Release Notes - 1.52.0💣
Please see our documentation page for more information on how to consume and deploy BigBang.
Upgrade Notices💣
Flux:
- Flux is updating to a new minor version in this release, from 0.37.0 to 0.38.3, component versions:
source-controller
:v0.33.0
helm-controller
:v0.28.1
kustomize-controller
:v0.32.0
notification-controller
:v0.30.2
- We recommend updating Flux to stay up to date - we only test releases against the latest Flux version in Big Bang. Running the Flux update script via ./scripts/install_flux.sh -s will re-use your existing pull secret and update all components.
- Also note that Flux has identified several breaking changes for the new Alerts API Version - see the release notes for additional details
Mattermost:
- This release enables istio injection for Mattermost (at long last!)
- The team did not find any issues in extensive testing, but we do recommend keeping an eye on Mattermost after upgrading to identify any issues we may have missed
- If you do encounter any issues with injection on Mattermost please let the Big Bang team know via issues, and disable istio injection as a workaround:
addons:
mattermost:
istio:
injection: "disabled"
Anchore:
- The Anchore orchestration has modified the behaviors for using
existingSecrets
- If you currently use this value - evaluate the update for consideration in migrating to the new values such as the following for
anchoreGlobal
. - Before:
anchoreGlobal:
existingSecret: my-existing-anchore-global-secret
- After:
anchoreGlobal:
useExistingSecrets: true
existingSecretName: my-existing-anchore-global-secret
Nexus:
- As of this release the
nexus
values key has been renamed tonexusRepositoryManager
- This change is fully backwards compatible, but the
nexus
key is now deprecated and support for it may be removed in a future release - This change was made for consistency across Big Bang as well as to clarify between the other products in the Nexus line
- No changes are required if deploying Nexus, but we do recommend changing your values to use the new key at this time.
Upgrades from previous releases💣
If coming from a version pre-1.51.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-1.51.0
.
Packages💣
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.16.1 Tetrate Istio Distro 1.15.1 |
1.16.1-bb.0 |
Istio Operator | Core | Istio Operator 1.16.1 Tetrate Istio Distro Operator 1.15.1 |
1.16.1-bb.0 |
Jaeger | Core | 1.41.0 |
2.38.0-bb.1 🔗 |
Kiali | Core | 1.60.0 |
1.60.0-bb.1 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.2 🔗 |
Gatekeeper | Core | 3.10.0 |
3.10.0-bb.0 |
Kyverno | Core | 1.8.5 |
2.6.5-bb.0 |
Kyverno Policies | Core | 1.1.0 |
1.1.0-bb.0 🔗 |
Kyverno Reporter | Core | 2.10.3 |
2.13.4-bb.1 |
Elasticsearch Kibana | Core | Kibana 8.5.3 Elasticsearch 8.5.2 |
0.14.2-bb.0 🔗 |
Eck Operator | Core | 2.5.0 |
2.5.0-bb.0 |
Fluentbit | Core | 2.0.8 |
0.21.7-bb.0 🔗 |
Promtail | Core | 2.7.0 |
6.7.2-bb.0 |
Loki | Core | 2.7.0 |
3.7.0-bb.1 🔗 |
Neuvector | Core | 5.1.0 |
2.4.0-bb.2 🔗 |
Tempo | Core | Tempo 1.5.0 Tempo Query 1.5.0 |
0.16.1-bb.3 🔗 |
Monitoring | Core | Prometheus 2.40.5 Grafana 9.3.2 Alertmanager 0.24.0 |
43.1.2-bb.1 🔗 |
Twistlock | Core | 22.06.197 |
0.11.4-bb.2 🔗 |
Argocd | Addon | 2.5.3 |
5.16.1-bb.1 🔗 |
Authservice | Addon | 0.5.3 |
0.5.3-bb.2 |
Minio Operator | Addon | 4.5.4 |
4.5.4-bb.0 |
Minio | Addon | RELEASE.2022-11-26T22-43-32Z |
4.5.4-bb.3 🔗 |
Gitlab | Addon | 15.7.5 |
6.7.5-bb.0 🔗 |
Gitlab Runner | Addon | 15.7.3 |
0.48.2-bb.0 🔗 |
Nexus | Addon | 3.45.0-01 |
45.0.0-bb.2 🔗 |
Sonarqube | Addon | 8.9.10-community |
1.0.31-bb.4 🔗 |
Haproxy | Addon | 2.2.21 |
1.12.0-bb.0 |
Anchore Enterprise | Addon | Enterprise 4.3.0 Engine 1.1.0 |
1.21.1-bb.0 🔗 |
