Release Notes - 2.17.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.27.6 (RKE2).
Upgrade Notices📜
Kyverno:
Kyverno 1.11.0 is another huge release which brings may new capabilities and significant enhancements to existing ones. The main features of Kyverno 1.11.0 include:
- Remove CLI kyverno test manifest ...
commands (replaced by kyverno create ...
).
- Deprecated flag --imageSignatureRepository
. Will be removed in 1.12. Use per rule configuration verifyImages.Repository instead.
- Renamed CLI flag --compact
to --detailed-results
(and changed default value from true to false).
- Changed the default value of --enablePolicyException
from false to true.
See upstream tag for more information.
Upgrades from previous releases📜
If coming from a version pre-2.16.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.16.0
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.19.4 Tetrate Istio Distro 1.19.3 |
1.19.4-bb.0 |
Istio Operator | Core | Istio Operator 1.19.4 Tetrate Istio Distro Operator 1.19.3 |
1.19.4-bb.1 |
Jaeger | Core | 1.47.0 |
2.47.0-bb.1 |
Kiali | Core | 1.77.1 |
1.77.1-bb.1 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.10 |
Gatekeeper | Core | 3.14.0 |
3.14.0-bb.0 |
Kyverno | Core | 1.11.0 |
3.1.0-bb.0 🔗 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.15 🔗 |
Kyverno Reporter | Core | 2.10.4 |
2.16.0-bb.6 |
Elasticsearch Kibana | Core | Kibana 8.10.4 Elasticsearch 8.10.3 |
1.6.1-bb.2 |
Eck Operator | Core | 2.10.0 |
2.10.0-bb.0 |
Fluentbit | Core | 2.1.10 |
0.39.0-bb.3 🔗 |
Promtail | Core | 2.9.2 |
6.15.3-bb.1 |
Loki | Core | 2.9.2 |
5.31.0-bb.10 🔗 |
Neuvector | Core | 5.2.2 |
2.6.3-bb.7 🔗 |
Tempo | Core | Tempo 2.3.0-ubi9 Tempo Query 2.3.1 |
1.7.1-bb.0 🔗 |
Monitoring | Core | Prometheus 2.48.0 Grafana 10.2.2 Alertmanager 0.26.0 |
55.0.0-bb.1 🔗 |
Grafana | Core | 10.1.5 |
6.60.6-bb.3 |
Twistlock | Core | 30.02.123 |
0.13.0-bb.7 |
Wrapper | Core | N / A | 0.4.2 |
Argocd | Addon | 2.8.4 |
5.46.7-bb.9 🔗 |
Authservice | Addon | 0.5.3 |
0.5.3-bb.21 |
Minio Operator | Addon | 5.0.11 |
5.0.11-bb.0 🔗 |
Minio | Addon | RELEASE.2023-11-20T22-40-07Z |
5.0.11-bb.0 🔗 |
Gitlab | Addon | 16.6.1 |
7.6.1-bb.0 🔗 |
Gitlab Runner | Addon | 16.5.0 |
0.58.1-bb.0 |
Nexus | Addon | 3.62.0-01 |
62.0.0-bb.0 |
Sonarqube | Addon | 9.9.3-community |
8.0.3-bb.0 🔗 |
Fortify | Addon | 23.1.2.0005 |
1.1.2311007-bb.7 |
Haproxy | Addon | 2.2.31 |
1.19.3-bb.0 |
Anchore Enterprise | Addon | Enterprise 4.9.3 Engine 1.1.0 |
1.27.4-bb.6 🔗 |
Mattermost Operator | Addon | 1.20.1 |
1.20.1-bb.0 |
Mattermost | Addon | 9.2.3 |
v9.2.3-bb.0 🔗 |
Velero | Addon | 1.12.1 |
5.1.3-bb.2 🔗 |
Keycloak | Addon | 21.1.1 |
18.4.3-bb.10 |
Vault | Addon | 1.13.1 |
0.25.0-bb.5 |
Metrics Server | Addon | 0.6.4 |
3.11.0-bb.1 🔗 |
Harbor | Addon | 2.9.1 |
1.13.1-bb.3 |
Thanos | Addon | 0.32.5 |
12.13.12-bb.4 🔗 |
Changes in 2.17.0📜
Big Bang MRs📜
- !3559: fix: disables
require-image-signature
policy by default - !3529: feat: re-enable
require-image-signature
policy - !3539: Additional memory and cpu
- !3542: fix issue with incorrect url format
- !3509: increase loki resources
- !3512: fix bigbang git path in install flux doc
- !3544: SKIP UPGRADE set require-image-signature to Audit for tests
- !3540: increase the limits for bb ci runs
Kiali📜
# Changelog Updates
## [1.77.1-bb.1] - 2023-12-06
### Changed
- Increased Cypress test timeouts
