Skip to content

Release Notes - 1.43.0💣

Please see our documentation page for more information on how to consume and deploy BigBang.

Upgrade Notices💣

Monitoring:

  • Starting from prometheus-node-exporter version 4.0.0, the node exporter chart is using the Kubernetes recommended labels
  • You will need to delete the daemonset prior to upgrading with: kubectl delete daemonset -l app=prometheus-node-exporter -n monitoring
  • For more information please visit: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#from-39x-to-40x

Anchore:

  • Anchore Enterprise 4.1.0 has new scan behavior that affects ability to see scan results before the feeds are fully synced
  • There are also additional steps required when upgrading to 4.1.0 on a FIPS machine to ensure that the DBs are upgraded properly
  • For more information visit the following: 4.1 Release Notes

Kiali:

  • Kiali is updating to version 1.56.1 in this release
  • While the Kiali upstream comptability matrix does not indicate support (upstream testing) for this version with Istio 1.14.3, we noted no issues in testing
  • The warning that shows on the Kiali UI can be ignored provided you see no issues, and the Big Bang team will be updating to Istio 1.15.x in the near future to ensure we keep in alignment with the testing support of upstream

Upgrades from previous releases💣

If coming from a version pre-1.42.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-1.42.0.

Packages💣

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.14.3 Tetrate Istio Distro 1.13.5 1.14.3-bb.4 🔗
Istio Operator Core Istio Operator 1.14.3 Tetrate Istio Distro Operator 1.13.5 1.14.3-bb.0
Updated Jaeger Core 1.37.0 2.35.0-bb.1 🔗
Updated Kiali Core 1.56.1 1.56.1-bb.1 🔗
Updated Cluster Auditor Core 0.0.4 1.4.0-bb.10 🔗
Updated Gatekeeper Core 3.9.0 3.9.0-bb.2 🔗
Kyverno Core 1.7.3 2.5.3-bb.0
Updated Kyverno Policies BETA Core 1.0.1 1.0.1-bb.5 🔗
Updated Elasticsearch Kibana Core Kibana 8.4.0 Elasticsearch 8.4.0 0.10.1-bb.0 🔗
Eck Operator Core 2.3.0 2.3.0-bb.0
Updated Fluentbit Core 1.9.7 0.20.6-bb.1 🔗
Updated Promtail BETA Core 2.6.1 6.2.2-bb.2 🔗
Loki BETA Core 2.6.1 1.8.10-bb.2
Updated Tempo BETA Core Tempo 1.5.0 Tempo Query 1.5.0 0.16.1-bb.2 🔗
Updated Monitoring Core Prometheus 2.38.0 Grafana 9.1.3 Alertmanager 0.24.0 40.0.0-bb.0 🔗
Updated Twistlock Core 22.06.197 0.10.0-bb.1 🔗
Argocd Addon 2.4.10 4.10.8-bb.0
Authservice Addon 0.5.2 0.5.2-bb.0
Updated Minio Operator Addon 4.4.28 4.4.28-bb.1 🔗
Updated Minio Addon RELEASE.2022-08-26T19-53-15Z 4.4.28-bb.1 🔗
Updated Gitlab Addon 15.3.2 6.3.2-bb.0 🔗
Gitlab Runner Addon 15.2.1 0.43.1-bb.1
Updated Nexus Addon 3.41.1-01 41.1.0-bb.4 🔗
Sonarqube Addon 8.9.9-community 1.0.29-bb.2
Haproxy Addon 2.2.21 1.12.0-bb.0
Updated Anchore Enterprise Addon Enterprise 4.1.0 Engine 1.1.0 1.19.4-bb.1 🔗
Updated Mattermost Operator Addon 1.18.1 1.18.1-bb.1 🔗
Mattermost Addon 7.2.0 7.2.0-bb.0
Updated Velero Addon 1.9.1 2.31.3-bb.2 🔗
Keycloak Addon Keycloak 18.0.2-legacy PlatformOne Plugin 1.2.0 18.2.1-bb.3
Vault BETA Addon 1.11.2 0.21.0-bb.0
Metrics Server Addon 0.6.1 3.8.0-bb.4

