Skip to content

Release Notes - 2.14.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.27.6 (RKE2).

Upgrade Notices📜

Neuvector:

  • Main chart Values.yaml manager.env configs have been moved under manager.env.envs, and should include the direct env variable name and value. The example and default implementation would be:

  • manager.env.disableFipsInJava being removed and replaced with

manager:
...
  env:
  ...
    envs:
    - name: JDK_JAVA_OPTIONS
      value: "-Dcom.redhat.fips=false"

Istio: - Istio gets updated to 1.19.3. BigBang apps should automatically cycle to get the latest sidecar config and version. Be sure to cycle pods for any community or tenant applications manually.

Flux: - Flux gets a patch update to 2.1.2 and the following component versions: * kustomize-controller: v1.1.1 * helm-controller: v0.36.2 * source-controller: v1.1.2 - We recommend updating Flux to stay up to date - we only test releases against the latest Flux version in Big Bang. Running the Flux update script via ./scripts/install_flux.sh -s will re-use your existing pull secret and update all components.

Upgrades from previous releases📜

If coming from a version pre-2.13.1, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.13.1.

Packages📜

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.19.3 Tetrate Istio Distro 1.19.3 1.19.3-bb.0 🔗
Updated Istio Operator Core Istio Operator 1.19.3 Tetrate Istio Distro Operator 1.19.3 1.19.3-bb.0 🔗
Jaeger Core 1.47.0 2.47.0-bb.1
Updated Kiali Core 1.74.0 1.74.0-bb.4 🔗
Updated Cluster Auditor Core 0.0.7 1.5.0-bb.9 🔗
Updated Gatekeeper Core 3.13.2 3.13.2-bb.0 🔗
Updated Kyverno Core 1.10.3 3.0.0-bb.10 🔗
Updated Kyverno Policies Core 3.0.4 3.0.4-bb.3 🔗
Kyverno Reporter Core 2.10.4 2.16.0-bb.6
Updated Elasticsearch Kibana Core Kibana 8.9.1 Elasticsearch 8.10.3 1.6.0-bb.0 🔗
Eck Operator Core 2.9.0 2.9.0-bb.1
Updated Fluentbit Core 2.1.10 0.39.0-bb.0 🔗
Updated Promtail Core 2.9.2 6.15.3-bb.0 🔗
Updated Loki Core 2.9.2 5.31.0-bb.3 🔗
Updated Neuvector Core 5.2.2 2.6.3-bb.1 🔗
Updated Tempo Core Tempo 2.2.3 Tempo Query 2.2.3 1.6.3-bb.1 🔗
Updated Monitoring Core Prometheus 2.47.2 Grafana 10.0.3 Alertmanager 0.26.0 51.10.0-bb.0 🔗
Updated Grafana Core 10.1.5 6.60.6-bb.0 🔗
Updated Twistlock Core 30.02.123 0.13.0-bb.6 🔗
Wrapper Core N / A 0.4.1
Updated Argocd Addon 2.8.2 5.46.7-bb.3 🔗
Authservice Addon 0.5.3 0.5.3-bb.18
Updated Minio Operator Addon 5.0.10 5.0.10-bb.0 🔗
Updated Minio Addon RELEASE.2023-10-07T15-07-38Z 5.0.10-bb.0 🔗
Updated Gitlab Addon 16.5.0 7.5.0-bb.0 🔗
Gitlab Runner Addon 15.11.0 0.52.0-bb.7
Updated Nexus Addon 3.61.0-02 61.0.0-bb.0 🔗
Updated Sonarqube Addon 9.9.2-community 8.0.2-bb.2 🔗
Updated Fortify BETA Addon 23.1.2.0005 1.1.2311007-bb.5 🔗
Updated Haproxy Addon 2.2.31 1.19.3-bb.0 🔗
Anchore Enterprise Addon Enterprise 4.8.0 Engine 1.1.0 1.26.1-bb.0
Mattermost Operator Addon 1.20.1 1.20.1-bb.0
Mattermost Addon 9.0.0 9.0.0-bb.0
Updated Velero Addon 1.12.0 5.1.0-bb.0 🔗
Keycloak Addon 21.1.1 18.4.3-bb.10
Vault Addon 1.13.1 0.25.0-bb.4
Metrics Server Addon 0.6.3 3.10.0-bb.2
Updated Harbor Addon 2.9.0 1.13.0-bb.3 🔗

Changes in 2.14.0📜

Big Bang MRs📜

  • !3325: Update quickstart metallb config
  • !3330: modify k3d-dev.sh to use ib metallb images
  • !3286: feat: enable require-image-signature policy as audit
  • !3313: adding prometheus as long as monitoring is enabled
  • !3279: Update Flux

