Skip to content

Release Notes - 2.20.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.27.6 (RKE2).

Upgrade Notices📜

Upgrades from previous releases📜

If coming from a version pre-2.19.2, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.19.2.

Packages📜

Package Type Package Version BB Version
Istio Controlplane Core Istio 1.19.6 Tetrate Istio Distro 1.20.2 1.19.6-bb.1
Istio Operator Core Istio Operator 1.19.6 Tetrate Istio Distro Operator 1.20.2 1.19.6-bb.0
Updated Jaeger Core 1.53.0 2.50.1-bb.0 🔗
Updated Kiali Core 1.78.0 1.78.0-bb.2 🔗
Cluster Auditor Core 0.0.7 1.5.0-bb.12
Updated Gatekeeper Core 3.14.0 3.14.0-bb.7 🔗
Updated Kyverno Core 1.11.4 3.1.4-bb.1 🔗
Updated Kyverno Policies Core 3.0.4 3.0.4-bb.24 🔗
Updated Kyverno Reporter Core 2.17.5 2.21.6-bb.2 🔗
Updated Elasticsearch Kibana Core Kibana 8.12.0 Elasticsearch 8.12.0 1.9.0-bb.3 🔗
Updated Eck Operator Core 2.11.0 2.11.0-bb.0 🔗
Updated Fluentbit Core 2.2.2 0.43.0-bb.1 🔗
Updated Promtail Core 2.9.2 6.15.3-bb.5 🔗
Updated Loki Core 2.9.4 5.42.0-bb.3 🔗
Neuvector Core 5.2.2 2.6.3-bb.8
Tempo Core Tempo 2.3.0-ubi9 Tempo Query 2.3.1 1.7.1-bb.2
Updated Monitoring Core Prometheus 2.49.1 Grafana 10.3.1 Alertmanager 0.26.0 56.2.1-bb.1 🔗
Updated Grafana Core 10.2.3 7.2.1-bb.5 🔗
Updated Twistlock Core 31.03.103 0.14.0-bb.0 🔗
Wrapper Core N / A 0.4.4
Argocd Addon 2.9.4 5.53.1-bb.2
Updated Authservice Addon 0.5.3 0.5.3-bb.28 🔗
Minio Operator Addon 5.0.11 5.0.11-bb.1
Minio Addon RELEASE.2023-11-20T22-40-07Z 5.0.11-bb.2
Updated Gitlab Addon 16.8.1 7.8.1-bb.2 🔗
Updated Gitlab Runner Addon 16.6.0 0.59.1-bb.3 🔗
Nexus Addon 3.64.0-03 64.0.0-bb.0
Updated Sonarqube Addon 9.9.3-community 8.0.3-bb.1 🔗
Updated Fortify Addon 23.2.0.0154 1.1.2320154-bb.1 🔗
Haproxy Addon 2.2.32 1.19.3-bb.3
Anchore Enterprise Addon Enterprise 4.9.3 Engine 1.1.0 1.27.4-bb.7
Mattermost Operator Addon 1.20.1 1.20.1-bb.0
Mattermost Addon 9.3.0 9.3.0-bb.2
Updated Velero Addon 1.12.3 5.2.2-bb.0 🔗
Keycloak Addon 21.1.1 18.4.3-bb.11
Vault Addon 1.14.8 0.25.0-bb.10
Metrics Server Addon 0.6.4 3.11.0-bb.2
Harbor Addon 2.10.0 1.14.0-bb.1
New Holocron BETA Addon N / A 1.0.0
Updated Thanos BETA Addon 0.34.0 12.23.0-bb.2 🔗

Changes in 2.20.0📜

Big Bang MRs📜

  • !3817: update root group and root user kyverno policies for gitlab runners
  • !3791: Refactor SA token for keycloak
  • !3790: Refactor SA Token for eck operator
  • !3787: Refactor SA for promtail
  • !3781: Add excluded namespaces for istio-injection
  • !3767: Update package integration docs + add steps
  • !3751: Resolve “Fix More Broken Links”
  • !3726: Resolve “Holocron”

Jaeger📜

  • !3735: jaeger update to 2.47.0-bb.4
# Changelog Updates

## [2.50.1-bb.0] - 2024-01-25
### Updated
- Upgrade chart to 2.50.1
- Upgrade images to 1.53.0

## [2.47.0-bb.4] - 2024-01-22
### Added
- Added support for Istio Authorization Policies

Kiali📜

  • !3745: Refactor earlier mutator implementations to use wildcard methodology - Kiali
# Changelog Updates

## [1.78.0-bb.2] - 2024-01-18
### Changed
- Updated gluon to 4.7 to allow consumers to utilize custom cypress scripts

Gatekeeper📜

  • !3732: gatekeeper update to 3.14.0-bb.6
  • !3754: gatekeeper update to 3.14.0-bb.7
# Changelog Updates

## [3.14.0-bb.7] - 2024-01-29
### Changed
- Added keys to `allowedSELinuxOptions` to fix policy violation on empty `seLinuxOptions` in `values.yaml`
- Removed duplicate `image` property in `values.yaml`

