Skip to content

Release Notes - 1.54.0💣

Please see our documentation page for more information on how to consume and deploy BigBang.

Upgrade Notices💣

Sonarqube:

  • caCerts values have been placed behind a conditional which is enabled: false by default. Environments utilizing this key will need to ensure caCerts.enabled is set to true so that the image/command get templated in like previous versions.
  • External database values have changed as well, Big Bang handles these transitions for you, but if you are overriding in your own database information, an external connection is handled via a jdbcOverwrite key and associated values instead of under postgresql.
  • With this change, once the HelmRelease upgrades you will be prompted to visit your sonarqube instance at a /setup URL. This is intended and launches a Database migration/update for sonarqube internally and the app will be available once that completes.

Flux:

  • Flux is updating to a new minor version in this release, from 0.38.3 to 0.39.0, component versions:
  • source-controller: v0.34.0
  • helm-controller: v0.29.0
  • kustomize-controller: v0.33.0
  • notification-controller: v0.31.0
  • We recommend updating Flux to stay up to date - we only test releases against the latest Flux version in Big Bang. Running the Flux update script via ./scripts/install_flux.sh -s will re-use your existing pull secret and update all components.

Loki:

  • Loki Updated to version 2.7.3 and while there are no direct breaking changes, in the coming weeks/months (when version 3.X of Loki drops) Loki scalable will only support a read/write/backend 3 target setup and environments are encouraged to migrate to this installation when possible. This toggle has not been set by the package or via BigBang yet, but installations are able to use this new 3 target type with this version by setting the following:
loki:
  values:
    read:
      legacyReadTarget: false
    backend:
      replicas: X (3 by default)

Anchore:

  • Anchore was updated to version 4.4.1 which includes an update to ClamAV to resolve a critical vulnerability.
  • Also note that Anchore Enterprise v4.4.1 only supports upgrading from Enterprise v4.2.0 and higher (Anchore chart version 1.20.0-bb.0 or higher). See release notes for more information - https://docs.anchore.com/current/docs/releasenotes/440/
  • Anchore Engine (non-enterprise deployment) is no longer maintained by Anchore as of 2023. Big Bang is evaluating a path forward, current upstream recommendations are to utilize grype and syft

Istio Upgrade:

  • Istio was updated from 1.16.1 to 1.16.2 in this release
  • Big Bang apps should be configured to automatically cycle for the latest sidecar config
  • Make sure to cycle pods for any community or tenant applications manually to pull the new version in.

Monitoring Upgrade:

  • If you pass any extraSecretMounts into the grafana sub-chart of the monitoring package, like a custom CA secret for SSO for example, you will need to add the following to your overrides to ensure both secretMounts are kept:
    monitoring:
      values:
        grafana:
          extraSecretMounts:
            ...
            - name: auth-generic-oauth-secret
              mountPath: /etc/secrets/auth_generic_oauth
              secretName: grafana-sso
              defaultMode: 0440
              readOnly: true
    

Upgrades from previous releases💣

If coming from a version pre-1.53.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-1.53.0.

Packages💣

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.16.2 Tetrate Istio Distro 1.16.1 1.16.2-bb.0 🔗
Updated Istio Operator Core Istio Operator 1.16.2 Tetrate Istio Distro Operator 1.16.1 1.16.2-bb.0 🔗
Jaeger Core 1.41.0 2.38.0-bb.1
Kiali Core 1.60.0 1.60.0-bb.2
Cluster Auditor Core 0.0.7 1.5.0-bb.2
Updated Gatekeeper Core 3.11.0 3.11.0-bb.0 🔗
Updated Kyverno Core 1.8.5 2.6.5-bb.2 🔗
Updated Kyverno Policies Core 1.1.0 1.1.0-bb.2 🔗
Updated Kyverno Reporter Core 2.10.4 2.16.0-bb.0 🔗
Updated Elasticsearch Kibana Core Kibana 8.6.1 Elasticsearch 8.6.0 1.1.0-bb.0 🔗
Eck Operator Core 2.6.1 2.6.1-bb.0
Updated Fluentbit Core 2.0.9 0.24.0-bb.0 🔗
Promtail Core 2.7.1 6.8.1-bb.1
Updated Loki Core 2.7.3 4.4.2-bb.0 🔗
Updated Neuvector BETA Core 5.1.0 2.4.0-bb.4 🔗
Updated Tempo Core Tempo 2.0.0 Tempo Query 2.0.0 1.0.0-bb.2 🔗
Updated Monitoring Core Prometheus 2.40.5 Grafana 9.3.2 Alertmanager 0.24.0 43.1.2-bb.2 🔗
Updated Twistlock Core 22.06.197 0.11.4-bb.3 🔗
Argocd Addon 2.5.10 5.19.15-bb.0
Updated Authservice Addon 0.5.3 0.5.3-bb.3 🔗
Minio Operator Addon 4.5.4 4.5.4-bb.0
Minio Addon RELEASE.2022-11-26T22-43-32Z 4.5.4-bb.3
Updated Gitlab Addon 15.8.2 6.8.2-bb.0 🔗
Gitlab Runner Addon 15.7.3 0.48.2-bb.0
Nexus Addon 3.45.1-01 45.1.0-bb.0
Updated Sonarqube Addon 9.9.0-community 8.0.0-bb.0 🔗
Haproxy Addon 2.2.21 1.12.0-bb.0
Updated Anchore Enterprise Addon Enterprise 4.4.1 Engine 1.1.0 1.22.3-bb.0 🔗
Mattermost Operator Addon 1.19.0 1.19.0-bb.0
Updated Mattermost Addon 7.7.1 7.7.1-bb.0 🔗
Updated Velero Addon 1.10.1 3.1.2-bb.0 🔗
Keycloak Addon 20.0.3 18.4.0-bb.0
Vault Addon 1.12.1 0.23.0-bb.2
Updated Metrics Server Addon 0.6.2 3.8.3-bb.2 🔗