Istio Controlplane📜

  • !3352: istio update to 1.19.3-bb.0
# Changelog Updates

## [1.19.3-bb.0] - 2023-10-14
### Changed
- ironbank/opensource/istio/install-cni updated from 1.19.0 to 1.19.3
- ironbank/opensource/istio/pilot updated from 1.19.0 to 1.19.3
- ironbank/opensource/istio/proxyv2 updated from 1.19.0 to 1.19.3
- ironbank/tetrate/istio/install-cni updated from 1.18.2 to 1.19.3
- ironbank/tetrate/istio/pilot updated from 1.18.2 to 1.19.3
- ironbank/tetrate/istio/proxyv2 updated from 1.18.2 to 1.19.3

Istio Operator📜

  • !3351: istioOperator update to 1.19.3-bb.0
# Changelog Updates

## [1.19.3-bb.0] - 2023-10-16
### Added
- Updated repo1 image to `1.19.3`
- Updated TID image to `1.19.3`

Kiali📜

  • !3347: kiali update to 1.74.0-bb.4
  • !3322: kiali update to 1.74.0-bb.3
# Changelog Updates

## [1.74.0-bb.4] - 2023-10-26
### Added
- Updated to 1.75.1 images (latest in IB)

## [1.74.0-bb.3] - 2023-10-19
### Changed
- Increase kiali-operator memory limit to 1700Mi

Cluster Auditor📜

  • !3277: clusterAuditor update to 1.5.0-bb.9
# Changelog Updates

## [1.5.0-bb.9] - 2023-10-06
### Changed
- Updated OSCAL version from 1.0.0 to 1.1.1

Gatekeeper📜

  • !3338: gatekeeper update to 3.13.2-bb.0
# Changelog Updates

## [3.13.2-bb.0] - 2023-10-11
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.27.6 -> 1.28.2
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.13.0 -> v3.13.2

Kyverno📜

  • !3382: kyverno update to 3.0.0-bb.10
  • !3359: kyverno update to 3.0.0-bb.9
  • !3332: kyvernoPolicies update to 3.0.4-bb.3
  • !3310: kyverno update to 3.0.0-bb.8
  • !3302: kyverno update to 3.0.0-bb.7
  • !3301: kyverno update to 3.0.0-bb.6
# Changelog Updates

## [3.0.0-bb.10] - 2023-11-02
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl patch v1.28.2 -> v1.28.3
- Added `.Values.allowExternalRegistryEgress` option to enable a `NetworkPolicy` that allows the Admission Controller to talk to external networks. Default: false

## [3.0.0-bb.9] - 2023-10-24
### Changed
- Add pod level securityContext for kyverno test

## [3.0.0-bb.8] - 2023-10-18
### Changed
- Fixed RunAsGroup typo in chart/values.yaml

## [3.0.0-bb.7] - 2023-10-17
### Changed
- Modified OSCAL Version for kyverno and updated to 1.1.1

## [3.0.0-bb.6] - 2023-10-13
### Changed
- Update `kubectl version` to v1.28.2

Kyverno Policies📜

  • !3332: kyvernoPolicies update to 3.0.4-bb.3
# Changelog Updates

## [3.0.4-bb.3] - 2023-10-22
### Changed
- ironbank/opensource/kubernetes/kubectl updated from 1.27.3 to v1.28.3

## [3.0.4-bb.2] - 2023-10-11
### Changed
- Added Kyverno Policy for Auditing Automount Service Account Token usage.
- Added exceptions for Kyverno Reporter, Gitlab Runners, and Gitlab Shared Secrets

Elasticsearch Kibana📜

  • !3305: elasticsearchKibana update to 1.6.0-bb.0
# Changelog Updates

## [1.6.0-bb.0] - 2023-10-16
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.10.2 to 8.10.3

Fluentbit📜

  • !3343: fluentbit update to 0.39.0-bb.0
# Changelog Updates

## [0.39.0-bb.0]
### Changed
- Updated upstream helm chart tag `0.39.0-bb.0`
- Updated fluent-bit image to `2.1.10` from IB

## [0.37.0-bb.3] - 2023-10-24
### Changed
- updating contributing file to link to external github contributions

Promtail📜

# Changelog Updates

## [6.15.3-bb.0] - 2023-10-23
### Updated
- Updated ironbank/opensource/grafana/promtail v2.9.1 -> v2.9.2
- Updated registry1.dso.mil/ironbank/opensource/grafana/promtail v2.9.1 -> v2.9.2
- Updated chart version to 6.15.3

