Merge branch 'development' into 'master'

Development See merge request !44

Merge branch 'development' into 'master'
Development See merge request !44
0a961f33 · Andy Maksymowicz · b2feb27d · fc56badb · 0a961f33 · b2feb27d
Commit 0a961f33 authored Feb 09, 2021 by Andy Maksymowicz
20 changed files
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,15 +41,12 @@ ENTRYPOINT ["tini", "--", "/usr/local/bin/launch.sh"]
 HEALTHCHECK --interval=5m --timeout=3s \
  CMD curl -fsL ${JENKINS_URL}/login || exit 1

-LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt"
-LABEL release=4c482ecc2d194d4868ade0a8cb5f773a3ab1c0d5
-LABEL version=2.249.2.3
+# LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt"
+# LABEL release=69f7102311718b7e0fbed31edb877f1352ca5cf1
+# LABEL version=2.263.2.4-ra

-ARG TARBALL=files.tar
-COPY ${TARBALL} /tmp
-RUN cd / && \
-    tar xvf /tmp/files.tar && \
-    rm /tmp/files.tar
+COPY files.tar /tmp
+RUN cd / && tar xvf /tmp/files.tar && rm /tmp/files.tar
 COPY scripts/ /

 RUN chmod +x /usr/local/bin/*.sh && \
@@ -68,7 +65,7 @@ ENV VOLUME_SERVICE=http://localhost:31080
 ENV TENANT=cjoc
 ENV JENKINS_VARIANT=cjoc

-LABEL name="CloudBees CI Operation Center" \
-      vendor="CloudBees, Inc." \
-      summary="CloudBees CI is the continuous delivery platform architected for the enterprise" \
-      description="This container image will deploy one instance of CloudBees CI Operations Center."
+# LABEL name="CloudBees CI Operation Center"
+# LABEL vendor="CloudBees, Inc."
+# LABEL summary="CloudBees CI is the continuous delivery platform architected for the enterprise"
+# LABEL description="This container image will deploy one instance of CloudBees CI Operations Center."
--- a/Jenkinsfile
+++ b/Jenkinsfile
-@Library('DCCSCR@master') _
-dccscrPipeline(version: '2.249.2.3')
--- a/LICENSE.adoc
+++ b/LICENSE.adoc
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image
 For each image, all files other than UBI and native packages
 are included in a `files.tar` marked with a SHA-256 checksum.

-A version of CloudBees CI is given in the format `2.249.2.3`
+A version of CloudBees CI is given in the format `2.263.2.4-ra`
 where the first three components are aligned with a Jenkins LTS.
 The Helm chart is coversioned with `core-oc`.
 The `core-mm` image typically shares the same version,
@@ -22,13 +22,13 @@ plus whatever other customizations are desired:
 ```yaml
 OperationsCenter:
  Image:
-    dockerImage: your-registry/core-oc:2.249.2.3
+    dockerImage: your-registry/core-oc:2.263.2.4-ra
 Master:
  Image:
-    dockerImage: your-registry/core-mm:2.249.2.3
+    dockerImage: your-registry/core-mm:2.263.2.4-ra
 Agents:
  Image:
-    dockerImage: your-registry/agent:2.249.2.3
+    dockerImage: your-registry/agent:2.263.2.4-ra
 ```

 and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart:

