Release Notes - 1.44.0💣
Please see our documentation page for more information on how to consume and deploy BigBang.
Upgrade Notices💣
Flux:
- Flux is updating to a new minor version in this release, from
0.32.0to0.34.0, component versions: source-controller:v0.29.0helm-controller:v0.24.0kustomize-controller:v0.28.0notification-controller:v0.26.0- We recommend updating Flux to stay up to date - we only test releases against the latest Flux version in Big Bang. Running the Flux update script via
./scripts/install_flux.sh -swill re-use your existing pull secret and update all components.
Istio Upgrade:
- Istio was updated from 1.14.3 to 1.15.0 in this release
- Big Bang apps should be configured to automatically cycle for the latest sidecar config
- Make sure to cycle pods for any 3rd party or tenant applications manually to pull the new version in.
EK Upgrade:
- EK gets an upgrade to
8.4.2this release, reminder that the upgrades aren’t always completely smooth and unattended upgrades. If your ECK cluster is unhealthy, HelmRelease timed out or pods aren’t restarting in time review the troubleshooting guide on helpful tips.
Upgrades from previous releases💣
If coming from a version pre-1.43.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-1.43.0.
Packages💣
| Package | Type | Package Version | BB Version |
|---|---|---|---|
 Istio Controlplane |
Core | Istio 1.15.0 Tetrate Istio Distro 1.14.3 |
1.15.0-bb.0 🔗 |
| Istio Operator |
Core | Istio Operator 1.15.0 Tetrate Istio Distro Operator 1.14.3 |
1.15.0-bb.0 🔗 |
| Jaeger | Core | 1.37.0 |
2.35.0-bb.1 |
| Kiali | Core | 1.56.1 |
1.56.1-bb.1 |
| Cluster Auditor |
Core | 0.0.7 |
1.5.0-bb.0 🔗 |
| Gatekeeper |
Core | 3.9.0 |
3.9.0-bb.3 🔗 |
| Kyverno |
Core | 1.7.3 |
2.5.3-bb.1 🔗 |
Kyverno Policies  |
Core | 1.0.1 |
1.0.1-bb.5 |
| Elasticsearch Kibana |
Core | Kibana 8.4.2 Elasticsearch 8.4.2 |
0.11.0-bb.0 🔗 |
| Eck Operator |
Core | 2.4.0 |
2.4.0-bb.0 🔗 |
| Fluentbit |
Core | 1.9.8 |
0.20.8-bb.0 🔗 |
| Promtail |
Core | 2.6.1 |
6.2.2-bb.2 |
| Loki |
Core | 2.6.1 |
1.8.10-bb.2 |
| Tempo |
Core | Tempo 1.5.0 Tempo Query 1.5.0 |
0.16.1-bb.2 |
| Monitoring |
Core | Prometheus 2.38.0 Grafana 9.1.3 Alertmanager 0.24.0 |
40.0.0-bb.1 🔗 |
| Twistlock |
Core | 22.06.197 |
0.10.0-bb.2 🔗 |
| Argocd | Addon | 2.4.10 |
4.10.8-bb.0 |
| Authservice | Addon | 0.5.2 |
0.5.2-bb.0 |
| Minio Operator |
Addon | 4.4.28 |
4.4.28-bb.2 🔗 |
| Minio | Addon | RELEASE.2022-08-26T19-53-15Z |
4.4.28-bb.1 |
| Gitlab |
Addon | 15.3.2 |
6.3.2-bb.1 🔗 |
| Gitlab Runner |
Addon | 15.3.0 |
0.44.0-bb.0 🔗 |
| Nexus |
Addon | 3.41.1-01 |
41.1.0-bb.6 🔗 |
| Sonarqube |
Addon | 8.9.9-community |
1.0.29-bb.4 🔗 |
| Haproxy | Addon | 2.2.21 |
1.12.0-bb.0 |
| Anchore Enterprise | Addon | Enterprise 4.1.0 Engine 1.1.0 |
1.19.4-bb.1 |
| Mattermost Operator | Addon | 1.18.1 |
1.18.1-bb.1 |
| Mattermost |
Addon | 7.3.0 |
7.3.0-bb.0 🔗 |
| Velero | Addon | 1.9.1 |
2.31.3-bb.2 |
| Keycloak |
Addon | Keycloak 18.0.2-legacy PlatformOne Plugin 1.2.0 |
18.2.1-bb.4 🔗 |
| Vault |
Addon | 1.11.3 |
0.22.0-bb.2 🔗 |
| Metrics Server | Addon | 0.6.1 |
3.8.0-bb.4 |
Changes in 1.44.0💣
Big Bang MRs💣
- !2115: Updating documentation for argocd high-availability configuration
- !2015: Update Flux to 0.24.0
- !2098: Fix Jaeger SvcMonitor conditional placement
# Changelog Updates
## [1.15.0-bb.0] - 2022-09-17
### Changed
- ironbank/opensource/istio/install-cni updated from 1.14.3 to 1.15.0
- ironbank/opensource/istio/pilot updated from 1.14.3 to 1.15.0
- ironbank/opensource/istio/proxyv2 updated from 1.14.3 to 1.15.0
- ironbank/tetrate/istio/install-cni updated from 1.13.5 to 1.14.3
- ironbank/tetrate/istio/istioctl updated from 1.13.5 to 1.14.3
- ironbank/tetrate/istio/pilot updated from 1.13.5 to 1.14.3
- ironbank/tetrate/istio/proxyv2 updated from 1.13.5 to 1.14.3
Istio Controlplane💣
- !2118: Update Istio to 1.15.0
# Changelog Updates
## [1.15.0-bb.0] - 2022-09-17
### Changed
- ironbank/opensource/istio/install-cni updated from 1.14.3 to 1.15.0
- ironbank/opensource/istio/pilot updated from 1.14.3 to 1.15.0
- ironbank/opensource/istio/proxyv2 updated from 1.14.3 to 1.15.0
- ironbank/tetrate/istio/install-cni updated from 1.13.5 to 1.14.3
