CloudOps for Kubernetes

3.1.x

Release Notes

3.1.6

Bug Fixes

  • SUP-3907: Updated the ModSecurity Web Application Firewall rules to resolve an issue where special characters in password and cookie header fields are blocked.

3.1.5

New features

  • SUP-3909: Updated the pull-docker-images Jenkins job to start the dockerd runtime when needed, and with validation to confirm the process is running. Replaced the deprecated ecr get-login authentication command with the ecr get-login-password equivalent.
  • SUP-3919: Fixed Jenkins job build-jenkins-agents, which began failing in July 2024 due to an upstream dependency. For more information, see Job build-jenkins-agents Fails with Could not resolve host: mirrorlist.centos.org; Unknown error.

3.1.4

New features

  • CLOUD-3115: Updated the default Java version to v8u412.
  • CLOUD-3117: Adjusted to always use the public schema in a PostgreSQL database.

Bug Fixes

  • CLOUD-3128: Added the enabledTLSProtocols=TLSv1.2 parameter to MySQL connection strings to address the SSLHandshakeException: No appropriate protocol error that occurs when encryption protocol negotiation fails. This issue results from changes in Java 8 version 8u412 and above when connecting to Amazon Web Services Aurora MySQL database endpoints.

3.1.3

New features

  • CLOUD-3027: Revised EKS add-on management during bootstrap docker-compose up to recover when add-on installation is in an inconsistent state. Additionally, installed add-on versions will be validated before and after the upgrade process.

Bug Fixes

  • CLOUD-3089: Fixed error due to missing binary in the pull-docker-images Jenkins job by replacing dockerd with containerd.
  • CLOUD-3090: Fixed authorization error when reading instance metadata by explicitly enabling Instance Metadata Service version 1 in the EKS node group configuration.

3.1.2

New features

  • CLOUD-3055: Added support for checking out tags in jobs that check out Self Managed Commerce code. When running Jenkins jobs that have the epCommerceBranch parameter, specify a tag as the value, and then the job will check out that tag if it exists in the ep-commerce project.
  • CLOUD-3060: Updated the default Tomcat version to 9.0.85.
  • CLOUD-3069: Added a step to the cluster upgrade process that cleans up the Jenkins Helm deployment of deprecated or removed Kubernetes APIs.

3.1.1

Bug Fixes

  • SUP-3269: Added TF_VAR_letsencrypt_email variable to docker-compose.yml, with associated text explaining its use.
  • SUP-3276: Updated the optional ModSecurity Web Application Firewall DaemonSet configuration to use the currently recommended default values. Additionally, updated the Terraform code to define the version of ModSecurity Web Application Firewall to be deployed, and moved pod memory and CPU values to variables. These changes do not impact firewall rules.
  • SUP-3446: Exposed the epCommerceCredentialId Jenkins job parameter for all jobs that checkout Self Managed Commerce code.
  • CLOUD-3050: Restored the containerUser parameter to Jenkins jobs, which was previously removed in CloudOps for Kubernetes release 3.1.0. This will allow deploying application images built to run as root when required.

3.1.0

New features

  • CLOUD-2793: Updated the Kubernetes version to 1.28. For more information on the changes, see End of Support for EKS 1.25.
  • CLOUD-2694: Added support for the MySQL 8.0 container image build and deploy tools provided in Elastic Path docker release 4.5.x.
    • A new mysqlVersion parameter is added to Jenkins jobs that build the mysql container image, to support building either MySQL 5.7 or MySQL 8.0 images. The default is MySQL 5.7.
    • The build-mysql job looks for the ThirdPartyBuildFiles/MysqlImageBuilder.sh script, introduced in Elastic Path docker release 4.5.x, when building the mysql container images.
    • The create-or-delete-mysql-container job now runs mysql containers with a different security-context, and uses a different command for liveness and readiness probes.
    • For more information about the changes in the Elastic Path docker Git repository see the entry for CLOUD-2426 in the project's CHANGELOG.md.
  • CLOUD-2934: Increased the memory of the fluentd container, which is deployed as a daemonset when CloudWatch logging is enabled, to 800m. This change is to avoid the rare case where the fluentd pods are OOMKilled by Kubernetes when the system is under extremely heavy load.
  • CLOUD-2947: Updated the ActiveMQ version defined in the default ops-spec.json file to 5.16.7.
  • SUP-2978: Updated the ModSecurity Web Application Firewall (WAF) configuration to allow the HTTP PATCH method. For information about the optional ModSecurity WAF, see Manage the Web Application Firewall.
  • CLOUD-2970: Updated scripts executed during bootstrap docker-compose up to include timestamps and minimize unnecessary console output. Updated Terraform-specific scripts to minimize unnecessary output in the Jenkins job logs.
  • CLOUD-2853: Added code to bootstrap docker-compose up, which detects mismatches between defined CloudOps for Kubernetes versions and the deployed Kubernetes components. When version mismatches are detected, a warning message is displayed to help users avoid operational issues caused by not applying necessary component upgrades.
  • CLOUD-2951: Updated bootstrap docker-compose up to only display Terraform output when infrastructure changes are applied.
  • CLOUD-2946: Adjusted the use-existing-database-server Jenkins job to only create the resources necessary for a Self Managed Commerce stack in CloudOps for Kubernetes to use an existing database server. It no longer creates new databases or user credentials to ensure that new databases and user credentials are only created by the data-pop tool.
  • CLOUD-2954: Adjusted the use-existing-database-server Jenkins job to include support for Aurora MySQL 8 RDS database clusters. The options in the choice parameter databaseType are renamed from aurora-mysql and postgres-rds to mysql and postgres.

Bug Fixes

  • CLOUD-2832: Updated the update-terraform-provider-path.sh script to include the Terraform provider local.
  • CLOUD-2929: Adjusted the multi-purpose-commerce-tool Jenkins job to allow the data-pop tool to run when runDataPop is selected but the database choice is no-database, as long as the database secret exists in the namespace.
  • CLOUD-2948: Resolved an issue preventing the kube-proxy and coredns EKS add-ons from being updated.
  • CLOUD-2968: Reduced the maven-large container memory requirements to address a scheduling issue with the cluster autoscaler. Updated the run-cortex-system-tests Jenkins job to use the maven-small container image.
  • CLOUD-2953: Updated delete_route53_records.py to ensure it performs a complete removal of Route53 records when TF_VAR_bootstrap_mode is set to force-cleanup.
  • SUP-3019: Revised AWS authentication code used by Jenkins in order to support automatic session renewal for long-running jobs.
  • CLOUD-2975: Set Alpine Linux container image version to 3.18.5 for compatibility with the AWS CLI.
  • CLOUD-2974: Updated validation of EP_CORS_ALLOWED_ORIGINS to allow URLs to include a port number.

Deprecations & Removals

  • CLOUD-2963: Removed documentation describing possible multiple-cluster architecture, and removed the ability to enable the create-additional-kubernetes-cluster Jenkins job.
  • CLOUD-2507: Removed all deprecated code related to Azure deployment.
  • CLOUD-3005: Removed unnecessary Terraform provider address upgrade script.
  • CLOUD-2983: Removed all deprecated code related to running Self Managed Commerce containers as root.
  • CLOUD-2848: Removed the deprecated create-or-delete-mysql-server Jenkins job.
  • CLOUD-2977: Removed and disabled support for the Self Managed Commerce Account Management API microservice.

See Deprecations and Removals.

Upgrade Instructions

For upgrade instructions, see Upgrading CloudOps for Kubernetes.

Last updated on 9/6/2024