CloudOps for Kubernetes

3.5.x

Release Notes

3.5.4

Bug Fixes

  • CLOUD-3519: Fixed an issue where the force-cleanup bootstrap mode would fail if the EKS cluster did not exist or had previously been removed.

3.5.3

New Features

  • CLOUD-3448: Updated the Maven command in Jenkins job run-cortex-system-tests to exclude setup-local-integration-test, for compatibility with the newest Self-Managed Commerce releases.

3.5.2

New Features

  • CLOUD-3449: Added a variable to docker-compose.yml for disabling version 1 of the AWS Instance Metadata Service on the EKS nodes. The default value for disable_imds_v1 is false, which keeps the behaviour consistent with previous versions of CloudOps for Kubernetes. Setting disable_imds_v1 to true would leave Instance Metadata Service version 2 enabled, which requires the use of a temporary token when accessing the metadata service. Out of the box functionality is compatible with both version 1 and version 2.
  • SUP-5050: Added a checksum annotation to the Jenkins Helm values file, which will trigger a Jenkins pod redeployment during docker-compose up if a variable value is changed. The checksum value is based on the Jenkins-specific variables defined in docker-compose.override.yml.
  • SUP-5090: Added a ModSecurity Web Application Firewall rule resolving an intermittent JSON parsing issue with incoming Jenkins webhook events. This rule only applies to webhooks configured with the generic-webhook-trigger plugin.
  • CLOUD-3464: Removed the PhantomJS binary from the Jenkins maven-agent image. This resolves maven-agent build failures related to PhantomJS downloads, and PhantomJS is no longer needed with recent Self-Managed Commerce releases.
  • CLOUD-3163: Added the create-and-manage-bastion-instance Jenkins job, which can be used to create a bastion instance in your environment. The bastion instance includes Kubernetes management tools, and access to the Elastic Kubernetes Service (EKS) cluster nodes.
  • CLOUD-3334: Added the extensionJob field to the commerce-branch-validation Jenkins job. This field can be used to trigger an additional Jenkins job to be run after the Cortex system tests complete.
  • CLOUD-3469: Added -Dsun.net.client.defaultConnectTimeout=10000 -Dsun.net.client.defaultReadTimeout=10000 to MAVEN_OPTS in the build-deployment-package, run-cortex-system-tests, run-recursive-commerce-tests, and run-select-commerce-tests Jenkins jobs. These timeout values should cause Maven HTTP transactions that become unresponsive to fail quickly rather than only failing when the Jenkins job timeout is reached.
  • CLOUD-3455: Added the stopServicesDuringDataPop parameter to the run-data-pop-tool Jenkins job. Setting this parameter to true will stop all Elastic Path Commerce application services before running the Data Population database operations. Selecting this option will cause an application outage.

Bug Fixes

  • SUP-4999: Changed the ActiveMQ pod liveness and readiness probes to use a status query command rather than a TCP connection test. In addition to providing a more complete healthcheck, this eliminates EOFException log messages caused by the previous TCP check.

3.5.1

New Features

  • CLOUD-3416: Added variables to docker-compose.yml for configuring HAProxy connection timeout values. If these variables are not defined in docker-compose.override.yml, the default values shipped with HAProxy will be used.
  • CLOUD-3406: Added Resource Profiles to the create-or-delete-activemq-container Jenkins job. The ActiveMQ Resource Profile allows specifying additional Java Virtual Machine (JVM) parameters with the EP_ACTIVEMQ_X_JVM_ARGS variable. See Configure ActiveMQ Container for more information.
  • CLOUD-3401: Added the MAXIMUM_CONNECTIONS variable to the ActiveMQ Resource Profile. This variable allows specifying the maximum simultaneous incoming connections accepted by ActiveMQ. See Configure ActiveMQ Container for more information.
  • CLOUD-3427: Updated the Jenkins configuration to install the latest version of all plugins.
  • CLOUD-3439: Improved the clean-up of EKS add-ons to programatically discover add-ons and to better handle error messages.

Bug Fixes

  • SUP-4974: Resolved an issue with the commerce-branch-validation Jenkins job where setting the build description failed when it is triggered by a custom pipeline.

3.5.0

New Features

  • CLOUD-3204: Updated Jenkins version to version 2.497. The new Jenkins version includes changes that required updates to nearly all Jenkins pipelines.

    warning

    Your custom pipelines may break with this change. Ensure that you review and update custom pipelines to be compatible with the new Jenkins version. Refer to Update to Version 3.5 for all of the information for completing the upgrade. Details about the Jenkins pipeline changes are available in Jenkins Upgrade in release 3.5.