## [3.14.0-bb.6] - 2024-01-24
### Changed
- Added non-root securityContext to crd-cleanup containers

## [3.14.0-bb.5] - 2024-01-22
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.5 -> v1.28.6

## [3.14.0-bb.4] - 2024-01-12
### Changed
- Updated gluon 0.4.6 -> 0.4.7
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.4 -> v1.28.5

## [3.14.0-bb.3] - 2024-01-09
### Changed
- Updated gluon 0.4.4 -> 0.4.6
- Updated Chart appVersion to v3.14.0

## [3.14.0-bb.2] - 2023-12-11
### Changed
- Updating OSCAL Component File.

## [3.14.0-bb.1] - 2023-11-28
### Changed
- updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.3 -> v1.28.4

Kyverno📜

  • !3740: kyverno update to 3.1.4-bb.1
# Changelog Updates

## [3.1.4-bb.1] - 2024-1-26
### Changed
- Updated `kubectl` from `1.28.5` to `1.28.6`

Kyverno Policies📜

  • !3778: kyvernoPolicies update to 3.0.4-bb.24
  • !3748: kyvernoPolicies update to 3.0.4-bb.22
  • !3706: kyvernoPolicies update to 3.0.4-bb.19
# Changelog Updates

## [3.0.4-bb.24] - 2024-01-31
### Changed
- Updated allowed `sysctls` per Pod Security Standards

## [3.0.4-bb.23] - 2024-01-30
### Changed
- Fixed issue with kyverno policy related to wildcarding serviceAccounts in the automountServiceAccountToken clusterPolicy

## [3.0.4-bb.22] - 2024-01-29
### Changed
- Hardcoded annotation pod-policies.kyverno.io/autogen-controllers removed from disallowed-namespaces ClusterPolicy.
- Default value for {{.Values.autogenController}} set to none instead of empty string

## [3.0.4-bb.21] - 2024-01-26
### Changed
- Refactored PodsToHarden format

## [3.0.4-bb.20] - 2024-01-25
### Changed
- Fixed issue with kyverno policy related to wildcarding serviceAccounts in the automountServiceAccountToken clusterPolicy

## [3.0.4-bb.19] - 2024-01-19
### Changed
- ironbank/opensource/kubernetes/kubectl updated from v1.28.4 to v1.28.6
- ironbank/redhat/ubi/ubi9-minimal updated from 8.9 to 9.3

Kyverno Reporter📜

  • !3803: kyvernoReporter update to 2.21.6-bb.2
  • !3736: kyvernoReporter update to 2.21.6-bb.1
# Changelog Updates

## [2.21.6-bb.2] - 2024-02-02
### Changed
- Updated to Gluon 0.4.7
- Removed cypress config as it is now coming from gluon
- Updated cypress tests to use new shared commands from gluon

## [2.21.6-bb.1] - 2024-01-25
### Changed
- Changed cypress tests to work with version of Grafana

Elasticsearch Kibana📜

  • !3811: elasticsearchKibana update to 1.9.0-bb.3
  • !3772: Ek 102 fix hardening issue SKIP UPGRADE
# Changelog Updates

## [1.9.0-bb.3] - 2024-02-03
### Changed
- gluon updated from 0.4.7 to 0.4.8

## [1.9.0-bb.2] - 2024-02-02
### Changed
- Updated to Gluon 0.4.7
- Removed cypress config as it is now coming from Gluon

## [1.9.0-bb.1] - 2024-01-31
### Changed
- renaming authorization policies to avoid conflict with loki in the logging namespace

## [1.9.0-bb.0] - 2024-01-18
### Changed
- gluon updated from 0.4.6 to 0.4.7
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.11.3 to 8.12.0
- ironbank/elastic/kibana/kibana updated from 8.11.3 to 8.12.0

Eck Operator📜

  • !3729: eckOperator update to 2.11.0-bb.0
# Changelog Updates

## [2.11.0-bb.0] - 2024-01-24
### Changed
- Updated chart from 2.10.0 to 2.11.0

Fluentbit📜

  • !3788: Refactor SA for fluentbit
  • !3798: fluentbit update to 0.43.0-bb.1
# Changelog Updates

## [0.43.0-bb.1]
### Changed
- Updated configmap for custom Elasticsearch settings

Promtail📜

# Changelog Updates

Loki📜

  • !3810: loki update to 5.42.0-bb.3
  • !3769: Refactor Loki to use wildcards for Automount hardening on service accounts
  • !3773: loki update to 5.42.0-bb.1
  • !3771: loki update to 5.42.0-bb.0
  • !3705: loki update to 5.41.4-bb.5
# Changelog Updates

## [5.42.0-bb.3] - 2024-02-02
### Changed
- Updated loki to gluon 0.4.8

## [5.42.0-bb.2] - 2024-01-31
### Changed
- Renamed the authorization policies to prevent conflicts in the logging namespace

