fix(operator): Attempt to fix all the major issues present atm against the newest jenkins lts version (#784)

* fix(seed): fix #742, workaround #698
Original fix proposal: https://github.com/jenkinsci/kubernetes-operator/issues/742#issuecomment-1304398590

* fix(install-plugin.sh): fix #758, #739
* the fix was original attempted here:
  https://github.com/jenkinsci/kubernetes-operator/pull/764 but was not
  working correctly due to 2-3 additional changes which needed to be
  done
* removed the openshift check because the env is not mention anywhere
  and also the new jenkins-plugin-cli does not a specific command for
  openshift. Finally this does not make any sense in general, the only
  problem in ocp will be the user id that will be mapped to a random uid
  but that's another story. The command to install the plugins should
  remain the same across different k8s flavours.

* fix(doc/test): fix /usr/bin/tini in any doc and validation

* fix(jenkins): remove AdminWhitelistRule to avoid jvm stack trace, see: https://www.jenkins.io/doc/book/security/controller-isolation/jep-235/#api-compatibility

* fix(seed): fix seed img built on a previous jvm, fix #761

* fix(plugin): update the base plugin to work with the newest version of
jenkins:lts

* fix(run): fix #778

* fix(backup): add a trap to remove the tmp dir if the tar fail, also fix: #770

* test(chart): update chart values for testing, will revert before merge

* fix(configmap): leftover

* fix(tests): fix seed job test

* fix(e2e)

* fix(e2e): helm

* fix(operator): update the temporary img to reflect latests changes

* Fix Helm e2e tests

* add trap in case of unwanted exit and make shellcheck happy

* chore(plugin): update git ver to 5.0.0

* fix(backup): always force delete the backup directory

* chore(operator): update the temporary img to reflect latest changes

* chore(jenkins): upgrade jenkins latest lts

backup/pvc/bin/backup.sh

@@ -6,6 +6,7 @@ set -eo pipefail
 [[ -z "${BACKUP_DIR}" ]] && echo "Required 'BACKUP_DIR' env not set" && exit 1;
 [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
 BACKUP_TMP_DIR=$(mktemp -d)
+trap "test -d "${BACKUP_TMP_DIR}" && rm -fr "${BACKUP_TMP_DIR}"" EXIT ERR SIGINT SIGTERM
 
 backup_number=$1
 echo "Running backup"
@@ -14,10 +15,10 @@ echo "Running backup"
 # config.xml in child directores is state that should. For example-
 # branches/myorg/branches/myrepo/branches/master/config.xml should be retained while
 # branches/myorg/config.xml should not
-tar -C ${JENKINS_HOME} -czf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" --exclude jobs/*/workspace* --no-wildcards-match-slash --anchored --exclude jobs/*/config.xml -c jobs && \
+tar -C "${JENKINS_HOME}" -czf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" --exclude jobs/*/workspace* --no-wildcards-match-slash --anchored --exclude jobs/*/config.xml -c jobs && \
-mv ${BACKUP_TMP_DIR}/${backup_number}.tar.gz ${BACKUP_DIR}/${backup_number}.tar.gz
+mv "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" "${BACKUP_DIR}/${backup_number}.tar.gz"
 
-rm -r ${BACKUP_TMP_DIR}
+rm -rf "${BACKUP_TMP_DIR}"
 
 [[ ! -s ${BACKUP_DIR}/${backup_number}.tar.gz ]] && echo "backup file '${BACKUP_DIR}/${backup_number}.tar.gz' is empty" && exit 1;
 

backup/pvc/bin/run.sh

@@ -10,6 +10,7 @@ do
     sleep 10
     if [[ ! -z "${BACKUP_COUNT}" ]]; then
         echo "Trimming to only ${BACKUP_COUNT} recent backups in preparation for new backup"
-        find ${BACKUP_DIR} -name '*.tar.gz' -exec basename {} \; | sort -gr | tail -n +$((BACKUP_COUNT +1)) | xargs -I '{}' rm ${BACKUP_DIR}/'{}'
+        #TODO: add the list of exceding backup before delete
+        find ${BACKUP_DIR} -maxdepth 1 -name '*.tar.gz' -exec basename {} \; | sort -gr | tail -n +$((BACKUP_COUNT +1)) | xargs -I '{}' rm ${BACKUP_DIR}/'{}'
     fi
 done

