Release Notes - 2.14.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.27.6 (RKE2).
Upgrade Notices📜
Neuvector:
-
Main chart Values.yaml
manager.env
configs have been moved undermanager.env.envs
, and should include the direct env variable name and value. The example and default implementation would be: -
manager.env.disableFipsInJava
being removed and replaced with
manager:
...
env:
...
envs:
- name: JDK_JAVA_OPTIONS
value: "-Dcom.redhat.fips=false"
Istio:
- Istio gets updated to 1.19.3
. BigBang apps should automatically cycle to get the latest sidecar config and version. Be sure to cycle pods for any community or tenant applications manually.
Flux:
- Flux gets a patch update to 2.1.2
and the following component versions:
* kustomize-controller: v1.1.1
* helm-controller: v0.36.2
* source-controller: v1.1.2
- We recommend updating Flux to stay up to date - we only test releases against the latest Flux version in Big Bang. Running the Flux update script via ./scripts/install_flux.sh -s
will re-use your existing pull secret and update all components.
Upgrades from previous releases📜
If coming from a version pre-2.13.1
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.13.1
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.19.3 Tetrate Istio Distro 1.19.3 |
1.19.3-bb.0 🔗 |
Istio Operator | Core | Istio Operator 1.19.3 Tetrate Istio Distro Operator 1.19.3 |
1.19.3-bb.0 🔗 |
Jaeger | Core | 1.47.0 |
2.47.0-bb.1 |
Kiali | Core | 1.74.0 |
1.74.0-bb.4 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.9 🔗 |
Gatekeeper | Core | 3.13.2 |
3.13.2-bb.0 🔗 |
Kyverno | Core | 1.10.3 |
3.0.0-bb.10 🔗 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.3 🔗 |
Kyverno Reporter | Core | 2.10.4 |
2.16.0-bb.6 |
Elasticsearch Kibana | Core | Kibana 8.9.1 Elasticsearch 8.10.3 |
1.6.0-bb.0 🔗 |
Eck Operator | Core | 2.9.0 |
2.9.0-bb.1 |
Fluentbit | Core | 2.1.10 |
0.39.0-bb.0 🔗 |
Promtail | Core | 2.9.2 |
6.15.3-bb.0 🔗 |
Loki | Core | 2.9.2 |
5.31.0-bb.3 🔗 |
Neuvector | Core | 5.2.2 |
2.6.3-bb.1 🔗 |
Tempo | Core | Tempo 2.2.3 Tempo Query 2.2.3 |
1.6.3-bb.1 🔗 |
Monitoring | Core | Prometheus 2.47.2 Grafana 10.0.3 Alertmanager 0.26.0 |
51.10.0-bb.0 🔗 |
Grafana | Core | 10.1.5 |
6.60.6-bb.0 🔗 |
Twistlock | Core | 30.02.123 |
0.13.0-bb.6 🔗 |
Wrapper | Core | N / A | 0.4.1 |
Argocd | Addon | 2.8.2 |
5.46.7-bb.3 🔗 |
Authservice | Addon | 0.5.3 |
0.5.3-bb.18 |
Minio Operator | Addon | 5.0.10 |
5.0.10-bb.0 🔗 |
Minio | Addon | RELEASE.2023-10-07T15-07-38Z |
5.0.10-bb.0 🔗 |
Gitlab | Addon | 16.5.0 |
7.5.0-bb.0 🔗 |
Gitlab Runner | Addon | 15.11.0 |
0.52.0-bb.7 |
Nexus | Addon | 3.61.0-02 |
61.0.0-bb.0 🔗 |
Sonarqube | Addon | 9.9.2-community |
8.0.2-bb.2 🔗 |
Fortify | Addon | 23.1.2.0005 |
1.1.2311007-bb.5 🔗 |
Haproxy | Addon | 2.2.31 |
1.19.3-bb.0 🔗 |
Anchore Enterprise | Addon | Enterprise 4.8.0 Engine 1.1.0 |
1.26.1-bb.0 |
Mattermost Operator | Addon | 1.20.1 |
1.20.1-bb.0 |
Mattermost | Addon | 9.0.0 |
9.0.0-bb.0 |
Velero | Addon | 1.12.0 |
