Release Notes - 2.15.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.26.3 (RKE2).
Upgrade Notices📜
Upgrades from previous releases📜
If coming from a version pre-2.14.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.14.0
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.19.3 Tetrate Istio Distro 1.19.3 |
1.19.3-bb.1 🔗 |
Istio Operator | Core | Istio Operator 1.19.3 Tetrate Istio Distro Operator 1.19.3 |
1.19.3-bb.0 |
Jaeger | Core | 1.47.0 |
2.47.0-bb.1 |
Kiali | Core | 1.74.0 |
1.76.0-bb.2 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.10 🔗 |
Gatekeeper | Core | 3.14.0 |
3.14.0-bb.0 🔗 |
Kyverno | Core | 1.10.3 |
3.0.0-bb.11 🔗 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.10 🔗 |
Kyverno Reporter | Core | 2.10.4 |
2.16.0-bb.6 |
Elasticsearch Kibana | Core | Kibana 8.10.4 Elasticsearch 8.10.3 |
1.6.1-bb.2 🔗 |
Eck Operator | Core | 2.9.0 |
2.9.0-bb.3 🔗 |
Fluentbit | Core | 2.1.10 |
0.39.0-bb.0 |
Promtail | Core | 2.9.2 |
6.15.3-bb.0 |
Loki | Core | 2.9.2 |
5.31.0-bb.3 |
Neuvector | Core | 5.2.2 |
2.6.3-bb.3 🔗 |
Tempo | Core | Tempo 2.3.0-ubi9 Tempo Query 2.3.0 |
1.7.0-bb.1 🔗 |
Monitoring | Core | Prometheus 2.47.2 Grafana 10.1.5 Alertmanager 0.26.0 |
52.1.0-bb.0 🔗 |
Grafana | Core | 10.1.5 |
6.60.6-bb.3 🔗 |
Twistlock | Core | 30.02.123 |
0.13.0-bb.7 🔗 |
Wrapper | Core | N / A | 0.4.1 |
Argocd | Addon | 2.8.4 |
5.46.7-bb.8 🔗 |
Authservice | Addon | 0.5.3 |
0.5.3-bb.21 🔗 |
Minio Operator | Addon | 5.0.10 |
5.0.10-bb.0 |
Minio | Addon | RELEASE.2023-10-16T04-13-43Z |
5.0.10-bb.2 🔗 |
Gitlab | Addon | 16.5.1 |
7.5.1-bb.0 🔗 |
Gitlab Runner | Addon | 15.11.0 |
0.52.0-bb.8 🔗 |
Nexus | Addon | 3.61.0-02 |
61.0.0-bb.1 🔗 |
Sonarqube | Addon | 9.9.2-community |
8.0.2-bb.2 |
Fortify | Addon | 23.1.2.0005 |
1.1.2311007-bb.5 |
Haproxy | Addon | 2.2.31 |
1.19.3-bb.0 |
Anchore Enterprise | Addon | Enterprise 4.9.1 Engine 1.1.0 |
1.27.4-bb.2 🔗 |
Mattermost Operator | Addon | 1.20.1 |
1.20.1-bb.0 |
Mattermost | Addon | 9.2.1 |
9.2.1-bb.0 🔗 |
Velero | Addon | 1.12.1 |
5.1.3-bb.0 🔗 |
Keycloak | Addon | 21.1.1 |
18.4.3-bb.10 |
Vault | Addon | 1.13.1 |
0.25.0-bb.4 |
Metrics Server | Addon | 0.6.3 |
3.10.0-bb.3 🔗 |
Harbor | Addon | 2.9.1 |
1.13.1-bb.0 🔗 |
Thanos | Addon | 0.32.5 |
12.13.12-bb.3 |
Changes in 2.15.0📜
Big Bang MRs📜
- !3415: Update kubectl apply command in Flux install documentation
- !3412: Update test values to allow kyverno egress
- !3396: version updates for release 2.14.0
- !3113: SKIP UPGRADE Add Thanos to BB Chart
- !3059: Resolve “Feature Request: Package Specific Git Creds”
Istio Controlplane📜
- !3430: istio update to 1.19.3-bb.1
# Changelog Updates
## [1.19.3-bb.1] - 2023-11-07
### Changed
- ironbank/big-bang/base updated from 2.0.0 to 2.1.0
Kiali📜
- !3431: kiali update to 1.76.0-bb.2
- !3409: kiali update to 1.76.0-bb.1
- !3376: kiali update to 1.76.0-bb.0
# Changelog Updates
## [1.76.0-bb.2] - 2023-11-12
### Updated
- Increase memory limit from 1700 to 8000 to prevent operator from OOM crashes in pipelines
## [1.76.0-bb.1] - 2023-11-07
### Updated
- Updated registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0
