Upgrade Notes
- Operations center CloudBees Assurance Program plugin changes since 2.541.3.36069
-
The following plugins have been added to the operations center CloudBees Assurance Program since 2.541.3.36069:
-
Jackson 3 API Plugin (
jackson3-api) -
SnakeYAML Engine API Plugin (
snakeyaml-engine-api)
-
- Controller CloudBees Assurance Program plugin changes since 2.541.3.36069
-
The following plugins have been added to the controller CloudBees Assurance Program since 2.541.3.36069:
-
Jackson 3 API Plugin (
jackson3-api) -
SnakeYAML Engine API Plugin (
snakeyaml-engine-api)
-
New Features
- Kubernetes Gateway API Beta
-
CloudBees CI on modern cloud platforms support of Kubernetes Gateway API as an alternative to Ingress-based routing is now in Beta.
CloudBees validates Gateway API with Istio and Envoy Gateway. Any implementation with Gateway API Core conformance is supported; Extended conformance (GEP-1619) is recommended for High Availability (HA) and High Scalability controllers.
For more information, refer to Kubernetes Gateway API for CloudBees CI on modern cloud platforms.
- HA-specific agents display
-
High Availability (HA) controllers now display a dedicated page listing agents. This page is shown by default instead of the standard Jenkins Nodes page, but a link is provided to access the original page if needed. Compared to the Jenkins Nodes page, the new agent view:
-
Hides cloned agents representing HA multiple executors by default; you can expand them to view details as needed.
-
Displays the replica to which each agent is connected, the build it is running (if applicable), and the launch log, depending on user permissions.
-
Indicates agent type (inbound permanent, outbound permanent, or cloud), which is significant for HA management.
-
Shows node monitor data aggregated from other replicas when available, currently after a delay.
-
Refreshes automatically.
-
- Added support for Swarm agents in HA controllers
-
HA controllers now include an optional integration with the Swarm plugin (
swarm), enabling Swarm agents to work reliably with high availability features such as multiple executors and rolling restarts.
Since the Swarm plugin is not in the CloudBees Assurance Program, you must upgrade the Swarm plugin on each controller before upgrading CloudBees CI; otherwise the CloudBees High Availability (Active/Active) Plugin (cloudbees-replication) will not start.
|
Feature Enhancements
- Removed deprecated CSRF proxy compatibility settings
-
Jenkins 2.543 removed the client IP address from CSRF crumb validation. As a result, the
crumbIssuerProxyCompatibilitysystem property (automatically set on HA controllers), theexcludeClientIPFromCrumbConfiguration as Code (CasC) attribute, and theOperationsCenter.CSRF.ProxyCompatibilityHelm value no longer have any effect and have been removed.
The externalTrafficPolicy=Local workaround on ingress-nginx, which was previously recommended to preserve client IP addresses for crumb validation, is also no longer necessary.
- Google Compute Engine plugin and HA controller agent enhancements
-
The Google Compute Engine plugin (
google-compute-engine) includes the following new features:-
For CloudBees CI HA controllers with idle agents enabled, a new Terminate idle agents during shutdown option is now available. When a replica goes down (for example, during a rolling restart), idle agents connected to that replica become orphaned and are not visible to other replicas. Although a periodic cleanup task eventually removes orphaned agents after approximately three hours, this delay can result in unnecessary resource consumption. To prevent this, enable the Terminate idle agents during shutdown option.
-
The
minimumNumberOfInstancesandminimumNumberOfSpareInstancessettings are now supported. Use these settings to keep prewarmed agents available for immediate builds. Minimum instance counts can be configured for specific time ranges and days of the week. This feature is similar to the functionality available in the Amazon EC2 plugin (ec2). -
You can now configure custom metadata key-value pairs for agent VMs. Previously, only implicit metadata settings such as
startup-scriptwere supported. The new configuration accepts any number of key-value pairs, including values that contain newline characters.
-
- Operations center now rejects controllers with an incompatible JDK
-
When the operations center runs a higher bytecode version than the controller JVM can execute, the operations center now marks the controller as disconnected. Previously, the controller appeared connected even though the communication was internally broken.
Resolved Issues
- CloudBees Role-Based Access Control plugin upgrade failure caused by Matrix Authorization Strategy plugin version requirement
-
When upgrading CloudBees CI from version 2.492.2.3 or later to 2.541.2.35785 or earlier, the CloudBees Role-Based Access Control plugin (
nectar-rbac) required version 3.2.9 of the Matrix Authorization Strategy plugin (matrix-auth). Because the Matrix Authorization Strategy plugin is no longer in the CloudBees Assurance Program (CAP), it was not automatically upgraded, causing the CloudBees Role-Based Access Control plugin (and any plugins that depend on it, including several relating to the operations center) to also fail to upgrade. This could result in errors or failures when starting the controller or operations center.
The CloudBees Role-Based Access Control plugin now requires a minimum of version 3.2.5 of the Matrix Authorization Strategy plugin, which has been in the CloudBees Assurance Program for over a year.
|
Upgrading CloudBees CI versions more than one year apart in a single step is not supported. |
- CloudBees Unify API endpoint is now configurable
-
CloudBees CI controllers can be integrated with CloudBees Unify to visualize CI jobs and builds, analyze test results, and orchestrate software releases. For deployments with a custom CloudBees Unify API endpoint, the endpoint is now configurable via the CloudBees CI UI or CasC bundle for controllers using the single-controller integration and opted-out controllers using multi-controller integration via the operations center. For opted-in controllers, the endpoint and other connection settings remain managed by the operations center and are not editable.
- Cached build logs were not deleted with CloudBees Pipeline Explorer
-
Cached build logs downloaded to
/tmp/jenkins/external-logsare now deleted after the 30-minute timeout. Previously, these logs were not being removed as expected.
- Node monitors were not synchronized across HA replicas
-
Changes to the configuration of node monitors in an HA controller were not propagated across replicas without a restart.
- Incorrect display of Approved Folders node monitor column in HA controller
-
In an HA controller, the Approved Folders node monitor column in the Nodes page incorrectly displayed content such as
… moreeven when no approved folders existed.