Skip to content

Release Notes - 2.19.2📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.27.6 (RKE2).

Patch-Specific Changes📜

Package Name📜

  • !3780; istio update pod security context to fix issues with istio-enterprise deployments blocked by kyverno non-root-group policy
  • !3759; fluentbit update to 2.2.2

Upgrade Notices📜

  • Istio:
  • Istio gets updated to 1.19.6. BigBang apps should automatically cycle to get the latest sidecar config and version. Be sure to cycle pods for any community or tenant applications manually.

Upgrades from previous releases📜

If coming from a version pre-2.18.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.18.0.

Packages📜

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.19.6 Tetrate Istio Distro 1.20.2 1.19.6-bb.1 🔗
Updated Istio Operator Core Istio Operator 1.19.6 Tetrate Istio Distro Operator 1.20.2 1.19.6-bb.0 🔗
Updated Jaeger Core 1.47.0 2.47.0-bb.3 🔗
Kiali Core 1.78.0 1.78.0-bb.1
Cluster Auditor Core 0.0.7 1.5.0-bb.12
Gatekeeper Core 3.14.0 3.14.0-bb.0
Updated Kyverno Core 1.11.4 3.1.4-bb.0 🔗
Updated Kyverno Policies Core 3.0.4 3.0.4-bb.18 🔗
Updated Kyverno Reporter Core 2.17.5 2.21.6-bb.0 🔗
Updated Elasticsearch Kibana Core Kibana 8.11.3 Elasticsearch 8.11.3 1.8.0-bb.1 🔗
Updated Eck Operator Core 2.10.0 2.10.0-bb.1 🔗
Updated Fluentbit Core 2.2.2 0.43.0-bb.0 🔗
Updated Promtail Core 2.9.2 6.15.3-bb.4 🔗
Loki Core 2.9.3 5.41.4-bb.1
Neuvector Core 5.2.2 2.6.3-bb.8
Updated Tempo Core Tempo 2.3.0-ubi9 Tempo Query 2.3.1 1.7.1-bb.2 🔗
Updated Monitoring Core Prometheus 2.49.1 Grafana 10.2.3 Alertmanager 0.26.0 56.0.3-bb.0 🔗
Updated Grafana Core 10.2.3 7.2.1-bb.3 🔗
Updated Twistlock Core 30.02.123 0.13.1-bb.1 🔗
Updated Wrapper Core N / A 0.4.4 🔗
Updated Argocd Addon 2.9.4 5.53.1-bb.2 🔗
Updated Authservice Addon 0.5.3 0.5.3-bb.24 🔗
Minio Operator Addon 5.0.11 5.0.11-bb.1
Updated Minio Addon RELEASE.2023-11-20T22-40-07Z 5.0.11-bb.2 🔗
Updated Gitlab Addon 16.8.1 7.8.1-bb.0 🔗
Gitlab Runner Addon 16.6.0 0.59.1-bb.1
Updated Nexus Addon 3.64.0-03 64.0.0-bb.0 🔗
Sonarqube Addon 9.9.3-community 8.0.3-bb.0
Fortify Addon 23.2.0.0154 1.1.2320154-bb.0
Updated Haproxy Addon 2.2.32 1.19.3-bb.3 🔗
Anchore Enterprise Addon Enterprise 4.9.3 Engine 1.1.0 1.27.4-bb.7
Mattermost Operator Addon 1.20.1 1.20.1-bb.0
Updated Mattermost Addon 9.3.0 9.3.0-bb.2 🔗
Updated Velero Addon 1.12.2 5.1.6-bb.0 🔗
Keycloak Addon 21.1.1 18.4.3-bb.11
Updated Vault Addon 1.14.8 0.25.0-bb.10 🔗
Metrics Server Addon 0.6.4 3.11.0-bb.2
Updated Harbor Addon 2.10.0 1.14.0-bb.1 🔗
Updated Thanos BETA Addon 0.33.0 12.21.0-bb.1 🔗

Changes in 2.19.0📜

Big Bang MRs📜

  • !3634: Mitigate automountServiceAccountToken findings in flux-system and bigbang namespaces
  • !3257: Added cosign secret and sample HelmRelease implementation
  • !3642: updated kyverno values for metrics