## [1.76.0-bb.0] - 2023-11-01
### Updated
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.76.0
Cluster Auditor📜
- !3387: clusterAuditor update to 1.5.0-bb.10
# Changelog Updates
## [1.5.0-bb.10] - 2023-11-02
### Changed
- Hardened `opa-exporter` ServiceAccount with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)
Gatekeeper📜
# Changelog Updates
## [3.14.0-bb.0] - 2023-11-08
### Changed
- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.13.3 -> v3.14.0
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.13.3 -> v3.14.0
- Updated registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0
## [3.13.3-bb.3] - 2023-11-02
### Changed
- Hardened `gatekeeper-admin` ServiceAccount with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)
- Hardened ServiceAccounts in various `Jobs` with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)
- Disabled bb tests by default
## [3.13.3-bb.2] - 2023-11-02
### Changed
- Update gluon resource
## [3.13.3-bb.1] - 2023-11-01
### Changed
- Updated gluon 0.4.3 -> 0.4.4
## [3.13.3-bb.0] - 2023-11-01
### Changed
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.13.2 -> v3.13.3
- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.13.2 -> v3.13.3
- Updated gluon 0.4.1 -> 0.4.3
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.2 -> v1.28.3
Kyverno📜
- !3411: kyverno update to 3.0.0-bb.11
# Changelog Updates
## [3.0.0-bb.11] - 2023-11-06
### Changed
- Added the rights to get, list, watch, update, and patch the kyverno-background-controller serviceaccount
Kyverno Policies📜
- !3438: kyvernoPolicies update to 3.0.4-bb.10
- !3434: kyvernoPolicies update to 3.0.4-bb.9
- !3414: Update KyvernoPolicies 3.0.4-bb.8 and add istio-init PolicyException
- !3386: kyvernoPolicies update to 3.0.4-bb.7
- !3367: kyvernoPolicies update to 3.0.4-bb.6
- !3348: kyvernoPolicies update to 3.0.4-bb.4
# Changelog Updates
## [3.0.4-bb.10] - 2023-11-13
### Changed
- Added ClusterPolicy to disable automountserviceaccounttoken on default serviceaccounts
## [3.0.4-bb.9] - 2023-11-09
### Added
- require-non-root-user-exception template for istio-init containers
## [3.0.4-bb.8] - 2023-11-07
### Added
- istio.enabled toggle for below PolicyException template
- require-non-root-group-exception template for istio-init containers
## [3.0.4-bb.7] - 2023-11-01
### Changed
- Fixed test for ClusterPolicy automountserviceaccounttoken
## [3.0.4-bb.6] - 2023-10-31
### Changed
- Default ClusterPolicy automountserviceaccounttoken to disabled
## [3.0.4-bb.5] - 2023-10-27
### Changed
- Added ClusterPolicy to disable automountserviceaccounttoken on the serviceaccounts and enable on the pods
## [3.0.4-bb.4] - 2023-10-25
### Changed
- Removed exceptions for Kyverno Reporter, Gitlab Runners, and Gitlab Shared Secrets (moved to bigbang repo)
Elasticsearch Kibana📜
# Changelog Updates
## [1.6.1-bb.2] - 2023-11-02
### Changed
- gluon updated from 0.4.1 to 0.4.4
- elasticsearch-exporter image updated to 1.6.0
## [1.6.1-bb.1] - 2023-10-24
### Changed
- fixing cypress tests to work in multiple configurations so that BB pipelines will pass.