--- a/download.json
+++ b/download.json
-{
-  "resources": [
-    {
-      "url": "https://downloads.cloudbees.com/dsop-files/core-oc-files-de64bf3a7e6d55e0c13bcf7ddbc72ef820c76548e6d18b4c1d990215e4773698.tar",
-      "filename": "files.tar",
-      "validation": {
-        "type": "sha256",
-        "value": "de64bf3a7e6d55e0c13bcf7ddbc72ef820c76548e6d18b4c1d990215e4773698"
-      }
-    }
-  ]
-}
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
+apiVersion: v1
+name: cloudbees/core/core-oc
+tags:
+- "2.263.2.4-ra"
+- latest
+labels:
+  org.opencontainers.image.title: "core-oc"
+  org.opencontainers.image.description: "CloudBees CI (core-oc subcomponent)"
+  org.opencontainers.image.licenses: proprietary
+  org.opencontainers.image.url: https://docs.cloudbees.com/docs/cloudbees-ci/
+  org.opencontainers.image.vendor: CloudBees
+  org.opencontainers.image.version: "2.263.2.4-ra"
+  mil.dso.ironbank.image.keywords: cicd
+  mil.dso.ironbank.image.type: commercial
+  mil.dso.ironbank.product.name: CloudBees CI
+args:
+  BASE_IMAGE: "redhat/openjdk/openjdk8-devel"
+  BASE_TAG: "1.8.0"
+resources:
+- filename: files.tar
+  url: https://downloads.cloudbees.com/dsop-files/core-oc-files-fdaeb7127afa7670743296125be0d1782e152c6ec14bca5e62ec69ef5d667901.tar
+  validation:
+    type: sha256
+    value: "fdaeb7127afa7670743296125be0d1782e152c6ec14bca5e62ec69ef5d667901"
+maintainers:
+- email: productivity-team@cloudbees.com
+- email: andre.maksymowicz@centauricorp.com
--- a/helm/.helmignore
+++ b/helm/.helmignore
+README.md.gotmpl
+.gitignore
+.helmignore
--- a/helm/Chart.yaml
+++ b/helm/Chart.yaml
-apiVersion: v1
-appVersion: 2.249.2.3
-description: The Continuous Delivery Solution for Enterprises
-engine: gotpl
+name: cloudbees-core
 home: https://www.cloudbees.com/products/continuous-integration
+apiVersion: v1
+appVersion: 2.263.2.3
+version: 3.25.3
+description: Enterprise Continuous Integration with Jenkins
 icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff91035050e3f2a8ff37bc0615b5/cloudbees-core-logo_header.svg
 keywords:
- cloudbees
- jenkins
-name: cloudbees-core
-version: 3.22.0-DEVELOPMENT
+  - cloudbees
+  - jenkins
+engine: gotpl
+
--- a/helm/README-template.md
+++ b/helm/README-template.md
+# cloudbees-core
+
+![Version: 3.25.3](https://img.shields.io/badge/Version-3.25.3-informational?style=flat-square) ![AppVersion: 2.263.2.3](https://img.shields.io/badge/AppVersion-2.263.2.3-informational?style=flat-square)
+
+[CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides:
+
+* DevOps at scale
+* Resilience and high availability
+* Easy management
+* Enterprise grade security
+
+## TL;DR;
+
+```console
+$ helm repo add cloudbees https://charts.cloudbees.com/public/cloudbees
+$ helm install cloudbees/cloudbees-core --name <release name>
+```
+
+## Introduction
+
+This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+  - Kubernetes 1.14 or higher
+  - Helm 3.0.2 or higher
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 |
+| https://charts.helm.sh/stable | nginx-ingress | 1.40.2 |
+| https://kubernetes.github.io/ingress-nginx | ingress-nginx | 2.15.0 |
+
+## Installing the Chart
+
+### Default installation
+
+To install the chart with the release name `cloudbees-core` and hostname `cloudbees-core.example.com`. The default installation requires nginx-ingress controller to be installed. The chart can install the nginx-ingress controller for you. This installation is described in the next section.
+
+```console
+$ helm install cloudbees/cloudbees-core \
+       --name cloudbees-core \
+       --set OperationsCenter.HostName='cloudbees-core.example.com'
+```
+
+The command deploys CloudBees CI on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+### Ingress Controller Installation
+
+The chart is designed, so it can install an ingress-nginx controller.
+The `"ingress-nginx".Enabled` field controls ingress controller installation and setup.
+To install the chart with the release name `cloudbees-core` and hostname cloudbees-core.example.com.
+
+```console
+$ helm install cloudbees/cloudbees-core \
+       --name cloudbees-core \
+       --set "ingress-nginx".Enabled=true
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `cloudbees-core` deployment:
+
+```console
+$ helm delete cloudbees-core
+```
+> **NOTE**: The current version of the CloudBees CI Helm Chart only manages the Operation Center.
+Users should manage Managed Master using Operation Center.
+
+The `helm delete` command stops the CloudBees CI deployment than removes the OperationsCenter Center.
+The release is still stored in the Helm database, but it will now have the status deleted.
+If you wish to completely remove the release, use the following variation of the `helm delete` command.
+
+```console
+$ helm delete cloudbees-core --purge
+```
+
+> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data loss.
+You will need to use the `kubectl delete pvc` command to delete the persistent volume claims.
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+Please refer to the chart `values.yaml` to get the exhaustive list of values that can be customized.
+The easiest way to consult it is through the command `helm inspect values cloudbees/cloudbees-core`.
+
+Each property can override a default value with a value that specific to your Kubernetes cluster
+You can provide this values using the `--set` flag on the Helm command line.
+
+Helm also support merging values files together, so that you can create a YAML file for each environment.
+
+### Environment Property Value Files
+Helm provides the option to use a custom property values file to override the default values set in the `values.yaml` file.
+CloudBees recommends creating a custom properties file to override the default for your environments, instead of directly editing the included values.yaml file.
+
+To use an environment property value file with Helm, use the -f option as shown in the following example:
+`helm install cloudbees-core --name cloudbees-core -f example-values.yaml`
+
+You can download the latest version of the `example-values.yaml` file from CloudBees Examples GitHub repository at https://github.com/cloudbees/cloudbees-examples/tree/master/helm-custom-value-file-examples.
+
+## Additional Documentation
+CloudBees provides complete and more detailed installation and operation documentation on the CloudBees web site at https://docs.cloudbees.com/docs/cloudbees-ci/latest/kubernetes-install-guide/
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| Agents.Enabled | bool | `true` | Enable to create agent resources (service account, role) |
+| Agents.Image.dockerImage | string | `"@@IMAGE_PREFIX@@/agent:@@IMAGE_TAG@@"` | Used to override the default docker image used for agents |
+| Agents.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets |
+| Agents.SeparateNamespace.Create | bool | `false` | If true, the second namespace will be created when installing this chart. Otherwise, the existing namespace should be labeled with `cloudbees.com/role: agents` in order for network policies to work. |
+| Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. |
+| Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. |
+| Hibernation.Enabled | bool | `false` | Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature |
+| Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image |
+| Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy |
+| Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets |
+| Hibernation.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
+| Hibernation.Tolerations | list | `[]` | Specify tolerations for the Hibernation Monitor pod. See [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
+| Master.Enabled | bool | `true` | Whether to create the resources required to schedule masters. |
