Release Notes - 2.13.1📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.26.3 (RKE2).
Upgrade Notices📜
Upgrade Notice for Neuvector
Only change for 2.13.1
compared to 2.13.0
is a kyverno exception for neuvector-enforcer pods via BigBang templates. See this MR for more information !3324.
Upgrade Notice for flux
Flux:
- Flux it’s updating to it’s first major GA release 2.1.1
and the following component versions:
* source-controller: v1.1.1
* helm-controller: v0.36.1
- We recommend updating Flux to stay up to date - we only test releases against the latest Flux version in Big Bang. Running the Flux update script via ./scripts/install_flux.sh -s
will re-use your existing pull secret and update all components.
Istio:
- A PeerAuthentication for the entire mesh has been added to the istio-controlplane
package inserted into the istio-system
namespace. It is set as mTLS STRICT
by default and can be overridden at the following level:
istio:
mtls:
mode: STRICT
Upgrade Notice Harbor is no longer in Beta status.
Upgrades from previous releases📜
If coming from a version pre-2.12.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.12.0
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.19.0 Tetrate Istio Distro 1.18.2 |
1.19.0-bb.2 🔗 |
Istio Operator | Core | Istio Operator 1.19.0 Tetrate Istio Distro Operator 1.19.0 |
1.19.0-bb.1 |
Jaeger | Core | 1.47.0 |
2.47.0-bb.1 🔗 |
Kiali | Core | 1.74.0 |
1.74.0-bb.2 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.8 |
Gatekeeper | Core | 3.13.0 |
3.13.0-bb.2 🔗 |
Kyverno | Core | 1.9.3 |
3.0.0-bb.5 🔗 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.1 🔗 |
Kyverno Reporter | Core | 2.10.4 |
2.16.0-bb.6 🔗 |
Elasticsearch Kibana | Core | Kibana 8.9.1 Elasticsearch 8.10.2 |
1.5.0-bb.0 🔗 |
Eck Operator | Core | 2.9.0 |
2.9.0-bb.1 |
Fluentbit | Core | 2.1.8 |
0.37.0-bb.2 🔗 |
Promtail | Core | 2.9.1 |
6.15.0-bb.3 🔗 |
Loki | Core | 2.9.1 |
5.23.1-bb.1 🔗 |
Neuvector | Core | 5.2.2 |
2.6.3-bb.0 🔗 |
Tempo | Core | Tempo 2.2.2 Tempo Query 2.2.2 |
1.6.1-bb.3 🔗 |
Monitoring | Core | Prometheus 2.47.0 Grafana 10.0.3 Alertmanager 0.26.0 |
51.1.0-bb.2 🔗 |
Grafana | Core | 10.0.3 |
6.58.9-bb.4 |
Twistlock | Core | 30.02.123 |
0.13.0-bb.3 🔗 |
Wrapper | Core | N / A | 0.4.1 |
Argocd | Addon | 2.8.2 |
5.46.7-bb.2 |
Authservice | Addon | 0.5.3 |
0.5.3-bb.18 |
Minio Operator | Addon | 5.0.9 |
5.0.9-bb.0 |
Minio | Addon | RELEASE.2023-09-23T03-47-50Z |
5.0.9-bb.2 |
Gitlab | Addon | 16.4.1 |
7.4.1-bb.3 🔗 |
Gitlab Runner | Addon | 15.11.0 |
0.52.0-bb.7 🔗 |
Nexus | Addon | 3.53.1-02 |
53.1.0-bb.3 |
Sonarqube | Addon | 9.9.2-community |
8.0.2-bb.0 🔗 |
Fortify | Addon | 23.1.2.0005 |
1.1.2311007-bb.2 🔗 |
Haproxy | Addon | 2.2.21 |
1.12.0-bb.1 |
Anchore Enterprise | Addon | Enterprise 4.8.0 Engine 1.1.0 |
1.26.1-bb.0 |
Mattermost Operator | Addon | 1.20.1 |
1.20.1-bb.0 |
Mattermost | Addon | 9.0.0 |
9.0.0-bb.0 |
Velero | Addon | 1.11.1 |
5.0.2-bb.4 🔗 |
Keycloak | Addon | 21.1.1 |
18.4.3-bb.10 🔗 |
Vault | Addon | 1.13.1 |
0.25.0-bb.4 🔗 |
Metrics Server | Addon | 0.6.3 |
3.10.0-bb.2 |
Harbor | Addon | 2.8.4 |
1.12.4-bb.3 🔗 |
Changes in 2.13.0📜
Big Bang MRs📜
- !3159: Update Flux
- !3207: updated licensing-model.md for issue#1698
- !3243: 1032: Enable Istio mTLS globally on istio-system namespace
- !3234: Change default AMI for k3d-dev to support users that don’t have access to marketplace