Changes in 1.54.0💣

Big Bang MRs💣

  • !2517: Adding keycloak autoscaling info to docs and examples
  • !2470: Update Flux
  • !2510: fixing documentation typos
  • !2501: set hpa spec to be compatible with k8s 1.25 and autoscaling/v2
  • !2500: New grafana-sso secret template, grafana passthroughs to faciliate new config
  • !2479: Updating loki documentation to reflect architecture updates
  • !2487: update k3d-dev.sh version from 5.4.6 to 5.4.7
  • !2481: Switching to better scriptable alternative apt-get, and some cleanup.

Istio Controlplane💣

  • !2508: Update Istio to 1.16.2
# Changelog Updates

## [1.16.2-bb.0] - 2023-02-10

### Changed

- ironbank/opensource/istio/install-cni updated from 1.16.1 to 1.16.2
- ironbank/opensource/istio/pilot updated from 1.16.1 to 1.16.2
- ironbank/opensource/istio/proxyv2 updated from 1.16.1 to 1.16.2

Istio Operator💣

  • !2508: Update Istio to 1.16.2
# Changelog Updates

## [1.16.2-bb.0]

### Changed

- Updated repo1 image to `1.16.2`

Gatekeeper💣

  • !2495: Gatekeeper: Update to v3.11.0
# Changelog Updates

## [3.10.0-bb.3]

### Changed

- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.10.0 -> v3.11.0.
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.25.4 -> v1.25.6
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.10.0 -> v3.11.0

Kyverno💣

  • !2497: Kyverno: Update kubectl image
# Changelog Updates

## [2.6.5-bb.2] - 2023-02-07

### Changed

- Updated kubectl to v1.26.1

Kyverno Policies💣

  • !2496: Kyverno Policies: Update kubectl image
# Changelog Updates

## [1.1.0-bb.2] - 2023-02-07

### Changed

- Updated kubectl to v1.26.1
- Updated gluon to 0.3.2

Kyverno Reporter💣

  • !2484: Kyverno Reporter: Update to 2.12.0
# Changelog Updates

## [2.16.2-bb.0] - 2023-02-01

### Changed

- Update application to 2.10.4 and chart to 2.12.0

### Added

- Initial upstream Helm chart
- Required documents

## [2.13.5-bb.1] - 2023-01-17

### Changed

- Update gluon to new registry1 location + latest version (0.3.2)

## [2.13.5-bb.0] - 2022-12-13

### Changed

- Updated chart to 2.13.5 upstream version, updated reporter images to 2.10.4 (reporter).

Elasticsearch Kibana💣

  • !2519: Updated elasticsearch-kibana git tag
# Changelog Updates

## [1.1.0-bb.0] - 2023-02-10

### Changed

- ironbank/elastic/elasticsearch/elasticsearch updated from 8.5.2 to 8.6.0
- ironbank/elastic/kibana/kibana updated from 8.5.3 to 8.6.1

Fluentbit💣

  • !2509: Updated fluentbit git tag
# Changelog Updates

## [0.24.0-bb.0]

### Changed

- Updated upstream helm chart tag `0.24.0-bb.0`
- Updated fluent-bit image to `2.0.9` from IB

Loki💣

  • !2512: Updated loki git tag
  • !2485: Fixed image tags in Loki Chart.yaml image annotations
# Changelog Updates

## [4.4.2-bb.0] - 2022-02-07

### Changed

- loki chart major version upgrade from 3.7.0 -> 4.4.2
- Update loki from 2.7.0 -> 2.7.3
- Update kubectl from 1.25.5 -> 1.25.6