Loki📜

  • !3384: loki update to 5.31.0-bb.3
  • !3370: loki update to 5.31.0-bb.2
  • !3363: loki update to 5.31.0-bb.1
  • !3339: loki update to 5.31.0-bb.0 & promtail update to 6.15.3-bb.0
  • !3303: loki update to 5.23.1-bb.2
# Changelog Updates

## [5.31.0-bb.3] - 2023-11-02
### Removed
- Remove portLevelException

## [5.31.0-bb.2] - 2023-10-31
### Changed
- Service Template changes for all 3 components to force TCP convention for the GRCP gossip ports

## [5.31.0-bb.1] - 2023-10-31
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.2 -> v1.28.3
- Updated registry1.dso.mil/ironbank/opensource/nginx/nginx 1.25.2 -> 1.25.3

## [5.31.0-bb.0] - 2023-10-17
### Changed
- Updated docker.io/grafana/loki-canary 2.9.1 -> 2.9.2
- Updated ironbank/opensource/grafana/loki 2.9.1 -> 2.9.2
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.27.6 -> v1.28.2
- Updated registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar 1.25.1 -> 1.25.2

## [5.23.1-bb.2] - 2023-10-17
### Changed
- Update OSCAL version from 1.0.0 to 1.1.1

Neuvector📜

  • !3340: neuvector update to 2.6.3-bb.1
# Changelog Updates

## [2.6.3-bb.1] - 2023-10-16
### Added
- Added non-root group user

Tempo📜

  • !3353: tempo update to 1.6.3-bb.1
  • !3329: tempo update to 1.6.3-bb.0
# Changelog Updates

## [1.6.3-bb.1] - 2023-10-27
### Changed
- Add additional constant output to cypress test for save/test tempo data source

## [1.6.3-bb.0] - 2023-10-19
### Changed
- Bumped chart version to 1.6.3
- Bumped images tag to 2.2.3
- Updated Cypress test to hit the API for testing

Monitoring📜

  • !3345: monitoring update to 51.10.0-bb.0
# Changelog Updates

## [51.10.0-bb.0] - 2023-10-20
### Changed
- upgrade chart version to 51.10.0
- registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar patch 1.25.1 -> 1.25.2
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.28.2 -> v1.28.1
- registry1.dso.mil/ironbank/opensource/prometheus/prometheus minor v2.47.0 -> v2.47.2
- registry1.dso.mil/ironbank/opensource/thanos/thanos minor v0.32.3 -> v0.32.5

## [51.1.0-bb.5] - 2023-10-19
### Added
- adding network policy to allow alert manager to send alerts to external endpoints.

## [51.1.0-bb.4] - 2023-10-18
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.28.1 -> v1.28.2

## [51.1.0-bb.3] - 2023-10-16
### Added
- Added NetworkPolicy for Thanos to connect to Prometheus-Thanos-Sidecar

Grafana📜

  • !3364: grafana update to 6.60.6-bb.0
# Changelog Updates

## [6.60.6-bb.0] - 2023-10-30
### Changed
- Updated grafana to 10.1.5
- Updated chart base to 6.60.6

Twistlock📜

  • !3378: twistlock update to 0.13.0-bb.6
  • !3309: twistlock update to 0.13.0-bb.5
# Changelog Updates

## [0.13.0-bb.6] - 2023-11-01
### Changed
- Increase init job memory limit

## [0.13.0-bb.5] - 2023-10-18
### Changed
- Changed test url now that istio/ssl is configured to handle https

## [0.13.0-bb.4] - 2023-10-17
### Added
- Added appProtocol to service.yaml port 8083 definition to use istio explicit protocol selection
- Removed all files related to Cypress testing, using the scriopt for testing goign forward

Argocd📜

  • !3262: argocd update to 5.46.7-bb.3
# Changelog Updates

## [5.46.7-bb.3] - 2023-10-06
### Updated
- Updated OSCAL to 1.1.1

Minio Operator📜

  • !3311: minioOperator update to 5.0.10-bb.0
# Changelog Updates

## [5.0.10-bb.0] - 2023-10-17
### Upgrade
- Updated Minio Operator Helm Chart to v5.0.10

Minio📜

  • !3312: minio update to 5.0.10-bb.0
  • !3311: minioOperator update to 5.0.10-bb.0
# Changelog Updates

