CloudOps for Kubernetes

2.11.x

Release Notes

2.11.8

Bug fixes

  • CLOUD-2975: Set Alpine Linux container image version to 3.18.5 for compatibility with the AWS CLI.

2.11.7

Bug fixes

  • SUP-2584: Updated cluster-autoscaler image source to replace deprecated gcr.io URL.

2.11.6

Bug fixes

  • CLOUD-2784: Hard coded the mo version to 2.4.1 because the latest release is incompatible with the version of bash used by CloudOps for Kubernetes.
  • CLOUD-2781: Updated URL for mo to bypass an HTTP redirect and improve the reliability of the download.

2.11.5

Bug fixes

  • CLOUD-2711: Install the bash package before building the Jenkins job build-jenkins-agents to fix the error env: can't execute 'bash': No such file or directory when building the Jenkins agents.

2.11.4

Bug fixes

  • CLOUD-2709: Adjusted how the loginToAWS function attempts retries on failure.

2.11.3

Bug fixes

  • CLOUD-2695: Added sleep(10) before code checkouts in Jenkins jobs to reduce the occurrence of an unable to create new native thread error that causes jobs to occasionally fail. This workaround was described in Jenkins issue JENKINS-65873.
  • SUP-2070: Updated the wait-for-pod.sh script to retry the AWS authentication when aws cli commands return with an error. This will make Jenkins jobs, including the run-data-pop-tool job, more resilient to AWS API errors.

2.11.2

Bug fixes

  • SUP-1670: Fixed a bug in the ActiveMQ and Self Managed Commerce deployments in the multi-purpose-commerce-tool Jenkins if allowOpenAccess is set to true for a 0.0.0.0/0 allow list.
  • SUP-1690: Fixed a bug in the bootstrap setup process of CloudOps for Kuberenetes, where AWS CodeCommit URLs were interpreted as invalid.

2.11.1

Bug fixes

  • CLOUD-2604 Fixed a bug with Kubernetes API version mismatching that caused warnings to appear in job logs.
  • CLOUD-2611: Fixed a bug in the setup of the cluster, where the old and undocumented method of setting up Extensions repositories was corrupting the extensions-config ConfigMap and breaking Jenkins jobs.
  • SUP-1670: Changed the URL of the kube-state-metrics image.

2.11.0

New features

  • CLOUD-362: Build and run the Self Managed Commerce images with the non-root user app_runner with user ID 10001. This includes the creation of a user home directory, /home/app_runner.

Ensure that you do the following while upgrading to CloudOps for Kubernetes release 2.11.x:

- CloudOps for Kubernetes release `2.11.x` requires non-root Self Managed Commerce containers due to security context changes. All containerized Self Managed Commerce services must run as a user with user ID 10001. As a result, CloudOps for Kubernetes release `2.11.x` requires that you upgrade your Elastic Path Docker release to `4.2.x`.
- You must rebuild all container images with Elastic Path Docker release `4.2.x`
- You must update the containers of all components in your Self Managed Commerce environments to use the new non-root containers. This includes Self Managed Commerce services deployed by the `deploy-or-delete-commerce-stack` Jenkins job, ActiveMQ services deployed by the `create-or-delete-activemq-container` job, and any containerized MySQL database services deployed by the `create-or-delete-mysql-container` job.

For information on how to upgrade from CloudOps for Kubernetes v2.10.x and update any existing EP Commerce stacks, see Update from version 2.10.0.

