Skip to content

Release Notes - 2.17.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.27.6 (RKE2).

Upgrade Notices📜

Kyverno:

Kyverno 1.11.0 is another huge release which brings may new capabilities and significant enhancements to existing ones. The main features of Kyverno 1.11.0 include: - Remove CLI kyverno test manifest ... commands (replaced by kyverno create ...). - Deprecated flag --imageSignatureRepository. Will be removed in 1.12. Use per rule configuration verifyImages.Repository instead. - Renamed CLI flag --compact to --detailed-results (and changed default value from true to false). - Changed the default value of --enablePolicyException from false to true.

See upstream tag for more information.

Upgrades from previous releases📜

If coming from a version pre-2.16.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.16.0.

Packages📜

Package Type Package Version BB Version
Istio Controlplane Core Istio 1.19.4 Tetrate Istio Distro 1.19.3 1.19.4-bb.0
Istio Operator Core Istio Operator 1.19.4 Tetrate Istio Distro Operator 1.19.3 1.19.4-bb.1
Jaeger Core 1.47.0 2.47.0-bb.1
Updated Kiali Core 1.77.1 1.77.1-bb.1 🔗
Cluster Auditor Core 0.0.7 1.5.0-bb.10
Gatekeeper Core 3.14.0 3.14.0-bb.0
Updated Kyverno Core 1.11.0 3.1.0-bb.0 🔗
Updated Kyverno Policies Core 3.0.4 3.0.4-bb.15 🔗
Kyverno Reporter Core 2.10.4 2.16.0-bb.6
Elasticsearch Kibana Core Kibana 8.10.4 Elasticsearch 8.10.3 1.6.1-bb.2
Eck Operator Core 2.10.0 2.10.0-bb.0
Updated Fluentbit Core 2.1.10 0.39.0-bb.3 🔗
Promtail Core 2.9.2 6.15.3-bb.1
Updated Loki Core 2.9.2 5.31.0-bb.10 🔗
Updated Neuvector Core 5.2.2 2.6.3-bb.7 🔗
Updated Tempo Core Tempo 2.3.0-ubi9 Tempo Query 2.3.1 1.7.1-bb.0 🔗
Updated Monitoring Core Prometheus 2.48.0 Grafana 10.2.2 Alertmanager 0.26.0 55.0.0-bb.1 🔗
Grafana Core 10.1.5 6.60.6-bb.3
Twistlock Core 30.02.123 0.13.0-bb.7
Wrapper Core N / A 0.4.2
Updated Argocd Addon 2.8.4 5.46.7-bb.9 🔗
Authservice Addon 0.5.3 0.5.3-bb.21
Updated Minio Operator Addon 5.0.11 5.0.11-bb.0 🔗
Updated Minio Addon RELEASE.2023-11-20T22-40-07Z 5.0.11-bb.0 🔗
Updated Gitlab Addon 16.6.1 7.6.1-bb.0 🔗
Gitlab Runner Addon 16.5.0 0.58.1-bb.0
Nexus Addon 3.62.0-01 62.0.0-bb.0
Updated Sonarqube Addon 9.9.3-community 8.0.3-bb.0 🔗
Fortify BETA Addon 23.1.2.0005 1.1.2311007-bb.7
Haproxy Addon 2.2.31 1.19.3-bb.0
Updated Anchore Enterprise Addon Enterprise 4.9.3 Engine 1.1.0 1.27.4-bb.6 🔗
Mattermost Operator Addon 1.20.1 1.20.1-bb.0
Updated Mattermost Addon 9.2.3 v9.2.3-bb.0 🔗
Updated Velero Addon 1.12.1 5.1.3-bb.2 🔗
Keycloak Addon 21.1.1 18.4.3-bb.10
Vault Addon 1.13.1 0.25.0-bb.5
Updated Metrics Server Addon 0.6.4 3.11.0-bb.1 🔗
Harbor Addon 2.9.1 1.13.1-bb.3
Updated Thanos BETA Addon 0.32.5 12.13.12-bb.4 🔗

