Skip to content

Release Notes - 2.13.1📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.26.3 (RKE2).

Upgrade Notices📜

Upgrade Notice for Neuvector

Only change for 2.13.1 compared to 2.13.0 is a kyverno exception for neuvector-enforcer pods via BigBang templates. See this MR for more information !3324.

Upgrade Notice for flux

Flux: - Flux it’s updating to it’s first major GA release 2.1.1 and the following component versions: * source-controller: v1.1.1 * helm-controller: v0.36.1 - We recommend updating Flux to stay up to date - we only test releases against the latest Flux version in Big Bang. Running the Flux update script via ./scripts/install_flux.sh -s will re-use your existing pull secret and update all components.

Istio: - A PeerAuthentication for the entire mesh has been added to the istio-controlplane package inserted into the istio-system namespace. It is set as mTLS STRICT by default and can be overridden at the following level:

istio:
  mtls:
    mode: STRICT

Upgrade Notice Harbor is no longer in Beta status.

Upgrades from previous releases📜

If coming from a version pre-2.12.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.12.0.

Packages📜

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.19.0 Tetrate Istio Distro 1.18.2 1.19.0-bb.2 🔗
Istio Operator Core Istio Operator 1.19.0 Tetrate Istio Distro Operator 1.19.0 1.19.0-bb.1
Updated Jaeger Core 1.47.0 2.47.0-bb.1 🔗
Updated Kiali Core 1.74.0 1.74.0-bb.2 🔗
Cluster Auditor Core 0.0.7 1.5.0-bb.8
Updated Gatekeeper Core 3.13.0 3.13.0-bb.2 🔗
Updated Kyverno Core 1.9.3 3.0.0-bb.5 🔗
Updated Kyverno Policies Core 3.0.4 3.0.4-bb.1 🔗
Updated Kyverno Reporter Core 2.10.4 2.16.0-bb.6 🔗
Updated Elasticsearch Kibana Core Kibana 8.9.1 Elasticsearch 8.10.2 1.5.0-bb.0 🔗
Eck Operator Core 2.9.0 2.9.0-bb.1
Updated Fluentbit Core 2.1.8 0.37.0-bb.2 🔗
Updated Promtail Core 2.9.1 6.15.0-bb.3 🔗
Updated Loki Core 2.9.1 5.23.1-bb.1 🔗
Updated Neuvector Core 5.2.2 2.6.3-bb.0 🔗
Updated Tempo Core Tempo 2.2.2 Tempo Query 2.2.2 1.6.1-bb.3 🔗
Updated Monitoring Core Prometheus 2.47.0 Grafana 10.0.3 Alertmanager 0.26.0 51.1.0-bb.2 🔗
Grafana Core 10.0.3 6.58.9-bb.4
Updated Twistlock Core 30.02.123 0.13.0-bb.3 🔗
Wrapper Core N / A 0.4.1
Argocd Addon 2.8.2 5.46.7-bb.2
Authservice Addon 0.5.3 0.5.3-bb.18
Minio Operator Addon 5.0.9 5.0.9-bb.0
Minio Addon RELEASE.2023-09-23T03-47-50Z 5.0.9-bb.2
Updated Gitlab Addon 16.4.1 7.4.1-bb.3 🔗
Updated Gitlab Runner Addon 15.11.0 0.52.0-bb.7 🔗
Nexus Addon 3.53.1-02 53.1.0-bb.3
Updated Sonarqube Addon 9.9.2-community 8.0.2-bb.0 🔗
Updated Fortify BETA Addon 23.1.2.0005 1.1.2311007-bb.2 🔗
Haproxy Addon 2.2.21 1.12.0-bb.1
Anchore Enterprise Addon Enterprise 4.8.0 Engine 1.1.0 1.26.1-bb.0
Mattermost Operator Addon 1.20.1 1.20.1-bb.0
Mattermost Addon 9.0.0 9.0.0-bb.0
Updated Velero Addon 1.11.1 5.0.2-bb.4 🔗
Updated Keycloak Addon 21.1.1 18.4.3-bb.10 🔗
Updated Vault Addon 1.13.1 0.25.0-bb.4 🔗
Metrics Server Addon 0.6.3 3.10.0-bb.2
Updated Harbor Addon 2.8.4 1.12.4-bb.3 🔗

Changes in 2.13.0📜

Big Bang MRs📜

  • !3159: Update Flux
  • !3207: updated licensing-model.md for issue#1698
  • !3243: 1032: Enable Istio mTLS globally on istio-system namespace
  • !3234: Change default AMI for k3d-dev to support users that don’t have access to marketplace

Istio Controlplane📜

  • !3274: istio update to 1.19.0-bb.2
  • !3248: Update istio to 1.19.0-bb.1
# Changelog Updates