  • CLOUD-501: Added a PersistentVolumeClaim to all Commerce services so that Java heap dumps will be available to troubleshoot errors such as OutOfMemory errors. For information on how to retrieve the heap dump files see Getting the Heap Dump of a Self Managed Commerce Application.
  • CLOUD-2389: Introduced individual max_surge and max_unavailable values to the Self Managed Commerce services, excluding search master.
  • CLOUD-2514: Added a new Jenkins job called use-existing-database-server that will create a new database or register an existing database on an existing database server to be used in a Self Managed Commerce deployment.
  • CLOUD-2551: Updated the Jenkins IAM policy and removed any unused permissions.
  • CLOUD-2564: Updated the implementation of the multi-purpose-commerce-tool Jenkins job to find the cause of failures easily. The job no longer rely on the functions in the job, and makes getting information about each job and the failed child job easier. The job is also updated so that the log of child jobs is not printed in the console of the parent job, which shows the failed job in the parent job log. Finally, the functions that call the child jobs are from the shared library lib/buildlib.groovy, simplifying the Jenkinsfile of the multi-purpose-commerce-tool job.
  • CLOUD-2558: Added the create-and-manage-database-server Jenkins job. This job supports the creation and management of Aurora MySQL RDS clusters as well as PostgresSQL RDS database instances. Self Managed Commerce version 8.3 and later supports PostgresSQL database servers. For more information on the creation and management of these database servers, see here.
  • CLOUD-2578: Removed the HADeploy deployment option from the create-or-delete-activemq-container Jenkins job. This disables the Highly Available (HA) deployment option and forces all new deployments to be single instance with an Elastic File System (EFS) volume. Existing HA ActiveMQ deployments can be migrated from the Jenkins job through a multi-step confirmation process. Existing single instance ActiveMQ deployments with an Elastic Block Store (EBS) volume cannot be migrated and must be destroyed and recreated in a new single instance EFS volume format. The architecture change was applied to prevent the scenario where an EFS volume is disconnected. This might lead to multiple active brokers and a corrupted ActiveMQ state. For detailed explanation of the scenario and the Self Managed Commerce Outbox Pattern patch, see here.
  • CLOUD-2462 Removed the options to deploy Grafana and Prometheus tools.
  • CLOUD-2481 Added the manage-secure-config Jenkins job in the Commerce Deploy view. This job manages a Kubernetes secret that stores all of the necessary information that is created in the Injecting Commerce Configuration at Runtime documentation. The manage-secure-config Jenkins job is now the recommended way to manage the credentials and the repository configuration used in secure Self Managed Commerce deployments. The run-data-pop-tool Jenkins job can also now optionally consume the secret created by the manage-secure-config Jenkins job when the data-pop tool is ran. Using the parameters for secure Self Managed Commerce deployments in the deploy-or-delete-commerce-stack, Jenkins job is now deprecated.
  • CLOUD-2527 Introduced a new Extensions framework that allows users to extend the capabilities of CloudOps for Kubernetes. The framework allows users to create and use Extensions Git repositories with custom Jenkins jobs. For steps to import and configure an Extensions repository, see here. For more documentation describing the benefits of using the Extensions framework to extend CloudOps for Kubernetes, see here. Jobs written for Extensions repositories can be used to store custom configuration values to wrap around default jobs in CloudOps for Kubernetes, or can contain custom functionality and infrastructure code for completely new jobs that are not supported in CloudOps for Kubernetes. An Extensions repository follows a specific architecture to be properly consumed and tracked by the Extensions framework. For more information about the architecture behind the framework and an Extensions repository, see here. We recommend you to write your own Extensions repository to bring customization in CloudOps for Kubernetes clusters. For more information on how to write an Extensions repository, see here.
  • CLOUD-2572: Upgraded ActiveMQ in the Docker repository to version to 5.16.4. If you want to consume the CLOUD-2572 change in an existing ActiveMQ deployment in CloudOps for Kubernetes, do the following steps outlined here.
  • SUP-1158: Decreased the frequency of the cleanup-release-artifacts Jenkins job. The numberOfVersionsToKeep and Cleanup EP-Release Artifacts Nexus configuration value was increased from 0 to 10. To change the numberOfVersionsToKeep, the Nexus configuration change must be applied through a configuration reset. For more information on the management of Nexus and the new Jenkins job, see Manage Nexus Artifacts. Added the modify-cleanup-release-artifacts-schedule Jenkins job to the new Nexus view in Jenkins. The new job configures the schedule that the cleanup-release-artifacts runs in a persistent way so that it is not overwritten to the default when Jenkins restarts or the bootstrap Jenkins job runs.

Bug fixes

  • CLOUD-2117: Changed MAVEN_OPTS to use a smaller default heap size for maven containers.
  • CLOUD-2464: Updated the implementation of the commerce-branch-validation and commerce-test-and-deploy Jenkins jobs to find the cause of failures easily. The jobs no longer rely on the multi-purpose-commerce-tool job, instead the job calls child jobs directly, and makes getting information about each job and the failed child job easier. The jobs are also updated so that the log of child jobs is not printed in the console of the parent job, which shows the failed job in the parent job log. Finally, the functions that call the child jobs are added into the shared library lib/buildlib.groovy, simplifying the Jenkinsfiles of the commerce-branch-validation and commerce-test-and-deploy Jenkins jobs.
  • CLOUD-2517: Removed the importation of the eplib groovy library from the buildlib groovy library.
  • CLOUD-2518: Updated minimum Identity and Access Management (IAM) policy to exclude Web Application Firewall (WAF) and Shield resources.
  • CLOUD-2519: Added specific exceptions to the ModSecurity Web Application Firewall (WAF) rules for Grafana.
  • CLOUD-2539: Added custom rules to the ModSecurity Web Application Firewall (WAF) to mitigate against Log4Shell CVE-2021-44228.
  • CLOUD-2577: Updated the deploy-or-delete-commerce-stack Jenkins job, so that web links, to access services of the deployed Self Managed Commerce stack, are printed in the job’s build console output. Corrected some minor spelling and text formatting errors in the descriptions of various Jenkins jobs and parameters, in the Jenkins user interface.
  • CLOUD-2591: Hard coded the eksctl version to 0.90.0 to avoid sending the overrideBootstrapCommand commands to the eksctl template.
  • CLOUD-2604: Hard coded the kubectl version to 1.21 in the Jenkins agent containers and the bootstrap container to match the version of the Kubernetes cluster.
  • SUP-1014: Adjusted the JAVA_OPTS environment variable in the Jenkins agent containers to correct the java.lang.OutOfMemoryError: unable to create new native thread error.
  • SUP-1158: Fixed a bug in the cleanup-release-artifacts Jenkins job when referencing the wrong Jenkins view.
  • SUP-1607: Work around aws-cli bug 6920 that causes kubectl commands to fail due to an improperly-formatted kubeconfig file.
Last updated on 7/31/2024