Release Notes - 2.20.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.27.6 (RKE2).
Upgrade Notices📜
Upgrades from previous releases📜
If coming from a version pre-2.19.2
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.19.2
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.19.6 Tetrate Istio Distro 1.20.2 |
1.19.6-bb.1 |
Istio Operator | Core | Istio Operator 1.19.6 Tetrate Istio Distro Operator 1.20.2 |
1.19.6-bb.0 |
Jaeger | Core | 1.53.0 |
2.50.1-bb.0 🔗 |
Kiali | Core | 1.78.0 |
1.78.0-bb.2 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.12 |
Gatekeeper | Core | 3.14.0 |
3.14.0-bb.7 🔗 |
Kyverno | Core | 1.11.4 |
3.1.4-bb.1 🔗 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.24 🔗 |
Kyverno Reporter | Core | 2.17.5 |
2.21.6-bb.2 🔗 |
Elasticsearch Kibana | Core | Kibana 8.12.0 Elasticsearch 8.12.0 |
1.9.0-bb.3 🔗 |
Eck Operator | Core | 2.11.0 |
2.11.0-bb.0 🔗 |
Fluentbit | Core | 2.2.2 |
0.43.0-bb.1 🔗 |
Promtail | Core | 2.9.2 |
6.15.3-bb.5 🔗 |
Loki | Core | 2.9.4 |
5.42.0-bb.3 🔗 |
Neuvector | Core | 5.2.2 |
2.6.3-bb.8 |
Tempo | Core | Tempo 2.3.0-ubi9 Tempo Query 2.3.1 |
1.7.1-bb.2 |
Monitoring | Core | Prometheus 2.49.1 Grafana 10.3.1 Alertmanager 0.26.0 |
56.2.1-bb.1 🔗 |
Grafana | Core | 10.2.3 |
7.2.1-bb.5 🔗 |
Twistlock | Core | 31.03.103 |
0.14.0-bb.0 🔗 |
Wrapper | Core | N / A | 0.4.4 |
Argocd | Addon | 2.9.4 |
5.53.1-bb.2 |
Authservice | Addon | 0.5.3 |
0.5.3-bb.28 🔗 |
Minio Operator | Addon | 5.0.11 |
5.0.11-bb.1 |
Minio | Addon | RELEASE.2023-11-20T22-40-07Z |
5.0.11-bb.2 |
Gitlab | Addon | 16.8.1 |
7.8.1-bb.2 🔗 |
Gitlab Runner | Addon | 16.6.0 |
0.59.1-bb.3 🔗 |
Nexus | Addon | 3.64.0-03 |
64.0.0-bb.0 |
Sonarqube | Addon | 9.9.3-community |
8.0.3-bb.1 🔗 |
Fortify | Addon | 23.2.0.0154 |
1.1.2320154-bb.1 🔗 |
Haproxy | Addon | 2.2.32 |
1.19.3-bb.3 |
Anchore Enterprise | Addon | Enterprise 4.9.3 Engine 1.1.0 |
1.27.4-bb.7 |
Mattermost Operator | Addon | 1.20.1 |
1.20.1-bb.0 |
Mattermost | Addon | 9.3.0 |
9.3.0-bb.2 |
Velero | Addon | 1.12.3 |
5.2.2-bb.0 🔗 |
Keycloak | Addon | 21.1.1 |
18.4.3-bb.11 |
Vault | Addon | 1.14.8 |
0.25.0-bb.10 |
Metrics Server | Addon | 0.6.4 |
3.11.0-bb.2 |
Harbor | Addon | 2.10.0 |
1.14.0-bb.1 |
Holocron | Addon | N / A | 1.0.0 |
Thanos | Addon | 0.34.0 |
12.23.0-bb.2 🔗 |
Changes in 2.20.0📜
Big Bang MRs📜
- !3817: update root group and root user kyverno policies for gitlab runners
- !3791: Refactor SA token for keycloak
- !3790: Refactor SA Token for eck operator
- !3787: Refactor SA for promtail
- !3781: Add excluded namespaces for istio-injection
- !3767: Update package integration docs + add steps
- !3751: Resolve “Fix More Broken Links”
- !3726: Resolve “Holocron”
Jaeger📜
- !3735: jaeger update to 2.47.0-bb.4
# Changelog Updates
## [2.50.1-bb.0] - 2024-01-25
### Updated
- Upgrade chart to 2.50.1
- Upgrade images to 1.53.0
## [2.47.0-bb.4] - 2024-01-22
### Added
- Added support for Istio Authorization Policies
Kiali📜
- !3745: Refactor earlier mutator implementations to use wildcard methodology - Kiali
# Changelog Updates
## [1.78.0-bb.2] - 2024-01-18
### Changed
- Updated gluon to 4.7 to allow consumers to utilize custom cypress scripts
Gatekeeper📜
# Changelog Updates
## [3.14.0-bb.7] - 2024-01-29
### Changed
- Added keys to `allowedSELinuxOptions` to fix policy violation on empty `seLinuxOptions` in `values.yaml`
- Removed duplicate `image` property in `values.yaml`
## [3.14.0-bb.6] - 2024-01-24
### Changed
- Added non-root securityContext to crd-cleanup containers
## [3.14.0-bb.5] - 2024-01-22
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.5 -> v1.28.6
## [3.14.0-bb.4] - 2024-01-12
### Changed
- Updated gluon 0.4.6 -> 0.4.7
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.4 -> v1.28.5
## [3.14.0-bb.3] - 2024-01-09
### Changed
- Updated gluon 0.4.4 -> 0.4.6
- Updated Chart appVersion to v3.14.0
## [3.14.0-bb.2] - 2023-12-11
### Changed
- Updating OSCAL Component File.
