Skip to content

Release Notes - 1.45.0💣

Please see our documentation page for more information on how to consume and deploy BigBang.

Upgrade Notices💣

Twistlock:

  • This release modifies the default security context of the console pod to run as a non-root user
  • Part of the required upgrade process is a change to permissions for the PVC that the console uses, which Big Bang has automated with an upgrade job
  • While this job runs the console will be shut down to prevent new files from being written - this means there will be a downtime window for the console during the upgrade (depending on console usage may be a few minutes while all files are chown-ed)
  • If you run into any issues with the upgrade job please report them via Repo1 issues

Flux:

  • Flux is updating to a new minor version in this release, from 0.34.0 to 0.35.0, component versions:
  • source-controller: v0.30.0
  • helm-controller: v0.25.0
  • kustomize-controller: v0.29.0
  • notification-controller: v0.27.0
  • We recommend updating Flux to stay up to date - we only test releases against the latest Flux version in Big Bang. Running the Flux update script via ./scripts/install_flux.sh -s will re-use your existing pull secret and update all components.

BETA Packages:

  • The following packages have been promoted and are no Longer in BETA: Promtail, Tempo, and Vault
  • Please continue to provide feedback via Repo1 issues and MM chat if you run into any issues with these packages
  • Loki is undergoing some additional work and will remain in BETA for this release

Upgrades from previous releases💣

If coming from a version pre-1.44.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-1.44.0.

Packages💣

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.15.0 Tetrate Istio Distro 1.14.4 1.15.0-bb.1 🔗
Updated Istio Operator Core Istio Operator 1.15.0 Tetrate Istio Distro Operator 1.14.4 1.15.0-bb.1 🔗
Updated Jaeger Core 1.38.0 2.36.0-bb.1 🔗
Updated Kiali Core 1.57.1 1.57.1-bb.0 🔗
Cluster Auditor Core 0.0.7 1.5.0-bb.0
Gatekeeper Core 3.9.0 3.9.0-bb.3
Updated Kyverno Core 1.7.4 2.5.4-bb.0 🔗
Kyverno Policies BETA Core 1.0.1 1.0.1-bb.5
New Kyverno Reporter Core 2.10.0 2.13.0-bb.0
Elasticsearch Kibana Core Kibana 8.4.2 Elasticsearch 8.4.2 0.11.0-bb.0
Eck Operator Core 2.4.0 2.4.0-bb.0
Fluentbit Core 1.9.8 0.20.8-bb.0
Promtail Core 2.6.1 6.2.2-bb.2
Loki BETA Core 2.6.1 1.8.10-bb.2
Tempo Core Tempo 1.5.0 Tempo Query 1.5.0 0.16.1-bb.2
Updated Monitoring Core Prometheus 2.39.0 Grafana 9.1.6 Alertmanager 0.24.0 40.4.0-bb.1 🔗
Updated Twistlock Core 22.06.197 0.11.3-bb.2 🔗
Argocd Addon 2.4.10 4.10.8-bb.0
Authservice Addon 0.5.2 0.5.2-bb.0
Updated Minio Operator Addon 4.5.1 4.5.1-bb.0 🔗
Updated Minio Addon RELEASE.2022-09-25T15-44-53Z 4.5.1-bb.0 🔗
Updated Gitlab Addon 15.4.1 6.4.1-bb.2 🔗
Updated Gitlab Runner Addon 15.4.0 0.45.0-bb.1 🔗
Updated Nexus Addon 3.42.0-01 42.0.0-bb.0 🔗
Updated Sonarqube Addon 8.9.9-community 1.0.29-bb.5 🔗
Haproxy Addon 2.2.21 1.12.0-bb.0
Updated Anchore Enterprise Addon Enterprise 4.1.1 Engine 1.1.0 1.19.7-bb.2 🔗
Mattermost Operator Addon 1.18.1 1.18.1-bb.1
Updated Mattermost Addon 7.3.0 7.3.0-bb.1 🔗
Updated Velero Addon 1.9.2 2.31.8-bb.1 🔗
Keycloak Addon Keycloak 18.0.2-legacy PlatformOne Plugin 1.2.0 18.2.1-bb.4
Updated Vault Addon 1.11.3 0.22.0-bb.3 🔗
Metrics Server Addon 0.6.1 3.8.0-bb.4

