Code in controllers that run High Availability (HA):

  • Controllers that have configured the automatic reload. Users must disable it and configure the automatic restart instead.

  • Controllers that do not have any automation (Bundle Update Timing). Users must stop using the Reload button and start using the Restart button instead.

Error when renaming an existing EC2 cloud

When the name of an existing cloud node is updated, the user receives a 404 error after selecting save. This is because the cloud page uses the cloud name as part of its URL. When the user saves the name, Jenkins sends the user to the URL with the old cloud name. Please note that all node changes are successfully saved.

Upgrade Notes

DevOptics Plugin Incompatibilities with Java 17

If you are actively using devoptics, you must:

  • Not upgrade the devoptics plugin to version 2.0

  • Not upgrade CloudBees CI Modern, to 2.440.1.3

  • Not update the JVM to Java 17 if you use CloudBees CI Traditional

If you are not actively using devoptics, but have it installed:

  • Upgrade to version 2.0 to remove the incompatibility before upgrading CloudBees CI Modern or the JVM for CloudBees CI Traditional or

  • Uninstall the plugin

Introduction of a concrete type for controller exposure

Prior to this update, the operations center would dynamically change the behavior of exposing a controller based on a runtime lookup to detect if the underlying Kubernetes infrastructure was OpenShift or not. However, this dynamic check could lead to the creation of an Ingress object for a controller rather than a Route.

After this update, the type needs to be set when configuring the Kubernetes endpoint. Existing configuration will migrate to auto detect but attempts will be made to replace it with the correct type.

Configuration as Code bundles now need to be updated to specify the concrete type of service exposure method and for Ingress types such as ingressClass and IngressAnnotations to be on the ContainerMasterProvisioningDescriptor.

Example 1. View OpenShift CasC snippet:
masterprovisioning:
kubernetes:
clusterEndpoints:
- id: "myEndpoint"
name: "openshift"

becomes:

masterprovisioning:
kubernetes:
clusterEndpoints:
- id: "myEndpoint"
name: "openshift"
serviceExposure: "openShiftRoute"
Example 2. View Generic Kubernetes CasC snippet:
masterprovisioning:
kubernetes:
clusterEndpoints:
- id: "myEndpoint"
ingressAnnotations: |-
key1: value1
key2: value2
ingressClass: "myingressclass"
name: "kubernetes"

becomes:

masterprovisioning:
kubernetes:
clusterEndpoints:
- id: "myEndpoint"
name: "kubernetes"
serviceExposure:
ingress:
ingressAnnotations: |-
key1: value1
key2: value2
ingressClass: "myingressclass"
Removed global tag support for YAMLs in CloudBees CasC Server (cloudbees-casc-server) plugin

As part of the migration to SnakeYAML 2.0, global tags are no longer used in generated YAML files. However, older existing YAML files including tags will still be read.

Operations center CloudBees Assurance Program plugin changes since 2.426.3.3

The following plugins have been added to the Operations center CloudBees Assurance Program since 2.426.3.3:

  • Controller Lifecycle Notifications Plugin (operations-center-webhooks)

  • Gson API Plugin (gson-api)

  • Joda Time API Plugin (joda-time-api)

  • JSON Path API Plugin (json-path-api)

Controller CloudBees Assurance Program plugin changes since 2.426.3.3

The following plugins have been added to the Controller CloudBees Assurance Program since 2.426.3.3:

  • Gson API Plugin (gson-api)

  • Joda Time API Plugin (joda-time-api)

  • JSON Path API Plugin (json-path-api)

Jenkins 2.440 upgrade notes