Mattermost Operator | Addon | 1.19.0 |
1.19.0-bb.0 |
Mattermost | Addon | 7.5.1 |
7.5.1-bb.4 🔗 |
Velero | Addon | 1.10.0 |
3.1.0-bb.1 🔗 |
Keycloak | Addon | 20.0.2 |
18.3.0-bb.2 🔗 |
Vault | Addon | 1.12.1 |
0.23.0-bb.2 🔗 |
Metrics Server | Addon | 0.6.2 |
3.8.3-bb.0 |
Changes in 1.52.0💣
Big Bang MRs💣
- !2396: Update docs/assets/configs/example/keycloak-prod-values.yaml
- !2409: Minor typo fix
- !2411: Update cypress images in BB test values
- !2426: Deleted .gitlab-ci.yml
- !2392: Resolve “Document Tempo package architecture in charter”
- !2402: Resolve “Investigate Enabling HorizontalPodAutoscaler Resource in authservice chart”
- !2375: rename nexus key
- !2431: Update keycloak-prod-values.yaml
- !2430: Nightly CI fix with memory for istio proxies
- !2434: Docs update for gluon
- !2400: Gitlab ObjectStorage Logic & Syntax Updates
- !2437: Simplify conditional logic gitlab objectstore
- !2438: Moving end of gitlab function down to proper place
- !2307: Update Flux
Jaeger💣
# Changelog Updates
## [2.38.0-bb.1] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
## [2.38.0-bb.0] - 2023-01-12
### Changed
- Updated Jaeger images to 1.41.0 (latest operator version)
- Updated operator chart to 2.38.0
Kiali💣
- !2416: Kiali: Update cypress test image
# Changelog Updates
## [1.60.0-bb.1] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
Cluster Auditor💣
- !2404: Cluster Auditor: Update cypress testing image
# Changelog Updates
## [1.5.0-bb.2] - 2023-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
Kyverno Policies💣
- !2377: Kyverno Policies: Remove disallow-shared-subpath-volume-writes policy
# Changelog Updates
## [1.1.0] - 2022-01-11
### Changed
- Removed `disallow-shared-subpath-volume-writes` policy (no longer beneficial for any non-EOL k8s versions)
- Removed Ironbank key from test values
Elasticsearch Kibana💣
# Changelog Updates
## [0.14.2-bb.0] - 2023-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
## [0.14.1-bb.0] - 2023-01-13
### Changed
- ironbank/elastic/kibana/kibana updated from 8.5.2 to 8.5.3
- Updated chart version to `0.14.1-bb.0`
Fluentbit💣
- !2391: Updated fluentbit git tag
# Changelog Updates
## [0.21.7-bb.0]
### Changed
- Updated upstream helm chart tag `0.21.7`
- Updated fluent-bit image to `2.0.8` from IB
Loki💣
- !2420: Loki: Update cypress test image
# Changelog Updates
## [3.7.0-bb.1] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
Neuvector💣
- !2380: Neuvector: Update to 5.1.0
- !2376: Neuvector: Policy violation justifications
- !2415: Neuvector: Update cypress test image
# Changelog Updates
## [2.4.0-bb.2] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
## [2.4.0-bb.1]
### Changed
- Changed scanner image tag from `latest` to `5`
## [2.4.0-bb.0]
### Changed
- Update images to IronBank images (5.1.0)
- Update chart version to `2.4.0`
Tempo💣
- !2419: Tempo: Update cypress test image
# Changelog Updates
## [0.16.1-bb.3] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
Monitoring💣
- !2405: Monitoring: Update cypress test image
# Changelog Updates
## [43.1.2-bb.1] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
Twistlock💣
- !2414: Twistlock: Update cypress test image
# Changelog Updates
## [0.11.4-bb.2] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
Argocd💣
- !2439: ArgoCD: Rename chart for consistency with OCI
# Changelog Updates
## [5.16.1-bb.1] - 2023-01-17
### Updated
- Update gluon to new registry1 location + latest version (0.3.2)
Minio💣
- !2406: Minio: Update cypress test image
# Changelog Updates
## [4.5.4-bb.3] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
Gitlab💣
- !2436: Updated gitlab git tag
- !2397: Gitlab: Update CI test image
- !2423: Updated gitlab git tag with Initial Pages Support