+| Master.Image.dockerImage | string | `"@@IMAGE_PREFIX@@/core-mm:@@IMAGE_TAG@@"` | Used to override the default docker image |
+| Master.JavaOpts | string | `nil` | Additional Java options to pass to managed masters. For example, setting up a JMX port |
+| Master.OperationsCenterNamespace | string | `nil` | When deploying Master resources, this grants an Operations Center deployed in another namespace the right to deploy masters |
+| NetworkPolicy.Enabled | bool | `false` | Enable only if the cluster supports it. Read the [documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to understand what this is about. |
+| NetworkPolicy.JMXSelectors | list | `[]` | Custom selectors for accessing JMX port |
+| NetworkPolicy.ingressControllerSelector | list | `[]` | Custom selector for the ingress-controller |
+| OperationsCenter.AgentListenerPort | int | `50000` | Container port for agent listener traffic |
+| OperationsCenter.Annotations | object | `{}` | Additional annotations to put on the pod running Operations Center |
+| OperationsCenter.CSRF.ProxyCompatibility | bool | `false` | Proxy compatibility for the default CSRF issuer |
+| OperationsCenter.ContainerPort | int | `8080` | Container port for http traffic |
+| OperationsCenter.ContextPath | string | `"/cjoc"` | the path under which Operations Center will be accessible in the given host. |
+| OperationsCenter.Enabled | bool | `true` | Disable for particular use case like setting up namespaces to host masters only |
+| OperationsCenter.HealthProbeLivenessFailureThreshold | int | `12` | Threshold for liveness failure |
+| OperationsCenter.HealthProbes | bool | `true` | Enable Kubernetes Liveness and Readiness Probes |
+| OperationsCenter.HostName | string | `nil` | The hostname used to access Operations Center through the ingress controller. |
+| OperationsCenter.Image.dockerImage | string | `"@@IMAGE_PREFIX@@/core-oc:@@IMAGE_TAG@@"` | Container image to use for Operations Center |
+| OperationsCenter.Image.dockerPullPolicy | string | `nil` | https://kubernetes.io/docs/concepts/containers/images/#updating-images |
+| OperationsCenter.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets |
+| OperationsCenter.Ingress.Annotations | object | `{"kubernetes.io/tls-acme":"false"}` | annotations to put on Ingress object |
+| OperationsCenter.Ingress.Class | string | `"nginx"` | Ingress class to use for OC and MM ingresses Should be set to the same value as nginx-ingress.controller.ingressClass if enabled |
+| OperationsCenter.Ingress.tls.Enable | bool | `false` | Set this to true in order to enable TLS on the ingress record |
+| OperationsCenter.Ingress.tls.SecretName | string | `nil` | The name of the secret containing the certificate and private key to terminate TLS for the ingress |
+| OperationsCenter.JavaOpts | string | `nil` | Additional java options to pass to the Operations Center |
+| OperationsCenter.JenkinsOpts | string | `nil` | Additional arguments for jenkins.war |
+| OperationsCenter.LoadBalancerIP | string | `nil` | Optionally assign a known public LB IP |
+| OperationsCenter.LoadBalancerSourceRanges | list | `["0.0.0.0/0"]` | Only applicable when using `ServiceType: LoadBalancer` |
+| OperationsCenter.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
+| OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x |
+| OperationsCenter.Protocol | string | `"http"` | the protocol used to access CJOC. Possible values are http/https. |
+| OperationsCenter.Resources.Limits.Cpu | int | `1` | CPU limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu |
+| OperationsCenter.Resources.Limits.Memory | string | `"2G"` | Memory limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory |
+| OperationsCenter.Resources.Requests.Cpu | int | `1` | CPU request to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu |
+| OperationsCenter.Resources.Requests.Memory | string | `"2G"` | Memory request to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory |
+| OperationsCenter.Route.tls.Enable | bool | `false` | Set this to true in OpenShift to terminate TLS at route level |
+| OperationsCenter.ServiceAgentListenerPort | int | `50000` | Controls the service port where Operations Center TCP port for agents is exposed. Don't change this parameter unless you know what you are doing |
+| OperationsCenter.ServiceAnnotations | object | `{}` | Additional annotations to put on the Operations Center service |
+| OperationsCenter.ServicePort | int | `80` | Controls the service port where Operations Center http port is exposed. Don't change this parameter unless you know what you are doing |
+| OperationsCenter.ServiceType | string | `"ClusterIP"` | Service Type. Defaults to ClusterIP, since we recommend using an ingress controller. |
+| OperationsCenter.Tolerations | list | `[]` | Specify tolerations for the Operations Center pod. See [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
+| Persistence.AccessMode | string | `"ReadWriteOnce"` | Access mode for the PVC ([doc](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)) |
+| Persistence.Annotations | object | `{}` | Annotations to put on the PVC |
+| Persistence.Size | string | `"20Gi"` | Size of the Operations Center volume |
+| Persistence.StorageClass | string | `nil` | Persistent Volume Storage Class for Jenkins Home If defined, storageClassName: <storageClass>. If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, the default storage class will be used, unless specified otherwise below. If setting OperationsCenter.Platform == gke, a storage class backed with SSD drives will be created by this chart and used automatically. |
+| PodSecurityPolicy.Annotations | object | `{}` | Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings |
+| PodSecurityPolicy.Enabled | bool | `false` | Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support Enable only if the cluster supports it. |
+| ingress-nginx.Enabled | bool | `false` | Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). Enable this section if you don't have an existing installation of ingress-nginx controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 |
+| ingress-nginx.controller.ingressClass | string | `"nginx"` |  |
+| ingress-nginx.controller.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
+| ingress-nginx.controller.service.externalTrafficPolicy | string | `"Local"` |  |
+| ingress-nginx.defaultBackend.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
+| nginx-ingress.Enabled | bool | `false` | Installs the [nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress) controller (optional). DEPRECATED - Use ingress-nginx section instead. Enable this section if you don't have an existing installation of nginx-ingress controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 |
+| nginx-ingress.controller.ingressClass | string | `"nginx"` |  |
+| nginx-ingress.controller.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
+| nginx-ingress.controller.service.externalTrafficPolicy | string | `"Local"` |  |
+| nginx-ingress.defaultBackend.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
+| rbac.agentsServiceAccountName | string | `"jenkins-agents"` |  |
+| rbac.hibernationMonitorServiceAccountName | string | `"managed-master-hibernation-monitor"` | Name of the service account the Hibernation monitor will run as (if enabled) |
+| rbac.install | bool | `true` | Install `role`/`rolebindings`/`serviceAccount`. If false (and rbac is enabled in the cluster anyway), provide valid names for all service accounts. |
+| rbac.masterServiceAccountName | string | `"jenkins"` | Name of the service account Jenkins masters will run as |
+| rbac.serviceAccountName | string | `"cjoc"` | Name of the service account Operations Center will run as |
+| sidecarinjector.Enabled | bool | `false` | Whether to enable installation of Sidecar Injector |
--- a/helm/README.md
+++ b/helm/README.md
 # cloudbees-core

