Skip to content

Release Notes - 2.15.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.26.3 (RKE2).

Upgrade Notices📜

Upgrades from previous releases📜

If coming from a version pre-2.14.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.14.0.

Packages📜

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.19.3 Tetrate Istio Distro 1.19.3 1.19.3-bb.1 🔗
Istio Operator Core Istio Operator 1.19.3 Tetrate Istio Distro Operator 1.19.3 1.19.3-bb.0
Jaeger Core 1.47.0 2.47.0-bb.1
Updated Kiali Core 1.74.0 1.76.0-bb.2 🔗
Updated Cluster Auditor Core 0.0.7 1.5.0-bb.10 🔗
Updated Gatekeeper Core 3.14.0 3.14.0-bb.0 🔗
Updated Kyverno Core 1.10.3 3.0.0-bb.11 🔗
Updated Kyverno Policies Core 3.0.4 3.0.4-bb.10 🔗
Kyverno Reporter Core 2.10.4 2.16.0-bb.6
Updated Elasticsearch Kibana Core Kibana 8.10.4 Elasticsearch 8.10.3 1.6.1-bb.2 🔗
Updated Eck Operator Core 2.9.0 2.9.0-bb.3 🔗
Fluentbit Core 2.1.10 0.39.0-bb.0
Promtail Core 2.9.2 6.15.3-bb.0
Loki Core 2.9.2 5.31.0-bb.3
Updated Neuvector Core 5.2.2 2.6.3-bb.3 🔗
Updated Tempo Core Tempo 2.3.0-ubi9 Tempo Query 2.3.0 1.7.0-bb.1 🔗
Updated Monitoring Core Prometheus 2.47.2 Grafana 10.1.5 Alertmanager 0.26.0 52.1.0-bb.0 🔗
Updated Grafana Core 10.1.5 6.60.6-bb.3 🔗
Updated Twistlock Core 30.02.123 0.13.0-bb.7 🔗
Wrapper Core N / A 0.4.1
Updated Argocd Addon 2.8.4 5.46.7-bb.8 🔗
Updated Authservice Addon 0.5.3 0.5.3-bb.21 🔗
Minio Operator Addon 5.0.10 5.0.10-bb.0
Updated Minio Addon RELEASE.2023-10-16T04-13-43Z 5.0.10-bb.2 🔗
Updated Gitlab Addon 16.5.1 7.5.1-bb.0 🔗
Updated Gitlab Runner Addon 15.11.0 0.52.0-bb.8 🔗
Updated Nexus Addon 3.61.0-02 61.0.0-bb.1 🔗
Sonarqube Addon 9.9.2-community 8.0.2-bb.2
Fortify BETA Addon 23.1.2.0005 1.1.2311007-bb.5
Haproxy Addon 2.2.31 1.19.3-bb.0
Updated Anchore Enterprise Addon Enterprise 4.9.1 Engine 1.1.0 1.27.4-bb.2 🔗
Mattermost Operator Addon 1.20.1 1.20.1-bb.0
Updated Mattermost Addon 9.2.1 9.2.1-bb.0 🔗
Updated Velero Addon 1.12.1 5.1.3-bb.0 🔗
Keycloak Addon 21.1.1 18.4.3-bb.10
Vault Addon 1.13.1 0.25.0-bb.4
Updated Metrics Server Addon 0.6.3 3.10.0-bb.3 🔗
Updated Harbor Addon 2.9.1 1.13.1-bb.0 🔗
New Thanos Addon 0.32.5 12.13.12-bb.3

Changes in 2.15.0📜

Big Bang MRs📜

  • !3415: Update kubectl apply command in Flux install documentation
  • !3412: Update test values to allow kyverno egress
  • !3396: version updates for release 2.14.0
  • !3113: SKIP UPGRADE Add Thanos to BB Chart
  • !3059: Resolve “Feature Request: Package Specific Git Creds”

Istio Controlplane📜

  • !3430: istio update to 1.19.3-bb.1
# Changelog Updates

## [1.19.3-bb.1] - 2023-11-07
### Changed
- ironbank/big-bang/base updated from 2.0.0 to 2.1.0

Kiali📜

  • !3431: kiali update to 1.76.0-bb.2
  • !3409: kiali update to 1.76.0-bb.1
  • !3376: kiali update to 1.76.0-bb.0
# Changelog Updates