5.1.0-bb.0 🔗 |
Keycloak | Addon | 21.1.1 |
18.4.3-bb.10 |
Vault | Addon | 1.13.1 |
0.25.0-bb.4 |
Metrics Server | Addon | 0.6.3 |
3.10.0-bb.2 |
Harbor | Addon | 2.9.0 |
1.13.0-bb.3 🔗 |
Changes in 2.14.0📜
Big Bang MRs📜
- !3325: Update quickstart metallb config
- !3330: modify k3d-dev.sh to use ib metallb images
- !3286: feat: enable
require-image-signature
policy asaudit
- !3313: adding prometheus as long as monitoring is enabled
- !3279: Update Flux
Istio Controlplane📜
- !3352: istio update to 1.19.3-bb.0
# Changelog Updates
## [1.19.3-bb.0] - 2023-10-14
### Changed
- ironbank/opensource/istio/install-cni updated from 1.19.0 to 1.19.3
- ironbank/opensource/istio/pilot updated from 1.19.0 to 1.19.3
- ironbank/opensource/istio/proxyv2 updated from 1.19.0 to 1.19.3
- ironbank/tetrate/istio/install-cni updated from 1.18.2 to 1.19.3
- ironbank/tetrate/istio/pilot updated from 1.18.2 to 1.19.3
- ironbank/tetrate/istio/proxyv2 updated from 1.18.2 to 1.19.3
Istio Operator📜
- !3351: istioOperator update to 1.19.3-bb.0
# Changelog Updates
## [1.19.3-bb.0] - 2023-10-16
### Added
- Updated repo1 image to `1.19.3`
- Updated TID image to `1.19.3`
Kiali📜
# Changelog Updates
## [1.74.0-bb.4] - 2023-10-26
### Added
- Updated to 1.75.1 images (latest in IB)
## [1.74.0-bb.3] - 2023-10-19
### Changed
- Increase kiali-operator memory limit to 1700Mi
Cluster Auditor📜
- !3277: clusterAuditor update to 1.5.0-bb.9
# Changelog Updates
## [1.5.0-bb.9] - 2023-10-06
### Changed
- Updated OSCAL version from 1.0.0 to 1.1.1
Gatekeeper📜
- !3338: gatekeeper update to 3.13.2-bb.0
# Changelog Updates
## [3.13.2-bb.0] - 2023-10-11
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.27.6 -> 1.28.2
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.13.0 -> v3.13.2
Kyverno📜
- !3382: kyverno update to 3.0.0-bb.10
- !3359: kyverno update to 3.0.0-bb.9
- !3332: kyvernoPolicies update to 3.0.4-bb.3
- !3310: kyverno update to 3.0.0-bb.8
- !3302: kyverno update to 3.0.0-bb.7
- !3301: kyverno update to 3.0.0-bb.6
# Changelog Updates
## [3.0.0-bb.10] - 2023-11-02
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl patch v1.28.2 -> v1.28.3
- Added `.Values.allowExternalRegistryEgress` option to enable a `NetworkPolicy` that allows the Admission Controller to talk to external networks. Default: false
## [3.0.0-bb.9] - 2023-10-24
### Changed
- Add pod level securityContext for kyverno test
## [3.0.0-bb.8] - 2023-10-18
### Changed
- Fixed RunAsGroup typo in chart/values.yaml
## [3.0.0-bb.7] - 2023-10-17
### Changed
- Modified OSCAL Version for kyverno and updated to 1.1.1
## [3.0.0-bb.6] - 2023-10-13
### Changed
- Update `kubectl version` to v1.28.2
Kyverno Policies📜
- !3332: kyvernoPolicies update to 3.0.4-bb.3
# Changelog Updates
## [3.0.4-bb.3] - 2023-10-22
### Changed
- ironbank/opensource/kubernetes/kubectl updated from 1.27.3 to v1.28.3
## [3.0.4-bb.2] - 2023-10-11
### Changed
- Added Kyverno Policy for Auditing Automount Service Account Token usage.