-![Version: 3.22.0](https://img.shields.io/badge/Version-3.22.0-informational?style=flat-square) ![AppVersion: 2.249.2.3](https://img.shields.io/badge/AppVersion-2.249.2.3-informational?style=flat-square)
+![Version: 3.25.3](https://img.shields.io/badge/Version-3.25.3-informational?style=flat-square) ![AppVersion: 2.263.2.3](https://img.shields.io/badge/AppVersion-2.263.2.3-informational?style=flat-square)

-[CloudBees Core](https://www.cloudbees.com/products/cloudbees-core) is the continuous delivery platform architected for the enterprise. It provides:
+[CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides:

 * DevOps at scale
 * Resilience and high availability
@@ -18,18 +18,18 @@ $ helm install cloudbees/cloudbees-core --name <release name>

 ## Introduction

-This chart bootstraps a CloudBees Core deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+This chart bootstraps a CloudBees CI deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.

 ## Prerequisites
-  - Kubernetes 1.10 or higher
-  - Helm 2.12 or higher
+  - Kubernetes 1.14 or higher
+  - Helm 3.0.2 or higher

 ## Requirements

 | Repository | Name | Version |
 |------------|------|---------|
-| https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.0.7 |
-| https://kubernetes-charts.storage.googleapis.com/ | nginx-ingress | 1.40.2 |
+| https://charts.cloudbees.com/public/cloudbees | cloudbees-sidecar-injector | 2.1.0 |
+| https://charts.helm.sh/stable | nginx-ingress | 1.40.2 |
 | https://kubernetes.github.io/ingress-nginx | ingress-nginx | 2.15.0 |

 ## Installing the Chart
@@ -44,18 +44,18 @@ $ helm install cloudbees/cloudbees-core \
       --set OperationsCenter.HostName='cloudbees-core.example.com'
 ```

-The command deploys CloudBees Core on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+The command deploys CloudBees CI on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.

 ### Ingress Controller Installation

-The chart is designed, so it can install an nginx-ingress controller.
-The `nginx.ingress.Enabled` field controls ingress controller installation and setup.
+The chart is designed, so it can install an ingress-nginx controller.
+The `"ingress-nginx".Enabled` field controls ingress controller installation and setup.
 To install the chart with the release name `cloudbees-core` and hostname cloudbees-core.example.com.

 ```console
 $ helm install cloudbees/cloudbees-core \
       --name cloudbees-core \
-       --set nginx.ingress.Enabled=true
+       --set "ingress-nginx".Enabled=true
 ```

 ## Uninstalling the Chart
@@ -65,10 +65,10 @@ To uninstall/delete the `cloudbees-core` deployment:
 ```console
 $ helm delete cloudbees-core
 ```
-> **NOTE**: The current version of the CloudBees Core Helm Chart only manages the Operation Center.
+> **NOTE**: The current version of the CloudBees CI Helm Chart only manages the Operation Center.
 Users should manage Managed Master using Operation Center.

-The `helm delete` command stops the CloudBees Core deployment than removes the OperationsCenter Center.
+The `helm delete` command stops the CloudBees CI deployment than removes the OperationsCenter Center.
 The release is still stored in the Helm database, but it will now have the status deleted.
 If you wish to completely remove the release, use the following variation of the `helm delete` command.

@@ -76,8 +76,8 @@ If you wish to completely remove the release, use the following variation of the
 $ helm delete cloudbees-core --purge
 ```

-> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data losss.
-You will need to use the `kubectl delete pvc` command to delete the persistent volumn claims.
+> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data loss.
+You will need to use the `kubectl delete pvc` command to delete the persistent volume claims.

 The command removes all the Kubernetes components associated with the chart and deletes the release.

@@ -101,22 +101,26 @@ To use an environment property value file with Helm, use the -f option as shown
 You can download the latest version of the `example-values.yaml` file from CloudBees Examples GitHub repository at https://github.com/cloudbees/cloudbees-examples/tree/master/helm-custom-value-file-examples.

 ## Additional Documentation
-CloudBees provides complete and more detail installation and operation documentation on the CloudBees web site at https://go.cloudbees.com/docs/cloudbees-core/cloud-install-guide/kubernetes-helm-install/
+CloudBees provides complete and more detailed installation and operation documentation on the CloudBees web site at https://docs.cloudbees.com/docs/cloudbees-ci/latest/kubernetes-install-guide/

 ## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | Agents.Enabled | bool | `true` | Enable to create agent resources (service account, role) |
-| Agents.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/agent:2.249.2.3"` | Used to override the default docker image used for agents |
+| Agents.Image.dockerImage | string | `"test/agent:latest"` | Used to override the default docker image used for agents |
+| Agents.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets |
 | Agents.SeparateNamespace.Create | bool | `false` | If true, the second namespace will be created when installing this chart. Otherwise, the existing namespace should be labeled with `cloudbees.com/role: agents` in order for network policies to work. |
 | Agents.SeparateNamespace.Enabled | bool | `false` | If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them. |
 | Agents.SeparateNamespace.Name | string | `nil` | Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed. |
 | Hibernation.Enabled | bool | `false` | Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature |
 | Hibernation.Image.dockerImage | string | `"cloudbees/managed-master-hibernation-monitor:230.ee066a318539"` | Used to override the default docker image |
-| Hibernation.Image.dockerPullPolicy | string | `"IfNotPresent"` | Used to override the default pull policy |
+| Hibernation.Image.dockerPullPolicy | string | `nil` | Used to override the default pull policy |
+| Hibernation.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets |
+| Hibernation.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
+| Hibernation.Tolerations | list | `[]` | Specify tolerations for the Hibernation Monitor pod. See [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
 | Master.Enabled | bool | `true` | Whether to create the resources required to schedule masters. |
-| Master.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/core-mm:2.249.2.3"` | Used to override the default docker image |
+| Master.Image.dockerImage | string | `"test/core-mm:latest"` | Used to override the default docker image |
 | Master.JavaOpts | string | `nil` | Additional Java options to pass to managed masters. For example, setting up a JMX port |
 | Master.OperationsCenterNamespace | string | `nil` | When deploying Master resources, this grants an Operations Center deployed in another namespace the right to deploy masters |
 | NetworkPolicy.Enabled | bool | `false` | Enable only if the cluster supports it. Read the [documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to understand what this is about. |
@@ -131,9 +135,9 @@ CloudBees provides complete and more detail installation and operation documenta
 | OperationsCenter.HealthProbeLivenessFailureThreshold | int | `12` | Threshold for liveness failure |
 | OperationsCenter.HealthProbes | bool | `true` | Enable Kubernetes Liveness and Readiness Probes |
 | OperationsCenter.HostName | string | `nil` | The hostname used to access Operations Center through the ingress controller. |
-| OperationsCenter.Image.dockerImage | string | `"063356183961.dkr.ecr.us-east-1.amazonaws.com/ubi/unified-distribution/core-oc:2.249.2.3"` | Container image to use for Operations Center |
-| OperationsCenter.Image.dockerPullPolicy | string | `"Always"` | https://kubernetes.io/docs/concepts/containers/images/#updating-images |
-| OperationsCenter.ImagePullSecrets | string | `nil` | The name of the image pull secret to pull private docker images |
+| OperationsCenter.Image.dockerImage | string | `"test/core-oc:latest"` | Container image to use for Operations Center |
+| OperationsCenter.Image.dockerPullPolicy | string | `nil` | https://kubernetes.io/docs/concepts/containers/images/#updating-images |
+| OperationsCenter.ImagePullSecrets | string | `nil` | Name of image pull secret to pull private Docker images or an array of image pull secrets |
 | OperationsCenter.Ingress.Annotations | object | `{"kubernetes.io/tls-acme":"false"}` | annotations to put on Ingress object |
 | OperationsCenter.Ingress.Class | string | `"nginx"` | Ingress class to use for OC and MM ingresses Should be set to the same value as nginx-ingress.controller.ingressClass if enabled |
 | OperationsCenter.Ingress.tls.Enable | bool | `false` | Set this to true in order to enable TLS on the ingress record |
@@ -143,7 +147,7 @@ CloudBees provides complete and more detail installation and operation documenta
 | OperationsCenter.LoadBalancerIP | string | `nil` | Optionally assign a known public LB IP |
 | OperationsCenter.LoadBalancerSourceRanges | list | `["0.0.0.0/0"]` | Only applicable when using `ServiceType: LoadBalancer` |
 | OperationsCenter.NodeSelector | object | `{}` | Node labels and tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
-| OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `pks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x |
+| OperationsCenter.Platform | string | `"standard"` | Enables specific settings depending on the platform platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4` Note: `openshift` maps to OpenShift 3.x |
 | OperationsCenter.Protocol | string | `"http"` | the protocol used to access CJOC. Possible values are http/https. |
 | OperationsCenter.Resources.Limits.Cpu | int | `1` | CPU limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu |
 | OperationsCenter.Resources.Limits.Memory | string | `"2G"` | Memory limit to run Operations Center https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory |
@@ -159,8 +163,6 @@ CloudBees provides complete and more detail installation and operation documenta
 | Persistence.Annotations | object | `{}` | Annotations to put on the PVC |
 | Persistence.Size | string | `"20Gi"` | Size of the Operations Center volume |
 | Persistence.StorageClass | string | `nil` | Persistent Volume Storage Class for Jenkins Home If defined, storageClassName: <storageClass>. If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, the default storage class will be used, unless specified otherwise below. If setting OperationsCenter.Platform == gke, a storage class backed with SSD drives will be created by this chart and used automatically. |
-| Persistence.mounts | list | `[]` | Additional volume mounts to attach to Operations Center container |
-| Persistence.volumes | list | `[]` | Additional volumes to attach to Operations Center pod |
 | PodSecurityPolicy.Annotations | object | `{}` | Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings |
 | PodSecurityPolicy.Enabled | bool | `false` | Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support Enable only if the cluster supports it. |
 | ingress-nginx.Enabled | bool | `false` | Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). Enable this section if you don't have an existing installation of ingress-nginx controller Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16 |