## [1.76.0-bb.2] - 2023-11-12
### Updated
- Increase memory limit from 1700 to 8000 to prevent operator from OOM crashes in pipelines

## [1.76.0-bb.1] - 2023-11-07
### Updated
- Updated registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0

## [1.76.0-bb.0] - 2023-11-01
### Updated
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.76.0

Cluster Auditor📜

  • !3387: clusterAuditor update to 1.5.0-bb.10
# Changelog Updates

## [1.5.0-bb.10] - 2023-11-02
### Changed
- Hardened `opa-exporter` ServiceAccount with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)

Gatekeeper📜

  • !3422: gatekeeper update to 3.14.0-bb.0
  • !3385: gatekeeper update to 3.13.3-bb.2
# Changelog Updates

## [3.14.0-bb.0] - 2023-11-08
### Changed
- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.13.3 -> v3.14.0
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.13.3 -> v3.14.0
- Updated registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0

## [3.13.3-bb.3] - 2023-11-02
### Changed
- Hardened `gatekeeper-admin` ServiceAccount with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)
- Hardened ServiceAccounts in various `Jobs` with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)
- Disabled bb tests by default

## [3.13.3-bb.2] - 2023-11-02
### Changed
- Update gluon resource

## [3.13.3-bb.1] - 2023-11-01
### Changed
- Updated gluon 0.4.3 -> 0.4.4

## [3.13.3-bb.0] - 2023-11-01
### Changed
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.13.2 -> v3.13.3
- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.13.2 -> v3.13.3
- Updated gluon 0.4.1 -> 0.4.3
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.2 -> v1.28.3

Kyverno📜

  • !3411: kyverno update to 3.0.0-bb.11
# Changelog Updates

## [3.0.0-bb.11] - 2023-11-06
### Changed
- Added the rights to get, list, watch, update, and patch the kyverno-background-controller serviceaccount

Kyverno Policies📜

  • !3438: kyvernoPolicies update to 3.0.4-bb.10
  • !3434: kyvernoPolicies update to 3.0.4-bb.9
  • !3414: Update KyvernoPolicies 3.0.4-bb.8 and add istio-init PolicyException
  • !3386: kyvernoPolicies update to 3.0.4-bb.7
  • !3367: kyvernoPolicies update to 3.0.4-bb.6
  • !3348: kyvernoPolicies update to 3.0.4-bb.4
# Changelog Updates

## [3.0.4-bb.10] - 2023-11-13
### Changed
- Added ClusterPolicy to disable automountserviceaccounttoken on default serviceaccounts

## [3.0.4-bb.9] - 2023-11-09
### Added
- require-non-root-user-exception template for istio-init containers

## [3.0.4-bb.8] - 2023-11-07
### Added
- istio.enabled toggle for below PolicyException template
- require-non-root-group-exception template for istio-init containers

## [3.0.4-bb.7] - 2023-11-01
### Changed
- Fixed test for ClusterPolicy automountserviceaccounttoken

## [3.0.4-bb.6] - 2023-10-31
### Changed
- Default ClusterPolicy automountserviceaccounttoken to disabled

## [3.0.4-bb.5] - 2023-10-27
### Changed
- Added ClusterPolicy to disable automountserviceaccounttoken on the serviceaccounts and enable on the pods

## [3.0.4-bb.4] - 2023-10-25
### Changed
- Removed exceptions for Kyverno Reporter, Gitlab Runners, and Gitlab Shared Secrets (moved to bigbang repo)

Elasticsearch Kibana📜

  • !3407: elasticsearchKibana update to 1.6.1-bb.2
  • !3366: elasticsearchKibana update to 1.6.1-bb.1
# Changelog Updates

## [1.6.1-bb.2] - 2023-11-02
### Changed
- gluon updated from 0.4.1 to 0.4.4
- elasticsearch-exporter image updated to 1.6.0

## [1.6.1-bb.1] - 2023-10-24
### Changed
- fixing cypress tests to work in multiple configurations so that BB pipelines will pass.