Changes in 1.45.0💣

Big Bang MRs💣

  • !2178: License Updates
  • !2128: Update Flux to 0.35.0
  • !2170: Increase source controller memory allocation
  • !2123: Add Kyverno Reporter
  • !2185: Update HA monitoring architecture doc
  • !2165: add ‘istioAnnotation’ to metrics-server values package
  • !2169: fix minio-operator imagePullSecret values
  • !2172: Resolve “Update High Availability Section of Gitlab Architecture Document”

Istio Controlplane💣

  • !2153: Bump Istio package version
# Changelog Updates

## [1.15.0-bb.1] - 2022-09-30

### Changed

- ironbank/tetrate/istio/install-cni updated from 1.14.3 to 1.14.4
- ironbank/tetrate/istio/istioctl updated from 1.14.3 to 1.14.4
- ironbank/tetrate/istio/pilot updated from 1.14.3 to 1.14.4
- ironbank/tetrate/istio/proxyv2 updated from 1.14.3 to 1.14.4

Istio Operator💣

  • !2153: Bump Istio package version
# Changelog Updates

## [1.15.0-bb.1]

### Changed

- Updated TID tag to 1.14.4
- Added TID tags to renovate config

Jaeger💣

  • !2147: Update Jaeger to 1.38.0
  • !2174: Jaeger: Drop all capabilities for remaining containers
# Changelog Updates

## [2.36.0-bb.1]

### Changed

- Set deployment containers to run with capabilities set to explicit deny
- Set job containers to run with capabilities set to explicit deny

## [2.36.0-bb.0]

### Changed

- Updated Jaeger images to 1.38.0 (latest operator version)

Kiali💣

  • !2159: Update Kiali to 1.57.1
# Changelog Updates

## [1.57.1-bb.0] - 2022-09-13

### Changed

- Updated to 1.57.1 images (latest in IB)

Kyverno💣

  • !2171: Update Kyverno to 1.7.4
# Changelog Updates

## [2.5.4-bb.0] - 2022-10-06

### Changed

- Updated Helm chart to v2.5.4
- Updated Kyverno to v1.7.4

Monitoring💣

  • !2151: Update Monitoring charts
  • !2167: Updated monitoring git tag
  • !2144: Bump monitoring package version
# Changelog Updates

## [40.4.0-bb.1]

### Added

- Prometheus rule for flux alerts

## [40.4.0-bb.0]

### Changed

- Updated Monitoring chart version to `40.4.0`
- Updated images to latest IB image versions: grafana-plugins -> `9.1.6`, k8s-sidecar -> `1.19.5`, bats -> `1.8.0`, kubectl -> `v1.25.2`, prometheus-config-reloader -> `v0.59.2`, node-exporter -> `v1.4.0`, prometheus -> `v2.39.0`

## [40.0.0-bb.2]

### Changed

- Added Istio Operator Service Monitor

Twistlock💣

  • !2194: Twistlock: Adjustment to volume upgrade job
  • !2184: Twistlock: Drop ALL capabilities
  • !2176: Twistlock: Add trusted image policy
  • !2163: Resolve issues with Twistlock volume upgrade job
  • !2148: Update Twistlock Console default memory
# Changelog Updates

## [0.11.3-bb.2] - 2022-10-20

### Changed

- Modified volume job to add retries on chown + exit with error properly

## [0.11.3-bb.1] - 2022-10-14

### Added

- Added drop security context capability to defender and console

## [0.11.3-bb.0] - 2022-10-12

### Added

- Configurable trusted image policy via init job

## [0.11.2-bb.0] - 2022-10-06

### Fixed

- Added affinity for volume upgrade job
- Set job to run by default
- Add resources for volume job, modify wait logic to handle edge cases with unhealthy console

## [0.11.1-bb.0] - 2022-10-02

### Changed

- increase Mem for console to 2gb

## [0.11.0-bb.0] - 2022-09-27

### Added

- Set Twistlock console to run as nonroot
- Added upgrade option for those with local volumes through the volume-upgrade-job

Minio Operator💣

  • !2145: Minio and minio-operator update
# Changelog Updates

## [4.4.1-bb.0] - 2022-10-04

### Upgrade

- Updated Minio Operator Helm Chart to Version 4.5.1
- Updated Minio CRD to Version 4.5.1
- Updated Operator Image to v4.5.1
- Updated Console Image to v0.20.4

Minio💣

  • !2145: Minio and minio-operator update
# Changelog Updates

## [4.5.1-bb.0] - 2022-10-3

### Changed

- Update MinIO image to RELEASE.2022-09-25T15-44-53Z
- Update tenant configuration to match operator version 4.5.1
- Updated credential usage in tenant due to deprecated minio operator feature in te CRD.