- Added exceptions for Kyverno Reporter, Gitlab Runners, and Gitlab Shared Secrets
Elasticsearch Kibana📜
- !3305: elasticsearchKibana update to 1.6.0-bb.0
# Changelog Updates
## [1.6.0-bb.0] - 2023-10-16
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.10.2 to 8.10.3
Fluentbit📜
- !3343: fluentbit update to 0.39.0-bb.0
# Changelog Updates
## [0.39.0-bb.0]
### Changed
- Updated upstream helm chart tag `0.39.0-bb.0`
- Updated fluent-bit image to `2.1.10` from IB
## [0.37.0-bb.3] - 2023-10-24
### Changed
- updating contributing file to link to external github contributions
Promtail📜
# Changelog Updates
## [6.15.3-bb.0] - 2023-10-23
### Updated
- Updated ironbank/opensource/grafana/promtail v2.9.1 -> v2.9.2
- Updated registry1.dso.mil/ironbank/opensource/grafana/promtail v2.9.1 -> v2.9.2
- Updated chart version to 6.15.3
Loki📜
- !3384: loki update to 5.31.0-bb.3
- !3370: loki update to 5.31.0-bb.2
- !3363: loki update to 5.31.0-bb.1
- !3339: loki update to 5.31.0-bb.0 & promtail update to 6.15.3-bb.0
- !3303: loki update to 5.23.1-bb.2
# Changelog Updates
## [5.31.0-bb.3] - 2023-11-02
### Removed
- Remove portLevelException
## [5.31.0-bb.2] - 2023-10-31
### Changed
- Service Template changes for all 3 components to force TCP convention for the GRCP gossip ports
## [5.31.0-bb.1] - 2023-10-31
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.2 -> v1.28.3
- Updated registry1.dso.mil/ironbank/opensource/nginx/nginx 1.25.2 -> 1.25.3
## [5.31.0-bb.0] - 2023-10-17
### Changed
- Updated docker.io/grafana/loki-canary 2.9.1 -> 2.9.2
- Updated ironbank/opensource/grafana/loki 2.9.1 -> 2.9.2
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.27.6 -> v1.28.2
- Updated registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar 1.25.1 -> 1.25.2
## [5.23.1-bb.2] - 2023-10-17
### Changed
- Update OSCAL version from 1.0.0 to 1.1.1
Neuvector📜
- !3340: neuvector update to 2.6.3-bb.1
# Changelog Updates
## [2.6.3-bb.1] - 2023-10-16
### Added
- Added non-root group user
Tempo📜
# Changelog Updates
## [1.6.3-bb.1] - 2023-10-27
### Changed
- Add additional constant output to cypress test for save/test tempo data source
## [1.6.3-bb.0] - 2023-10-19
### Changed
- Bumped chart version to 1.6.3
- Bumped images tag to 2.2.3
- Updated Cypress test to hit the API for testing
Monitoring📜
- !3345: monitoring update to 51.10.0-bb.0
# Changelog Updates
## [51.10.0-bb.0] - 2023-10-20
### Changed
- upgrade chart version to 51.10.0
- registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar patch 1.25.1 -> 1.25.2
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.28.2 -> v1.28.1
- registry1.dso.mil/ironbank/opensource/prometheus/prometheus minor v2.47.0 -> v2.47.2
- registry1.dso.mil/ironbank/opensource/thanos/thanos minor v0.32.3 -> v0.32.5
## [51.1.0-bb.5] - 2023-10-19
### Added
- adding network policy to allow alert manager to send alerts to external endpoints.
## [51.1.0-bb.4] - 2023-10-18
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.28.1 -> v1.28.2
## [51.1.0-bb.3] - 2023-10-16
### Added
- Added NetworkPolicy for Thanos to connect to Prometheus-Thanos-Sidecar
Grafana📜
- !3364: grafana update to 6.60.6-bb.0
# Changelog Updates
## [6.60.6-bb.0] - 2023-10-30
### Changed
- Updated grafana to 10.1.5
- Updated chart base to 6.60.6
Twistlock📜
# Changelog Updates
## [0.13.0-bb.6] - 2023-11-01
### Changed
- Increase init job memory limit
## [0.13.0-bb.5] - 2023-10-18
### Changed
- Changed test url now that istio/ssl is configured to handle https
## [0.13.0-bb.4] - 2023-10-17
### Added
- Added appProtocol to service.yaml port 8083 definition to use istio explicit protocol selection
- Removed all files related to Cypress testing, using the scriopt for testing goign forward
Argocd📜
- !3262: argocd update to 5.46.7-bb.3
# Changelog Updates
## [5.46.7-bb.3] - 2023-10-06
### Updated
- Updated OSCAL to 1.1.1
Minio Operator📜
- !3311: minioOperator update to 5.0.10-bb.0
# Changelog Updates
## [5.0.10-bb.0] - 2023-10-17
### Upgrade
- Updated Minio Operator Helm Chart to v5.0.10
Minio📜
# Changelog Updates
## [5.0.10-bb.0] - 2023-10-16
### Changed
- Updated minio to `RELEASE.2023-10-07T15-07-38Z`