## [1.6.1-bb.0] - 2023-10-24
### Changed
- ironbank/elastic/kibana/kibana updated from 8.9.1 to 8.10.4
Eck Operator📜
- !3420: eckOperator update to 2.9.0-bb.3
# Changelog Updates
## [2.9.0-bb.3] - 2023-11-08
### Changed
- Updated registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0
## [2.9.0-bb.2] - 2023-10-24
### Changed
- Updating contributing file to link to external github contributions
Neuvector📜
- !3426: neuvector update to 2.6.3-bb.3
# Changelog Updates
## [2.6.3-bb.3] - 2023-11-08
### Added
- Added logic for neuvector-prometheus-exporter-pod to poll for active api server before starting
- Set uid:gid runAsUser/runAsGroup to match the user/group in the exporter container
## [2.6.3-bb.2] - 2023-11-3
### Changed
- Updated Gluon from 0.4.1 to 0.4.4
Tempo📜
- !3397: tempo update to 1.7.0-bb.1
# Changelog Updates
## [1.7.0-bb.1] - 2023-11-02
### Changed
- Updating tempo-query to 2.3.0
- Updating tempo to 2.3.0-ubi9
- Updating gluon to 0.4.4
Monitoring📜
- !3400: initial set of changes to support monitoring/thanos changes
- !3398: monitoring update to 51.10.0-bb.2
- !3113: SKIP UPGRADE Add Thanos to BB Chart
# Changelog Updates
## [52.1.0-bb.0] - 2023-10-31
### Changed
- upgrade chart version to 52.1.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 10.0.3 -> 10.1.5
- upgrading gluon from 0.4.1 to 0.4.4
## [51.10.0-bb.2] - 2023-11-01
### Added
- automountServiceAccountToken to false for AlertManager (unnecessary token)
## [51.10.0-bb.1] - 2023-11-01
### Added
- Added AuthorizationPolicy for Thanos to connect to prometheus-thanos sidecar
Grafana📜
- !3444: grafana update to 6.60.6-bb.3
- !3402: grafana update to 6.60.6-bb.2
- !3113: SKIP UPGRADE Add Thanos to BB Chart
# Changelog Updates
## [6.60.6-bb.3] - 2023-11-13
### Added
- `docs/DEVELOPMENT_MAINTENANCE.md` with upstream helm deviations
### Changed
- Added values back to `grafana.ini`
## [6.60.6-bb.2] - 2023-11-02
### Changed
- Moved redis-dashboards.yaml over to Redis package
## [6.60.6-bb.1] - 2023-11-01
### Added
- Added NetworkPolicy for egress to thanos query
Twistlock📜
- !3406: twistlock update to 0.13.0-bb.7
# Changelog Updates
## [0.13.0-bb.7] - 2023-11-07
### Changed
- gluon updated from 0.4.1 to 0.4.4
Argocd📜
- !3390: argocd update to 5.46.7-bb.8
# Changelog Updates
## [5.46.7-bb.8] - 2023-11-03
### Updated
- Updated remote `gluon` chart dependency to 0.4.4
## [5.46.7-bb.7] - 2023-11-02
### Updated
- Updated redis to 7.2.2
- Bumped Redis chart dependency to `18.2.0-bb.0`
- Added non-root group for redis
## [5.46.7-bb.6] - 2023-10-31
### Updated
- Update redis-exporter to v1.55.0
## [5.46.7-bb.5] - 2023-10-24
### Updated
- Updating contributing file to link to external github contributions
## [5.46.7-bb.4] - 2023-10-11
### Updated
- Updated annotation for bigbang.dev/applicationVersions to 2.8.4 in chart.yaml
Authservice📜
- !3395: authservice update to 0.5.3-bb.20
# Changelog Updates
## [0.5.3-bb.21] - 2023-11-03
### Changed
- add non-root-group for redis subchart
## [0.5.3-bb.20] - 2023-10-25
### Changed
- redis updated from 18.0.4-bb.0 to 18.2.0-bb.0
- registry1.dso.mil/ironbank/bitnami/redis 7.2.1 -> 7.2.2
## [0.5.3-bb.19] - 2023-10-17
### Changed
- OSCAL update from 1.0.0 to 1.1.1
Minio📜
- !3381: minio update to 5.0.10-bb.2
# Changelog Updates
## [5.0.10-bb.2] - 2023-11-02
### Changed
- Updated minio to `RELEASE.2023-10-16T04-13-43Z`