Istio Controlplane📜

  • !3684: istio update to 1.19.6-bb.0
  • !3649: istio update to 1.19.5-bb.2
# Changelog Updates

## [1.19.6-bb.0] - 2024-01-12
### Changed
- ironbank/opensource/istio/install-cni updated from 1.19.5 to 1.19.6
- ironbank/opensource/istio/pilot updated from 1.19.5 to 1.19.6
- ironbank/opensource/istio/proxyv2 updated from 1.19.5 to 1.19.6
- ironbank/tetrate/istio/install-cni updated from 1.19.6 to 1.20.2
- ironbank/tetrate/istio/pilot updated from 1.19.5 to 1.20.2
- ironbank/tetrate/istio/proxyv2 updated from 1.19.5 to 1.20.2

Istio Operator📜

  • !3685: istioOperator update to 1.19.6-bb.0
  • !3648: istioOperator update to 1.19.5-bb.1
# Changelog Updates

## [1.19.6-bb.0] - 2024-1-12
### Added
- Updated repo1 image to `1.19.6`
- Updated TID image to `1.20.2`

Jaeger📜

  • !3694: jaeger update to 2.47.0-bb.3
# Changelog Updates

## [2.47.0-bb.3] - 2023-10-30
### Updated
- Updating gluon to 4.7 to allow consumers to utilize their own tests

## [2.47.0-bb.2] - 2023-10-30
### Updated
- Updating OSCAL Component File.

Kyverno📜

  • !3708: kyverno update to 3.1.4-bb.0
  • !3701: kyvernoReporter update to 2.21.6-bb.0
  • !3652: kyvernoPolicies update to 3.0.4-bb.18
  • !3645: kyverno update to 3.1.1-bb.0
# Changelog Updates

## [3.1.4-bb.0] - 2024-1-22
### Changed
- Updated upstream chart from `3.1.3` to `3.1.4`
- Updated `kyverno`, `background-controller`, `cleanup-controller`, `reports-controller`, `kyvernopre`  from `v1.11.3` to `v1.11.4`
- Updated `kubectl` from `1.28.4` to `1.28.5`

## [3.1.3-bb.0] - 2024-1-10
### Changed
- Updated upstream chart from `3.1.1` to `3.1.3`
- Updated `kyverno`, `background-controller`, `cleanup-controller`, `reports-controller`, `kyvernopre`  from `v1.11.1` to `v1.11.3`
- Updated `kubectl` from `1.28.4` to `1.28.5`

Kyverno Policies📜

  • !3652: kyvernoPolicies update to 3.0.4-bb.18
# Changelog Updates

## [3.0.4-bb.18] - 2024-01-05
### Changed
- update to ironbank/redhat/ubi/ubi8-minimal to ironbank/redhat/ubi/ubi9-minimal

Kyverno Reporter📜

  • !3701: kyvernoReporter update to 2.21.6-bb.0
# Changelog Updates

Elasticsearch Kibana📜

  • !3691: fluentbit update to 0.39.0-bb.5
# Changelog Updates

## [1.8.0-bb.1] - 2024-01-11
### Changed
- Add Istio Authorization Policies

Eck Operator📜

  • !3703: eckOperator update to 2.10.0-bb.1
  • !3691: fluentbit update to 0.39.0-bb.5
# Changelog Updates

## [2.10.0-bb.1] - 2023-11-25
### Changed
- Adds Istio Authorization Policy support

Fluentbit📜

  • !3707: fluentbit update to 0.42.0-bb.0
  • !3691: fluentbit update to 0.39.0-bb.5
# Changelog Updates

## [0.40.0-bb.0]
### Changed
- Updated upstream helm chart tag `0.40.0-bb.0`
- Updated fluent-bit image to `2.2.1` from IB

## [0.39.0-bb.5]
### Added
- Added configuration for Match in elasticsearch, fluentd and loki output
- Added document for configuration to reduce elasticsearch index sizing

