Get started with Bitbucket Cloud
New to Bitbucket Cloud? Check out our get started guides for new users.
This page tracks internal infrastructure changes to Bitbucket Pipelines that in rare cases might affect customer builds.
We’ve added a new Kubernetes cluster to run builds across some pipelines. This change should be transparent to users. If you are running behind a corporate firewall and haven’t recently allowlisted pipelines IP addresses, you can review these at What are the IP addresses to configure a corporate firewall?
Starting on November 11th, we will be rolling out an upgraded version of the operating system that our Kubernetes build nodes run. This involves a change of Linux kernel versions from 4.19.143 to 5.4.72. This change should be transparent to users.
Starting on November 2nd through November 10th, we will be incrementally rolling out an upgraded version from 18.09.9 to 19.03.13.
The docker daemon version used in the docker service has been upgraded from 18.09.1 to the latest 18.09.9
Starting on 2nd September the docker in docker container's root filesystem will be read-only except for the directories required to use docker in order to harden security. The BITBUCKET_CLONE_DIR and its subdirectories, any other volumes you create, will remain writable.
Starting on 22rd April containerd on the kubernetes nodes was upgraded from 1.2.x to 1.3.4.
Starting on 29th April switch to containerd-shim-runc-v2 to use per-pod shim instead of per-container shim.
Starting on 20th November, we will be progressively rolling out Kubernetes cluster upgrades to all customers. This change should be transparent to users. If you are running behind a corporate firewall and haven’t recently allowlisted pipelines IP addresses, you can review these at What are the IP addresses to configure a corporate firewall?
Starting from August 7th, the nodes in our kubernetes build cluster will be changed to run with containerd rather than docker. The change should be transparent to most Bitbucket Pipelines users.
Update August 9th: We've identified 2 issues with the rollout:
Users with docker images hosted on outdated Sonatype Nexus instances will have trouble pulling images via containerd. Please file a support ticket at https://support.atlassian.com/contact to be excluded from the migration and consider upgrading the Nexus instance (see https://issues.sonatype.org/browse/NEXUS-12684).
Users with private docker images hosted on bintray.com will experience 401 Unauthorized response with containerd. We've identified the issue to be with the provider and are communicating with them on resolution. Please file a support ticket to be excluded from the containerd until the issue is resolved using the following link https://support.atlassian.com/contact.
Starting from the 17th of April 2019, SSH keyscans will be performed from within the build environment. This means you will need to add the valid IP addresses to an allowlist for Bitbucket Pipelines build environments to continue using this. The IP addresses in use by Bitbucket Pipelines services will no longer need to be allowlisted.
See What are the Bitbucket Cloud IP addresses I should use to configure my corporate firewall? for details.
Starting from the 8th of November 2018, new IP addresses will be in use by Bitbucket Pipelines services (not our build infrastructure).
See What are the Bitbucket Cloud IP addresses I should use to configure my corporate firewall? for details.
On 27th September 2018, we rolled out a change to enable user namespace remapping in our docker in docker daemon we provide to users as part of a steps execution to harden the security of pipelines.
On 12th September 2018, new IP addresses were provisioned for our build infrastructure to offer future multi-region failover in our Kubernetes infrastructure. These addresses will become active in the next two weeks.
See What are the Bitbucket Cloud IP addresses I should use to configure my corporate firewall? for details.
On 1st August 2018, we swapped our Kubernetes nodes from using EC2 M4 instance types to M5d's. M5d instances use NVMe drives (instead of EBS volumes), which are much faster, as well as located on the underlying compute hardware, not having then the overhead of transferring data on the drives over a storage network.
On 15th March 2018, new IP addresses were provisioned for our build infrastructure. These addresses will become active in the next two weeks.
See What are the Bitbucket Cloud IP addresses I should use to configure my corporate firewall? for details.
On 28 November 2017, as part of implementing docker-run support in Pipelines, we now treat Docker as a Pipelines service. This means commands executed via Docker will have a memory limit of 1 GB, and builds that enable Docker can only use two additional services per build step.
There are a very small number of existing builds that use three services and have Docker enabled that will break with this change. We have directly notified customers who have recently run builds with this configuration.
Our recommendation is to either stop running one of your services or change one service to run using "docker run" instead (YAML example). Docker run support will also give you the flexibility to start multiple Docker containers in the same build, including via docker-compose files.
On 25 October 2017, new IP addresses were provisioned for our build infrastructure.
See What are the Bitbucket Cloud IP addresses I should use to configure my corporate firewall? for details.
On 7 September 2017, we upgraded the Docker daemon provided to Pipelines build containers, from 1.12.6 to 17.05.
Please see this ticket for more details: https://bitbucket.org/site/master/issues/14333/upgrade-docker-for-multi-stage-builds
As of February 2017, we're rolling out changes to Pipeline's build infrastructure to provide a foundation for upcoming new features. Pipelines still executes your scripts in an isolated Docker container, and most people won't notice any change in behavior.
There are a couple of minor differences that may affect some people, described below.
You can tell if you've got the updated infrastructure by looking at the log file. The 'Build setup' section at the top will be noticeably shorter, and will no longer contain docker run commands.
You still have the old infrastructure if you see docker run commands in the 'Build setup' section of your log file similar to the following:
Pipelines will continue to execute the .bashrc file as if run in an interactive non-login shell but it now behaves as a non-interactive shell. This change may affect scripts that use stdin or have other dependencies on an interactive shell. For these few cases we recommend that you rework your scripts to run non-interactively.
This improves usage of Bitbucket Pipelines in a couple of ways:
Commands waiting on user input will now exit and fail the build immediately, rather than hanging the build waiting for input.
Some tools, such as Git and Maven, display download progress indicators in an interactive terminal. Now that builds non-interactively, many tools will no longer log verbose progress indicators, streamlining your Pipelines log output.
Pipelines started requiring valid C identifiers (matching regex /[A-Za-z_][A-Za-z0-9_]*/) for variable names in November 2016, preventing new invalid variables being created. However, there are still a small number of customers with old, invalid variables configured.
With the recent infrastructure changes, variables with invalid names will no longer be passed to the build container. Scripts that depend on these variables must be updated to use new variables created with valid names.
These infrastructure changes mean we can now publish IP addresses for Bitbucket Pipelines. You'll want to know these addresses if you want to provide Pipelines access into your AWS VPC or corporate firewall by adding them to an allowlist, for example.
See What are the Bitbucket Cloud IP addresses I should use to configure my corporate firewall? for the Bitbucket and Pipelines public IP addresses.
Note that our public IP addresses may change in the future.
Was this helpful?