## [1.19.0-bb.2] - 2023-10-11
### Changed
- Modified OSCAL Version for istio and updated to 1.1.1

## [1.19.0-bb.1] - 2023-10-02
### Changed
- Enable Istio mTLS (via peerAuthentication) globally on istio-system namespace

Jaeger📜

  • !3294: jaeger update to 2.47.0-bb.1
# Changelog Updates

## [2.47.0-bb.1] - 2023-10-11
### Updated
- Modified OSCAL Version for jaeger and updated to 1.1.1

Kiali📜

  • !3276: kiali update to 1.74.0-bb.2
  • !3253: kiali update to 1.74.0-bb.1
  • !3221: kiali update to 1.72.0-bb.2
# Changelog Updates

## [1.74.0-bb.2] - 2023-10-11
### Changed
- OSCAL version update from 1.0.0 to 1.1.1

## [1.74.0-bb.1] - 2023-10-06
### Changed
- Fixed Cypress Testing

## [1.74.0-bb.0] - 2023-10-03
### Changed
- Renovated chart to 1.74.0
- Bumped kiali operator to 1.74.0
- Bumped kiali tenant to 1.74.1
- Change runAsUser and runAsGroup to 2001 for ansible user

## [1.72.0-bb.2] - 2023-09-07
### Added
- Updated non root group user

Gatekeeper📜

  • !3288: gatekeeper update to 3.13.0-bb.2
# Changelog Updates

## [3.13.0-bb.2] - 2023-10-11
### Removed
- OSCAL version update from 1.0.0 to 1.1.1

Kyverno📜

  • !3290: kyvernoPolicies update to 3.0.4-bb.1
  • !3283: kyvernoReporter update to 2.16.0-bb.6
  • !3272: kyverno update to 3.0.0-bb.5
# Changelog Updates

## [3.0.0-bb.5] - 2023-10-11
### Changed
- Modified `features.policyExceptions.enabled` to true
- Restricted new `policyExceptions` to the kyerno `namespace`

Kyverno Policies📜

  • !3290: kyvernoPolicies update to 3.0.4-bb.1
# Changelog Updates

## [3.0.4-bb.1] - 2023-10-11
### Changed
- respect `autogenControllers`, `background`, and `failurePolicy` values across all policies

Kyverno Reporter📜

  • !3283: kyvernoReporter update to 2.16.0-bb.6
# Changelog Updates

## [2.16.0-bb.6] - 2023-10-11
### Changed
- Harden API token automounting behavior of ServiceAccount/Pod

## [2.16.0-bb.5] - 2023-10-5
### Changed
- Exposed automountServiceAccountToken as a value

Elasticsearch Kibana📜

  • !3263: elasticsearchKibana update to 1.5.0-bb.0
  • !3260: elasticsearchKibana update to 1.4.0-bb.1
# Changelog Updates

## [1.5.0-bb.0] - 2023-10-11
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.9.0 to 8.10.2
- ironbank/elastic/kibana/kibana updated from 8.9.0 to 8.9.1

## [1.4.0-bb.1] - 2023-10-06
### Updated
- Updated OSCAL version from 1.0.0 to 1.1.1

## [1.4.0-bb.0] - 2023-10-2
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.7.1 to 8.9.0
- ironbank/elastic/kibana/kibana updated from 8.7.1 to 8.9.0

Fluentbit📜

  • !3263: elasticsearchKibana update to 1.5.0-bb.0
  • !3296: fluentbit update to 0.37.0-bb.2
  • !3260: elasticsearchKibana update to 1.4.0-bb.1
# Changelog Updates

## [0.37.0-bb.2]
### Changed
- Modified OSCAL Version for fluentbit and updated to 1.1.1

Promtail📜

  • !3282: promtail update to 6.15.0-bb.3
  • !3269: promtail update to 6.15.0-bb.2
# Changelog Updates

## [6.15.0-bb.3] - 2023-10-16
### Updated
- Updated registry1.dso.mil/ironbank/opensource/jimmidyson/configmap-reload v0.11.1 -> v0.12.0

## [6.15.0-bb.2] - 2023-10-11
### Updated
- Update OSCAL version from 1.0.0 to 1.1.1

Loki📜

# Changelog Updates

## [5.23.1-bb.1] - 2023-10-13
### Added
- Helm validation for backend scaling requirements introduced with loki 2.9.*

Neuvector📜

  • !3314: Cherrypick Neuvector from master
  • !3292: neuvector update to 2.6.3-bb.0
  • !3278: neuvector update to 2.4.5-bb.7
  • !3219: add default no-secret client_secret to neuvector
# Changelog Updates

## [2.6.3-bb.0] - 2023-10-11
### Changed
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/controller from 5.1.3 to 5.2.2
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/enforcer from 5.1.3 to 5.2.2
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/manager from 5.1.3 to 5.2.2