## [1.6.1-bb.0] - 2023-10-24
### Changed
- ironbank/elastic/kibana/kibana updated from 8.9.1 to 8.10.4

Eck Operator📜

  • !3420: eckOperator update to 2.9.0-bb.3
# Changelog Updates

## [2.9.0-bb.3] - 2023-11-08
### Changed
- Updated registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0

## [2.9.0-bb.2] - 2023-10-24
### Changed
- Updating contributing file to link to external github contributions

Neuvector📜

  • !3426: neuvector update to 2.6.3-bb.3
# Changelog Updates

## [2.6.3-bb.3] - 2023-11-08
### Added
- Added logic for neuvector-prometheus-exporter-pod to poll for active api server before starting
- Set uid:gid runAsUser/runAsGroup to match the user/group in the exporter container

## [2.6.3-bb.2] - 2023-11-3
### Changed
- Updated Gluon from 0.4.1 to 0.4.4

Tempo📜

  • !3397: tempo update to 1.7.0-bb.1
# Changelog Updates

## [1.7.0-bb.1] - 2023-11-02
### Changed
- Updating tempo-query to 2.3.0
- Updating tempo to 2.3.0-ubi9
- Updating gluon to 0.4.4

Monitoring📜

  • !3400: initial set of changes to support monitoring/thanos changes
  • !3398: monitoring update to 51.10.0-bb.2
  • !3113: SKIP UPGRADE Add Thanos to BB Chart
# Changelog Updates

## [52.1.0-bb.0] - 2023-10-31
### Changed
- upgrade chart version to 52.1.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 10.0.3 -> 10.1.5
- upgrading gluon from 0.4.1 to 0.4.4

## [51.10.0-bb.2] - 2023-11-01
### Added
- automountServiceAccountToken to false for AlertManager (unnecessary token)

## [51.10.0-bb.1] - 2023-11-01
### Added
- Added AuthorizationPolicy for Thanos to connect to prometheus-thanos sidecar

Grafana📜

  • !3444: grafana update to 6.60.6-bb.3
  • !3402: grafana update to 6.60.6-bb.2
  • !3113: SKIP UPGRADE Add Thanos to BB Chart
# Changelog Updates

## [6.60.6-bb.3] - 2023-11-13
### Added
- `docs/DEVELOPMENT_MAINTENANCE.md` with upstream helm deviations

### Changed
- Added values back to `grafana.ini`

## [6.60.6-bb.2] - 2023-11-02
### Changed
- Moved redis-dashboards.yaml over to Redis package

## [6.60.6-bb.1] - 2023-11-01
### Added
- Added NetworkPolicy for egress to thanos query

Twistlock📜

  • !3406: twistlock update to 0.13.0-bb.7
# Changelog Updates

## [0.13.0-bb.7] - 2023-11-07
### Changed
- gluon updated from 0.4.1 to 0.4.4

Argocd📜

  • !3390: argocd update to 5.46.7-bb.8
# Changelog Updates

## [5.46.7-bb.8] - 2023-11-03
### Updated
- Updated remote `gluon` chart dependency to 0.4.4

## [5.46.7-bb.7] - 2023-11-02
### Updated
- Updated redis to 7.2.2
- Bumped Redis chart dependency to `18.2.0-bb.0`
- Added non-root group for redis

## [5.46.7-bb.6] - 2023-10-31
### Updated
- Update redis-exporter to v1.55.0

## [5.46.7-bb.5] - 2023-10-24
### Updated
- Updating contributing file to link to external github contributions

## [5.46.7-bb.4] - 2023-10-11
### Updated
- Updated annotation for bigbang.dev/applicationVersions to 2.8.4 in chart.yaml

Authservice📜

  • !3395: authservice update to 0.5.3-bb.20
# Changelog Updates

## [0.5.3-bb.21] - 2023-11-03
### Changed
- add non-root-group for redis subchart

## [0.5.3-bb.20] - 2023-10-25
### Changed
- redis updated from 18.0.4-bb.0 to 18.2.0-bb.0
- registry1.dso.mil/ironbank/bitnami/redis 7.2.1 -> 7.2.2