Changes in 2.17.0📜

Big Bang MRs📜

  • !3559: fix: disables require-image-signature policy by default
  • !3529: feat: re-enable require-image-signature policy
  • !3539: Additional memory and cpu
  • !3542: fix issue with incorrect url format
  • !3509: increase loki resources
  • !3512: fix bigbang git path in install flux doc
  • !3544: SKIP UPGRADE set require-image-signature to Audit for tests
  • !3540: increase the limits for bb ci runs

Kiali📜

  • !3522: kiali update to 1.77.1-bb.0
  • !3530: SKIP UPGRADE kiali update to 1.77.1-bb.1
# Changelog Updates

## [1.77.1-bb.1] - 2023-12-06
### Changed
- Increased Cypress test timeouts
- Add some cpu horsepower to test values for the kiali operator

## [1.77.1-bb.0] - 2023-12-01
### Updated
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.77.1

## [1.76.0-bb.5] - 2023-11-27
### Changed
- Updating OSCAL Component file

Kyverno📜

  • !3503: kyverno update to 3.1.0-bb.0
  • !3494: kyverno update to 3.0.0-bb.13
# Changelog Updates

## [3.1.0-bb.0] - 2023-11-21
### Changed
- Updated `kubectl` from `v1.28.3` to `v1.28.4`
- Updated `kyverno` from `v1.10.3` to `v1.11.0`
- Updated `background-controller` from `1.10.3` to `v1.11.0`
- Updated `cleanup-controller` from `v1.10.3` to `v1.11.0`
- Updated `reports-controller` from `1.10.3` to `v1.11.0`
- Updated `kyvernopre` from `v1.10.3` to `v1.11.0`
- Updated `ubi8-minimal` from `8.8` to `8.9`

## [3.0.0-bb.13] - 2023-11-24
### Changed
- Allow the automountserviceaccounttoken to be disabled/enabled

Kyverno Policies📜

  • !3528: kyvernoPolicies update to 3.0.4-bb.15
  • !3499: kyvernoPolicies update to 3.0.4-bb.12
  • !3486: kyvernoPolicies update to 3.0.4-bb.11
# Changelog Updates

## [3.0.4-bb.15] - 2023-12-05
### Changed
- set `failurePolicy` to `Ignore` by default for audit policies with new helper function

## [3.0.4-bb.14] - 2023-12-04
### Changed
- Exclude default SA from serviceaccount mutation in update-automountserviceaccounttokens

## [3.0.4-bb.13] - 2023-12-01
### Changed
- Fix following upstream (Kyverno 1.11.0) changes in signature verification default behavior, adding new `ignoreTlog` and `url` fields to `require-image-signature` policy to ignore checking transaction logs for Iron Bank images.

## [3.0.4-bb.12] - 2023-11-17
### Changed
- ironbank/opensource/kubernetes/kubectl updated from v1.28.3 to v1.28.4
- ironbank/redhat/ubi/ubi8-minimal updated from 8.8 to 8.9

## [3.0.4-bb.11] - 2023-11-15
### Changed
- Added support for checking deprecated API policy for Kubernetes v1.29.

Fluentbit📜

  • !3518: fluentbit update to 0.39.0-bb.3
# Changelog Updates

## [0.39.0-bb.3]
### Changed
- jq image version from 1.6 -> 1.7 in bbtests
- upgrade gluon repo and version to 0.4.4

## [0.39.0-bb.2]
### Changed
- Updating OSCAL Component file.

Loki📜

  • !3516: loki update to 5.31.0-bb.10
# Changelog Updates

## [5.31.0-bb.10] - 2023-12-04
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.3 -> v1.28.4

## [5.31.0-bb.9] - 2023-11-28
### Added
- Updating OSCAL Component file.

Neuvector📜

  • !3532: neuvector update to 2.6.3-bb.7
  • !3520: Neuvector: disabled automountserviceaccounttoken in the neuvector namespace
# Changelog Updates