Promtail📜

  • !3680: promtail update to 6.15.3-bb.4
# Changelog Updates

## [6.15.3-bb.4] - 2024-01-12
### Changed
- Istio.enabled as false in test-values

## [6.15.3-bb.3] - 2024-01-12
### Changed
- Enabled istio hardening in tests

## [6.15.3-bb.2] - 2023-11-28
### Added
- Updating OSCAL Component file.

Tempo📜

  • !3671: tempo update to 1.7.1-bb.2
# Changelog Updates

## [1.7.1-bb.2] - 2024-01-11
### Changed
- Updated gluon to 0.4.7
- Updated Cypress tests to use

Monitoring📜

  • !3731: monitoring update to 56.0.3-bb.0
  • !3600: Mitigating the automount service account token findings for Thanos
# Changelog Updates

## [56.0.3-bb.0] - 2024-01-22
### Updated
- Monitoring chart version 55.5.1-bb.1 -> 56.0.3-bb.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 10.2.2 -> 10.2.3
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.4 -> v1.28.6
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.70.0 -> v0.71.0
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.70.0 -> v0.71.0
- registry1.dso.mil/ironbank/opensource/prometheus/prometheus v2.48.1 -> v2.49.1
- registry1.dso.mil/ironbank/opensource/thanos/thanos v0.32.5 -> v0.33.0

## [55.5.1-bb.1] - 2024-1-05
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-ingress` polic(y|ies)
- Added istio `allow-tempo` policy
- Added istio custom policy template

Grafana📜

  • !3709: grafana update to 7.2.1-bb.2
  • !3600: Mitigating the automount service account token findings for Thanos
# Changelog Updates

## [7.2.1-bb.3] - 2023-01-23
### Added
- Updated cypress health test to use coreDNS for testing

## [7.2.1-bb.2] - 2023-01-22
### Added
- Stopped exposing `/metrics` via virtual services

## [7.2.1-bb.1] - 2023-01-19
### Added
- Updated cypress health test

## [7.2.1-bb.0] - 2023-01-18
### Added
- Updated grafana to 10.1.5 -> 10.2.3
- Updated grafana-plugins 10.1.5 -> 10.2.3
- Updated chart base to 6.60.6 -> 7.2.1
- Updated base 2.0.0 -> 2.1.0
- Updated k8s-sidecar 1.25.2 -> 1.25.3
- Updated bats 1.9.0 -> v1.10.0
- Updated cypress health test as General folder was removed

Twistlock📜

  • !3655: twistlock update to 0.13.1-bb.1
# Changelog Updates

## [0.13.1-bb.1] - 2024-01-04
### Changed
- gluon updated from 0.4.4 to 0.4.6
- ironbank/stedolan/jq updated from 1.6 to 1.7

Wrapper📜

  • !3664: wrapper update to 0.4.4
# Changelog Updates

## [0.4.4] - 2024-01-04
### Changed
- Fixed outstanding issues for multiple istio gateway network policies
- Fixed an issue with tempo support in istio sidecar network policies

Argocd📜

  • !3722: SKIP UPGRADE argocd update to 5.53.1-bb.2
  • !3712: argocd update to 5.53.1-bb.1
  • !3650: argocd update to 5.52.0-bb.0
# Changelog Updates

## [5.53.1-bb.2] - 2024-01-23
### Updated
- Update Redis dependency chart to 18.7.1-bb.1

## [5.53.1-bb.1] - 2024-01-22
### Fixed
- Fixed chart name from previous update

## [5.53.1-bb.0] - 2024-01-22
### Updated
- Updated application version to `v2.9.4` from `v2.9.3`
- Updated chart version to 5.53.1-bb.0
- Update Redis dependency chart to 18.7.1-bb.0

## [5.52.0-bb.1] - 2024-01-16
### Updated
- Updated gluon to 0.4.7
- Renamed cypress test file and updated cypress test to use shared command for keycloak login
- Combined create and delete application in Cypress test to one test so it only attempts to delete if creation was successful
- Removed cypress config as it is now using shared config from gluon

## [5.52.0-bb.0] - 2024-01-08
### Updated
- Bumping application version to `v2.9.3` from `v2.8.4`
- Update chart version to 5.52.0-bb.0