chart/jenkins-operator/crds/jenkins-crd.yaml

@@ -3120,7 +3120,7 @@ spec:
                 type: array
               seedJobAgentImage:
                   type: string
-                  description: 'SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.9-1 will be used.'
+                  description: 'SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.10-3 will be used.'
               seedJobs:
                 description: 'SeedJobs defines list of Jenkins Seed Job configurations
                   More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines'

chart/jenkins-operator/values.yaml

@@ -33,7 +33,7 @@ jenkins:
   # image is the name (and tag) of the Jenkins instance
   # Default: jenkins/jenkins:lts
   # It's recommended to use LTS (tag: "lts") version
-  image: jenkins/jenkins:2.319.3-lts
+  image: jenkins/jenkins:2.375.2-lts
 
   # env contains jenkins container environment variables
   env: []
@@ -86,20 +86,21 @@ jenkins:
   # Example:
   #
   # basePlugins:
-  # - name: configuration-as-code
-  #   version: "1346.ve8cfa_3473c94"
-  # - name: git
-  #   version: 4.11.3
-  # - name: job-dsl
-  #   version: "1.78.1"
   # - name: kubernetes
-  #   version: 1.31.3
+  #   version: 3802.vb_b_600831fcb_3
-  # - name: kubernetes-credentials-provider
-  #   version: 0.20
-  # - name: workflow-aggregator
-  #   version: "2.6"
   # - name: workflow-job
-  #   version: "1145.v7f2433caa07f"
+  #   version: 1254.v3f64639b_11dd
+  # - name: workflow-aggregator
+  #   version: 590.v6a_d052e5a_a_b_5
+  # - name: git
+  #   version: 5.0.0
+  # - name: job-dsl
+  #   version: "1.81"
+  # - name: configuration-as-code
+  #   version: 1569.vb_72405b_80249
+  # - name: kubernetes-credentials-provider
+  #   version: 1.208.v128ee9800c04
+
   basePlugins: []
 
   # plugins are plugins required by the user
@@ -125,7 +126,7 @@ jenkins:
   #    repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.git
   seedJobs: []
 
-  # SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.9-1 will be used.
+  # SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.10-3 will be used.
   seedJobAgentImage: ""
 
   # Resource limit/request for Jenkins
@@ -284,7 +285,7 @@ operator:
   replicaCount: 1
 
   # image is the name (and tag) of the Jenkins Operator image
-  image: virtuslab/jenkins-operator:v0.7.1
+  image: quay.io/brokenpip3/jenkins-kubernetes-operator:a86b738a
 
   # imagePullPolicy defines policy for pulling images
   imagePullPolicy: IfNotPresent

config.minikube.env

@@ -1,8 +1,8 @@
 KUBERNETES_PROVIDER=minikube
 
-MINIKUBE_KUBERNETES_VERSION=v1.21.1
+MINIKUBE_KUBERNETES_VERSION=v1.24.8
 MINIKUBE_DRIVER=virtualbox
-MINIKUBE_VERSION=1.21.0
+MINIKUBE_VERSION=1.28.0
 KUBECTL_CONTEXT=minikube
 
 JENKINS_API_HOSTNAME_COMMAND=bin/minikube ip

config/crd/bases/jenkins.io_jenkins.yaml

@@ -3120,7 +3120,7 @@ spec:
                 type: array
               seedJobAgentImage:
                 type: string
-                description: SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.9-1 will be used.
+                description: SeedJobAgentImage defines the image that will be used by the seed job agent. If not defined jenkins/inbound-agent:4.10-3 will be used.
               seedJobs:
                 description: 'SeedJobs defines list of Jenkins Seed Job configurations
                   More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines'