## [3.14.0-bb.1] - 2023-11-28
### Changed
- updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.3 -> v1.28.4
Kyverno📜
- !3740: kyverno update to 3.1.4-bb.1
# Changelog Updates
## [3.1.4-bb.1] - 2024-1-26
### Changed
- Updated `kubectl` from `1.28.5` to `1.28.6`
Kyverno Policies📜
- !3778: kyvernoPolicies update to 3.0.4-bb.24
- !3748: kyvernoPolicies update to 3.0.4-bb.22
- !3706: kyvernoPolicies update to 3.0.4-bb.19
# Changelog Updates
## [3.0.4-bb.24] - 2024-01-31
### Changed
- Updated allowed `sysctls` per Pod Security Standards
## [3.0.4-bb.23] - 2024-01-30
### Changed
- Fixed issue with kyverno policy related to wildcarding serviceAccounts in the automountServiceAccountToken clusterPolicy
## [3.0.4-bb.22] - 2024-01-29
### Changed
- Hardcoded annotation pod-policies.kyverno.io/autogen-controllers removed from disallowed-namespaces ClusterPolicy.
- Default value for {{.Values.autogenController}} set to none instead of empty string
## [3.0.4-bb.21] - 2024-01-26
### Changed
- Refactored PodsToHarden format
## [3.0.4-bb.20] - 2024-01-25
### Changed
- Fixed issue with kyverno policy related to wildcarding serviceAccounts in the automountServiceAccountToken clusterPolicy
## [3.0.4-bb.19] - 2024-01-19
### Changed
- ironbank/opensource/kubernetes/kubectl updated from v1.28.4 to v1.28.6
- ironbank/redhat/ubi/ubi9-minimal updated from 8.9 to 9.3
Kyverno Reporter📜
# Changelog Updates
## [2.21.6-bb.2] - 2024-02-02
### Changed
- Updated to Gluon 0.4.7
- Removed cypress config as it is now coming from gluon
- Updated cypress tests to use new shared commands from gluon
## [2.21.6-bb.1] - 2024-01-25
### Changed
- Changed cypress tests to work with version of Grafana
Elasticsearch Kibana📜
# Changelog Updates
## [1.9.0-bb.3] - 2024-02-03
### Changed
- gluon updated from 0.4.7 to 0.4.8
## [1.9.0-bb.2] - 2024-02-02
### Changed
- Updated to Gluon 0.4.7
- Removed cypress config as it is now coming from Gluon
## [1.9.0-bb.1] - 2024-01-31
### Changed
- renaming authorization policies to avoid conflict with loki in the logging namespace
## [1.9.0-bb.0] - 2024-01-18
### Changed
- gluon updated from 0.4.6 to 0.4.7
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.11.3 to 8.12.0
- ironbank/elastic/kibana/kibana updated from 8.11.3 to 8.12.0
Eck Operator📜
- !3729: eckOperator update to 2.11.0-bb.0
# Changelog Updates
## [2.11.0-bb.0] - 2024-01-24
### Changed
- Updated chart from 2.10.0 to 2.11.0
Fluentbit📜
# Changelog Updates
## [0.43.0-bb.1]
### Changed
- Updated configmap for custom Elasticsearch settings
Promtail📜
# Changelog Updates
Loki📜
- !3810: loki update to 5.42.0-bb.3
- !3769: Refactor Loki to use wildcards for Automount hardening on service accounts
- !3773: loki update to 5.42.0-bb.1
- !3771: loki update to 5.42.0-bb.0
- !3705: loki update to 5.41.4-bb.5
# Changelog Updates
## [5.42.0-bb.3] - 2024-02-02
### Changed
- Updated loki to gluon 0.4.8
## [5.42.0-bb.2] - 2024-01-31
### Changed
- Renamed the authorization policies to prevent conflicts in the logging namespace
## [5.42.0-bb.1] - 2024-01-31
### Changed
- Changed loki commonConfig replication_factor to 1 from 3
## [5.42.0-bb.0] - 2024-01-30
### Upgrade
- docker.io/grafana/loki-canary 2.9.3 -> 2.9.4
- ironbank/opensource/grafana/loki 2.9.3 -> 2.9.4
- registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar 1.25.2 -> 1.25.3
- registry1.dso.mil/ironbank/opensource/grafana/loki 2.9.3 -> 2.9.4
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.4 -> v1.28.6
## [5.41.4-bb.5] - 2024-01-18
### Changed
- removed a restriction on the allow-intranet authorization policy
## [5.41.4-bb.3] - 2024-01-17
### Changed
- removed Istio.enabled from test-values
