Release Notes - 2.19.2📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.27.6 (RKE2).
Patch-Specific Changes📜
Package Name📜
- !3780; istio update pod security context to fix issues with istio-enterprise deployments blocked by kyverno
non-root-group
policy - !3759; fluentbit update to 2.2.2
Upgrade Notices📜
- Istio:
- Istio gets updated to 1.19.6. BigBang apps should automatically cycle to get the latest sidecar config and version. Be sure to cycle pods for any community or tenant applications manually.
Upgrades from previous releases📜
If coming from a version pre-2.18.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.18.0
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.19.6 Tetrate Istio Distro 1.20.2 |
1.19.6-bb.1 🔗 |
Istio Operator | Core | Istio Operator 1.19.6 Tetrate Istio Distro Operator 1.20.2 |
1.19.6-bb.0 🔗 |
Jaeger | Core | 1.47.0 |
2.47.0-bb.3 🔗 |
Kiali | Core | 1.78.0 |
1.78.0-bb.1 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.12 |
Gatekeeper | Core | 3.14.0 |
3.14.0-bb.0 |
Kyverno | Core | 1.11.4 |
3.1.4-bb.0 🔗 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.18 🔗 |
Kyverno Reporter | Core | 2.17.5 |
2.21.6-bb.0 🔗 |
Elasticsearch Kibana | Core | Kibana 8.11.3 Elasticsearch 8.11.3 |
1.8.0-bb.1 🔗 |
Eck Operator | Core | 2.10.0 |
2.10.0-bb.1 🔗 |
Fluentbit | Core | 2.2.2 |
0.43.0-bb.0 🔗 |
Promtail | Core | 2.9.2 |
6.15.3-bb.4 🔗 |
Loki | Core | 2.9.3 |
5.41.4-bb.1 |
Neuvector | Core | 5.2.2 |
2.6.3-bb.8 |
Tempo | Core | Tempo 2.3.0-ubi9 Tempo Query 2.3.1 |
1.7.1-bb.2 🔗 |
Monitoring | Core | Prometheus 2.49.1 Grafana 10.2.3 Alertmanager 0.26.0 |
56.0.3-bb.0 🔗 |
Grafana | Core | 10.2.3 |
7.2.1-bb.3 🔗 |
Twistlock | Core | 30.02.123 |
0.13.1-bb.1 🔗 |
Wrapper | Core | N / A | 0.4.4 🔗 |
Argocd | Addon | 2.9.4 |
5.53.1-bb.2 🔗 |
Authservice | Addon | 0.5.3 |
0.5.3-bb.24 🔗 |
Minio Operator | Addon | 5.0.11 |
5.0.11-bb.1 |
Minio | Addon | RELEASE.2023-11-20T22-40-07Z |
5.0.11-bb.2 🔗 |
Gitlab | Addon | 16.8.1 |
7.8.1-bb.0 🔗 |
Gitlab Runner | Addon | 16.6.0 |
0.59.1-bb.1 |
Nexus | Addon | 3.64.0-03 |
64.0.0-bb.0 🔗 |
Sonarqube | Addon | 9.9.3-community |
8.0.3-bb.0 |
Fortify | Addon | 23.2.0.0154 |
1.1.2320154-bb.0 |
Haproxy | Addon | 2.2.32 |
1.19.3-bb.3 🔗 |
Anchore Enterprise | Addon | Enterprise 4.9.3 Engine 1.1.0 |
1.27.4-bb.7 |
Mattermost Operator | Addon | 1.20.1 |
1.20.1-bb.0 |
Mattermost | Addon | 9.3.0 |
9.3.0-bb.2 🔗 |
Velero | Addon | 1.12.2 |
5.1.6-bb.0 🔗 |
Keycloak | Addon | 21.1.1 |
18.4.3-bb.11 |
Vault | Addon | 1.14.8 |
0.25.0-bb.10 🔗 |
Metrics Server | Addon | 0.6.4 |
3.11.0-bb.2 |
Harbor | Addon | 2.10.0 |
1.14.0-bb.1 🔗 |
Thanos | Addon | 0.33.0 |
12.21.0-bb.1 🔗 |
Changes in 2.19.0📜
Big Bang MRs📜
- !3634: Mitigate automountServiceAccountToken findings in flux-system and bigbang namespaces
- !3257: Added cosign secret and sample HelmRelease implementation
