Release Notes - 1.49.0💣

Please see our documentation page for more information on how to consume and deploy BigBang.

Upgrade Notices💣

Flux:

Flux is updating to a new minor version in this release, from 0.36.0 to 0.37.0, component versions:
source-controller: v0.32.1
helm-controller: v0.27.0
kustomize-controller: v0.31.0
notification-controller: v0.29.0
We recommend updating Flux to stay up to date - we only test releases against the latest Flux version in Big Bang. Running the Flux update script via ./scripts/install_flux.sh -s will re-use your existing pull secret and update all components.
gitImplementation for the source-controller is deprecated as of this update, review the notes from upstream here

Gitlab:

DoD Approved External PKI Certificate Trust Chains were Updated to Version 9.5
With this change, the secrets required under global.certificates.customCAs have changed and may need to be updated for any user that includes this list and appends to it
Starting with version 15.5 Gitlab in FIPS mode will disable Personal Access Tokens.
Registry1 Gitlab images ship with FIPS enablement at this point in time, here are steps to check if your images are running in FIPS mode.
This has been an issue since Big Bang 1.47.0 and is being tracked as a priority to fix as soon as an upstream fix is available

Neuvector:

Neuvector is included in this release as a new BETA package, disabled by default, as an opensource alternative to Twistlock/Prisma Cloud Compute
As with all of our previous BETA packages, there may be significant changes to come and we do NOT recommend using Neuvector in production yet
Please report back with any issues or errors you see when testing it out
We do not yet have in depth documentation for usage, as a minimum to deploy you will need to set values to specify your container runtime as in the example below:
```
neuvector:
  enabled: true
  values:
    k3s:
      enabled: true
      runtimePath: /run/k3s/containerd/containerd.sock
```

Upgrades from previous releases💣

If coming from a version pre-1.48.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-1.48.0.

Packages💣

Package	Type	Package Version	BB Version
Istio Controlplane	Core	Istio `1.15.3` Tetrate Istio Distro `1.15.1`	`1.15.3-bb.0`
Istio Operator	Core	Istio Operator `1.15.3` Tetrate Istio Distro Operator `1.15.1`	`1.15.3-bb.0`
Jaeger	Core	`1.39.0`	`2.37.0-bb.0`
Kiali	Core	`1.59.1`	`1.59.1-bb.1`
Cluster Auditor	Core	`0.0.7`	`1.5.0-bb.1`
Gatekeeper	Core	`3.10.0`	`3.10.0-bb.0`
Kyverno	Core	`1.8.1`	`2.6.1-bb.0`
Kyverno Policies	Core	`1.0.1`	`1.0.1-bb.8`
Kyverno Reporter	Core	`2.10.3`	`2.13.4-bb.1` 🔗
Elasticsearch Kibana	Core	Kibana `8.5.0` Elasticsearch `8.5.0`	`0.13.0-bb.0`
Eck Operator	Core	`2.5.0`	`2.5.0-bb.0`
Fluentbit	Core	`2.0.5`	`0.21.2-bb.0`
Promtail	Core	`2.7.0`	`6.7.2-bb.0` 🔗
Loki	Core	`2.7.0`	`3.6.0-bb.0` 🔗
Neuvector	Core	`5.0.2`	`2.2.2-bb.2`
Tempo	Core	Tempo `1.5.0` Tempo Query `1.5.0`	`0.16.1-bb.2`
Monitoring	Core	Prometheus `2.39.1` Grafana `9.2.2` Alertmanager `0.24.0`	`41.7.3-bb.0`
Twistlock	Core	`22.06.197`	`0.11.4-bb.1` 🔗
Argocd	Addon	`2.4.12`	`5.5.7-bb.5`
Authservice	Addon	`0.5.3`	`0.5.3-bb.2` 🔗
Minio Operator	Addon	`4.5.4`	`4.5.4-bb.0`
Minio	Addon	`RELEASE.2022-11-26T22-43-32Z`	`4.5.4-bb.2` 🔗
Gitlab	Addon	`15.6.1`	`6.6.1-bb.1` 🔗
Gitlab Runner	Addon	`15.6.0`	`0.47.0-bb.1` 🔗
Nexus	Addon	`3.42.0-01`	`42.0.0-bb.3` 🔗
Sonarqube	Addon	`8.9.10-community`	`1.0.31-bb.3` 🔗
Haproxy	Addon	`2.2.21`	`1.12.0-bb.0`
Anchore Enterprise	Addon	Enterprise `4.2.0` Engine `1.1.0`	`1.20.0-bb.1`
Mattermost Operator	Addon	`1.19.0`	`1.19.0-bb.0` 🔗
Mattermost	Addon	`7.5.1`	`7.5.1-bb.0` 🔗
Velero	Addon	`1.9.3`	`2.32.2-bb.0`
Keycloak	Addon	Keycloak `18.0.2-legacy` PlatformOne Plugin `1.2.0`	`18.2.1-bb.5`
Vault	Addon	`1.12.0`	`0.22.1-bb.0`
Metrics Server	Addon	`0.6.1`	`3.8.0-bb.6`

Changes in 1.49.0💣

Big Bang MRs💣

!2319: .git for kyverno reporter
!2315: Remove control-plane label from Gatekeeper namespace
!2311: Resolve “Appliance Mode Document and Values File”
!2302: Standardize filenames to helmrelease.yaml
!2277: Update Flux to 0.37.0
!2272: Extends Big Bang using Values

