Release Notes - 2.15.1📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.26.3 (RKE2).

Bug Fixes:📜

This patch release includes 3 bug fixes and 1 application update: - !3473: gitlab update to 7.5.1-bb.1 [certificates initContainer permission fixes] - !3470: loki update to 5.31.0-bb.6 [Removing hardcoded ingester: blockw in loki package values] - !3465: loki update to 5.31.0-bb.5 [Cypress unit testing updates] - !3435: loki update to 5.31.0-bb.4 [big-bang/base image update to 2.1.0]

!3471: gitlabRunner update to 0.58.1-bb.0 [gitlab-runner update to 16.5.0]

Upgrade Notices📜

No breaking changes from 2.15.0 or 2.14.0

Upgrades from previous releases📜

If coming from a version pre-2.14.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.14.0.

Packages📜

Package	Type	Package Version	BB Version
Istio Controlplane	Core	Istio `1.19.3` Tetrate Istio Distro `1.19.3`	`1.19.3-bb.1` 🔗
Istio Operator	Core	Istio Operator `1.19.3` Tetrate Istio Distro Operator `1.19.3`	`1.19.3-bb.0`
Jaeger	Core	`1.47.0`	`2.47.0-bb.1`
Kiali	Core	`1.74.0`	`1.76.0-bb.2` 🔗
Cluster Auditor	Core	`0.0.7`	`1.5.0-bb.10` 🔗
Gatekeeper	Core	`3.14.0`	`3.14.0-bb.0` 🔗
Kyverno	Core	`1.10.3`	`3.0.0-bb.11` 🔗
Kyverno Policies	Core	`3.0.4`	`3.0.4-bb.10` 🔗
Kyverno Reporter	Core	`2.10.4`	`2.16.0-bb.6`
Elasticsearch Kibana	Core	Kibana `8.10.4` Elasticsearch `8.10.3`	`1.6.1-bb.2` 🔗
Eck Operator	Core	`2.9.0`	`2.9.0-bb.3` 🔗
Fluentbit	Core	`2.1.10`	`0.39.0-bb.0`
Promtail	Core	`2.9.2`	`6.15.3-bb.0`
Loki	Core	`2.9.2`	`5.31.0-bb.6`
Neuvector	Core	`5.2.2`	`2.6.3-bb.3` 🔗
Tempo	Core	Tempo `2.3.0-ubi9` Tempo Query `2.3.0`	`1.7.0-bb.1` 🔗
Monitoring	Core	Prometheus `2.47.2` Grafana `10.1.5` Alertmanager `0.26.0`	`52.1.0-bb.0` 🔗
Grafana	Core	`10.1.5`	`6.60.6-bb.3` 🔗
Twistlock	Core	`30.02.123`	`0.13.0-bb.7` 🔗
Wrapper	Core	N / A	`0.4.1`
Argocd	Addon	`2.8.4`	`5.46.7-bb.8` 🔗
Authservice	Addon	`0.5.3`	`0.5.3-bb.21` 🔗
Minio Operator	Addon	`5.0.10`	`5.0.10-bb.0`
Minio	Addon	`RELEASE.2023-10-16T04-13-43Z`	`5.0.10-bb.2` 🔗
Gitlab	Addon	`16.5.1`	`7.5.1-bb.1` 🔗
Gitlab Runner	Addon	`16.5.0`	`0.58.1-bb.0` 🔗
Nexus	Addon	`3.61.0-02`	`61.0.0-bb.1` 🔗
Sonarqube	Addon	`9.9.2-community`	`8.0.2-bb.2`
Fortify	Addon	`23.1.2.0005`	`1.1.2311007-bb.5`
Haproxy	Addon	`2.2.31`	`1.19.3-bb.0`
Anchore Enterprise	Addon	Enterprise `4.9.1` Engine `1.1.0`	`1.27.4-bb.2` 🔗
Mattermost Operator	Addon	`1.20.1`	`1.20.1-bb.0`
Mattermost	Addon	`9.2.1`	`9.2.1-bb.0` 🔗
Velero	Addon	`1.12.1`	`5.1.3-bb.0` 🔗
Keycloak	Addon	`21.1.1`	`18.4.3-bb.10`
Vault	Addon	`1.13.1`	`0.25.0-bb.4`
Metrics Server	Addon	`0.6.3`	`3.10.0-bb.3` 🔗
Harbor	Addon	`2.9.1`	`1.13.1-bb.0` 🔗
Thanos	Addon	`0.32.5`	`12.13.12-bb.3`