- !3642: updated kyverno values for metrics
Istio Controlplane📜
# Changelog Updates
## [1.19.6-bb.0] - 2024-01-12
### Changed
- ironbank/opensource/istio/install-cni updated from 1.19.5 to 1.19.6
- ironbank/opensource/istio/pilot updated from 1.19.5 to 1.19.6
- ironbank/opensource/istio/proxyv2 updated from 1.19.5 to 1.19.6
- ironbank/tetrate/istio/install-cni updated from 1.19.6 to 1.20.2
- ironbank/tetrate/istio/pilot updated from 1.19.5 to 1.20.2
- ironbank/tetrate/istio/proxyv2 updated from 1.19.5 to 1.20.2
Istio Operator📜
# Changelog Updates
## [1.19.6-bb.0] - 2024-1-12
### Added
- Updated repo1 image to `1.19.6`
- Updated TID image to `1.20.2`
Jaeger📜
- !3694: jaeger update to 2.47.0-bb.3
# Changelog Updates
## [2.47.0-bb.3] - 2023-10-30
### Updated
- Updating gluon to 4.7 to allow consumers to utilize their own tests
## [2.47.0-bb.2] - 2023-10-30
### Updated
- Updating OSCAL Component File.
Kyverno📜
- !3708: kyverno update to 3.1.4-bb.0
- !3701: kyvernoReporter update to 2.21.6-bb.0
- !3652: kyvernoPolicies update to 3.0.4-bb.18
- !3645: kyverno update to 3.1.1-bb.0
# Changelog Updates
## [3.1.4-bb.0] - 2024-1-22
### Changed
- Updated upstream chart from `3.1.3` to `3.1.4`
- Updated `kyverno`, `background-controller`, `cleanup-controller`, `reports-controller`, `kyvernopre` from `v1.11.3` to `v1.11.4`
- Updated `kubectl` from `1.28.4` to `1.28.5`
## [3.1.3-bb.0] - 2024-1-10
### Changed
- Updated upstream chart from `3.1.1` to `3.1.3`
- Updated `kyverno`, `background-controller`, `cleanup-controller`, `reports-controller`, `kyvernopre` from `v1.11.1` to `v1.11.3`
- Updated `kubectl` from `1.28.4` to `1.28.5`
Kyverno Policies📜
- !3652: kyvernoPolicies update to 3.0.4-bb.18
# Changelog Updates
## [3.0.4-bb.18] - 2024-01-05
### Changed
- update to ironbank/redhat/ubi/ubi8-minimal to ironbank/redhat/ubi/ubi9-minimal
Kyverno Reporter📜
- !3701: kyvernoReporter update to 2.21.6-bb.0
# Changelog Updates
Elasticsearch Kibana📜
- !3691: fluentbit update to 0.39.0-bb.5
# Changelog Updates
## [1.8.0-bb.1] - 2024-01-11
### Changed
- Add Istio Authorization Policies
Eck Operator📜
# Changelog Updates
## [2.10.0-bb.1] - 2023-11-25
### Changed
- Adds Istio Authorization Policy support
Fluentbit📜
# Changelog Updates
## [0.40.0-bb.0]
### Changed
- Updated upstream helm chart tag `0.40.0-bb.0`
- Updated fluent-bit image to `2.2.1` from IB
## [0.39.0-bb.5]
### Added
- Added configuration for Match in elasticsearch, fluentd and loki output
- Added document for configuration to reduce elasticsearch index sizing
Promtail📜
- !3680: promtail update to 6.15.3-bb.4
# Changelog Updates
## [6.15.3-bb.4] - 2024-01-12
### Changed
- Istio.enabled as false in test-values
## [6.15.3-bb.3] - 2024-01-12
### Changed
- Enabled istio hardening in tests
## [6.15.3-bb.2] - 2023-11-28
### Added
- Updating OSCAL Component file.
