CloudOps for Kubernetes

3.2.x

Release Notes

3.2.3

New Features

  • SUP-3891: Added support for Commerce application specific Java Virtual Machine (JVM) parameters.

Bug Fixes

  • SUP-3907: Updated the ModSecurity Web Application Firewall rules to resolve an issue where special characters in password and cookie header fields are blocked.

3.2.2

New features

  • SUP-3909: Updated the pull-docker-images Jenkins job to start the dockerd runtime when needed, and with validation to confirm the process is running. Replaced the deprecated ecr get-login authentication command with the ecr get-login-password equivalent.
  • SUP-3919: Fixed Jenkins job build-jenkins-agents, which began failing in July 2024 due to an upstream dependency. For more information, see Job build-jenkins-agents Fails with Could not resolve host: mirrorlist.centos.org; Unknown error.

3.2.1

New features

  • CLOUD-3115: Updated the default Java version to v8u412.
  • CLOUD-3117: Adjusted to always use the public schema in a PostgreSQL database.
  • SUP-3768: Added a new TF_VAR_encrypt_ebs_volumes variable to docker-compose.yml, which allows you to specify if new Amazon Elastic Block Store (EBS) volumes are created as encrypted volumes. By default, this option is set to false.
    • For existing clusters, if you set this parameter to true and rerun setup, any EBS volumes subsequently created will be encrypted. Volumes of existing Kubernetes deployments and services (Jenkins, Nexus, search-primary) will not be affected or updated by updating this parameter. For information about rerunning setup to apply configuration changes, see Updating Cluster Configuration.
    • For new clusters, if you set this parameter to true before the initial setup, all EBS volumes will be created encrypted.
    • If you set this parameter to true and then rebuild the cluster node groups, the EBS volumes of the replacement nodes will be encrypted. For information about rebuilding the node groups, see Update EKS Node Groups.
  • CLOUD-3149: Defined a variable for the Terraform parameter progress_deadline_seconds used during Self Managed Commerce stack deployment, with the same default value of 1200 seconds.

Bug Fixes

  • CLOUD-3078: Resolved an issue with fluentd that caused multi-line logs, such as Java exception stack traces, to be split into multiple CloudWatch events, causing those log entries to be spread across multiple lines in CloudWatch logs. This only impacts users who enable CloudWatch logging by setting TF_VAR_aws_enable_cloudwatch_logging to true.
  • CLOUD-3128: Added the enabledTLSProtocols=TLSv1.2 parameter to MySQL connection strings to address the SSLHandshakeException: No appropriate protocol error that occurs when encryption protocol negotiation fails. This issue results from changes in Java 8 version 8u412 and above when connecting to Amazon Web Services Aurora MySQL database endpoints.
  • SUP-3859: Resolved Jenkins issue where credentials configured after deployment were not retained when the Jenkins pod restarted.

Deprecations & Removals

  • CLOUD-3150: Updated the multi-purpose-commerce-tool Jenkins job to remove the automatic restart of Self Managed Commerce applications after the data-pop tool is run.

3.2.0

New features

  • CLOUD-2375: Added support to deploy Aurora Mysql 8.0 clusters with the create-and-manage-database-server Jenkins job.
  • SUP-3269: Added TF_VAR_letsencrypt_email variable to docker-compose.yml, so users can receive emails from Let's Encrypt related to TLS certificate creation and renewal.
  • CLOUD-2770: Updated various Jenkins jobs to restart Self Managed Commerce applications after running the data-pop tool in an existing environment.
  • CLOUD-3019: Revised the cert-manager service to use an AWS Identity and Access Management (IAM) policy instead of user credentials when making changes to Route53.
  • CLOUD-3027: EKS add-on management during bootstrap docker-compose up has been revised to recover when add-on installation is in an inconsistent state. Additionally, installed add-on versions will be validated before and after the upgrade process.
  • CLOUD-3055: Added support for checking out tags in jobs that check out Self Managed Commerce code. When running Jenkins jobs that have the epCommerceBranch parameter, specify a tag as the value, and then the job will check out that tag if it exists in the ep-commerce project.
  • CLOUD-3060: Updated the default Tomcat version to 9.0.85.
  • CLOUD-3065: Updated parameters on the Kubernetes liveness and readiness probes for Commerce services, and added a new startup probe for Commerce services. Re-run the deploy-or-delete-commerce-stack job to apply these changes to existing Commerce environments.
  • CLOUD-3063: Updated Jenkins to v2.330, and revised the Helm template to remove unnecessary values and better utilize Jenkins Configuration-as-Code functionality. Additional changes include moving the default admin credentials to Terraform variables, and updating the default Jenkins agent container version.
  • CLOUD-3093: Added Matrix Authorization Strategy plugin to Jenkins deployment.
  • CLOUD-3100: Added TF_VAR_jenkins_overwrite_plugins variable to docker-compose.yml, which can be used to recover from conditions where a user-installed plugin prevents Jenkins from starting.
  • CLOUD-3101: Added a skipSnapshotVersionValidation parameter to the create-and-manage-database-server Jenkins job. When set to true, a Snapshot can be restored without validating that the snapshot version matches the target engine version.

Bug Fixes

  • SUP-3446: Exposed the epCommerceCredentialId Jenkins job parameter for all jobs that checkout Self Managed Commerce code.
  • CLOUD-3017: Corrected the description of security group rules in security groups created by the create-and-manage-database-server Jenkins job.
  • CLOUD-3059: Revised the cert-manager Terraform code to ensure IAM role is removed during a terraform destroy operation.
  • CLOUD-3058: Updated the parseOpsSpec function and related Jenkins jobs to ensure the ops-spec.json file is only read when needed.
  • CLOUD-3069: Added a step to the cluster upgrade process that cleans up the Jenkins Helm deployment of deprecated or removed Kubernetes APIs.

Deprecations & Removals

  • CLOUD-3035: MySQL 5.7 support is deprecated, and will be removed in a future release.
  • CLOUD-2789: Replaced externally-sourced retry command used in bootstrap docker-compose up with a built-in function.
  • CLOUD-2944: JMS environment variables have been removed from Jenkins job run-data-pop-tool.

See Deprecations and Removals.

Upgrade Instructions

For upgrade instructions, see Upgrading CloudOps for Kubernetes.

Last updated on 9/6/2024