  • CLOUD-3358: Updated the Kubernetes version to 1.32. For more information about the required timeline to complete the upgrade, see End of Standard Support for EKS 1.31. Additional component version updates to support this change are as follows:

    • The kube-proxy add-on was updated to v1.32.0-eksbuild.2
    • The kubectl version was updated to v1.32.0
    • The cordedns add-on was updated to v1.11.4-eksbuild.2
    • The eksctl version was updated to v0.203.0
    • The metrics server add-on was updated to v0.7.2-eksbuild.2
    • The Helm 3 version was updated to v3.17.0
    • The cert manager helm chart was updated to v1.15.5
    • The cilium helm chart was updated to v1.17.0
    • The cluster autoscaler version was updated to v1.32.0
    • The EBS driver helm chart was updated to v2.39.3
    • The fluentd version was updated to v1.18.0-debian-cloudwatch-amd64-1.2
    • The Jenkins helm chart was updated to v5.7.26
    • The Jenkins version was updated to v2.497-jdk17
    • The kube-state-metrics version was updated to v2.15.0
    • The Kubernetes dashboard version was updated to v7.10.4
    • The overprovisioning pause version was updated to v1.32.1-eks-1-32-5
    • The overprovisioning autoscaler was updated to v1.9.0

  • SUP-4522: Added a new TF_VAR_jenkins_overwrite_config variable to docker-compose.yml, which allows you to control whether the base Jenkins configuration is reset to the shipped defaults on each pod start. Setting this variable to true will overwrite custom configurations made through the Jenkins UI. By default, this variable is set to false.

  • CLOUD-3296: Added timestamps to Maven build output. Updated the configuration of Maven-related Jenkins jobs so that log output generated by Maven will now include timestamps.

  • CLOUD-3293: Added a new TF_VAR_enable_new_relic_k8s_data variable to docker-compose.yml, which allows operators to configure the New Relic agent to stop sending Kubernetes metrics data to New Relic, if desired. By default, this variable is set to false, keeping the behaviour consistent with previous CloudOps for Kubernetes releases.

  • SUP-4694: Updated the build-data-pop Jenkins job to support using amazonlinux-java as the base image. This feature requires version 4.4.7 or later of the Elastic Path Docker project.

  • CLOUD-3381: Updated the Dockerfile used during docker-compose up to pin the Alpine and Ubuntu Linux versions. The Ubuntu version has been updated to the latest Long-Term Support release.

  • CLOUD-3362: Replaced the Terraform metrics-server deployment with an EKS add-on deployment of metrics-server defined in the eksctl.yaml.mo-template file.

  • CLOUD-3380: Disabled Auto minor version upgrade in Amazon Relational Database Service (RDS) for the postgres-rds database type, to match the setting used for MySQL database types. This change will only apply when the create-and-manage-database-server Jenkins job is run to update an existing database, or to deploy a new database.

  • CLOUD-3377: Updated the create-and-managed-database-server Jenkins job to set the PostgreSQL RDS recommended version to 14.15. This change only applies if databaseType is set to postgres-rds and useRecommendedVersion is set to true.

  • CLOUD-3366: Added three new Jenkins users with varything levels of permissions. These new users provide an option for running jobs without using the Jenkins admin user. See Login Credentials for more information.

Bug Fixes

  • SUP-4747: Resolved an issue that prevented the New Relic pods from collecting and sending metrics when TF_VAR_enable_new_relic_k8s_data is set to false in docker-compose.override.yml.
  • SUP-4815: Updated the ModSecurity Web Application Firewall (WAF) configuration to disable rules that in rare circumstances may block Self Managed Commerce connections.
  • CLOUD-3107: Updated the docker-compose up process to better handle any existing unmanaged DNS zones. Terraform will continue to manage existing DNS zones and provision new managed zones, keeping the behaviour consistent with previous CloudOps for Kubernetes releases.
  • CLOUD-3329: Updated code to improve the reliability of resource cleanup when running docker-compose up with TF_VAR_bootstrap_mode set to force-cleanup in docker-compose.override.yml.
  • CLOUD-3339: Updated cert-manager Terraform code to allow complete removal of resources when running docker-compose up with TF_VAR_bootstrap_mode set to either cleanup or force-cleanup in docker-compose.override.yml.
  • CLOUD-3356: Revised code that is executed when TF_VAR_bootstrap_mode is set to force-cleanup, ensuring that Elastic Block Store volumes for deleted resources are reliably removed.
  • CLOUD-3364: Improved the reliability of code used to check for existing Route53 domains, and moved this check to the beginning of the docker-compose up process.
  • CLOUD-3365: Added Kubernetes liveness and readiness probes to the New Relic agent deployment to better detect when the New Relic agent is unhealthy.
  • CLOUD-3382: Corrected a parameter validation issue in the multi-purpose-commerce-tool Jenkins pipeline that caused the warning message "unless deleteOldStack or deleteNewStack are specified, deleteDatabase and deleteActiveMQ do nothing" to be printed in the console when the related parameters were correctly specified.
  • CLOUD-3386: Revised code used to parse the ops-spec.json file to correctly handle conditions where the source repository cannot be read. The parsing process will now fail with a descriptive message when an error condition occurs.
  • SUP-4905: Updated the service account configuration used by recent versions of the Kubernetes Dashboard Helm chart. See Post Bootstrap Tasks for updated login instructions.

Upgrade Instructions

For upgrade instructions, see Upgrading CloudOps for Kubernetes.

Last updated on 8/21/2025