## [2.4.5-bb.7] - 2023-10-11
### Changed
- Update OSCAL version from 1.0.0 to 1.1.1

Tempo📜

  • !3289: tempo update to 1.6.1-bb.3
  • !3270: tempo update to 1.6.1-bb.2
# Changelog Updates

## [1.6.1-bb.3] - 2023-10-12
### Changed
- Harden API token automounting behavior of ServiceAccount/Pod

## [1.6.1-bb.2] - 2023-10-11
### Changed
- OSCAL Version update from 1.0.0 to 1.1.1

Monitoring📜

  • !3280: monitoring update to 51.1.0-bb.2
  • !3252: monitoring update to 51.1.0-bb.1
# Changelog Updates

## [51.1.0-bb.2] - 2023-10-11
### Changed
- Update OSCAL version from 1.0.0 to 1.1.1

## [51.1.0-bb.1] - 2023-10-03
### Changed
- Add delay before sidecar proxy kill for monitoring jobs

Twistlock📜

  • !3284: twistlock update to 0.13.0-bb.3
# Changelog Updates

## [0.13.0-bb.3] - 2023-10-11
### Changed
- OSCAL version update from 1.0.0 to 1.1.1

## [0.13.0-bb.2] - 2023-10-05
### Changed
- gluon updated from 0.4.0 to 0.4.1
- Updated Cypress to version 13.0.0
- Changed the Cypress file structure
- Changed to use the script for e2e testing instead of Cypress

Gitlab📜

  • !3275: gitlab update to 7.4.1-bb.3
  • !3273: gitlab update to 7.4.1-bb.2
  • !3254: gitlab update to 7.4.1-bb.1
  • !3246: gitlabRunner update to 0.52.0-bb.7
# Changelog Updates

## [7.4.1-bb.3] - 2023-10-11
### Changed
- OSCAL Version update from 1.0.0 to 1.1.1

## [7.4.1-bb.2] - 2023-10-09
### Changed
- Update security contexts for kyverno non-root-group policy violations

## [7.4.1-bb.1] - 2023-10-06
### Changed
- Fixed typo in documentation that leads to error

Gitlab Runner📜

  • !3246: gitlabRunner update to 0.52.0-bb.7
# Changelog Updates

## [0.52.0-bb.7] - 2023-10-05
### Changed
- Update cypress tests for compatibility with latest gitlab version (7.4.1)

Sonarqube📜

  • !3298: sonarqube update to 8.0.2-bb.0
# Changelog Updates

## [8.0.1-bb.0] - 2023-10-16
### Changed
- Update release to sonarqube-8.0.2-sonarqube-dce-7.0.2
- sonarqube from 9.9.1-community to 9.9.2-community
- postgres-exporter from 0.13.2 to 0.14.0
- Update release to sonarqube-8.0.1-sonarqube-dce-7.0.1
- sonarqube from 9.9.0-community to 9.9.1-community
- postgres-exporter from 0.11.1 to 0.12.0
- postgresql12 from 12.14 to 12.15

Fortify📜

  • !3256: fortify update to 1.1.2311007-bb.2
# Changelog Updates

## [1.1.2311007-bb.2] - 2023-10-06
### Updated
- fixed the network policy error

Velero📜

  • !3299: velero update to 5.0.2-bb.4
  • !3264: velero update to 5.0.2-bb.3
# Changelog Updates

## [5.0.2-bb.4] - 2023-10-11
### Changed
- Added testing for scheduled backups

## [5.0.2-bb.3] - 2023-10-11
### Changed
- Fixing changelog entries

Keycloak📜

  • !3268: keycloak update to 18.4.3-bb.10
  • !3259: keycloak update to 18.4.3-bb.9
# Changelog Updates

## [18.4.3-bb.10] - 2023-10-11
### Updated
- OSCAL version updated from 1.0.0 to 1.1.1

## [18.4.3-bb.9] - 2023-10-10
### Updated
- Fixed and updated changelog entries

Vault📜

  • !3267: vault update to 0.25.0-bb.4
  • !3250: vault update to 0.25.0-bb.3
# Changelog Updates

## [0.25.0-bb.4] - 2023-10-11
### Updated
- Updated OSCAL version from 1.0.0 to 1.1.1

## [0.25.0-bb.3] - 2023-10-03
### Changed
- Added resiliency to auto unseal job

Harbor📜

  • !3255: harbor update to 1.12.4-bb.3
# Changelog Updates

## [1.12.4-bb.3] - 2023-10-06
### Changed
- image order in the Chart.yaml to fix bug with exporter image not showing in images package

Known Issues📜

  • Kyverno Policies Issue 43: “Injected pods with ‘istio-init’ containers violate require-non-root-group policy” syntax is no longer valid with new chart versions.

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.