Istio Controlplane📜
# Changelog Updates
## [1.19.0-bb.2] - 2023-10-11
### Changed
- Modified OSCAL Version for istio and updated to 1.1.1
## [1.19.0-bb.1] - 2023-10-02
### Changed
- Enable Istio mTLS (via peerAuthentication) globally on istio-system namespace
Jaeger📜
- !3294: jaeger update to 2.47.0-bb.1
# Changelog Updates
## [2.47.0-bb.1] - 2023-10-11
### Updated
- Modified OSCAL Version for jaeger and updated to 1.1.1
Kiali📜
- !3276: kiali update to 1.74.0-bb.2
- !3253: kiali update to 1.74.0-bb.1
- !3221: kiali update to 1.72.0-bb.2
# Changelog Updates
## [1.74.0-bb.2] - 2023-10-11
### Changed
- OSCAL version update from 1.0.0 to 1.1.1
## [1.74.0-bb.1] - 2023-10-06
### Changed
- Fixed Cypress Testing
## [1.74.0-bb.0] - 2023-10-03
### Changed
- Renovated chart to 1.74.0
- Bumped kiali operator to 1.74.0
- Bumped kiali tenant to 1.74.1
- Change runAsUser and runAsGroup to 2001 for ansible user
## [1.72.0-bb.2] - 2023-09-07
### Added
- Updated non root group user
Gatekeeper📜
- !3288: gatekeeper update to 3.13.0-bb.2
# Changelog Updates
## [3.13.0-bb.2] - 2023-10-11
### Removed
- OSCAL version update from 1.0.0 to 1.1.1
Kyverno📜
- !3290: kyvernoPolicies update to 3.0.4-bb.1
- !3283: kyvernoReporter update to 2.16.0-bb.6
- !3272: kyverno update to 3.0.0-bb.5
# Changelog Updates
## [3.0.0-bb.5] - 2023-10-11
### Changed
- Modified `features.policyExceptions.enabled` to true
- Restricted new `policyExceptions` to the kyerno `namespace`
Kyverno Policies📜
- !3290: kyvernoPolicies update to 3.0.4-bb.1
# Changelog Updates
## [3.0.4-bb.1] - 2023-10-11
### Changed
- respect `autogenControllers`, `background`, and `failurePolicy` values across all policies
Kyverno Reporter📜
- !3283: kyvernoReporter update to 2.16.0-bb.6
# Changelog Updates
## [2.16.0-bb.6] - 2023-10-11
### Changed
- Harden API token automounting behavior of ServiceAccount/Pod
## [2.16.0-bb.5] - 2023-10-5
### Changed
- Exposed automountServiceAccountToken as a value
Elasticsearch Kibana📜
# Changelog Updates
## [1.5.0-bb.0] - 2023-10-11
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.9.0 to 8.10.2
- ironbank/elastic/kibana/kibana updated from 8.9.0 to 8.9.1
## [1.4.0-bb.1] - 2023-10-06
### Updated
- Updated OSCAL version from 1.0.0 to 1.1.1
## [1.4.0-bb.0] - 2023-10-2
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.7.1 to 8.9.0
- ironbank/elastic/kibana/kibana updated from 8.7.1 to 8.9.0
Fluentbit📜
- !3263: elasticsearchKibana update to 1.5.0-bb.0
- !3296: fluentbit update to 0.37.0-bb.2
- !3260: elasticsearchKibana update to 1.4.0-bb.1
# Changelog Updates
## [0.37.0-bb.2]
### Changed
- Modified OSCAL Version for fluentbit and updated to 1.1.1
Promtail📜
# Changelog Updates
## [6.15.0-bb.3] - 2023-10-16
### Updated
- Updated registry1.dso.mil/ironbank/opensource/jimmidyson/configmap-reload v0.11.1 -> v0.12.0
## [6.15.0-bb.2] - 2023-10-11
### Updated
- Update OSCAL version from 1.0.0 to 1.1.1
Loki📜
# Changelog Updates
## [5.23.1-bb.1] - 2023-10-13
### Added
- Helm validation for backend scaling requirements introduced with loki 2.9.*
Neuvector📜
- !3314: Cherrypick Neuvector from master
- !3292: neuvector update to 2.6.3-bb.0
- !3278: neuvector update to 2.4.5-bb.7
- !3219: add default no-secret client_secret to neuvector
# Changelog Updates
## [2.6.3-bb.0] - 2023-10-11
### Changed
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/controller from 5.1.3 to 5.2.2