- Updated mc to `RELEASE.2023-10-14T01-57-03Z`
Gitlab📜
- !3368: gitlab update to 7.5.0-bb.0
# Changelog Updates
## [7.5.0-bb.0] - 2023-10-03
### Changed
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox patch 16.4.1 -> 16.5.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice patch 16.4.1 -> 16.5.0
## [7.4.1-bb.5] - 2023-10-24
### Changed
- Exposed autoMountServiceAccountToken for gitlab service accounts via values.yaml
- Hardened pods by removing autoMountServiceAccountToken when not required and explicitly requesting when required
## [7.4.1-bb.4] - 2023-10-16
### Changed
- Removed duplicate annotation on webservice template
Nexus📜
- !3346: nexusRepositoryManager update to 61.0.0-bb.0
# Changelog Updates
## [61.0.0-bb.0] - 2023-10-24
### Changed
- Updated chart to version: 61.0.0-bb.2 | appVersion: 3.61.0
Sonarqube📜
# Changelog Updates
## [8.0.2-bb.2] - 2023-11-01
### Changed
- fixed typo in changelog
## [8.0.2-bb.1] - 2023-10-18
### Changed
- enabled creation of ServiceAccounts for Sonarqube and Postgres
- hardened automountServiceAccountToken for Pods and ServiceAccounts
Fortify📜
- !3358: fortify update to 1.1.2311007-bb.5
- !3349: fortify update to 1.1.2311007-bb.4
- !3316: fortify update to 1.1.2311007-bb.3
- !3251: fixing the fortify test mount
# Changelog Updates
## [1.1.2311007-bb.5] - 2023-10-20
### Updated
- Added non-root-group to sql
- Image updated for MySql to `8.0.34-debian-11-r2`
## [1.1.2311007-bb.4] - 2023-10-25
### Updated
- Allow overriding mix and max threads for ssc tomcat server
## [1.1.2311007-bb.3] - 2023-10-12
### Updated
- Updated cypress implementation to fix broken pipeline
- Updated mysql 9.12.0 -> 9.12.3
Haproxy📜
- !3341: haproxy update to 1.19.3-bb.0
# Changelog Updates
## [1.19.3-bb.0]
### Updated
- Updated chart version `1.12.0` -> `1.19.3`
- Updated HAProxy `v2.2.21` -> `v2.2.31`
- Added a `DEVELOPMENT_MAINTENANCE.md`
Velero📜
# Changelog Updates
## [5.1.0-bb.0] - 2023-10-18
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.27.6 -> v1.27.3
- registry1.dso.mil/ironbank/opensource/velero/velero v1.11.1 -> v1.12.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.7.1 -> v1.8.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.5.1 -> v0.6.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.7.1 -> v1.8.0
- velero/velero-plugin-for-aws v1.7.1 -> v1.8.0
- velero/velero-plugin-for-csi v0.5.1 -> v0.6.0
- velero/velero-restore-helper v1.11.1 -> v1.12.0
## [5.0.2-bb.5] - 2023-10-18
### Changed
- OSCAL version update from 1.0.0 to 1.1.1
Harbor📜
# Changelog Updates
## [1.13.0-bb.3] - 2023-10-30
### Changed
- update renovate.json
## [1.13.0-bb.2] - 2023-10-26
### Changed
- add maintenance documentation
## [1.13.0-bb.1] - 2023-10-24
### Changed
- updated bigbang virtual service to address registry authentication issue
- add ServiceEntry config
## [1.13.0-bb.0] - 2023-10-23
### Changed
- Updated app to v2.9.0 and helm chart to v1.13.0
- goharbor/redis-photon minor v2.8.4 -> v2.9.0
- ironbank/opensource/goharbor/harbor-core minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/chartmuseum minor v2.7.2 -> v2.7.3
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-core minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/registry minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter minor v2.8.4 -> v2.9.0
- registry1.dso.mil/ironbank/opensource/nginx/nginx patch 1.25.1 -> 1.25.2
- registry1.dso.mil/ironbank/opensource/postgres/postgresql12 minor 12.15 -> 12.16
## [1.12.4-bb.5] - 2023-10-16
### Changed
- Fixed Security Context
## [1.12.4-bb.4] - 2023-10-11
### Added
- Added non-root group user
Known Issues📜
- Kyverno Policies Issue 43: “Injected pods with ‘istio-init’ containers violate require-non-root-group policy” syntax is no longer valid with new chart versions.
- wrapper doesn’t properly allow multiple HelmRepositories: helmRepository value doesn’t allow multiple values
- Per app flux settings don’t work when overriding with falsey values: Per app flux settings don’t work when overriding with falsey values
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.