Changes in 2.15.0📜

Big Bang MRs📜

!3415: Update kubectl apply command in Flux install documentation
!3412: Update test values to allow kyverno egress
!3396: version updates for release 2.14.0
!3113: SKIP UPGRADE Add Thanos to BB Chart
!3059: Resolve “Feature Request: Package Specific Git Creds”

Istio Controlplane📜

!3430: istio update to 1.19.3-bb.1

# Changelog Updates

## [1.19.3-bb.1] - 2023-11-07
### Changed
- ironbank/big-bang/base updated from 2.0.0 to 2.1.0

Kiali📜

!3431: kiali update to 1.76.0-bb.2
!3409: kiali update to 1.76.0-bb.1
!3376: kiali update to 1.76.0-bb.0

# Changelog Updates

## [1.76.0-bb.2] - 2023-11-12
### Updated
- Increase memory limit from 1700 to 8000 to prevent operator from OOM crashes in pipelines

## [1.76.0-bb.1] - 2023-11-07
### Updated
- Updated registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0

## [1.76.0-bb.0] - 2023-11-01
### Updated
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.76.0

Cluster Auditor📜

!3387: clusterAuditor update to 1.5.0-bb.10

# Changelog Updates

## [1.5.0-bb.10] - 2023-11-02
### Changed
- Hardened `opa-exporter` ServiceAccount with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)

Gatekeeper📜

!3422: gatekeeper update to 3.14.0-bb.0
!3385: gatekeeper update to 3.13.3-bb.2

# Changelog Updates

## [3.14.0-bb.0] - 2023-11-08
### Changed
- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.13.3 -> v3.14.0
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.13.3 -> v3.14.0
- Updated registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0

## [3.13.3-bb.3] - 2023-11-02
### Changed
- Hardened `gatekeeper-admin` ServiceAccount with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)
- Hardened ServiceAccounts in various `Jobs` with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)
- Disabled bb tests by default

## [3.13.3-bb.2] - 2023-11-02
### Changed
- Update gluon resource

## [3.13.3-bb.1] - 2023-11-01
### Changed
- Updated gluon 0.4.3 -> 0.4.4

## [3.13.3-bb.0] - 2023-11-01
### Changed
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.13.2 -> v3.13.3
- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.13.2 -> v3.13.3
- Updated gluon 0.4.1 -> 0.4.3
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.2 -> v1.28.3

Kyverno📜

!3411: kyverno update to 3.0.0-bb.11

# Changelog Updates

## [3.0.0-bb.11] - 2023-11-06
### Changed
- Added the rights to get, list, watch, update, and patch the kyverno-background-controller serviceaccount

Kyverno Policies📜

!3438: kyvernoPolicies update to 3.0.4-bb.10
!3434: kyvernoPolicies update to 3.0.4-bb.9
!3414: Update KyvernoPolicies 3.0.4-bb.8 and add istio-init PolicyException
!3386: kyvernoPolicies update to 3.0.4-bb.7
!3367: kyvernoPolicies update to 3.0.4-bb.6
!3348: kyvernoPolicies update to 3.0.4-bb.4

# Changelog Updates

## [3.0.4-bb.10] - 2023-11-13
### Changed
- Added ClusterPolicy to disable automountserviceaccounttoken on default serviceaccounts

## [3.0.4-bb.9] - 2023-11-09
### Added
- require-non-root-user-exception template for istio-init containers

## [3.0.4-bb.8] - 2023-11-07
### Added
- istio.enabled toggle for below PolicyException template
- require-non-root-group-exception template for istio-init containers

## [3.0.4-bb.7] - 2023-11-01
### Changed
- Fixed test for ClusterPolicy automountserviceaccounttoken

## [3.0.4-bb.6] - 2023-10-31
### Changed
- Default ClusterPolicy automountserviceaccounttoken to disabled

## [3.0.4-bb.5] - 2023-10-27
### Changed
- Added ClusterPolicy to disable automountserviceaccounttoken on the serviceaccounts and enable on the pods

## [3.0.4-bb.4] - 2023-10-25
### Changed
- Removed exceptions for Kyverno Reporter, Gitlab Runners, and Gitlab Shared Secrets (moved to bigbang repo)

Elasticsearch Kibana📜

!3407: elasticsearchKibana update to 1.6.1-bb.2
!3366: elasticsearchKibana update to 1.6.1-bb.1

# Changelog Updates

## [1.6.1-bb.2] - 2023-11-02
### Changed
- gluon updated from 0.4.1 to 0.4.4
- elasticsearch-exporter image updated to 1.6.0

## [1.6.1-bb.1] - 2023-10-24
### Changed
- fixing cypress tests to work in multiple configurations so that BB pipelines will pass.