Changes in 1.43.0💣

Big Bang MRs💣

  • !2094: Updates Docs for pipelines
  • !2077: Doc Fixes
  • !2076: Resolve “Enable alpha plugins by default in ArgoCD”

Istio Controlplane💣

  • !2037: Istio: Disable FSGroup modification by default
# Changelog Updates

## [1.14.3-bb.4]

### Changed

- Adds env variable to values which can be used during deployment to modify istio k8s env settings

Jaeger💣

  • !2066: Jaeger mTLS metrics
# Changelog Updates

## [2.35.0-bb.1]

### Changed

- Enabled mTLS for Jaeger metrics
- Updated Gluon to 0.3.0

Kiali💣

  • !2075: Update Kiali to 1.56.1
# Changelog Updates

## [1.56.1-bb.1] - 2022-09-13

### Fixed

- Fixed clicking in cypress test that was being blocked

## [1.56.1-bb.0] - 2022-09-13

### Changed

- Updated to 1.56.1 images (latest in IB)

## [1.56.0-bb.0] - 2022-09-12

### Changed

- Updated to 1.56.0 images (latest in IB)

Cluster Auditor💣

  • !2086: Fix Cluster Auditor Helm Test
# Changelog Updates

## [1.4.0-bb.10]

### Fixed

- Resolved issues with cypress tests

Gatekeeper💣

  • !2074: Gatekeeper: Update kubectl image
  • !2087: Fix: Update gatekeeper docs to include replicas example
  • !2073: Gatekeeper: Remove deprecated ingress versions
# Changelog Updates

## [3.9.0-bb.2]

### Changed

- Updated to latest kubectl v1.24.4
- Updated to latest gluon 0.3.0

## [3.9.0-bb.1]

### Changed

- Remove old Ingress API's

Kyverno Policies💣

  • !2078: Kyverno Policies: Move nodeport enforcement to BB override
# Changelog Updates

## [1.0.1-bb.5] - 2022-09-14

### Changed

- Changed `disallow-nodeport-services` to `audit`
- Updated Gluon to `0.3.0`
- Fixed `disallow-pod-exec` from `attach` to `audit`

Elasticsearch Kibana💣

  • !2093: Elasticsearch-kibana package update with exporter sub-chart
# Changelog Updates

## [0.10.1-bb.0] - 2022-09-11

### Added

- prometheus-elastiseaerch-exporter added as sub-chart deployment and `metrics` key to monitor health of elastic search indexes

Fluentbit💣

  • !2056: Fluentbit: mTLS Metrics
# Changelog Updates

## [0.20.6-bb.1]

### Added

- Added support for tlsConfig and scheme values in the serviceMonitor

### Removed

- Removed mTLS exception for metrics

Promtail💣

  • !2065: Added bits for mTLS with Promtail
# Changelog Updates

## [6.2.2-bb.2]

### Added

- Added mTLS to pod monitor

Tempo💣

  • !2060: Tempo: mTLS metrics
# Changelog Updates

## [0.16.1-bb.2]

### Added

- Added support for scheme and tlsConfig in serviceMonitor

### Changed

- Removed mTLS "exception" for metrics
- Added injection on metrics port 16687
- Adjust auth policies to allow Prometheus access to 16687
- Updated gluon to 0.3.0

Monitoring💣

  • !2081: Monitoring: Prom Operator 0.59.0 and other image updates
  • !2080: Updated monitoring git tag
  • !2059: Add Grafana Persistence Values
# Changelog Updates

## [40.0.0-bb.0]

### Fixed

- Updated Monitoring chart version to `40.0.0`
- Updated images to latest IB image versions: thanos -> `v0.28.0`, grafana-plugins -> `9.1.3`, kube-state-metrics -> `v2.6.0`
- Updated images to latest IB image versions: kubectl -> `v1.25.0`, prometheus-config-reloader -> `v0.59.0`, prometheus-operator -> `v0.59.0`

## [39.9.0-bb.3]

### Added

- More PrometheusRule resource rule templates for istio ControlPlane and Proxy Alerts

## [39.9.0-bb.2]

### Added

- Grafana Persistence Recommended Values. Including comments and links to upstream.