docs/docs/developer-guide/index.html

@@ -1043,7 +1043,7 @@ items:
       - command:
         - bash
         - -c
-        - /var/jenkins/scripts/init.sh <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> <span style="color:#204a87">exec</span> /sbin/tini -s -- /usr/local/bin/jenkins.sh
+        - /var/jenkins/scripts/init.sh <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> <span style="color:#204a87">exec</span> /usr/bin/tini -s -- /usr/local/bin/jenkins.sh
         env:
         - name: JAVA_OPTS
           value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap

docs/docs/getting-started/v0.1.x/configuration/index.html

@@ -1164,16 +1164,16 @@ credentials.</p>
 <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">command<span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>bash<span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>-c<span style="color:#f8f8f8;text-decoration:underline">
-</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/sbin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
+</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/bin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
 <p>The script<code>/var/jenkins/scripts/init.sh</code> is provided by the operator and configures init.groovy.d (creates the Jenkins user)
 and installs plugins.
-The <code>/sbin/tini -s -- /usr/local/bin/jenkins.sh</code> command runs the Jenkins master main process.</p>
+The <code>/usr/bin/tini -s -- /usr/local/bin/jenkins.sh</code> command runs the Jenkins master main process.</p>
 
 <p>You can overwrite it in the following pattern:</p>
 <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">command<span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>bash<span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>-c<span style="color:#f8f8f8;text-decoration:underline">
-</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>&lt;custom-code-here&gt;<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/sbin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
+</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>&lt;custom-code-here&gt;<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&amp;&amp;</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/bin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
 	
 	
 	<div class="text-muted mt-5 pt-3 border-top">Last modified August 5, 2019

docs/docs/getting-started/v0.1.x/index.xml

@@ -318,16 +318,16 @@ credentials.</p>
 <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">command<span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>bash<span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>-c<span style="color:#f8f8f8;text-decoration:underline">
-</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/sbin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
+</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/bin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
 <p>The script<code>/var/jenkins/scripts/init.sh</code> is provided by the operator and configures init.groovy.d (creates the Jenkins user)
 and installs plugins.
-The <code>/sbin/tini -s -- /usr/local/bin/jenkins.sh</code> command runs the Jenkins master main process.</p>
+The <code>/usr/bin/tini -s -- /usr/local/bin/jenkins.sh</code> command runs the Jenkins master main process.</p>
 
 <p>You can overwrite it in the following pattern:</p>
 <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">command<span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>bash<span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>-c<span style="color:#f8f8f8;text-decoration:underline">
-</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span><custom-code-here><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/sbin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
+</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span><custom-code-here><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/bin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
       </description>
     </item>
     

docs/docs/index.xml

@@ -3562,16 +3562,16 @@ credentials.</p>
 <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">command<span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>bash<span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>-c<span style="color:#f8f8f8;text-decoration:underline">
-</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/sbin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
+</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/bin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
 <p>The script<code>/var/jenkins/scripts/init.sh</code> is provided by the operator and configures init.groovy.d (creates the Jenkins user)
 and installs plugins.
-The <code>/sbin/tini -s -- /usr/local/bin/jenkins.sh</code> command runs the Jenkins master main process.</p>
+The <code>/usr/bin/tini -s -- /usr/local/bin/jenkins.sh</code> command runs the Jenkins master main process.</p>
 
 <p>You can overwrite it in the following pattern:</p>
 <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">command<span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>bash<span style="color:#f8f8f8;text-decoration:underline">
 </span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>-c<span style="color:#f8f8f8;text-decoration:underline">
-</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span><custom-code-here><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/sbin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
+</span><span style="color:#f8f8f8;text-decoration:underline"></span>-<span style="color:#f8f8f8;text-decoration:underline"> </span>/var/jenkins/scripts/init.sh<span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span><custom-code-here><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic">&&</span><span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/bin/tini<span style="color:#f8f8f8;text-decoration:underline"> </span>-s<span style="color:#f8f8f8;text-decoration:underline"> </span>--<span style="color:#f8f8f8;text-decoration:underline"> </span>/usr/local/bin/jenkins.sh</code></pre></div>
       </description>
     </item>
     

pkg/client/jenkins.go

@@ -14,7 +14,7 @@ import (
 
 var (
 	errorNotFound = errors.New("404")
-	regex         = regexp.MustCompile("(<application-desc main-class=\"hudson.remoting.jnlp.Main\"><argument>)(?P<secret>[a-z0-9]*)")
+	regex         = regexp.MustCompile("(<application-desc><argument>)(?P<secret>[a-z0-9]*)")
 )
 