- ironbank/tetrate/istio/istioctl updated from 1.13.5 to 1.14.3
- ironbank/tetrate/istio/pilot updated from 1.13.5 to 1.14.3
- ironbank/tetrate/istio/proxyv2 updated from 1.13.5 to 1.14.3
Istio Operator💣
- !2118: Update Istio to 1.15.0
# Changelog Updates
## [1.15.0-bb.0]
### Changed
- Updated repo1 image to `1.15.0`
Cluster Auditor💣
- !2101: Update cluster auditor to 0.0.7
# Changelog Updates
## [1.5.0-bb.0] - 2022-09-16
### Changed
- ironbank/bigbang/cluster-auditor/opa-exporter updated from 0.0.4 to 0.0.7
Gatekeeper💣
- !2134: Gatekeeper: Update kubectl/gluon
# Changelog Updates
## [3.9.0-bb.3]
### Changed
- Updated to latest kubectl v1.25.2
- Updated to latest gluon 0.3.1
Kyverno💣
- !2133: Kyverno: Update gluon/kubectl
# Changelog Updates
## [2.5.3-bb.1] - 2022-09-28
### Changed
- Updated kubectl to v1.25.2
- Update gluon to 0.3.1
Elasticsearch Kibana💣
# Changelog Updates
## [0.11.0-bb.0] - 2022-09-29
### Changed
- Updated chart version to `0.11.0-bb.0`
- Updated appVersion, Kibana, and Elasticsearch to `8.4.2`
## [0.10.1-bb.0] - 2022-09-11
### Added
- .gitignore
Eck Operator💣
- !2108: Update eck-operator to 2.4.0
# Changelog Updates
## [2.4.0-bb.0]
### Changed
- Updated chart and IB images from 2.3.0 to 2.4.0
Fluentbit💣
- !2125: Update Fluentbit to 1.9.8
# Changelog Updates
## [0.20.8-bb.0]
### Changed
- Updated upstream helm chart tag `0.20.8`
- Updated fluent-bit image to `1.9.8` from IB
Monitoring💣
- !2106: Resolve “Adjust Vault Monitoring to utilize AdditionalScrapeConfig rather than ServiceMonitor”
# Changelog Updates
## [40.0.0-bb.1]
### Removed
- chart/templates/bigbang/monitors/vault-servicemonitor.yaml
Twistlock💣
- !2138: Twistlock Console securityContext Updates & Kyverno CI Exceptions
- !2104: Resolve “Enable mTLS for Twistlock metrics”
# Changelog Updates
## [0.11.0-bb.0] - 2022-09-27
### Added
- Set Twistlock console to run as nonroot
- Added upgrade option for those with local volumes through the volume-upgrade-job
## [0.10.0-bb.2] - 2022-09-22
### Added
- Enable mTLS for Twistlock metrics
- Updated Gluon to `0.3.1`
Minio Operator💣
- !2103: Minio-operator security context
# Changelog Updates
## [4.4.28-bb.2] - 2022-09-20
### Upgrade
- Add capabilities drop ALL
Gitlab💣
- !2096: gitlab docs update
# Changelog Updates
## [6.3.2-bb.1] - 2022-09-20
### Changed
- documentation cleanup
Gitlab Runner💣
- !2119: Updated gitlab-runner git tag
# Changelog Updates
## [0.44.0-bb.0] - 2022-09-26
### Updated
- Update helm chart to v0.44.0 app version 15.3.0
Nexus💣
# Changelog Updates
## [41.1.0-bb.6] - 2022-09-26
### Changed
- added securityContext: capabilities: drop: ALL
## [41.1.0-bb.5] - 2022-09-19
### Changed
- Updating registry host VirtualService to use template function to be able to reference domain value.
Sonarqube💣
# Changelog Updates
## [1.0.29-bb.4] - 2022-09-26
### Changed
- Added capabilities drop ALL
## [1.0.29-bb.3] - 2022-09-21
### Changed
- Added default JDK arg to disable FIPS alignment - Sonarqube does not support running on FIPS nodes (https://docs.sonarqube.org/latest/requirements/requirements/)
Mattermost💣
# Changelog Updates
## [7.3.0-bb.0] - 2022-09-27
### Changed
- ironbank/opensource/mattermost/mattermost updated from 7.2.0 to 7.3.0
- updated Gluon to `0.3.1`
## [7.2.0-bb.1] - 2022-09-28
### Changed
- Change default SSO auth endpoints to use direct Keycloak endpoints.
Keycloak💣
- !2139: Keycloak Security Context
# Changelog Updates
## [18.2.1-bb.4] - 2022-09-22
### Fixed
- Added capabilities drop ALL
- Updated Gluon to `0.3.1`
Vault💣
# Changelog Updates
## [0.22.0-bb.2] - 2022-09-28
### Updated
- Enhance Renovate functionality
## [0.22.0-bb.1] - 2022-09-28
### Added
- Added `oscal-component.yaml` file to project root w/ implemented requirements against NIST 800-53
## [0.22.0-bb.0] - 2022-09-21
### Updated
- Update Vault to appVersion `1.11.3` helm chart version `0.22.0` , `vault-k8s` to `1.0.0`
Known Issues💣
- On some k8s distros certain components in the kube-system namespace are unable to be scraped by Prometheus due to the services default network interface binding - More Information
Helpful Links💣
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future💣
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.