Tempo📜
- !3671: tempo update to 1.7.1-bb.2
# Changelog Updates
## [1.7.1-bb.2] - 2024-01-11
### Changed
- Updated gluon to 0.4.7
- Updated Cypress tests to use
Monitoring📜
- !3731: monitoring update to 56.0.3-bb.0
- !3600: Mitigating the automount service account token findings for Thanos
# Changelog Updates
## [56.0.3-bb.0] - 2024-01-22
### Updated
- Monitoring chart version 55.5.1-bb.1 -> 56.0.3-bb.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 10.2.2 -> 10.2.3
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.4 -> v1.28.6
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.70.0 -> v0.71.0
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.70.0 -> v0.71.0
- registry1.dso.mil/ironbank/opensource/prometheus/prometheus v2.48.1 -> v2.49.1
- registry1.dso.mil/ironbank/opensource/thanos/thanos v0.32.5 -> v0.33.0
## [55.5.1-bb.1] - 2024-1-05
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-ingress` polic(y|ies)
- Added istio `allow-tempo` policy
- Added istio custom policy template
Grafana📜
- !3709: grafana update to 7.2.1-bb.2
- !3600: Mitigating the automount service account token findings for Thanos
# Changelog Updates
## [7.2.1-bb.3] - 2023-01-23
### Added
- Updated cypress health test to use coreDNS for testing
## [7.2.1-bb.2] - 2023-01-22
### Added
- Stopped exposing `/metrics` via virtual services
## [7.2.1-bb.1] - 2023-01-19
### Added
- Updated cypress health test
## [7.2.1-bb.0] - 2023-01-18
### Added
- Updated grafana to 10.1.5 -> 10.2.3
- Updated grafana-plugins 10.1.5 -> 10.2.3
- Updated chart base to 6.60.6 -> 7.2.1
- Updated base 2.0.0 -> 2.1.0
- Updated k8s-sidecar 1.25.2 -> 1.25.3
- Updated bats 1.9.0 -> v1.10.0
- Updated cypress health test as General folder was removed
Twistlock📜
- !3655: twistlock update to 0.13.1-bb.1
# Changelog Updates
## [0.13.1-bb.1] - 2024-01-04
### Changed
- gluon updated from 0.4.4 to 0.4.6
- ironbank/stedolan/jq updated from 1.6 to 1.7
Wrapper📜
- !3664: wrapper update to 0.4.4
# Changelog Updates
## [0.4.4] - 2024-01-04
### Changed
- Fixed outstanding issues for multiple istio gateway network policies
- Fixed an issue with tempo support in istio sidecar network policies
Argocd📜
- !3722: SKIP UPGRADE argocd update to 5.53.1-bb.2
- !3712: argocd update to 5.53.1-bb.1
- !3650: argocd update to 5.52.0-bb.0
# Changelog Updates
## [5.53.1-bb.2] - 2024-01-23
### Updated
- Update Redis dependency chart to 18.7.1-bb.1
## [5.53.1-bb.1] - 2024-01-22
### Fixed
- Fixed chart name from previous update
## [5.53.1-bb.0] - 2024-01-22
### Updated
- Updated application version to `v2.9.4` from `v2.9.3`
- Updated chart version to 5.53.1-bb.0
- Update Redis dependency chart to 18.7.1-bb.0
## [5.52.0-bb.1] - 2024-01-16
### Updated
- Updated gluon to 0.4.7
- Renamed cypress test file and updated cypress test to use shared command for keycloak login
- Combined create and delete application in Cypress test to one test so it only attempts to delete if creation was successful
- Removed cypress config as it is now using shared config from gluon
## [5.52.0-bb.0] - 2024-01-08
### Updated
- Bumping application version to `v2.9.3` from `v2.8.4`
- Update chart version to 5.52.0-bb.0
Authservice📜
- !3672: authservice update to 0.5.3-bb.24
# Changelog Updates
## [0.5.3-bb.24] - 2024-01-12
### Changed
- Enabled istio hardening during testing
Minio📜
# Changelog Updates
## [5.0.11-bb.2] - 2024-01-11
### Changed
- Updated gluon to 0.4.7