 // Jenkins defines Jenkins API.
@@ -159,7 +159,7 @@ func newClient(url, userName, passwordOrToken string) (Jenkins, error) {
 
 	httpClient := &http.Client{
 		Jar:     jar,
-		Timeout: 10 * time.Second,
+		Timeout: 20 * time.Second,
 	}
 
 	if len(userName) > 0 && len(passwordOrToken) > 0 {

pkg/configuration/base/resources/base_configuration_configmap.go

@@ -14,11 +14,10 @@ const (
 	basicSettingsGroovyScriptName               = "1-basic-settings.groovy"
 	enableCSRFGroovyScriptName                  = "2-enable-csrf.groovy"
 	disableUsageStatsGroovyScriptName           = "3-disable-usage-stats.groovy"
-	enableMasterAccessControlGroovyScriptName   = "4-enable-master-access-control.groovy"
+	disableInsecureFeaturesGroovyScriptName     = "4-disable-insecure-features.groovy"
-	disableInsecureFeaturesGroovyScriptName     = "5-disable-insecure-features.groovy"
+	configureKubernetesPluginGroovyScriptName   = "5-configure-kubernetes-plugin.groovy"
-	configureKubernetesPluginGroovyScriptName   = "6-configure-kubernetes-plugin.groovy"
+	configureViewsGroovyScriptName              = "6-configure-views.groovy"
-	configureViewsGroovyScriptName              = "7-configure-views.groovy"
+	disableJobDslScriptApprovalGroovyScriptName = "7-disable-job-dsl-script-approval.groovy"
-	disableJobDslScriptApprovalGroovyScriptName = "8-disable-job-dsl-script-approval.groovy"
 )
 
 const basicSettingsFmt = `
@@ -63,18 +62,6 @@ if (jenkins.isUsageStatisticsCollected()) {
 }
 `
 
-const enableMasterAccessControl = `
-import jenkins.security.s2m.AdminWhitelistRule
-import jenkins.model.Jenkins
-
-// see https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control
-def jenkins = Jenkins.instance
-jenkins.getInjector()
-        .getInstance(AdminWhitelistRule.class)
-        .setMasterKillSwitch(false) // for real though, false equals enabled..........
-jenkins.save()
-`
-
 const disableInsecureFeatures = `
 import jenkins.*
 import jenkins.model.*
@@ -200,7 +187,6 @@ func NewBaseConfigurationConfigMap(meta metav1.ObjectMeta, jenkins *v1alpha2.Jen
 		basicSettingsGroovyScriptName:           fmt.Sprintf(basicSettingsFmt, constants.DefaultAmountOfExecutors),
 		enableCSRFGroovyScriptName:              enableCSRF,
 		disableUsageStatsGroovyScriptName:       disableUsageStats,
-		enableMasterAccessControlGroovyScriptName: enableMasterAccessControl,
 		disableInsecureFeaturesGroovyScriptName: disableInsecureFeatures,
 		configureKubernetesPluginGroovyScriptName: fmt.Sprintf(configureKubernetesPluginFmt,
 			clusterDomain,

pkg/configuration/base/resources/pod.go

@@ -53,7 +53,7 @@ func GetJenkinsMasterContainerBaseCommand() []string {
 	return []string{
 		"bash",
 		"-c",
-		fmt.Sprintf("%s/%s && exec /sbin/tini -s -- /usr/local/bin/jenkins.sh",
+		fmt.Sprintf("%s/%s && exec /usr/bin/tini -s -- /usr/local/bin/jenkins.sh",
 			JenkinsScriptsVolumePath, InitScriptName),
 	}
 }

pkg/configuration/base/resources/scripts_configmap.go

@@ -12,7 +12,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-const installPluginsCommand = "install-plugins.sh"
+const installPluginsCommand = "jenkins-plugin-cli"
 