Gitlab💣

  • !2183: Gitlab: Resolve toolbox cron backups Istio issues
  • !2173: Adding necessary mTLS passthrough values for each Gitlab serviceMonitor
  • !2150: Update Gitlab to 15.4.1
# Changelog Updates

## [6.4.1-bb.2] - 2022-10-12

### Changed

- Enabled Istio injection for toolbox cron backup due to mTLS blocking repository dump
- Increased default resources for job

## [6.4.1-bb.1] - 2022-10-13

### Changed

- Removed metrics related PeerAuthentication port level Exception resources

## [6.4.1-bb.0] - 2022-10-06

### Changed

- Updated to helm chart to 6.4.1 and appVersion to 15.4.1

Gitlab Runner💣

  • !2162: Updated gitlab-runner git tag
  • !2160: Updated gitlab-runner git tag
# Changelog Updates

## [0.45.0-bb.1] - 2022-10-11

### Updated

- Correct Iron Bank image version

## [0.45.0-bb.0] - 2022-10-11

### Updated

- Update helm chart to v0.45.0 app version 15.4.0

Nexus💣

  • !2157: Updated nexus 3.42.0-01
# Changelog Updates

## [42.0.0-bb.0] - 2022-10-06

### Changed

- Updated chart to version: 42.0.0-bb.0 | appVersion: 3.42.0

Sonarqube💣

  • !2179: Updated sonarqube postgres dependencies
# Changelog Updates

## [1.0.29-bb.5] - 2022-10-17

### Updated

- Updated postgres and postgres exporter images

Anchore Enterprise💣

  • !2192: Fix addition of enabled in securityContext for Anchore DB jobs
  • !2191: Resolve Anchore securityContext indentation issues
  • !2161: Update Anchore Enterprise to 4.1.1
  • !2105: Anchore: Drop ALL capabilities
# Changelog Updates

## [1.19.7-bb.2]

### Fixed

- Added removal of `enabled` from securitycontext on ensure-db jobs

## [1.19.7-bb.1]

### Fixed

- Fixed indentation issue with securitycontext on ensure-db jobs

## [1.19.7-bb.0]

### Changed

- Bumped chart version to `1.19.7`
- Bumped Anchore Enterprise image tag to `4.1.1`
- Bumped Anchore Enterprise UI image tag to `4.1.1`

## [1.19.4-bb.2]

### Changed

- Added drop capabilities for containers

Mattermost💣

  • !2146: Mattermost minio dep update SKIP UPGRADE
# Changelog Updates

## [7.3.0-bb.1] - 2022-10-05

### Updated

- updated minio and gluon dependencies

Velero💣

  • !2158: Velero: Add pre-condition checks for CSI plugin usage
  • !2155: Update Velero: 1.9.2 + plugin updates
# Changelog Updates

## [2.31.8-bb.1]

### Changed

- Updated to latest chart 2.31.8-bb.1

## [2.31.8-bb.0]

### Changed

- Updated to latest chart 2.31.8
- Updated velero to 1.9.2

Vault💣

  • !2156: Remove vault metrics mTLS exception
# Changelog Updates

## [0.22.0-bb.3] - 2022-10-07

### Removed

- Removed metric monitoring exception for Istio PeerAuthentication resource

Known Issues💣

  • On some k8s distros certain components in the kube-system namespace are unable to be scraped by Prometheus due to the services default network interface binding - More Information
  • If using the Velero CSI plugin with this release you will encounter an error regarding missing CRDs. This was caused by a misnamed CRD in a conditional and will be resolved in 1.46.0. As a workaround you can pin to the newer version of Velero which has a fixed conditional: 
    addons:
  velero:
    git:
      tag: "2.31.8-bb.2"

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future💣

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.