## [5.0.10-bb.0] - 2023-10-16
### Changed
- Updated minio to `RELEASE.2023-10-07T15-07-38Z`
- Updated mc to `RELEASE.2023-10-14T01-57-03Z`

Gitlab📜

  • !3368: gitlab update to 7.5.0-bb.0
# Changelog Updates

## [7.5.0-bb.0] - 2023-10-03
### Changed
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice patch 16.4.1 -> 16.5.0

## [7.4.1-bb.5] - 2023-10-24
### Changed
- Exposed autoMountServiceAccountToken for gitlab service accounts via values.yaml
- Hardened pods by removing autoMountServiceAccountToken when not required and explicitly requesting when required

## [7.4.1-bb.4] - 2023-10-16
### Changed
- Removed duplicate annotation on webservice template

Nexus📜

  • !3346: nexusRepositoryManager update to 61.0.0-bb.0
# Changelog Updates

## [61.0.0-bb.0] - 2023-10-24
### Changed
- Updated chart to version: 61.0.0-bb.2 | appVersion: 3.61.0

Sonarqube📜

  • !3377: sonarqube update to 8.0.2-bb.2
  • !3335: sonarqube update to 8.0.2-bb.1
# Changelog Updates

## [8.0.2-bb.2] - 2023-11-01
### Changed
- fixed typo in changelog

## [8.0.2-bb.1] - 2023-10-18
### Changed
- enabled creation of ServiceAccounts for Sonarqube and Postgres
- hardened automountServiceAccountToken for Pods and ServiceAccounts

Fortify📜

  • !3358: fortify update to 1.1.2311007-bb.5
  • !3349: fortify update to 1.1.2311007-bb.4
  • !3316: fortify update to 1.1.2311007-bb.3
  • !3251: fixing the fortify test mount
# Changelog Updates

## [1.1.2311007-bb.5] - 2023-10-20
### Updated
- Added non-root-group to sql
- Image updated for MySql to `8.0.34-debian-11-r2`

## [1.1.2311007-bb.4] - 2023-10-25
### Updated
- Allow overriding mix and max threads for ssc tomcat server

## [1.1.2311007-bb.3] - 2023-10-12
### Updated
- Updated cypress implementation to fix broken pipeline
- Updated mysql 9.12.0 -> 9.12.3

Haproxy📜

  • !3341: haproxy update to 1.19.3-bb.0
# Changelog Updates

## [1.19.3-bb.0]
### Updated
- Updated chart version `1.12.0` -> `1.19.3`
- Updated HAProxy `v2.2.21` -> `v2.2.31`
- Added a `DEVELOPMENT_MAINTENANCE.md`

Velero📜

  • !3321: velero update to 5.1.0-bb.0
  • !3308: velero update to 5.0.2-bb.5
# Changelog Updates

## [5.1.0-bb.0] - 2023-10-18
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.27.6 -> v1.27.3
- registry1.dso.mil/ironbank/opensource/velero/velero v1.11.1 -> v1.12.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.7.1 -> v1.8.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.5.1 -> v0.6.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.7.1 -> v1.8.0
- velero/velero-plugin-for-aws v1.7.1 -> v1.8.0
- velero/velero-plugin-for-csi v0.5.1 -> v0.6.0
- velero/velero-restore-helper v1.11.1 -> v1.12.0

## [5.0.2-bb.5] - 2023-10-18
### Changed
- OSCAL version update from 1.0.0 to 1.1.1

Harbor📜

  • !3356: harbor update to 1.13.0-bb.3
  • !3331: harbor update to 1.13.0-bb.1
# Changelog Updates

## [1.13.0-bb.3] - 2023-10-30
### Changed
- update renovate.json

## [1.13.0-bb.2] - 2023-10-26
### Changed
- add maintenance documentation

## [1.13.0-bb.1] - 2023-10-24
### Changed
- updated bigbang virtual service to address registry authentication issue
- add ServiceEntry config

## [1.13.0-bb.0] - 2023-10-23
### Changed
- Updated app to v2.9.0 and helm chart to v1.13.0
- goharbor/redis-photon minor v2.8.4 -> v2.9.0
- ironbank/opensource/goharbor/harbor-core minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/chartmuseum minor v2.7.2 -> v2.7.3
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-core minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/registry minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/nginx/nginx patch 1.25.1 -> 1.25.2
- registry1.dso.mil/ironbank/opensource/postgres/postgresql12 minor 12.15 -> 12.16

## [1.12.4-bb.5] - 2023-10-16
### Changed
- Fixed Security Context

## [1.12.4-bb.4] - 2023-10-11
### Added
- Added non-root group user

Known Issues📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.