@@ -175,7 +177,7 @@ CloudBees provides complete and more detail installation and operation documenta
 | nginx-ingress.defaultBackend.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
 | rbac.agentsServiceAccountName | string | `"jenkins-agents"` |  |
 | rbac.hibernationMonitorServiceAccountName | string | `"managed-master-hibernation-monitor"` | Name of the service account the Hibernation monitor will run as (if enabled) |
-| rbac.install | bool | `true` | Install `role`/`rolebindings`/`serviceAccount`. If false (and rbac is enabled in the cluster anyway), provide valid names for `serviceAccountName`, `masterServiceAccountName` and `hibernationMonitorServiceAccountName` |
+| rbac.install | bool | `true` | Install `role`/`rolebindings`/`serviceAccount`. If false (and rbac is enabled in the cluster anyway), provide valid names for all service accounts. |
 | rbac.masterServiceAccountName | string | `"jenkins"` | Name of the service account Jenkins masters will run as |
 | rbac.serviceAccountName | string | `"cjoc"` | Name of the service account Operations Center will run as |
 | sidecarinjector.Enabled | bool | `false` | Whether to enable installation of Sidecar Injector |
--- a/helm/README.md.gotmpl
+++ b/helm/README.md.gotmpl
-# cloudbees-core
-
-{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
-
-[CloudBees Core](https://www.cloudbees.com/products/cloudbees-core) is the continuous delivery platform architected for the enterprise. It provides:
-
-* DevOps at scale
-* Resilience and high availability
-* Easy management
-* Enterprise grade security
-
-## TL;DR;
-
-```console
-$ helm repo add cloudbees https://charts.cloudbees.com/public/cloudbees
-$ helm install cloudbees/cloudbees-core --name <release name>
-```
-
-## Introduction
-
-This chart bootstraps a CloudBees Core deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-  - Kubernetes 1.10 or higher
-  - Helm 2.12 or higher
-
-{{ template "chart.requirementsSection" . }}
-
-## Installing the Chart
-
-### Default installation
-
-To install the chart with the release name `cloudbees-core` and hostname `cloudbees-core.example.com`. The default installation requires nginx-ingress controller to be installed. The chart can install the nginx-ingress controller for you. This installation is described in the next section.
-
-```console
-$ helm install cloudbees/cloudbees-core \
-       --name cloudbees-core \
-       --set OperationsCenter.HostName='cloudbees-core.example.com'
-```
-
-The command deploys CloudBees Core on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
-
-### Ingress Controller Installation
-
-The chart is designed, so it can install an nginx-ingress controller.
-The `nginx.ingress.Enabled` field controls ingress controller installation and setup.
-To install the chart with the release name `cloudbees-core` and hostname cloudbees-core.example.com.
-
-```console
-$ helm install cloudbees/cloudbees-core \
-       --name cloudbees-core \
-       --set nginx.ingress.Enabled=true
-```
-
-## Uninstalling the Chart
-
-To uninstall/delete the `cloudbees-core` deployment:
-
-```console
-$ helm delete cloudbees-core
-```
-> **NOTE**: The current version of the CloudBees Core Helm Chart only manages the Operation Center.
-Users should manage Managed Master using Operation Center.
-
-The `helm delete` command stops the CloudBees Core deployment than removes the OperationsCenter Center.
-The release is still stored in the Helm database, but it will now have the status deleted.
-If you wish to completely remove the release, use the following variation of the `helm delete` command.
-
-```console
-$ helm delete cloudbees-core --purge
-```
-
-> **IMPORTANT**: The `helm delete` command does NOT remove the persistent volume claims as precaution against data losss.
-You will need to use the `kubectl delete pvc` command to delete the persistent volumn claims.
-
-
-The command removes all the Kubernetes components associated with the chart and deletes the release.
-
-## Configuration
-
-Please refer to the chart `values.yaml` to get the exhaustive list of values that can be customized.
-The easiest way to consult it is through the command `helm inspect values cloudbees/cloudbees-core`.
-
-Each property can override a default value with a value that specific to your Kubernetes cluster
-You can provide this values using the `--set` flag on the Helm command line.
-
-Helm also support merging values files together, so that you can create a YAML file for each environment.
-
-### Environment Property Value Files
-Helm provides the option to use a custom property values file to override the default values set in the `values.yaml` file.
-CloudBees recommends creating a custom properties file to override the default for your environments, instead of directly editing the included values.yaml file.
-
-To use an environment property value file with Helm, use the -f option as shown in the following example:
-`helm install cloudbees-core --name cloudbees-core -f example-values.yaml`
-
-You can download the latest version of the `example-values.yaml` file from CloudBees Examples GitHub repository at https://github.com/cloudbees/cloudbees-examples/tree/master/helm-custom-value-file-examples.
-
-## Additional Documentation
-CloudBees provides complete and more detail installation and operation documentation on the CloudBees web site at https://go.cloudbees.com/docs/cloudbees-core/cloud-install-guide/kubernetes-helm-install/
-
-{{ template "chart.valuesSection" . }}
--- a/helm/requirements.lock
+++ b/helm/requirements.lock
 dependencies:
 - name: nginx-ingress
-  repository: https://kubernetes-charts.storage.googleapis.com/
+  repository: https://charts.helm.sh/stable
  version: 1.40.2
 - name: ingress-nginx
  repository: https://kubernetes.github.io/ingress-nginx
  version: 2.15.0
 - name: cloudbees-sidecar-injector
  repository: https://charts.cloudbees.com/public/cloudbees
-  version: 2.0.7
-digest: sha256:10f7e8c53d0a6f910f4dbe0fd253fbefd288fb5fc24365635968e99b3bc75dbf
-generated: "2020-10-07T14:35:15.239221954Z"
+  version: 2.1.0
+digest: sha256:996f7a1d8ae1bb7465e7df2865ef4521e1ebe3e10827d6544caebd4d0c811c23
+generated: "2020-11-02T17:56:50.500073-05:00"
--- a/helm/requirements.yaml
+++ b/helm/requirements.yaml
 dependencies:
 - name: nginx-ingress
  version: 1.40.2
-  repository: https://kubernetes-charts.storage.googleapis.com/
+  repository: https://charts.helm.sh/stable
  condition: nginx-ingress.Enabled
 - name: ingress-nginx
  version: 2.15.0
  repository: https://kubernetes.github.io/ingress-nginx
  condition: ingress-nginx.Enabled
 - name: cloudbees-sidecar-injector
-  version: 2.0.7
+  version: 2.1.0
  repository: https://charts.cloudbees.com/public/cloudbees
  condition: sidecarinjector.Enabled
--- a/helm/templates/_helpers.tpl
+++ b/helm/templates/_helpers.tpl
@@ -6,6 +6,13 @@ Expand the name of the chart.
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