## [2.6.3-bb.7] - 2023-12-06
### Changed
- Increase cypress timeouts

## [2.6.3-bb.6] - 2023-11-29
### Changed
- Updated big-bang/base from 2.0.0 to 2.1.0

### Removed
- requirements.lock file legacy to Helm 2

## [2.6.3-bb.5] - 2023-11-28
### Added
- Updating OSCAL Component file.

## [2.6.3-bb.4] - 2023-11-17
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-ingress` polic(y|ies)
- Added istio custom policy template
- Changed `istio: injection:` from `"disabled"` to `"enabled"`

Tempo📜

  • !3493: tempo update to 1.7.0-bb.3
# Changelog Updates

## [1.7.1-bb.0] - 2023-12-07
### Changed
- Upgrading tempo-query (2.3.0 -> 2.3.1)

## [1.7.0-bb.3] - 2023-11-29
### Changed
- registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0

## [1.7.0-bb.2] - 2023-11-28
### Changed
- Updating OSCAL Component file.

Monitoring📜

  • !3550: monitoring update to 55.0.0-bb.1
  • !3491: monitoring update to 52.1.0-bb.2
# Changelog Updates

## [55.0.0-bb.1] - 2023-12-07
### Updated
- Bug fix where AlertmanagerClusterDown alert fires although the alertmanager is healthy.
- Added an additional NetworkPolicy to facilitate the fix for alertmanager's reloader-web
- Added an additional port to the authorization and peerauthentication policies

## [55.0.0-bb.0] - 2023-12-4
### Changed
- Updated chart version to 55.0.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 10.1.5 -> 10.2.2
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.69.1 -> v0.70.0
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.69.1 -> v0.70.0

## [52.1.0-bb.2] - 2023-11-22
### Changed
- Allowing consumers to choose to disable all or certain bigbang istio prometheus alert rules. (.Values.istio.prometheusRule.x)

## [52.1.0-bb.1] - 2023-11-21
### Updated
- registry1.dso.mil/ironbank/big-bang/base 2.0.0 -> 2.1.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics v2.10.0 -> v2.10.1
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.3 -> v1.28.4
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.68.0 -> v0.69.1
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.68.0 -> v0.69.1
- registry1.dso.mil/ironbank/opensource/prometheus/node-exporter v1.6.1 -> v1.7.0
- registry1.dso.mil/ironbank/opensource/prometheus/prometheus v2.47.2 -> v2.48.0
- registry1.dso.mil/ironbank/redhat/ubi/ubi8-minimal 8.8 -> 8.9

Argocd📜

  • !3466: Mitigate automountServiceAccountToken findings in Argo
  • !3502: argocd update to 5.46.7-bb.9
# Changelog Updates

## [5.46.7-bb.9] - 2023-11-28
### Updated
- Updated redis to 7.2.3
- Bumped Redis chart dependency to `18.3.2-bb.1`
- Updated bigbang base chart dependancy to `2.1.0`

Minio Operator📜

  • !3526: minioOperator update to 5.0.11-bb.0
# Changelog Updates

## [5.0.11-bb.0] - 2023-12-05
### Upgrade
- Upgraded minio operator chart to v5.0.11
- Upgrade minio operator images to v5.0.11
- Update to run as user 1000 to align with upstream chart

Minio📜

  • !3495: Mitigate automountServiceAccountToken findings in MinIO
  • !3538: minio update to 5.0.11-bb.0
# Changelog Updates

## [5.0.11-bb.0] - 2023-12-05
### Changed
- Updated chart to v5.0.11
- Updated gluon to 0.4.4

## [5.0.10-bb.4] - 2023-11-22
### Changed
- Updated minio to `RELEASE.2023-11-20T22-40-07Z`
- Updated mc to `RELEASE.2023-11-20T16-30-59Z`