Authservice📜

  • !3672: authservice update to 0.5.3-bb.24
# Changelog Updates

## [0.5.3-bb.24] - 2024-01-12
### Changed
- Enabled istio hardening during testing

Minio📜

# Changelog Updates

## [5.0.11-bb.2] - 2024-01-11
### Changed
- Updated gluon to 0.4.7

## [5.0.11-bb.1] - 2024-01-09
### Changed
- Added istio hardening to tests

Gitlab📜

  • !3727: Gitlab version 7.8.0-bb.1
  • !3711: gitlab update to 7.8.0-bb.0
  • !3673: gitlab update to 7.7.2-bb.0
# Changelog Updates

## [7.8.0-bb.1] - 2024-01-24
### Changed
- Fixed the readme

## [7.8.0-bb.0] - 2024-01-19
### Changed
- Update GitLab to appVersion 16.8.0
- Update chart version to 7.8.0
- ironbank/gitlab/gitlab/gitlab-webservice 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 16.7.0-1 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 16.7.0 -> 16.8.0

## [7.7.2-bb.0] - 2024-01-12
### Changed
- Update GitLab to appVersion 16.7.2
- Update chart version to 7.7.2
- ironbank/gitlab/gitlab/gitlab-webservice 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 16.7.0 -> 16.7.2

Nexus📜

  • !3700: nexusRepositoryManager update to 64.0.0-bb.0
# Changelog Updates

## [64.0.0-bb.0] - 2024-01-12
### Changed
- Updated chart to version: 64.0.0-bb.0 | appVersion: 3.64.0-03
- registry1.dso.mil/ironbank/google/go-containerregistry/crane v0.16.1 -> v0.17.0

Haproxy📜

  • !3687: haproxy update to 1.19.3-bb.3
  • !3658: HAProxy: disabled automountserviceaccounttoken in the haproxy authservices
  • !3644: haproxy update to 1.19.3-bb.2
# Changelog Updates

## [1.19.3-bb.3] - 2024-01-12
### Added
- enable istio hardening during tests

## [1.19.3-bb.2]
### Updated
- Updated HAProxy `v2.2.31` -> `v2.2.32`

Mattermost📜

  • !3625: Mattermost and operator mitigate automount sa token findings
# Changelog Updates

Velero📜

  • !3584: velero update to 5.1.6-bb.0
# Changelog Updates

## [5.1.6-bb.0] - 2023-12-06
### Changed
- Updated to latest chart version `5.1.6`
- registry1.dso.mil/ironbank/opensource/velero/velero v1.12.1 -> v1.12.2
- registry1.dso.mil/ironbank/opensource/velero/velero 1.12.1 -> 1.12.2
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.8.0 -> v1.8.2
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.6.1 -> v0.6.2
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.8.0 -> v1.8.2
- velero/velero-plugin-for-csi v0.6.1 -> v0.6.2
- velero/velero-restore-helper v1.12.1 -> v1.12.2

Vault📜

  • !3681: vault update to 0.25.0-bb.10
  • !3654: SKIP UPGRADE add vault pods to update-automountserviceaccounttokens policy
# Changelog Updates

## [0.25.0-bb.10] - 2023-11-21
### Updated
- Updated registry1.dso.mil/ironbank/hashicorp/vault 1.14.6 -> 1.14.8

## [0.25.0-bb.9] - 2024-01-17
### Changed
- Updated to gluon to 4.7 allowing consumers to implement custom scripts
- Updated Minio to 5.0.11-bb.2

Harbor📜

  • !3692: harbor update to 1.14.0-bb.1
  • !3668: harbor update to 1.14.0-bb.0
# Changelog Updates

## [1.14.0-bb.1] - 2024-01-15
### Changed
- Updating gluon to 0.4.7
- Updated cypress test to delete resources created by it
- Removed cypress config as it is now using shared config

## [1.13.1-bb.5] - 2024-01-02
### Changed
- Updating app version from 2.9.1 to 2.10.0

Thanos📜

  • !3718: thanos update to 12.21.0-bb.1
  • !3686: thanos update to 12.21.0-bb.0
  • !3600: Mitigating the automount service account token findings for Thanos
# Changelog Updates

## [12.21.0-bb.1] - 2024-01-18
### Changed
- Fixed Thanos installation against Gatekeeper via SELinux options

## [12.21.0-bb.0] - 2024-01-17
### Changed
- Updated chart version to 12.21.0

Known Issues📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.