 // bash scripts installs single jenkins plugin with specific version
 const installPluginsBashScript = `#!/bin/bash -eu
@@ -341,30 +341,23 @@ chmod +x {{ .JenkinsHomePath }}/scripts/*.sh
 {{- $installPluginsCommand := .InstallPluginsCommand }}
 
 echo "Installing plugins required by Operator - begin"
-cat > {{ .JenkinsHomePath }}/base-plugins << EOF
+cat > {{ .JenkinsHomePath }}/base-plugins.txt << EOF
 {{ range $index, $plugin := .BasePlugins }}
 {{ $plugin.Name }}:{{ $plugin.Version }}{{if $plugin.DownloadURL}}:{{ $plugin.DownloadURL }}{{end}}
 {{ end }}
 EOF
 
-if [[ -z "${OPENSHIFT_JENKINS_IMAGE_VERSION}" ]]; then
+{{ $installPluginsCommand }} --verbose -f {{ .JenkinsHomePath }}/base-plugins.txt
-  {{ $installPluginsCommand }} < {{ .JenkinsHomePath }}/base-plugins
-else
-  {{ $installPluginsCommand }} {{ .JenkinsHomePath }}/base-plugins
-fi
 echo "Installing plugins required by Operator - end"
 
 echo "Installing plugins required by user - begin"
-cat > {{ .JenkinsHomePath }}/user-plugins << EOF
+cat > {{ .JenkinsHomePath }}/user-plugins.txt << EOF
 {{ range $index, $plugin := .UserPlugins }}
 {{ $plugin.Name }}:{{ $plugin.Version }}{{if $plugin.DownloadURL}}:{{ $plugin.DownloadURL }}{{end}}
 {{ end }}
 EOF
-if [[ -z "${OPENSHIFT_JENKINS_IMAGE_VERSION}" ]]; then
+
-  {{ $installPluginsCommand }} < {{ .JenkinsHomePath }}/user-plugins
+{{ $installPluginsCommand }} --verbose -f {{ .JenkinsHomePath }}/user-plugins.txt
-else
-  {{ $installPluginsCommand }} {{ .JenkinsHomePath }}/user-plugins
-fi
 echo "Installing plugins required by user - end"
 `))
 
@@ -388,7 +381,7 @@ func buildInitBashScript(jenkins *v1alpha2.Jenkins) (*string, error) {
 		InitConfigurationPath:    jenkinsInitConfigurationVolumePath,
 		BasePlugins:              jenkins.Spec.Master.BasePlugins,
 		UserPlugins:              jenkins.Spec.Master.Plugins,
-		InstallPluginsCommand:    JenkinsScriptsVolumePath + "/" + installPluginsCommand,
+		InstallPluginsCommand:    installPluginsCommand,
 		JenkinsScriptsVolumePath: JenkinsScriptsVolumePath,
 	}
 

pkg/configuration/base/validate_test.go

@@ -905,7 +905,7 @@ func TestValidateJenkinsMasterContainerCommand(t *testing.T) {
 							Command: []string{
 								"bash",
 								"-c",
-								fmt.Sprintf("%s/%s && my-extra-command.sh && exec /sbin/tini -s -- /usr/local/bin/jenkins.sh",
+								fmt.Sprintf("%s/%s && my-extra-command.sh && exec /usr/bin/tini -s -- /usr/local/bin/jenkins.sh",
 									resources.JenkinsScriptsVolumePath, resources.InitScriptName),
 							},
 						},
@@ -929,7 +929,7 @@ func TestValidateJenkinsMasterContainerCommand(t *testing.T) {
 							Command: []string{
 								"bash",
 								"-c",
-								fmt.Sprintf("%s/%s && my-extra-command.sh && /sbin/tini -s -- /usr/local/bin/jenkins.sh",
+								fmt.Sprintf("%s/%s && my-extra-command.sh && /usr/bin/tini -s -- /usr/local/bin/jenkins.sh",
 									resources.JenkinsScriptsVolumePath, resources.InitScriptName),
 							},
 						},

pkg/configuration/user/seedjobs/seedjobs.go

@@ -46,7 +46,7 @@ const (
 	AgentName = "seed-job-agent"
 