Gitlab📜

  • !3556: gitlab update to 7.6.1-bb.0
  • !3525: gitlab update to 7.6.0-bb.0
  • !3510: gitlab update to 7.5.1-bb.2
# Changelog Updates

## [7.6.1-bb.0] - 2023-12-12
### Changed
- Update GitLab to appVersion 16.6.1
- Update chart version to 7.6.1
- ironbank/gitlab/gitlab/gitlab-webservice 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 16.6.0 -> 16.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 16.6.0 -> 16.6.1

## [7.6.0-bb.0] - 2023-12-01
### Changed
- Update GitLab to appVersion 16.6.0
- Update chart version to 7.6.0
- Update gluon from 0.4.1 to 0.4.4
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl patch 16.5.1 -> 16.6.0
- registry1.dso.mil/ironbank/redhat/ubi/ubi8 patch 8.8 -> 8.9

## [7.5.1-bb.2] - 2023-12-01
### Changed
- Update gitlab-exporter security context to fix non-root-group policy violations

Sonarqube📜

  • !3505: sonarqube update to 8.0.3-bb.0
  • !3483: sonarqube update to 8.0.2-bb.3
# Changelog Updates

## [8.0.3-bb.0] - 2023-11-29
### Changed
- Update release to sonarqube-8.0.3-sonarqube-dce-7.0.3

## [8.0.2-bb.3] - 2023-11-06
### Changed
- postgres-exporter from 0.14.0 to 0.15.0

Anchore Enterprise📜

  • !3551: anchore update to 1.27.4-bb.6
  • !3547: anchore update to 1.27.4-bb.5
  • !3489: anchore update to 1.27.4-bb.4
# Changelog Updates

## [1.27.4-bb.6]
### Changed
- Fix readme

## [1.27.4-bb.5]
### Changed
- Update sso securityContext
- Bumped Redis to `7.2.3`

## [1.27.4-bb.4]
### Changed
- Bumped Anchore Enterprise tag to  `4.9.3`
- Bumped Redis chart dependency to `18.3.2-bb.0`
- Bumped Postgres to `13.12`
- Added missing image annotation for Redis

Mattermost📜

  • !3517: mattermost update to v9.2.3-bb.0
  • !3459: mattermost update to 9.2.2-bb.0
# Changelog Updates

## [9.2.3-bb.0] - 2023-12-01
### Changed
- ironbank/opensource/mattermost/mattermost updated from v9.2.2 to v9.2.3

Velero📜

  • !3507: Velero: disabled automountserviceaccounttoken in the velero namespace
  • !3496: velero update to 5.1.3-bb.2
# Changelog Updates

## [5.1.3-bb.2] - 2023-11-25
### Changed
- Updated kubectl chart chart dependancy to  `1.28.4`
- Updated velero-plugin-for-aws dependency to `1.8.2`

Metrics Server📜

  • !3527: metricsServer update to 3.11.0-bb.1
  • !3498: metricsServer update to 3.11.0-bb.0
# Changelog Updates

## [3.11.0-bb.1] - 2023-11-30
### Added
- Update patch registry.k8s.io/autoscaling/addon-resizer from 1.8.19 -> 1.8.20

## [3.11.0-bb.0] - 2023-11-28
### Added
- Update patch version of metrics-server from v0.6.3 -> v0.6.4
- Update patch version of kubectl v1.28.3 -> v1.28.4

Thanos📜

  • !3511: thanos update to 12.13.12-bb.4
  • !3506: add thanos exceptions for allowedHostFilesystem/volumeTypes
# Changelog Updates

## [12.13.12-bb.4] - 2023-12-01
### Added
- update securityContext for query, query-Frontend, and storageteway to fix kyverno policy violations

Known Issues📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.