Kyverno Reporter💣

!2318: Kyverno Reporter mTLS
!2301: Kyverno Reporter: Update to 2.10.3

# Changelog Updates

## [2.13.4-bb.1] - 2022-12-06

### Changed

- Enabled mTLS for Kyverno Reporter metrics
- updated gluon to 0.3.1

## [2.13.4-bb.0] - 2022-11-17

### Changed

- Updated chart to 2.13.4 upstream version, updated reporter images to 2.10.3 (reporter). Updated ui to 2.6.5

Promtail💣

!2312: Promtail: Updated to 2.7.0

# Changelog Updates

## [6.7.2-bb.0]

### Changed

- Bumped chart version to 6.7.2
- Bumped appversion to 2.7.0

Loki💣

!2310: Loki renovate 3.6.0

# Changelog Updates

## [3.6.0-bb.0]

### Changed

- Updated chart to `helm-loki-3.6.0`
- Updated minio image to `4.5.4-bb.2`

Neuvector💣

!2322: Neuvector: Fix failing test
!2233: Resolve “Integrate Neuvector with BB as a core package”

# Changelog Updates

## [2.2.2-bb.2]

### Fixed

- Hot fix for some UI testing hiccups

## [2.2.2-bb.1]

### Changed

- Added tests directory and a test-ui file

## [2.2.2-bb.0]

### Changed

- Update images to IronBank images (5.0.2)
- Update chart version to `2.2.2`
- Use BB base image for updater job

Twistlock💣

!2316: Twistlock: Fix privileged passthrough, WAAS documentation

# Changelog Updates

## [0.11.4-bb.1] - 2022-12-05

### Fixed

- Quote value for privileged for stringData

### Added

- Add docs for WAAS

Authservice💣

!2295: Authservice: custom authpolicy ruleset
!2294: Authservice: Add support for equality chain matching

# Changelog Updates

## [0.5.3-bb.2]

### Added

- Added AuthorizationPolicy custom ruleset value and logic

## [0.5.3-bb.1]

### Added

- Added support for `equality` chain matching

Minio💣

!2303: Updated minio to version RELEASE.2022-11-26T22-43-32Z

# Changelog Updates

## [4.5.4-bb.2] - 2022-12-05

### Updated

- Update MinIO to `RELEASE.2022-11-26T22-43-32Z`

Gitlab💣

!2309: Updated gitlab gitaly network policy
!2306: Gitlab: Update to 15.6.1
!2298: Updating gitlab CA certs, adding when sso enabled

# Changelog Updates

## [6.6.1-bb.1] - 2022-12-06

### Changed

- updated gitaly networkPolicies to allow for gitlab mirroring

## [6.6.1-bb.0] - 2022-12-02

### Changed

- Updated to helm chart to 6.6.1 and appVersion to 15.6.1
- ironbank/gitlab/gitlab/gitlab-webservice minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/alpine-certificates minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl minor 15.5.2 -> 15.6.1
- registry1.dso.mil/ironbank/opensource/minio/mc patch RELEASE.2022-11-07T23-47-39Z -> RELEASE.2022-11-17T21-20-39Z
- registry1.dso.mil/ironbank/opensource/minio/minio patch RELEASE.2022-11-11T03-44-20Z -> RELEASE.2022-11-26T22-43-32Z

## [6.5.2-bb.3] - 2022-12-1

### Changed

- Updated DoD Approved External PKI Certificate Trust Chains to Version 9.5
- Shortened secrets creation template for the DoD certificates secret creation

Gitlab Runner💣

!2305: Gitlab Runner: Update to 15.6.0

# Changelog Updates

## [0.47.0-bb.1] - 2022-12-06

### Changed

- Updated test gitlab-runner-helper image

## [0.47.0-bb.0] - 2022-11-29

### Changed

- Updated to upstream chart 0.47.0
- Updated gitlab runner to v15.6.0

Nexus💣

!2284: Updating servicemonitor configuration for nexus metrics

# Changelog Updates

## [42.0.0-bb.3] - 2022-11-28

### Changed

- Removed metrics exception for istio mTLS STRICT
- Added templating to `serviceMonitor` to enable mTLS metrics scraping

Sonarqube💣

!2314: Sonarqube: Fix duplicate values in deployment
!2300: Updated sonarqube postgres dependency

# Changelog Updates

## [1.0.31-bb.3] - 2022-12-08

### Changes

- Removed duplicate `nodeSelector`, `affinity`, and `tolerances` in the `deployment.yaml`

## [1.0.31-bb.2] - 2022-12-01

### Changes

- upgraded postgresql dependency to `12.13`

Mattermost Operator💣

!2308: MM Operator: Update to 1.19.0

# Changelog Updates

## [1.19.0-bb.0] - 2022-12-06

### Changed

- ironbank/opensource/mattermost/mattermost-operator updated from 1.18.1 to 1.19.0

Mattermost💣

!2299: Mattermost: Update to 7.5.1

# Changelog Updates

## [7.5.1-bb.0] - 2022-11-18

### Changed

- ironbank/opensource/mattermost/mattermost updated from 7.4.0 to 7.5.1

Known Issues💣

On some k8s distros certain components in the kube-system namespace are unable to be scraped by Prometheus due to the services default network interface binding - More Information

Helpful Links💣

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Open issues here
Join our chat
Check out the documentation for guidance on how to get started

Future💣

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.