 	// DefaultAgentImage is the default image used for the seed-job agent
-	defaultAgentImage = "jenkins/inbound-agent:4.9-1"
+	defaultAgentImage = "jenkins/inbound-agent:4.10-3"
 
 	creatingGroovyScriptName = "seed-job-groovy-script.groovy"
 

pkg/configuration/user/seedjobs/seedjobs_test.go

@@ -113,7 +113,7 @@ func TestEnsureSeedJobs(t *testing.T) {
 		var agentDeployment appsv1.Deployment
 		err = fakeClient.Get(ctx, types.NamespacedName{Namespace: jenkins.Namespace, Name: agentDeploymentName(*jenkins, AgentName)}, &agentDeployment)
 		assert.NoError(t, err)
-		assert.Equal(t, "jenkins/inbound-agent:4.9-1", agentDeployment.Spec.Template.Spec.Containers[0].Image)
+		assert.Equal(t, "jenkins/inbound-agent:4.10-3", agentDeployment.Spec.Template.Spec.Containers[0].Image)
 	})
 
 	t.Run("delete agent deployment when no seed jobs", func(t *testing.T) {

pkg/plugins/base_plugins.go

@@ -1,13 +1,13 @@
 package plugins
 
 const (
-	configurationAsCodePlugin           = "configuration-as-code:1346.ve8cfa_3473c94"
+	configurationAsCodePlugin           = "configuration-as-code:1569.vb_72405b_80249"
-	gitPlugin                           = "git:4.11.3"
+	gitPlugin                           = "git:5.0.0"
-	jobDslPlugin                        = "job-dsl:1.78.1"
+	jobDslPlugin                        = "job-dsl:1.81"
-	kubernetesPlugin                    = "kubernetes:1.31.3"
+	kubernetesPlugin                    = "kubernetes:3802.vb_b_600831fcb_3"
-	kubernetesCredentialsProviderPlugin = "kubernetes-credentials-provider:0.20"
+	kubernetesCredentialsProviderPlugin = "kubernetes-credentials-provider:1.208.v128ee9800c04"
-	workflowAggregatorPlugin            = "workflow-aggregator:2.6"
+	workflowAggregatorPlugin            = "workflow-aggregator:590.v6a_d052e5a_a_b_5"
-	workflowJobPlugin                   = "workflow-job:1145.v7f2433caa07f"
+	workflowJobPlugin                   = "workflow-job:1254.v3f64639b_11dd"
 )
 
 // basePluginsList contains plugins to install by operator.

test/e2e/configuration_test.go

@@ -24,13 +24,13 @@ import (
 const e2e = "e2e"
 
 var expectedBasePluginsList = []plugins.Plugin{
-	plugins.Must(plugins.New("configuration-as-code:1346.ve8cfa_3473c94")),
+	plugins.Must(plugins.New("configuration-as-code:1569.vb_72405b_80249")),
-	plugins.Must(plugins.New("git:4.11.3")),
+	plugins.Must(plugins.New("git:5.0.0")),
-	plugins.Must(plugins.New("kubernetes:1.31.3")),
+	plugins.Must(plugins.New("kubernetes:3802.vb_b_600831fcb_3")),
-	plugins.Must(plugins.New("kubernetes-credentials-provider:0.20")),
+	plugins.Must(plugins.New("kubernetes-credentials-provider:1.208.v128ee9800c04")),
-	plugins.Must(plugins.New("job-dsl:1.78.1")),
+	plugins.Must(plugins.New("job-dsl:1.81")),
-	plugins.Must(plugins.New("workflow-aggregator:2.6")),
+	plugins.Must(plugins.New("workflow-aggregator:590.v6a_d052e5a_a_b_5")),
-	plugins.Must(plugins.New("workflow-job:1145.v7f2433caa07f")),
+	plugins.Must(plugins.New("workflow-job:1254.v3f64639b_11dd")),
 }
 