Twistlock💣

  • !2052: Update Twistlock to 22.06.197
  • !2045: Add SAML SSO configuration for Twistlock
# Changelog Updates

## [0.10.0-bb.1] - 2022-09-02

### Added

- Add support for SAML SSO via init script

## [0.10.0-bb.0] - 2022-08-26

### Changed

- Updated console and defender to `22.06.197`

Minio Operator💣

  • !2055: minio-operator console image update to v0.20.0
# Changelog Updates

## [4.4.28-bb.1] - 2022-09-06

### Upgrade

- Update console image to latest ironbank version

Minio💣

  • !2068: Updated minio to version RELEASE.2022-08-26T19-53-15Z
# Changelog Updates

## [4.4.28-bb.1] - 2022-08-23

### Changed

- Update MinIO image to RELEASE.2022-08-26T19-53-15Z

Gitlab💣

  • !2082: Updated gitlab git tag
# Changelog Updates

## [6.3.2-bb.0] - 2022-09-14

### Changed

- Updated to helm chart to 6.3.2 and appVersion to 15.3.2

Nexus💣

  • !2085: Enhance Nexus CI test with push/pull from Docker Registry
  • !2083: Nexus added support for istio values
  • !2071: Update Nexus to 3.41.1
# Changelog Updates

## [41.1.0-bb.4] - 2022-09-19

### Added

- Added test for CI to push/pull image from nexus docker registry

### Fixed

- Fixed service name in BB jobs

## [41.1.0-bb.3] - 2022-09-19

### Changed

- The curl statements to istio proxy need to be made conditional on isito.enabled and istio.injection in the BigBang blob-storage job.

## [41.1.0-bb.2] - 2022-09-16

### Changed

- Fixed virtual service template.
- Make peerauthentication templates conditional on istio-injection.

## [41.1.0-bb.1] - 2022-09-13

### Changed

- The curl statements to istio proxy need to be made conditional on isito.enabled and istio.injection in the BigBang jobs.

## [41.1.0-bb.0] - 2022-09-06

### Changed

- Updated chart to version: 41.1.0-bb.0 | appVersion: 3.41.1
- Updated gluon dependency to 0.3.0
- Updated dev docs to reflect current status

Anchore Enterprise💣

  • !2063: Update Anchore Enterprise to 4.1.0
  • !2091: Anchore: Update postgres image and gluon
# Changelog Updates

## [1.19.4-bb.1]

### Changed

- Bumped gluon version to `0.3.1`
- Bumped postgresql12 image tag to `12.12`

## [1.19.4-bb.0]

### Changed

- Bumped chart version to `1.19.4`
- Bumped Anchore Enterprise image tag to `4.1.0`
- Bumped Anchore Enterprise UI image tag to `4.1.0`

Mattermost Operator💣

  • !2070: Mattermost Operator: Drop ALL Linux Capabilities
# Changelog Updates

## [1.18.1-bb.1] - 2022-09-08

### Added

- Added default securitycontext to container (drop capabilities, non-privileged, read only fs)
- Added post install package to validate MM successful install

Velero💣

  • !2089: Feat: adding mtls for velero metrics
  • !2057: Velero: Drop ALL capabilities
# Changelog Updates

## [2.31.3-bb.2]

### Added

- Added support for tlsConfig and scheme values in the serviceMonitor

### Removed

- Removed mTLS exception for metrics

## [2.31.3-bb.1]

### Changed

- Enabled drop all capabilities
- Updated gluon to 0.3.0

Known Issues💣

  • On some k8s distros certain components in the kube-system namespace are unable to be scraped by Prometheus due to the services default network interface binding - More Information
  • Vault is in beta and therefore not recommended for operational use. We are still working on a few issues. If you set the extra environment variable AGENT_INJECT_VAULT_ADDR for the Injector ENVs you will encounter a helm install error due to duplicate ENVs. In our testing the Prometheus pod is not being injected with a Vault sidecar and Prometheus is not able to scrape metrics.
  • Jaeger will fail to install if Monitoring is enabled AND either Istio is disabled or mTLS is set to PERMISSIVE for Jaeger (reference this comment for more details). As a workaround set the below to ensure that serviceMonitor is defined as an empty value:
    jaeger:
      values:
        monitoring:
          serviceMonitor: {}
    

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future💣

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.