## [5.42.0-bb.1] - 2024-01-31
### Changed
- Changed loki commonConfig replication_factor to 1 from 3

## [5.42.0-bb.0] - 2024-01-30
### Upgrade
- docker.io/grafana/loki-canary 2.9.3 -> 2.9.4
- ironbank/opensource/grafana/loki 2.9.3 -> 2.9.4
- registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar 1.25.2 -> 1.25.3
- registry1.dso.mil/ironbank/opensource/grafana/loki 2.9.3 -> 2.9.4
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.4 -> v1.28.6

## [5.41.4-bb.5] - 2024-01-18
### Changed
- removed a restriction on the allow-intranet authorization policy

## [5.41.4-bb.3] - 2024-01-17
### Changed
- removed Istio.enabled from test-values

## [5.41.4-bb.2] - 2024-01-16
### Changed
- Istio.enabled as false in test-values
- Enabled istio hardening in tests

Monitoring📜

  • !3796: monitoring update to 56.2.1-bb.1
  • !3755: monitoring update to 56.2.1-bb.0
# Changelog Updates

## [56.2.1-bb.1] - 2024-02-02
### Updated
- Updated gluon to 4.8 to allow for custom scripts

## [56.2.1-bb.0] - 2024-01-29
### Updated
- Updated Monitoring chart from 56.0.3-bb.0 to 56.2.1-bb.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 10.2.3 -> 10.3.1
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader 0.71.0 -> v0.71.2
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.71.0 -> v0.71.2
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator 0.71.0 -> v0.71.2

Grafana📜

  • !3797: grafana update to 7.2.1-bb.5
# Changelog Updates

## [7.2.1-bb.5] - 2024-02-02
### Added
- Update Gluon to 0.4.8

## [7.2.1-bb.4] - 2024-01-29
### Added
- Added support for Istio Authorization Policies

Twistlock📜

  • !3816: added exception for non-root-group for twistlock job
  • !3739: twistlock update to 0.14.0-bb.0
# Changelog Updates

## [0.14.0-bb.0] - 2024-01-26
### Changed
- gluon updated from 0.4.6 to 0.4.7
- ironbank/twistlock/console/console updated from 30.02.123 to 31.03.103
- ironbank/twistlock/defender/defender updated from 30.02.123 to 31.03.103

Authservice📜

  • !3747: authservice update to 0.5.3-bb.28
# Changelog Updates

## [0.5.3-bb.28] - 2024-01-26
### Changed
- Updated redis chart to 18.7.1-bb.1

## [0.5.3-bb.27] - 2024-01-11
### Changed
- ironbank/bitnami/redis updated from 7.2.3 to 7.2.4

## [0.5.3-bb.26] - 2024-01-17
### Changed
- removed istio.enabled during testing

## [0.5.3-bb.25] - 2024-01-16
### Changed
- Disabled istio

Gitlab📜

  • !3667: Refactor Gitlab + Monitoring automountServiceAccountToken hardening for consistency
# Changelog Updates

## [7.8.0-bb.2] - 2024-01-31
### Changed

Gitlab Runner📜

  • !3724: gitlabRunner update to 0.59.1-bb.2
# Changelog Updates

## [0.59.1-bb.3] - 2024-01-31
### Changed
- Updated Gluon to 0.4.7
- Updated cypress to use shared commands from gluon
- Removed cypress config as it is now using shared config from gluon

## [0.59.1-bb.2] - 2024-01-23
### Changed
- fixing and consolidating gitlab-runner cypress tests

Sonarqube📜

  • !3715: sonarqube update to 8.0.3-bb.1
# Changelog Updates

## [8.0.3-bb.1] - 2024-01-16
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-monitoring` policy
- Added istio `allow-http` policy
- Added istio `allow-http-envoy` policy
- Added istio custom policy template

Fortify📜

  • !3695: fortify update to 1.1.2320154-bb.1
# Changelog Updates

## [1.1.2320154-bb.1] - 2024-01-16
### Changed
- Updated gluon to 0.4.7
- Removed cypress config as it is now coming from gluon
- Updated cypress test as it was doing configuration in addition to testing

Velero📜

  • !3770: velero update to 5.2.2-bb.0
  • !3764: Refactor earlier mutator implementations to use wildcard methodology - Velero
# Changelog Updates

## [5.2.2-bb.0] - 2024-01-31
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.4 -> v1.28.6
- registry1.dso.mil/ironbank/opensource/velero/velero v1.12.2 -> v1.12.3
- registry1.dso.mil/ironbank/opensource/velero/velero 1.12.2 -> 1.12.3
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.6.2 -> v0.6.3
- velero/velero-plugin-for-csi v0.6.2 -> v0.6.3
- velero/velero-restore-helper v1.12.2 -> v1.12.3

Thanos📜

  • !3802: thanos update to 12.23.0-bb.2
# Changelog Updates

## [12.23.0-bb.2] - 2024-02-02
### Changed
- Updated gluon 0.4.8 for consumers to use custom scripts

## [12.23.0-bb.1] - 2024-02-01
### Changed
- Re-instated seLinuxOptions in SecurityContext fields

## [12.23.0-bb.0] - 2024-01-30
### Changed
- Updated chart version from 12.21.0 -> 12.23.0
- Updated Thanos from v0.33.0 -> v0.34.0

Known Issues📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.