 func createUserConfigurationSecret(namespace string, stringData map[string]string) {

test/e2e/jenkins_test.go

@@ -125,10 +125,10 @@ func createJenkinsCRSafeRestart(name, namespace string, seedJob *[]v1alpha2.Seed
 					},
 				},
 				Plugins: []v1alpha2.Plugin{
-					{Name: "audit-trail", Version: "3.7"},
+					{Name: "audit-trail", Version: "3.11"},
-					{Name: "simple-theme-plugin", Version: "0.6"},
+					{Name: "simple-theme-plugin", Version: "136.v23a_15f86c53d"},
-					{Name: "github", Version: "1.32.0"},
+					{Name: "github", Version: "1.36.0"},
-					{Name: "devoptics", Version: "1.1934", DownloadURL: "https://jenkins-updates.cloudbees.com/download/plugins/devoptics/1.1934/devoptics.hpi"},
+					{Name: "devoptics", Version: "1.1973", DownloadURL: "https://jenkins-updates.cloudbees.com/download/plugins/devoptics/1.1973/devoptics.hpi"},
 				},
 				PriorityClassName: priorityClassName,
 				NodeSelector:      map[string]string{"kubernetes.io/os": "linux"},

test/e2e/restart_test.go

@@ -21,7 +21,7 @@ func configureAuthorizationToUnSecure(namespace, configMapName string) {
 			Namespace: namespace,
 		},
 		Data: map[string]string{
-			"set-unsecured-authorization.groovy": `
+			"8-set-unsecured-authorization.groovy": `
 import hudson.security.*
 
 def jenkins = jenkins.model.Jenkins.getInstance()

test/e2e/test_utility.go

@@ -21,7 +21,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
 )
 
-const JenkinsTestImage = "jenkins/jenkins:2.319.3-lts"
+const JenkinsTestImage = "jenkins/jenkins:2.375.2-lts"
 
 var (
 	Cfg       *rest.Config
@@ -147,10 +147,10 @@ func RenderJenkinsCR(name, namespace string, seedJob *[]v1alpha2.SeedJob, groovy
 					},
 				},
 				Plugins: []v1alpha2.Plugin{
-					{Name: "audit-trail", Version: "3.10"},
+					{Name: "audit-trail", Version: "3.11"},
-					{Name: "simple-theme-plugin", Version: "0.7"},
+					{Name: "simple-theme-plugin", Version: "136.v23a_15f86c53d"},
-					{Name: "github", Version: "1.34.1"},
+					{Name: "github", Version: "1.36.0"},
-					{Name: "devoptics", Version: "1.1934", DownloadURL: "https://jenkins-updates.cloudbees.com/download/plugins/devoptics/1.1934/devoptics.hpi"},
+					{Name: "devoptics", Version: "1.1973", DownloadURL: "https://jenkins-updates.cloudbees.com/download/plugins/devoptics/1.1973/devoptics.hpi"},
 				},
 				PriorityClassName: priorityClassName,
 				NodeSelector:      map[string]string{"kubernetes.io/os": "linux"},

test/e2e/wait.go

@@ -93,5 +93,5 @@ func waitForJenkinsSafeRestart(jenkinsClient jenkinsclient.Jenkins) {
 			return false, err
 		}
 		return true, nil
-	}, time.Second*200, time.Second*5).Should(gomega.BeTrue())
+	}, time.Duration(170)*retryInterval, retryInterval).Should(gomega.BeTrue())
 }