- !2424: Gitlab: Update cypress test image
# Changelog Updates
## [6.7.5-bb.0] - 2023-01-19
### Changed
- Updated to helm chart to 6.7.5 and appVersion to 15.7.5
- ironbank/gitlab/gitlab/gitlab-webservice patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/gitlab/gitlab/alpine-certificates patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages patch 15.7.0 -> 15.7.3
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl patch 15.7.0 -> 15.7.5
- registry1.dso.mil/ironbank/opensource/minio/mc major RELEASE.2022-12-13T00-23-28Z -> RELEASE.2022-12-24T15-21-38Z
## [6.7.0-bb.3] - 2023-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
## [6.7.0-bb.2] - 2023-01-13
### Added
- `gitlab.gitlab-pages` values to point to registry1 image
- Pages specific Istio VirtualService Template
- Pages specific NetworkPolicy from ingressgateway in istio-system to pages pods
- `istio.pages` block for configuring networkpolicy and virtualservice templates
## [6.7.0-bb.1] - 2023-01-13
### Changed
- Moved bbtest image to registry1
Gitlab Runner💣
- !2432: Gitlab Runner: Update to 15.7.3
- !2422: Gitlab Runner: Update cypress test image
- !2382: Update gitlab runner test password
# Changelog Updates
## [0.48.2-bb.0] - 2022-01-17
### Changed
- Updated images to latest (15.7.3)
- Updated chart to 0.48.2
## [0.47.0-bb.2] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
Nexus💣
- !2413: Nexus: Update cypress test image
- !2385: Nexus values update
- !2433: Nexus: Add securityContext to jobs
# Changelog Updates
## [45.0.0-bb.2] - 2022-01-17
### Added
- Added pod and container security context for jobs
## [45.0.0-bb.1] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
## [45.0.0-bb.0] - 2023-01-11
### Changed
- Updated chart to version: 45.0.0-bb.0 | appVersion: 3.45.0
Sonarqube💣
- !2408: Sonarqube: Update cypress test image
# Changelog Updates
## [1.0.31-bb.4] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
Anchore Enterprise💣
# Changelog Updates
## [1.21.1-bb.0]
### Changed
- Bumped chart version to `1.21.1`
## [1.20.1-bb.1]
### Changed
- Changed scanned image in Helm test to use upstream Alpine image
Mattermost💣
- !2379: Mattermost: Fix securityContext capabilities violations
- !2381: Mattermost: Switch minio subchart to oci
- !999: Mattermost: Enable Istio Injection
- !2407: Mattermost: Update cypress test image
# Changelog Updates
## [7.5.1-bb.4] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
## [7.5.1-bb.3] - 2022-01-11
### Changed
- Add support for istio injection via network policies / pod annotation value support
- Disable update job for MM to prevent upgrade issues
## [7.5.1-bb.2] - 2022-01-11
### Changed
- Changed minio subchart to utilize OCI
- Updated minio subchart to latest 4.5.4-bb.2
## [7.5.1-bb.1] - 2022-12-15
### Changed
- Set capabilities to drop all
Velero💣
- !2386: Velero: Switch image to registry1/bigbang-ci
# Changelog Updates
## [3.1.0-bb.1]
### Changed
- Switch tester image to bigbang-ci source
Keycloak💣
- !2418: Keycloak: Update cypress test image
# Changelog Updates
## [18.3.0-bb.2] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
Vault💣
# Changelog Updates
## [0.23.0-bb.2] - 2022-01-18
### Changed
- remove bogus leader-elector image from values
- change vault-csi-provider image to Iron Bank image
## [0.23.0-bb.1] - 2022-01-17
### Changed
- Update gluon to new registry1 location + latest version (0.3.2)
Known Issues💣
- On some k8s distros certain components in the kube-system namespace are unable to be scraped by Prometheus due to the services default network interface binding - More Information
Helpful Links💣
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future💣
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.