## [0.5.3-bb.19] - 2023-10-17
### Changed
- OSCAL update from 1.0.0 to 1.1.1

Minio📜

  • !3381: minio update to 5.0.10-bb.2
# Changelog Updates

## [5.0.10-bb.2] - 2023-11-02
### Changed
- Updated minio to `RELEASE.2023-10-16T04-13-43Z`
- Updated mc to `RELEASE.2023-10-30T18-43-32Z`

## [5.0.10-bb.1] - 2022-10-17
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-ingress` polic(y|ies)
- Added istio `allow-tempo` policy
- Added istio custom policy template

Gitlab📜

  • !3428: gitlab update to 7.5.1-bb.0
  • !3393: gitlabRunner update to 0.52.0-bb.8
# Changelog Updates

## [7.5.1-bb.0] - 2023-11-02
### Changed
- Updated helm chart to 7.5.1
- registry1.dso.mil/ironbank/opensource/postgres/postgresql major 14.8 -> 14.9

Gitlab Runner📜

  • !3393: gitlabRunner update to 0.52.0-bb.8
# Changelog Updates

## [0.52.0-bb.8] - 2023-11-03
### Changed
- Added additional kubernetes label to runner to allow it to work with network policy by default

Nexus📜

  • !3436: nexusRepositoryManager update to 61.0.0-bb.1
# Changelog Updates

## [61.0.0-bb.1] - 2023-11-13
### Changed
- Updated chart to version: 61.0.0-bb.1
- Fix broken SAML SSO section

Anchore Enterprise📜

  • !3391: anchore update to 1.27.4-bb.2
# Changelog Updates

## [1.27.4-bb.2]
### Changed
- Added missing `containerSecurityContext` to `anchore-feeds-db`.
- Bumped postgresql's `common` dependency to `2.x.x`.

## [1.27.4-bb.1]
### Changed
- Updated contributing.md

Mattermost📜

  • !3425: mattermost update to 9.2.1-bb.0
  • !3392: mattermost update to 9.1.1-bb.0
# Changelog Updates

## [9.2.1-bb.0] - 2023-11-07
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.1.1 to 9.2.1

## [9.1.1-bb.0] - 2023-10-31
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.1.0 to 9.1.1

## [9.1.0-bb.0] - 2023-10-17
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.0.0 to 9.1.0

## [9.0.0-bb.1] - 2023-10-05
### Changed
- Updated Renovate to include postgres values entry

Velero📜

  • !3432: velero update to 5.1.3-bb.0
# Changelog Updates

## [5.1.3-bb.0] - 2023-11-01
### Changed
- Updated to latest chart version `5.1.3`
- bump `controller-gen.kubebuilder.io/version:` to `v0.13.0`
- ironbank/opensource/nginx/nginx 1.25.2 -> 1.25.3
- registry1.dso.mil/ironbank/opensource/velero/velero v1.12.0 -> v1.12.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.6.0 -> v0.6.1
- velero/velero-plugin-for-csi v0.6.0 -> v0.6.1
- velero/velero-restore-helper v1.12.0 -> v1.12.1

Metrics Server📜

  • !3408: metricsServer update to 3.10.0-bb.3
# Changelog Updates

## [3.10.0-bb.3] - 2023-10-30
### Added
- Harden ServiceAccount with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)
- Update patch version of kubectl v1.28.2 -> v1.28.3

Harbor📜

  • !3401: harbor update to 1.13.1-bb.0
  • !3372: harbor update to 1.13.0-bb.4
# Changelog Updates

## [1.13.1-bb.0] - 2023-11-03
### Changed
- Updated app to v2.9.1 and helm chart to v1.13.1
- goharbor/redis-photon minor v2.9.0 -> v2.9.1
- ironbank/opensource/goharbor/harbor-core minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-core minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/registry minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter minor v2.9.0 -> v2.9.1

## [1.13.0-bb.4] - 2023-10-31
### Changed
- Updated registry1.dso.mil/ironbank/bitnami/postgres-exporter 0.12.1 -> 0.15.0
- Updated registry1.dso.mil/ironbank/opensource/nginx/nginx 1.25.2 -> 1.25.3
- Updated registry1.dso.mil/ironbank/opensource/postgres/postgresql12 12.15 -> 12.16

Known Issues📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.