## [1.6.1-bb.0] - 2023-10-24
### Changed
- ironbank/elastic/kibana/kibana updated from 8.9.1 to 8.10.4

Eck Operator📜

!3420: eckOperator update to 2.9.0-bb.3

# Changelog Updates

## [2.9.0-bb.3] - 2023-11-08
### Changed
- Updated registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0

## [2.9.0-bb.2] - 2023-10-24
### Changed
- Updating contributing file to link to external github contributions

Neuvector📜

!3426: neuvector update to 2.6.3-bb.3

# Changelog Updates

## [2.6.3-bb.3] - 2023-11-08
### Added
- Added logic for neuvector-prometheus-exporter-pod to poll for active api server before starting
- Set uid:gid runAsUser/runAsGroup to match the user/group in the exporter container

## [2.6.3-bb.2] - 2023-11-3
### Changed
- Updated Gluon from 0.4.1 to 0.4.4

Tempo📜

!3397: tempo update to 1.7.0-bb.1

# Changelog Updates

## [1.7.0-bb.1] - 2023-11-02
### Changed
- Updating tempo-query to 2.3.0
- Updating tempo to 2.3.0-ubi9
- Updating gluon to 0.4.4

Monitoring📜

!3400: initial set of changes to support monitoring/thanos changes
!3398: monitoring update to 51.10.0-bb.2
!3113: SKIP UPGRADE Add Thanos to BB Chart

# Changelog Updates

## [52.1.0-bb.0] - 2023-10-31
### Changed
- upgrade chart version to 52.1.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 10.0.3 -> 10.1.5
- upgrading gluon from 0.4.1 to 0.4.4

## [51.10.0-bb.2] - 2023-11-01
### Added
- automountServiceAccountToken to false for AlertManager (unnecessary token)

## [51.10.0-bb.1] - 2023-11-01
### Added
- Added AuthorizationPolicy for Thanos to connect to prometheus-thanos sidecar

Grafana📜

!3444: grafana update to 6.60.6-bb.3
!3402: grafana update to 6.60.6-bb.2
!3113: SKIP UPGRADE Add Thanos to BB Chart

# Changelog Updates

## [6.60.6-bb.3] - 2023-11-13
### Added
- `docs/DEVELOPMENT_MAINTENANCE.md` with upstream helm deviations

### Changed
- Added values back to `grafana.ini`

## [6.60.6-bb.2] - 2023-11-02
### Changed
- Moved redis-dashboards.yaml over to Redis package

## [6.60.6-bb.1] - 2023-11-01
### Added
- Added NetworkPolicy for egress to thanos query

Twistlock📜

!3406: twistlock update to 0.13.0-bb.7

# Changelog Updates

## [0.13.0-bb.7] - 2023-11-07
### Changed
- gluon updated from 0.4.1 to 0.4.4

Argocd📜

!3390: argocd update to 5.46.7-bb.8

# Changelog Updates

## [5.46.7-bb.8] - 2023-11-03
### Updated
- Updated remote `gluon` chart dependency to 0.4.4

## [5.46.7-bb.7] - 2023-11-02
### Updated
- Updated redis to 7.2.2
- Bumped Redis chart dependency to `18.2.0-bb.0`
- Added non-root group for redis

## [5.46.7-bb.6] - 2023-10-31
### Updated
- Update redis-exporter to v1.55.0

## [5.46.7-bb.5] - 2023-10-24
### Updated
- Updating contributing file to link to external github contributions

## [5.46.7-bb.4] - 2023-10-11
### Updated
- Updated annotation for bigbang.dev/applicationVersions to 2.8.4 in chart.yaml

Authservice📜

!3395: authservice update to 0.5.3-bb.20

# Changelog Updates

## [0.5.3-bb.21] - 2023-11-03
### Changed
- add non-root-group for redis subchart

## [0.5.3-bb.20] - 2023-10-25
### Changed
- redis updated from 18.0.4-bb.0 to 18.2.0-bb.0
- registry1.dso.mil/ironbank/bitnami/redis 7.2.1 -> 7.2.2