## [3.7.0-bb.2] - 2023-02-08

### Fixed

- Fixed image tags in Chart.yaml image annotations

Neuvector💣

  • !2486: Neuvector network policies
  • !2491: Enable metrics with Neuvector
# Changelog Updates

## [2.4.0-bb.4] - 2023-02-09

### Fixed

- Update the monitor chart tarball

## [2.4.0-bb.3] - 2023-01-31

### Added

- Added Prometheus integration
- Added Grafana dashboard

Tempo💣

  • !2520: Updated tempo git tag for credential handling
  • !2504: Updated tempo git tag
# Changelog Updates

## [1.0.0-bb.2] - 2022-02-20

### Fixed

- Fixing Statefulset Conditional Secret ENV mount

## [1.0.0-bb.1] - 2022-02-15

### Changed

- Fixing tempoQuery VS conditionals

## [1.0.0-bb.0] - 2022-02-08

### Changed

- Bumped chart version to 1.0.0
- Bumped images tag to 2.0.0

Monitoring💣

  • !2511: Updated monitoring git tag
# Changelog Updates

## [43.1.2-bb.2] - 2022-02-08

### Changed

- Changed thanos reference to IronBank in annotations

Twistlock💣

  • !2499: Updated twistlock git tag
# Changelog Updates

## [0.11.4-bb.3] - 2023-02-09

### Changed

- Add init job resources values and templating

Authservice💣

  • !2492: Authservice: Update redis subchart
# Changelog Updates

## [0.5.3-bb.3]

### Changed

- Updated redis to latest version

Gitlab💣

  • !2524: gitlab update to 6.8.2-bb.0
# Changelog Updates

## [6.8.2-bb.0] - 2023-02-20

### Changed

- Updated to helm chart to 6.8.2 and appVersion to 15.8.2
- ironbank/gitlab/gitlab/gitlab-webservice minor 15.8.1 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/alpine-certificates minor 15.8.1 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly minor 15.8.1 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry minor 15.8.1 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter minor 15.8.1 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom minor 15.8.1 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages minor 15.7.3 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell minor 15.8.1 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq minor 15.8.1 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox minor 15.8.1 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice minor 15.8.1 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse minor 15.8.1 -> 15.8.2
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl minor 15.8.1 -> 15.8.2

Sonarqube💣

  • !2498: Updated sonarqube git tag
# Changelog Updates

## [8.0.0-bb.0] - 2022-02-07

### Changed

- Chart version `8.0.0` sonarqube version `9.9.0` updootes.

Anchore Enterprise💣

  • !2528: anchore-enterprise update to 1.22.3-bb.0
# Changelog Updates

## [1.22.3-bb.0]

### Changed

- Bumped chart version to `1.22.3`
- Bumped Anchore Enterprise image tag to `4.4.1`
- Bumped Anchore Enterprise UI image tag to `4.4.0`

Mattermost💣

  • !2502: Updated mattermost to 7.7.1-bb.0
# Changelog Updates

## [7.7.1-bb.0] - 2023-01-24

### Changed

- ironbank/opensource/mattermost/mattermost updated from 7.5.1 to 7.7.1

Velero💣

  • !2494: Velero: Update to v1.10.1
# Changelog Updates

## [3.1.2-bb.0]

### Changed

- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl minor v1.25.6 -> v1.26.1
- registry1.dso.mil/ironbank/opensource/velero/velero patch v1.10.0 -> v1.10.1
- registry1.dso.mil/ironbank/opensource/velero/velero patch 1.10.0 -> 1.10.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws patch v1.6.0 -> v1.6.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi patch v0.4.0 -> v0.4.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure patch v1.6.0 -> v1.6.1
- velero/velero-plugin-for-aws patch v1.6.0 -> v1.6.1
- velero/velero-plugin-for-csi patch v0.4.0 -> v0.4.1
- velero/velero-restore-helper patch v1.10.0 -> v1.10.1

Metrics Server💣

  • !2490: Updated metrics-server git tag
# Changelog Updates

## [3.8.3-bb.2]

### Added

- Updated kubectl image to v1.26.1

Known Issues💣

  • On some k8s distros certain components in the kube-system namespace are unable to be scraped by Prometheus due to the services default network interface binding - More Information
  • Keycloak Quarkus: The /health and /metrics endpoints are exposed through the Istio ingress gateway. The Big Bang product team is working on an enhancement to the custom quarkus extension that is included with the Keycloak plugin. We recommend that you do not deploy the new Keycloak Quarkus version 20.x in an operational/production environment until a new plugin version greater than 3.0.0 is available.
  • NeuVector network policies are missing certain necessary egress (controller -> k8s API server), which can cause intermittent errors depending on your configuration. We recommend disabling them at this point until issues are fully resolved.

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future💣

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.