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/enforcer from 5.1.3 to 5.2.2
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/manager from 5.1.3 to 5.2.2
## [2.4.5-bb.7] - 2023-10-11
### Changed
- Update OSCAL version from 1.0.0 to 1.1.1
Tempo📜
# Changelog Updates
## [1.6.1-bb.3] - 2023-10-12
### Changed
- Harden API token automounting behavior of ServiceAccount/Pod
## [1.6.1-bb.2] - 2023-10-11
### Changed
- OSCAL Version update from 1.0.0 to 1.1.1
Monitoring📜
# Changelog Updates
## [51.1.0-bb.2] - 2023-10-11
### Changed
- Update OSCAL version from 1.0.0 to 1.1.1
## [51.1.0-bb.1] - 2023-10-03
### Changed
- Add delay before sidecar proxy kill for monitoring jobs
Twistlock📜
- !3284: twistlock update to 0.13.0-bb.3
# Changelog Updates
## [0.13.0-bb.3] - 2023-10-11
### Changed
- OSCAL version update from 1.0.0 to 1.1.1
## [0.13.0-bb.2] - 2023-10-05
### Changed
- gluon updated from 0.4.0 to 0.4.1
- Updated Cypress to version 13.0.0
- Changed the Cypress file structure
- Changed to use the script for e2e testing instead of Cypress
Gitlab📜
- !3275: gitlab update to 7.4.1-bb.3
- !3273: gitlab update to 7.4.1-bb.2
- !3254: gitlab update to 7.4.1-bb.1
- !3246: gitlabRunner update to 0.52.0-bb.7
# Changelog Updates
## [7.4.1-bb.3] - 2023-10-11
### Changed
- OSCAL Version update from 1.0.0 to 1.1.1
## [7.4.1-bb.2] - 2023-10-09
### Changed
- Update security contexts for kyverno non-root-group policy violations
## [7.4.1-bb.1] - 2023-10-06
### Changed
- Fixed typo in documentation that leads to error
Gitlab Runner📜
- !3246: gitlabRunner update to 0.52.0-bb.7
# Changelog Updates
## [0.52.0-bb.7] - 2023-10-05
### Changed
- Update cypress tests for compatibility with latest gitlab version (7.4.1)
Sonarqube📜
- !3298: sonarqube update to 8.0.2-bb.0
# Changelog Updates
## [8.0.1-bb.0] - 2023-10-16
### Changed
- Update release to sonarqube-8.0.2-sonarqube-dce-7.0.2
- sonarqube from 9.9.1-community to 9.9.2-community
- postgres-exporter from 0.13.2 to 0.14.0
- Update release to sonarqube-8.0.1-sonarqube-dce-7.0.1
- sonarqube from 9.9.0-community to 9.9.1-community
- postgres-exporter from 0.11.1 to 0.12.0
- postgresql12 from 12.14 to 12.15
Fortify📜
- !3256: fortify update to 1.1.2311007-bb.2
# Changelog Updates
## [1.1.2311007-bb.2] - 2023-10-06
### Updated
- fixed the network policy error
Velero📜
# Changelog Updates
## [5.0.2-bb.4] - 2023-10-11
### Changed
- Added testing for scheduled backups
## [5.0.2-bb.3] - 2023-10-11
### Changed
- Fixing changelog entries
Keycloak📜
# Changelog Updates
## [18.4.3-bb.10] - 2023-10-11
### Updated
- OSCAL version updated from 1.0.0 to 1.1.1
## [18.4.3-bb.9] - 2023-10-10
### Updated
- Fixed and updated changelog entries
Vault📜
# Changelog Updates
## [0.25.0-bb.4] - 2023-10-11
### Updated
- Updated OSCAL version from 1.0.0 to 1.1.1
## [0.25.0-bb.3] - 2023-10-03
### Changed
- Added resiliency to auto unseal job
Harbor📜
- !3255: harbor update to 1.12.4-bb.3
# Changelog Updates
## [1.12.4-bb.3] - 2023-10-06
### Changed
- image order in the Chart.yaml to fix bug with exporter image not showing in images package
Known Issues📜
- Kyverno Policies Issue 43: “Injected pods with ‘istio-init’ containers violate require-non-root-group policy” syntax is no longer valid with new chart versions.
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.