## [0.5.3-bb.19] - 2023-10-17
### Changed
- OSCAL update from 1.0.0 to 1.1.1

Minio📜

!3381: minio update to 5.0.10-bb.2

# Changelog Updates

## [5.0.10-bb.2] - 2023-11-02
### Changed
- Updated minio to `RELEASE.2023-10-16T04-13-43Z`
- Updated mc to `RELEASE.2023-10-30T18-43-32Z`

## [5.0.10-bb.1] - 2022-10-17
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-ingress` polic(y|ies)
- Added istio `allow-tempo` policy
- Added istio custom policy template

Gitlab📜

!3428: gitlab update to 7.5.1-bb.0
!3393: gitlabRunner update to 0.52.0-bb.8

# Changelog Updates

## [7.5.1-bb.0] - 2023-11-02
### Changed
- Updated helm chart to 7.5.1
- registry1.dso.mil/ironbank/opensource/postgres/postgresql major 14.8 -> 14.9

Gitlab Runner📜

!3393: gitlabRunner update to 0.52.0-bb.8

# Changelog Updates

## [0.52.0-bb.8] - 2023-11-03
### Changed
- Added additional kubernetes label to runner to allow it to work with network policy by default

Nexus📜

!3436: nexusRepositoryManager update to 61.0.0-bb.1

# Changelog Updates

## [61.0.0-bb.1] - 2023-11-13
### Changed
- Updated chart to version: 61.0.0-bb.1
- Fix broken SAML SSO section

Anchore Enterprise📜

!3391: anchore update to 1.27.4-bb.2

# Changelog Updates

## [1.27.4-bb.2]
### Changed
- Added missing `containerSecurityContext` to `anchore-feeds-db`.
- Bumped postgresql's `common` dependency to `2.x.x`.

## [1.27.4-bb.1]
### Changed
- Updated contributing.md

Mattermost📜

!3425: mattermost update to 9.2.1-bb.0
!3392: mattermost update to 9.1.1-bb.0

# Changelog Updates

## [9.2.1-bb.0] - 2023-11-07
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.1.1 to 9.2.1

## [9.1.1-bb.0] - 2023-10-31
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.1.0 to 9.1.1

## [9.1.0-bb.0] - 2023-10-17
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.0.0 to 9.1.0

## [9.0.0-bb.1] - 2023-10-05
### Changed
- Updated Renovate to include postgres values entry

Velero📜

!3432: velero update to 5.1.3-bb.0

# Changelog Updates

## [5.1.3-bb.0] - 2023-11-01
### Changed
- Updated to latest chart version `5.1.3`
- bump `controller-gen.kubebuilder.io/version:` to `v0.13.0`
- ironbank/opensource/nginx/nginx 1.25.2 -> 1.25.3
- registry1.dso.mil/ironbank/opensource/velero/velero v1.12.0 -> v1.12.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.6.0 -> v0.6.1
- velero/velero-plugin-for-csi v0.6.0 -> v0.6.1
- velero/velero-restore-helper v1.12.0 -> v1.12.1

Metrics Server📜

!3408: metricsServer update to 3.10.0-bb.3

# Changelog Updates

## [3.10.0-bb.3] - 2023-10-30
### Added
- Harden ServiceAccount with `automountServiceAccountToken: false` (overriden at Pod spec-level due to app requirements)
- Update patch version of kubectl v1.28.2 -> v1.28.3

Harbor📜

!3401: harbor update to 1.13.1-bb.0
!3372: harbor update to 1.13.0-bb.4

# Changelog Updates

## [1.13.1-bb.0] - 2023-11-03
### Changed
- Updated app to v2.9.1 and helm chart to v1.13.1
- goharbor/redis-photon minor v2.9.0 -> v2.9.1
- ironbank/opensource/goharbor/harbor-core minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-core minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/registry minor v2.9.0 -> v2.9.1
- registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter minor v2.9.0 -> v2.9.1

## [1.13.0-bb.4] - 2023-10-31
### Changed
- Updated registry1.dso.mil/ironbank/bitnami/postgres-exporter 0.12.1 -> 0.15.0
- Updated registry1.dso.mil/ironbank/opensource/nginx/nginx 1.25.2 -> 1.25.3
- Updated registry1.dso.mil/ironbank/opensource/postgres/postgresql12 12.15 -> 12.16

Known Issues📜

Per app flux settings don’t work when overriding with falsey values: Per app flux settings don’t work when overriding with falsey values
Loki scalable ring issue when HPAs enabled: Loki scalable ring issue when HPAs enabled

Helpful Links📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Open issues here
Join our chat
Check out the documentation for guidance on how to get started

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.