- Add some cpu horsepower to test values for the kiali operator
## [1.77.1-bb.0] - 2023-12-01
### Updated
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.77.1
## [1.76.0-bb.5] - 2023-11-27
### Changed
- Updating OSCAL Component file
Kyverno📜
# Changelog Updates
## [3.1.0-bb.0] - 2023-11-21
### Changed
- Updated `kubectl` from `v1.28.3` to `v1.28.4`
- Updated `kyverno` from `v1.10.3` to `v1.11.0`
- Updated `background-controller` from `1.10.3` to `v1.11.0`
- Updated `cleanup-controller` from `v1.10.3` to `v1.11.0`
- Updated `reports-controller` from `1.10.3` to `v1.11.0`
- Updated `kyvernopre` from `v1.10.3` to `v1.11.0`
- Updated `ubi8-minimal` from `8.8` to `8.9`
## [3.0.0-bb.13] - 2023-11-24
### Changed
- Allow the automountserviceaccounttoken to be disabled/enabled
Kyverno Policies📜
- !3528: kyvernoPolicies update to 3.0.4-bb.15
- !3499: kyvernoPolicies update to 3.0.4-bb.12
- !3486: kyvernoPolicies update to 3.0.4-bb.11
# Changelog Updates
## [3.0.4-bb.15] - 2023-12-05
### Changed
- set `failurePolicy` to `Ignore` by default for audit policies with new helper function
## [3.0.4-bb.14] - 2023-12-04
### Changed
- Exclude default SA from serviceaccount mutation in update-automountserviceaccounttokens
## [3.0.4-bb.13] - 2023-12-01
### Changed
- Fix following upstream (Kyverno 1.11.0) changes in signature verification default behavior, adding new `ignoreTlog` and `url` fields to `require-image-signature` policy to ignore checking transaction logs for Iron Bank images.
## [3.0.4-bb.12] - 2023-11-17
### Changed
- ironbank/opensource/kubernetes/kubectl updated from v1.28.3 to v1.28.4
- ironbank/redhat/ubi/ubi8-minimal updated from 8.8 to 8.9
## [3.0.4-bb.11] - 2023-11-15
### Changed
- Added support for checking deprecated API policy for Kubernetes v1.29.
Fluentbit📜
- !3518: fluentbit update to 0.39.0-bb.3
# Changelog Updates
## [0.39.0-bb.3]
### Changed
- jq image version from 1.6 -> 1.7 in bbtests
- upgrade gluon repo and version to 0.4.4
## [0.39.0-bb.2]
### Changed
- Updating OSCAL Component file.
Loki📜
- !3516: loki update to 5.31.0-bb.10
# Changelog Updates
## [5.31.0-bb.10] - 2023-12-04
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.3 -> v1.28.4
## [5.31.0-bb.9] - 2023-11-28
### Added
- Updating OSCAL Component file.
Neuvector📜
- !3532: neuvector update to 2.6.3-bb.7
- !3520: Neuvector: disabled automountserviceaccounttoken in the neuvector namespace
# Changelog Updates
## [2.6.3-bb.7] - 2023-12-06
### Changed
- Increase cypress timeouts
## [2.6.3-bb.6] - 2023-11-29
### Changed
- Updated big-bang/base from 2.0.0 to 2.1.0
### Removed
- requirements.lock file legacy to Helm 2
## [2.6.3-bb.5] - 2023-11-28
### Added
- Updating OSCAL Component file.
## [2.6.3-bb.4] - 2023-11-17
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-ingress` polic(y|ies)
- Added istio custom policy template
- Changed `istio: injection:` from `"disabled"` to `"enabled"`
Tempo📜
- !3493: tempo update to 1.7.0-bb.3
# Changelog Updates
## [1.7.1-bb.0] - 2023-12-07
### Changed
- Upgrading tempo-query (2.3.0 -> 2.3.1)
## [1.7.0-bb.3] - 2023-11-29
### Changed
- registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0
## [1.7.0-bb.2] - 2023-11-28
### Changed
- Updating OSCAL Component file.
Monitoring📜
# Changelog Updates
## [55.0.0-bb.1] - 2023-12-07
### Updated
- Bug fix where AlertmanagerClusterDown alert fires although the alertmanager is healthy.