## [5.0.11-bb.1] - 2024-01-09
### Changed
- Added istio hardening to tests
Gitlab📜
- !3727: Gitlab version 7.8.0-bb.1
- !3711: gitlab update to 7.8.0-bb.0
- !3673: gitlab update to 7.7.2-bb.0
# Changelog Updates
## [7.8.0-bb.1] - 2024-01-24
### Changed
- Fixed the readme
## [7.8.0-bb.0] - 2024-01-19
### Changed
- Update GitLab to appVersion 16.8.0
- Update chart version to 7.8.0
- ironbank/gitlab/gitlab/gitlab-webservice 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 16.7.0-1 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 16.7.0 -> 16.8.0
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 16.7.0 -> 16.8.0
## [7.7.2-bb.0] - 2024-01-12
### Changed
- Update GitLab to appVersion 16.7.2
- Update chart version to 7.7.2
- ironbank/gitlab/gitlab/gitlab-webservice 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 16.7.0 -> 16.7.2
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 16.7.0 -> 16.7.2
Nexus📜
- !3700: nexusRepositoryManager update to 64.0.0-bb.0
# Changelog Updates
## [64.0.0-bb.0] - 2024-01-12
### Changed
- Updated chart to version: 64.0.0-bb.0 | appVersion: 3.64.0-03
- registry1.dso.mil/ironbank/google/go-containerregistry/crane v0.16.1 -> v0.17.0
Haproxy📜
- !3687: haproxy update to 1.19.3-bb.3
- !3658: HAProxy: disabled automountserviceaccounttoken in the haproxy authservices
- !3644: haproxy update to 1.19.3-bb.2
# Changelog Updates
## [1.19.3-bb.3] - 2024-01-12
### Added
- enable istio hardening during tests
## [1.19.3-bb.2]
### Updated
- Updated HAProxy `v2.2.31` -> `v2.2.32`
Mattermost📜
- !3625: Mattermost and operator mitigate automount sa token findings
# Changelog Updates
Velero📜
- !3584: velero update to 5.1.6-bb.0
# Changelog Updates
## [5.1.6-bb.0] - 2023-12-06
### Changed
- Updated to latest chart version `5.1.6`
- registry1.dso.mil/ironbank/opensource/velero/velero v1.12.1 -> v1.12.2
- registry1.dso.mil/ironbank/opensource/velero/velero 1.12.1 -> 1.12.2
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.8.0 -> v1.8.2
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.6.1 -> v0.6.2
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.8.0 -> v1.8.2
- velero/velero-plugin-for-csi v0.6.1 -> v0.6.2
- velero/velero-restore-helper v1.12.1 -> v1.12.2
Vault📜
- !3681: vault update to 0.25.0-bb.10
- !3654: SKIP UPGRADE add vault pods to update-automountserviceaccounttokens policy
# Changelog Updates
## [0.25.0-bb.10] - 2023-11-21
### Updated
- Updated registry1.dso.mil/ironbank/hashicorp/vault 1.14.6 -> 1.14.8
## [0.25.0-bb.9] - 2024-01-17
### Changed
- Updated to gluon to 4.7 allowing consumers to implement custom scripts
- Updated Minio to 5.0.11-bb.2
Harbor📜
# Changelog Updates
## [1.14.0-bb.1] - 2024-01-15
### Changed
- Updating gluon to 0.4.7
- Updated cypress test to delete resources created by it
- Removed cypress config as it is now using shared config
## [1.13.1-bb.5] - 2024-01-02
### Changed
- Updating app version from 2.9.1 to 2.10.0
Thanos📜
- !3718: thanos update to 12.21.0-bb.1
- !3686: thanos update to 12.21.0-bb.0
- !3600: Mitigating the automount service account token findings for Thanos
# Changelog Updates
## [12.21.0-bb.1] - 2024-01-18
### Changed
- Fixed Thanos installation against Gatekeeper via SELinux options
## [12.21.0-bb.0] - 2024-01-17
### Changed
- Updated chart version to 12.21.0
Known Issues📜
- Velero caCert template errors: Per app flux settings don’t work when overriding with falsey values
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.