test/helm/helm_test.go

@@ -47,7 +47,7 @@ var _ = Describe("Jenkins Controller", func() {
 
 			cmd := exec.Command("../../bin/helm", "upgrade", "jenkins", "../../chart/jenkins-operator", "--namespace", namespace.Name, "--debug",
 				"--set-string", fmt.Sprintf("jenkins.namespace=%s", namespace.Name),
-				"--set-string", fmt.Sprintf("jenkins.image=%s", "jenkins/jenkins:2.319.3-lts"),
+				"--set-string", fmt.Sprintf("jenkins.image=%s", "jenkins/jenkins:2.375.2-lts"),
 				"--set-string", fmt.Sprintf("operator.image=%s", *imageName), "--install")
 			output, err := cmd.CombinedOutput()
 			Expect(err).NotTo(HaveOccurred(), string(output))
@@ -75,15 +75,15 @@ var _ = Describe("Jenkins Controller with security validator", func() {
 			},
 		}
 		invalidPlugins = []v1alpha2.Plugin{
-			{Name: "simple-theme-plugin", Version: "0.6"},
-			{Name: "audit-trail", Version: "3.5"},
-			{Name: "github", Version: "1.29.0"},
-		}
-		validPlugins = []v1alpha2.Plugin{
 			{Name: "simple-theme-plugin", Version: "0.6"},
 			{Name: "audit-trail", Version: "3.8"},
 			{Name: "github", Version: "1.31.0"},
 		}
+		validPlugins = []v1alpha2.Plugin{
+			{Name: "simple-theme-plugin", Version: "136.v23a_15f86c53d"},
+			{Name: "audit-trail", Version: "3.11"},
+			{Name: "github", Version: "1.36.0"},
+		}
 	)
 
 	BeforeEach(func() {
@@ -117,7 +117,7 @@ var _ = Describe("Jenkins Controller with security validator", func() {
 			jenkins := e2e.RenderJenkinsCR(jenkinsCRName, namespace.Name, seedJobs, groovyScripts, casc, "")
 			jenkins.Spec.Master.Plugins = invalidPlugins
 			jenkins.Spec.ValidateSecurityWarnings = true
-			Expect(e2e.K8sClient.Create(context.TODO(), jenkins)).Should(MatchError("admission webhook \"vjenkins.kb.io\" denied the request: security vulnerabilities detected in the following user-defined plugins: \naudit-trail:3.5\ngithub:1.29.0"))
+			Expect(e2e.K8sClient.Create(context.TODO(), jenkins)).Should(MatchError("admission webhook \"vjenkins.kb.io\" denied the request: security vulnerabilities detected in the following user-defined plugins: \ngithub:1.31.0"))
 		})
 	})
 	Context("When Jenkins CR doesn't contain plugins with security warnings", func() {

website/content/en/docs/Developer Guide/_index.md

@@ -132,7 +132,7 @@ items:
       - command:
         - bash
         - -c
-        - /var/jenkins/scripts/init.sh && exec /sbin/tini -s -- /usr/local/bin/jenkins.sh
+        - /var/jenkins/scripts/init.sh && exec /usr/bin/tini -s -- /usr/local/bin/jenkins.sh
         env:
         - name: JAVA_OPTS
           value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap

website/content/en/docs/Getting Started/v0.1.x/configuration.md

@@ -274,12 +274,12 @@ The default command for the Jenkins master container `jenkins/jenkins:lts` looks
 command:
 - bash
 - -c
-- /var/jenkins/scripts/init.sh && /sbin/tini -s -- /usr/local/bin/jenkins.sh
+- /var/jenkins/scripts/init.sh && /usr/bin/tini -s -- /usr/local/bin/jenkins.sh
 ```
 
 The script`/var/jenkins/scripts/init.sh` is provided by the operator and configures init.groovy.d (creates the Jenkins user) 
 and installs plugins.
-The `/sbin/tini -s -- /usr/local/bin/jenkins.sh` command runs the Jenkins master main process.
+The `/usr/bin/tini -s -- /usr/local/bin/jenkins.sh` command runs the Jenkins master main process.
 
 You can overwrite it in the following pattern:
 
@@ -287,7 +287,7 @@ You can overwrite it in the following pattern:
 command:
 - bash
 - -c
-- /var/jenkins/scripts/init.sh && <custom-code-here> && /sbin/tini -s -- /usr/local/bin/jenkins.sh
+- /var/jenkins/scripts/init.sh && <custom-code-here> && /usr/bin/tini -s -- /usr/local/bin/jenkins.sh
 ```
 
 [job-dsl]:https://github.com/jenkinsci/job-dsl-plugin