- Added an additional NetworkPolicy to facilitate the fix for alertmanager's reloader-web
- Added an additional port to the authorization and peerauthentication policies
## [55.0.0-bb.0] - 2023-12-4
### Changed
- Updated chart version to 55.0.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 10.1.5 -> 10.2.2
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.69.1 -> v0.70.0
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.69.1 -> v0.70.0
## [52.1.0-bb.2] - 2023-11-22
### Changed
- Allowing consumers to choose to disable all or certain bigbang istio prometheus alert rules. (.Values.istio.prometheusRule.x)
## [52.1.0-bb.1] - 2023-11-21
### Updated
- registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics v2.10.0 -> v2.10.1
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.3 -> v1.28.4
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.68.0 -> v0.69.1
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.68.0 -> v0.69.1
- registry1.dso.mil/ironbank/opensource/prometheus/node-exporter v1.6.1 -> v1.7.0
- registry1.dso.mil/ironbank/opensource/prometheus/prometheus v2.47.2 -> v2.48.0
- registry1.dso.mil/ironbank/redhat/ubi/ubi8-minimal 8.8 -> 8.9
Argocd📜
# Changelog Updates
## [5.46.7-bb.9] - 2023-11-28
### Updated
- Updated redis to 7.2.3
- Bumped Redis chart dependency to `18.3.2-bb.1`
- Updated bigbang base chart dependancy to `2.1.0`
Minio Operator📜
- !3526: minioOperator update to 5.0.11-bb.0
# Changelog Updates
## [5.0.11-bb.0] - 2023-12-05
### Upgrade
- Upgraded minio operator chart to v5.0.11
- Upgrade minio operator images to v5.0.11
- Update to run as user 1000 to align with upstream chart
Minio📜
# Changelog Updates
## [5.0.11-bb.0] - 2023-12-05
### Changed
- Updated chart to v5.0.11
- Updated gluon to 0.4.4
## [5.0.10-bb.4] - 2023-11-22
### Changed
- Updated minio to `RELEASE.2023-11-20T22-40-07Z`
- Updated mc to `RELEASE.2023-11-20T16-30-59Z`
Gitlab📜
- !3556: gitlab update to 7.6.1-bb.0
- !3525: gitlab update to 7.6.0-bb.0
- !3510: gitlab update to 7.5.1-bb.2
# Changelog Updates
## [7.6.1-bb.0] - 2023-12-12
### Changed
- Update GitLab to appVersion 16.6.1
- Update chart version to 7.6.1
- ironbank/gitlab/gitlab/gitlab-webservice 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 16.6.0 -> 16.6.1
## [7.6.0-bb.0] - 2023-12-01
### Changed
- Update GitLab to appVersion 16.6.0
- Update chart version to 7.6.0
- Update gluon from 0.4.1 to 0.4.4
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/redhat/ubi/ubi8 patch 8.8 -> 8.9
## [7.5.1-bb.2] - 2023-12-01
### Changed
- Update gitlab-exporter security context to fix non-root-group policy violations
Sonarqube📜
# Changelog Updates
## [8.0.3-bb.0] - 2023-11-29
### Changed
- Update release to sonarqube-8.0.3-sonarqube-dce-7.0.3
## [8.0.2-bb.3] - 2023-11-06
### Changed
- postgres-exporter from 0.14.0 to 0.15.0
Anchore Enterprise📜
- !3551: anchore update to 1.27.4-bb.6
- !3547: anchore update to 1.27.4-bb.5
- !3489: anchore update to 1.27.4-bb.4
# Changelog Updates
## [1.27.4-bb.6]
### Changed
- Fix readme
## [1.27.4-bb.5]
### Changed
- Update sso securityContext
- Bumped Redis to `7.2.3`
## [1.27.4-bb.4]
### Changed
- Bumped Anchore Enterprise tag to `4.9.3`
- Bumped Redis chart dependency to `18.3.2-bb.0`
- Bumped Postgres to `13.12`
- Added missing image annotation for Redis
Mattermost📜
# Changelog Updates
## [9.2.3-bb.0] - 2023-12-01
### Changed
- ironbank/opensource/mattermost/mattermost updated from v9.2.2 to v9.2.3
Velero📜
- !3507: Velero: disabled automountserviceaccounttoken in the velero namespace
- !3496: velero update to 5.1.3-bb.2
# Changelog Updates
## [5.1.3-bb.2] - 2023-11-25
### Changed
- Updated kubectl chart chart dependancy to `1.28.4`
- Updated velero-plugin-for-aws dependency to `1.8.2`
Metrics Server📜
# Changelog Updates
## [3.11.0-bb.1] - 2023-11-30
### Added
- Update patch registry.k8s.io/autoscaling/addon-resizer from 1.8.19 -> 1.8.20
## [3.11.0-bb.0] - 2023-11-28
### Added
- Update patch version of metrics-server from v0.6.3 -> v0.6.4
- Update patch version of kubectl v1.28.3 -> v1.28.4
Thanos📜
- !3511: thanos update to 12.13.12-bb.4
- !3506: add thanos exceptions for allowedHostFilesystem/volumeTypes
# Changelog Updates
## [12.13.12-bb.4] - 2023-12-01
### Added
- update securityContext for query, query-Frontend, and storageteway to fix kyverno policy violations
Known Issues📜
- Velero caCert template errors: Per app flux settings don’t work when overriding with falsey values
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.