## [5.41.4-bb.2] - 2024-01-16
### Changed
- Istio.enabled as false in test-values
- Enabled istio hardening in tests
Monitoring📜
# Changelog Updates
## [56.2.1-bb.1] - 2024-02-02
### Updated
- Updated gluon to 4.8 to allow for custom scripts
## [56.2.1-bb.0] - 2024-01-29
### Updated
- Updated Monitoring chart from 56.0.3-bb.0 to 56.2.1-bb.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 10.2.3 -> 10.3.1
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader 0.71.0 -> v0.71.2
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.71.0 -> v0.71.2
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator 0.71.0 -> v0.71.2
Grafana📜
- !3797: grafana update to 7.2.1-bb.5
# Changelog Updates
## [7.2.1-bb.5] - 2024-02-02
### Added
- Update Gluon to 0.4.8
## [7.2.1-bb.4] - 2024-01-29
### Added
- Added support for Istio Authorization Policies
Twistlock📜
# Changelog Updates
## [0.14.0-bb.0] - 2024-01-26
### Changed
- gluon updated from 0.4.6 to 0.4.7
- ironbank/twistlock/console/console updated from 30.02.123 to 31.03.103
- ironbank/twistlock/defender/defender updated from 30.02.123 to 31.03.103
Authservice📜
- !3747: authservice update to 0.5.3-bb.28
# Changelog Updates
## [0.5.3-bb.28] - 2024-01-26
### Changed
- Updated redis chart to 18.7.1-bb.1
## [0.5.3-bb.27] - 2024-01-11
### Changed
- ironbank/bitnami/redis updated from 7.2.3 to 7.2.4
## [0.5.3-bb.26] - 2024-01-17
### Changed
- removed istio.enabled during testing
## [0.5.3-bb.25] - 2024-01-16
### Changed
- Disabled istio
Gitlab📜
- !3667: Refactor Gitlab + Monitoring automountServiceAccountToken hardening for consistency
# Changelog Updates
## [7.8.0-bb.2] - 2024-01-31
### Changed
Gitlab Runner📜
- !3724: gitlabRunner update to 0.59.1-bb.2
# Changelog Updates
## [0.59.1-bb.3] - 2024-01-31
### Changed
- Updated Gluon to 0.4.7
- Updated cypress to use shared commands from gluon
- Removed cypress config as it is now using shared config from gluon
## [0.59.1-bb.2] - 2024-01-23
### Changed
- fixing and consolidating gitlab-runner cypress tests
Sonarqube📜
- !3715: sonarqube update to 8.0.3-bb.1
# Changelog Updates
## [8.0.3-bb.1] - 2024-01-16
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-monitoring` policy
- Added istio `allow-http` policy
- Added istio `allow-http-envoy` policy
- Added istio custom policy template
Fortify📜
- !3695: fortify update to 1.1.2320154-bb.1
# Changelog Updates
## [1.1.2320154-bb.1] - 2024-01-16
### Changed
- Updated gluon to 0.4.7
- Removed cypress config as it is now coming from gluon
- Updated cypress test as it was doing configuration in addition to testing
Velero📜
- !3770: velero update to 5.2.2-bb.0
- !3764: Refactor earlier mutator implementations to use wildcard methodology - Velero
# Changelog Updates
## [5.2.2-bb.0] - 2024-01-31
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.4 -> v1.28.6
- registry1.dso.mil/ironbank/opensource/velero/velero v1.12.2 -> v1.12.3
- registry1.dso.mil/ironbank/opensource/velero/velero 1.12.2 -> 1.12.3
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.6.2 -> v0.6.3
- velero/velero-plugin-for-csi v0.6.2 -> v0.6.3
- velero/velero-restore-helper v1.12.2 -> v1.12.3
Thanos📜
- !3802: thanos update to 12.23.0-bb.2
# Changelog Updates
## [12.23.0-bb.2] - 2024-02-02
### Changed
- Updated gluon 0.4.8 for consumers to use custom scripts
## [12.23.0-bb.1] - 2024-02-01
### Changed
- Re-instated seLinuxOptions in SecurityContext fields
## [12.23.0-bb.0] - 2024-01-30
### Changed
- Updated chart version from 12.21.0 -> 12.23.0
- Updated Thanos from v0.33.0 -> v0.34.0
Known Issues📜
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.