+{{/*
+Full name of the release
+*/}}
+{{- define "cloudbees-core.fullname" -}}
+{{ printf "%s-%s" .Release.Name .Release.Namespace | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 {{/*
 Create chart name and version as used by the chart label.
 */}}
@@ -95,7 +102,7 @@ helm.sh/chart: {{ include "cloudbees-core.chart" . | quote }}
 {{- end -}}

 {{- define "oc.protocol" -}}
-{{- if .Values.OperationsCenter.Ingress.tls.Enable -}}https{{- else -}}{{ .Values.OperationsCenter.Protocol }}{{- end -}}
+{{- if or (.Values.OperationsCenter.Ingress.tls.Enable) (.Values.OperationsCenter.Route.tls.Enable) -}}https{{- else -}}{{ .Values.OperationsCenter.Protocol }}{{- end -}}
 {{- end -}}

 {{/*
@@ -133,6 +140,56 @@ Expected Operations Center URL. Always ends with a trailing slash.
 {{- template "oc.protocol" . -}}://{{ include "oc.hostname" . }}{{ include "oc.contextpath" . }}/
 {{- end -}}

+{{- define "ingress.annotations" -}}
+{{ toYaml .Values.OperationsCenter.Ingress.Annotations }}
+{{- if .Values.OperationsCenter.Ingress.Class }}
+kubernetes.io/ingress.class: {{ .Values.OperationsCenter.Ingress.Class }}
+{{- end }}
+{{- if eq .Values.OperationsCenter.Platform "eks" }}
+  {{- if eq (include "oc.protocol" .) "https" }}
+alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]'
+alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
+  {{- end }}
+  {{- if not (eq (include "oc.contextpath" .) "") }}
+alb.ingress.kubernetes.io/actions.root-redirect: '{"Type": "redirect", "RedirectConfig": { "Path":{{ include "ingress.root-redirect" . | quote }}, "StatusCode": "HTTP_301"}}'
+  {{- end }}
+alb.ingress.kubernetes.io/group.name: {{ include "cloudbees-core.fullname" .}}
+alb.ingress.kubernetes.io/target-type: ip
+{{- end }}
+{{- if not (include "cloudbees-core.is-openshift" .) }}
+nginx.ingress.kubernetes.io/ssl-redirect: "{{- template "ingress.ssl_redirect" . }}"
+{{- end }}
+{{- end }}
+
+{{- define "ingress.root-redirect" -}}
+{{ include "oc.contextpath" . }}/teams-check/
+{{- end }}
+
+{{- define "ingress.redirect-rules" -}}
+{{- if eq .Values.OperationsCenter.Platform "eks" }}
+  {{- if eq (include "oc.protocol" .) "https" }}
+- path: /*
+  backend:
+    serviceName: ssl-redirect
+    servicePort: use-annotation
+  {{- end }}
+  {{- if not (eq (include "oc.contextpath" .) "") }}
+- path: /
+  backend:
+    serviceName: root-redirect
+    servicePort: use-annotation
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "ingress.apiGroup" -}}
+{{- if ge (atoi (.Capabilities.KubeVersion.Minor)) 15 -}}
+networking.k8s.io
+{{- else -}}
+extensions
+{{- end -}}
+{{- end -}}
+
 {{- define "ingress.apiVersion" -}}
 {{- if ge (atoi (.Capabilities.KubeVersion.Minor)) 15 -}}
 networking.k8s.io/v1beta1
@@ -405,6 +462,9 @@ status:
 {{- end -}}

 {{- define "ingress.check" -}}
+{{- if not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress") }}
+  {{ fail "\n\nERROR: Kubernetes 1.14 or later is required to use Ingress in networking.k8s.io/v1beta1" }}
+{{- end -}}
 {{- if and (index .Values "nginx-ingress" "Enabled") (index .Values "ingress-nginx" "Enabled") -}}
  {{ fail "\n\nERROR: Only one of nginx-ingress.Enabled or ingress-nginx.Enabled may be true" }}
 {{- end -}}

--- a/helm/templates/agents-service-account.yaml
+++ b/helm/templates/agents-service-account.yaml
-{{- if and (.Values.rbac.install) (.Values.Agents.SeparateNamespace.Enabled) -}}
+{{- if and (.Values.rbac.install) -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

--- a/helm/templates/cjoc-configure-jenkins-groovy.yaml
+++ b/helm/templates/cjoc-configure-jenkins-groovy.yaml
@@ -7,7 +7,6 @@ metadata:
 {{ include "cloudbees-core.labels" . | indent 4 }}
 data:
  location.groovy: |
-    hudson.ExtensionList.lookupSingleton(com.cloudbees.jenkins.support.impl.cloudbees.TcpSlaveAgentListenerMonitor.class).disable(true)
 {{- if .Values.OperationsCenter.HostName }}
    jenkins.model.JenkinsLocationConfiguration.get().setUrl("{{- template "oc.url" . -}}")
 {{- end }}

--- a/helm/templates/cjoc-ingress.yaml
+++ b/helm/templates/cjoc-ingress.yaml
@@ -8,13 +8,9 @@ metadata:
  labels:
 {{ include "cloudbees-core.labels" . | indent 4 }}
  annotations:
-{{ toYaml .Values.OperationsCenter.Ingress.Annotations | indent 4 }}
-{{ if .Values.OperationsCenter.Ingress.Class }}
-    kubernetes.io/ingress.class: {{ .Values.OperationsCenter.Ingress.Class }}
-{{- end }}
+{{ include "ingress.annotations" . | indent 4 }}
 {{- if not (include "cloudbees-core.is-openshift" .) }}
-    nginx.ingress.kubernetes.io/app-root: "{{ template "oc.contextpath" . }}/teams-check/"
-    nginx.ingress.kubernetes.io/ssl-redirect: "{{- template "ingress.ssl_redirect" . }}"
+    nginx.ingress.kubernetes.io/app-root: {{ include "ingress.root-redirect" . | quote }}
    # "413 Request Entity Too Large" uploading plugins, increase client_max_body_size
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
    nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
@@ -27,10 +23,15 @@ spec:
 {{- end }}
    http:
      paths:
+{{- include "ingress.redirect-rules" . | indent 6 }}
      - path: {{ include "oc.contextpath" . }}
        backend:
          serviceName: cjoc
          servicePort: {{ .Values.OperationsCenter.ServicePort }}
+      - path: {{ include "oc.contextpath" . }}/*
+        backend:
+          serviceName: cjoc
+          servicePort: {{ .Values.OperationsCenter.ServicePort }}
 {{- if .Values.OperationsCenter.Ingress.tls.Enable }}
  tls:
    - hosts:

--- a/helm/templates/cjoc-role-master-management.yaml
+++ b/helm/templates/cjoc-role-master-management.yaml
@@ -99,7 +99,9 @@ rules:
  - create
 {{- else}}
 - apiGroups:
+  # - {{ include "ingress.apiGroup" . }} TODO once we get https://github.com/cloudbees/cloud-platform-master-provisioning-plugin/pull/325 in.
  - extensions
+  - networking.k8s.io
  resources:
  - ingresses
  verbs:

--- a/helm/templates/cjoc-statefulset.yaml
+++ b/helm/templates/cjoc-statefulset.yaml
@@ -62,6 +62,7 @@ spec:
                      operator: In
                      values:
                        - slave
+      enableServiceLinks: false
      serviceAccountName: {{ .Values.rbac.serviceAccountName }}
      {{- if .Values.OperationsCenter.NodeSelector }}
      nodeSelector:
@@ -92,8 +93,10 @@ spec:
      - name: jenkins
        {{- with .Values.OperationsCenter.Image}}
        image: "{{ .dockerImage }}"
+        {{- if .dockerPullPolicy }}
        imagePullPolicy: "{{ .dockerPullPolicy }}"
        {{- end}}
+        {{- end}}
        env:
        {{- if .Values.OperationsCenter.ContainerEnv }}
 {{ toYaml .Values.OperationsCenter.ContainerEnv | indent 8 }}
@@ -110,6 +113,7 @@ spec:
            {{- if .Values.Agents.SeparateNamespace.Enabled }}
            -Dcom.cloudbees.jenkins.plugins.kube.NamespaceFilter.defaultNamespace={{ template "agents.namespace" . }}
            {{- end }}
+            -Dcom.cloudbees.jenkins.plugins.kube.ServiceAccountFilter.defaultServiceAccount={{ .Values.rbac.agentsServiceAccountName }}
            {{- if .Values.Master.JavaOpts }}
            {{ .Values.Master.JavaOpts }}
            {{- end }}
@@ -148,7 +152,7 @@ spec:
            {{- if .Values.OperationsCenter.JavaOpts }}
            {{ .Values.OperationsCenter.JavaOpts }}
            {{- end }}
-            {{- if .Values.OperationsCenter.CSRF.ProxyCompatibility -}}
+            {{- if .Values.OperationsCenter.CSRF.ProxyCompatibility }}
            -Djenkins.model.Jenkins.crumbIssuerProxyCompatibility=true
            {{- end }}
            -XX:+UseG1GC
@@ -170,15 +174,14 @@ spec:
            cpu: "{{ .Values.OperationsCenter.Resources.Requests.Cpu }}"
            memory: "{{ .Values.OperationsCenter.Resources.Requests.Memory }}"
        volumeMounts:
-{{- if .Values.Persistence.mounts }}
-{{ toYaml .Values.Persistence.mounts | indent 12 }}
-{{- end }}
        - name: jenkins-home
          mountPath: /var/jenkins_home
          readOnly: false
        - name: jenkins-configure-jenkins-groovy
          mountPath: /var/jenkins_config/configure-jenkins.groovy.d
          readOnly: true
+        - name: tmp
+          mountPath: /tmp
 {{- if .Values.OperationsCenter.ExtraVolumeMounts }}
 {{toYaml .Values.OperationsCenter.ExtraVolumeMounts | indent 8}}
 {{- end }}
@@ -202,12 +205,11 @@ spec:
 {{toYaml .Values.OperationsCenter.ExtraContainers | indent 6}}
 {{- end }}
      volumes:
-{{- if .Values.Persistence.volumes }}
-{{ toYaml .Values.Persistence.volumes | indent 6 }}
-{{- end }}
      - name: jenkins-configure-jenkins-groovy
        configMap:
          name: cjoc-configure-jenkins-groovy
+      - name: tmp
+        emptyDir: {}
 {{- if .Values.OperationsCenter.ExtraVolumes }}
 {{toYaml .Values.OperationsCenter.ExtraVolumes | indent 6}}
 {{- end }}

--- a/helm/templates/managed-master-hibernation-monitor-deployment.yaml
+++ b/helm/templates/managed-master-hibernation-monitor-deployment.yaml
@@ -44,8 +44,10 @@ spec:
      - name: managed-master-hibernation-monitor
        {{- with .Values.Hibernation.Image}}
        image: {{ .dockerImage }}
+        {{- if .dockerPullPolicy }}
        imagePullPolicy: {{ .dockerPullPolicy }}
        {{- end}}
+        {{- end}}
        ports:
        - containerPort: 8090
          name: http
@@ -69,4 +71,13 @@ spec:
          limits:
            memory: 250Mi
      serviceAccountName: {{ .Values.rbac.hibernationMonitorServiceAccountName }}
+      enableServiceLinks: false
+      {{- if .Values.Hibernation.NodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.Hibernation.NodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.Hibernation.Tolerations }}
+      tolerations:
+{{ toYaml .Values.Hibernation.Tolerations | indent 8 }}
+      {{- end }}
 {{- end -}}