- Updated mc to `RELEASE.2023-10-30T18-43-32Z`
## [5.0.10-bb.1] - 2022-10-17
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-ingress` polic(y|ies)
- Added istio `allow-tempo` policy
- Added istio custom policy template
Gitlab📜
# Changelog Updates
## [7.5.1-bb.0] - 2023-11-02
### Changed
- Updated helm chart to 7.5.1
- registry1.dso.mil/ironbank/opensource/postgres/postgresql major 14.8 -> 14.9
Gitlab Runner📜
- !3393: gitlabRunner update to 0.52.0-bb.8
# Changelog Updates
## [0.52.0-bb.8] - 2023-11-03
### Changed
- Added additional kubernetes label to runner to allow it to work with network policy by default
Nexus📜
- !3436: nexusRepositoryManager update to 61.0.0-bb.1
# Changelog Updates
## [61.0.0-bb.1] - 2023-11-13
### Changed
- Updated chart to version: 61.0.0-bb.1
- Fix broken SAML SSO section
Anchore Enterprise📜
- !3391: anchore update to 1.27.4-bb.2
# Changelog Updates
## [1.27.4-bb.2]
### Changed
- Added missing `containerSecurityContext` to `anchore-feeds-db`.
- Bumped postgresql's `common` dependency to `2.x.x`.
## [1.27.4-bb.1]
### Changed
- Updated contributing.md
Mattermost📜
# Changelog Updates
## [9.2.1-bb.0] - 2023-11-07
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.1.1 to 9.2.1
## [9.1.1-bb.0] - 2023-10-31
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.1.0 to 9.1.1
## [9.1.0-bb.0] - 2023-10-17
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.0.0 to 9.1.0
## [9.0.0-bb.1] - 2023-10-05
### Changed
- Updated Renovate to include postgres values entry
Velero📜
- !3432: velero update to 5.1.3-bb.0
# Changelog Updates
## [5.1.3-bb.0] - 2023-11-01
### Changed
- Updated to latest chart version `5.1.3`
- bump `controller-gen.kubebuilder.io/version:` to `v0.13.0`
- ironbank/opensource/nginx/nginx 1.25.2 -> 1.25.3
- registry1.dso.mil/ironbank/opensource/velero/velero v1.12.0 -> v1.12.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.6.0 -> v0.6.1
- velero/velero-plugin-for-csi v0.6.0 -> v0.6.1
- velero/velero-restore-helper v1.12.0 -> v1.12.1
Metrics Server📜
- !3408: metricsServer update to 3.10.0-bb.3
# Changelog Updates
## [3.10.0-bb.3] - 2023-10-30
### Added
- Harden ServiceAccount with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)
- Update patch version of kubectl v1.28.2 -> v1.28.3
Harbor📜
# Changelog Updates
## [1.13.1-bb.0] - 2023-11-03
### Changed
- Updated app to v2.9.1 and helm chart to v1.13.1
- goharbor/redis-photon minor v2.9.0 -> v2.9.1
- ironbank/opensource/goharbor/harbor-core minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-core minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/registry minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter minor v2.9.0 -> v2.9.1
## [1.13.0-bb.4] - 2023-10-31
### Changed
- Updated registry1.dso.mil/ironbank/bitnami/postgres-exporter 0.12.1 -> 0.15.0
- Updated registry1.dso.mil/ironbank/opensource/nginx/nginx 1.25.2 -> 1.25.3
- Updated registry1.dso.mil/ironbank/opensource/postgres/postgresql12 12.15 -> 12.16
Known Issues📜
- Per app flux settings don’t work when overriding with falsey values: Per app flux settings don’t work when overriding with falsey values
- Gitlab Certificate Init Container Permission Denied Errors: Gitlab Certificate Init Container Permission Denied
- Loki scalable ring issue when HPAs enabled: Loki scalable ring issue when HPAs enabled
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.