Skip to content

Release Notes - 2.21.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.28.6 (RKE2).

Upgrade Notices📜

Twistlock: - An upgrade to v32 of the Twistlock image is included in this release. You must be on version 31 (included last release) before upgrading to v32. Twistlock does not support >1 minor version upgrades.

Upgrades from previous releases📜

If coming from a version pre-2.20.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.20.0.

Packages📜

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.19.6 Tetrate Istio Distro 1.20.2 1.19.6-bb.2 🔗
Istio Operator Core Istio Operator 1.19.6 Tetrate Istio Distro Operator 1.20.2 1.19.6-bb.0
Jaeger Core 1.53.0 2.50.1-bb.0
Updated Kiali Core 1.78.0 1.78.0-bb.5 🔗
Updated Cluster Auditor Core 0.0.7 1.5.0-bb.13 🔗
Updated Gatekeeper Core 3.15.0 3.15.0-bb.0 🔗
Updated Kyverno Core 1.11.4 3.1.4-bb.2 🔗
Kyverno Policies Core 3.0.4 3.0.4-bb.24
Updated Kyverno Reporter Core 2.18.0 2.22.0-bb.0 🔗
Updated Elasticsearch Kibana Core Kibana 8.12.1 Elasticsearch 8.12.1 1.10.0-bb.3 🔗
Updated Eck Operator Core 2.11.1 2.11.1-bb.0 🔗
Fluentbit Core 2.2.2 0.43.0-bb.1
Updated Promtail Core 2.9.4 6.15.5-bb.0 🔗
Updated Loki Core 2.9.4 5.42.0-bb.5 🔗
Updated Neuvector Core 5.2.2 2.6.3-bb.9 🔗
Tempo Core Tempo 2.3.0-ubi9 Tempo Query 2.3.1 1.7.1-bb.2
Monitoring Core Prometheus 2.49.1 Grafana 10.3.1 Alertmanager 0.26.0 56.2.1-bb.1
Updated Grafana Core 10.3.1 7.3.0-bb.1 🔗
Updated Twistlock Core 32.01.128 0.15.0-bb.0 🔗
Updated Wrapper Core N / A 0.4.5 🔗
Argocd Addon 2.9.4 5.53.1-bb.2
Authservice Addon 0.5.3 0.5.3-bb.28
Updated Minio Operator Addon 5.0.12 5.0.12-bb.0 🔗
Updated Minio Addon RELEASE.2024-02-09T21-25-16Z 5.0.12-bb.1 🔗
Updated Gitlab Addon 16.9.0 7.9.0-bb.0 🔗
Gitlab Runner Addon 16.6.0 0.59.1-bb.3
Nexus Addon 3.64.0-03 64.0.0-bb.0
Updated Sonarqube Addon 9.9.3-community 8.0.3-bb.2 🔗
Fortify Addon 23.2.0.0154 1.1.2320154-bb.1
Haproxy Addon 2.2.32 1.19.3-bb.3
Anchore Enterprise Addon Enterprise 4.9.3 Engine 1.1.0 1.27.4-bb.7
Updated Mattermost Operator Addon 1.20.1 1.20.1-bb.1 🔗
Updated Mattermost Addon 9.5.1 9.5.1-bb.0 🔗
Velero Addon 1.12.3 5.2.2-bb.0
Updated Keycloak Addon 21.1.2 18.4.3-bb.13 🔗
Updated Vault Addon 1.14.9 0.25.0-bb.14 🔗
Updated Metrics Server Addon 0.6.4 3.11.0-bb.3 🔗
Updated Harbor Addon 2.10.0 1.14.0-bb.2 🔗
Holocron BETA Addon N / A 1.0.0
Thanos BETA Addon 0.34.0 12.23.0-bb.2

Changes in 2.21.0📜

Big Bang MRs📜

  • !3859: Added documentation for Cypress
  • !3825: update local script to 1.28

Istio Controlplane📜

  • !3843: istio update to 1.19.6-bb.2
# Changelog Updates

## [1.19.6-bb.2] - 2024-02-12
### Added
- added postInstallHook.containerResources values for hook-job.yaml

Kiali📜

  • !3828: kiali update to 1.78.0-bb.5
# Changelog Updates

## [1.78.0-bb.5] - 2024-02-07
### Changed
- Made outboundTrafficPolicy.mode in `Sidecar` configurable

## [1.78.0-bb.4] - 2024-02-02
### Added
- Added template to allow end users to define ServiceEntries for external hostnames/endpoints to add to the istio service registry.
- Updated creation of new istio resources to be reliant on the value of `.Values.istio.hardened.enabled`

## [1.78.0-bb.3] - 2024-01-30
### Added
- Added Istio Sidecar resource to restrict Egress to REGISTRY_ONLY

Cluster Auditor📜

  • !3858: clusterAuditor update to 1.5.0-bb.13
# Changelog Updates

## [1.5.0-bb.13] - 2024-01-24
### Changed
- Updated gluon to 4.8; allow consumers to utilize custom scripts

Gatekeeper📜

  • !3827: gatekeeper update to 3.15.0-bb.0
  • !3826: gatekeeper update to 3.14.0-bb.8
# Changelog Updates

## [3.15.0-bb.0] - 2024-02-07
### Changed
- Updated gluon 0.4.7 -> 0.4.8
- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.14.0 -> v3.15.0

## [3.14.0-bb.8] - 2024-01-31
### Changed
- Updated `K8sPSPSeccomp` constraint to check for `spec.securityContext.seccompProfile.type` instead of `seccomp.security.alpha.kubernetes.io/pod` & `container.seccomp.security.alpha.kubernetes.io/[name]` as they were removed in Kubernetes 1.25

Kyverno📜

  • !3863: kyverno update to 3.1.4-bb.2
# Changelog Updates

## [3.1.4-bb.2] - 2024-2-16
### Changed
- Added the resource limits for pre-delete and post-upgrade pods.

Kyverno Reporter📜

  • !3835: kyvernoReporter update to 2.22.0-bb.0
# Changelog Updates

## [2.22.0-bb.0] - 2024-02-06
### Changed
- Updated upstream chart reference from `2.21.6` to `2.22.0`
- Updated image from to `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.17.5` to `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.18.0`

Elasticsearch Kibana📜

  • !3862: SKIP UPGRADE elasticsearchKibana update to 1.10.0-bb.3
  • !3854: elasticsearchKibana update to 1.10.0-bb.1
  • !3840: elasticsearchKibana update to 1.10.0-bb.0
# Changelog Updates

## [1.10.0-bb.3] - 2024-02-19
### Fixed
- Fixed selector to allow the istio ingress gateway

## [1.10.0-bb.2] - 2024-02-19
### Added
- Added default principal from jaeger namespace to the list of allowed principals for the jaeger-es-index-templates

## [1.10.0-bb.1] - 2024-02-15
### Changed
- Updated the allow-all-in-namespace istio auth policy

## [1.10.0-bb.0] - 2024-02-07
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.12.0 to 8.12.1
- ironbank/elastic/kibana/kibana updated from 8.12.0 to 8.12.1

Eck Operator📜

  • !3831: eckOperator update to 2.11.1-bb.0
# Changelog Updates

## [2.11.1-bb.0] - 2024-02-6
### Changed

Promtail📜

  • !3844: Promtail update to 6.15.5-bb.0
# Changelog Updates

## [6.15.5-bb.0] - 2024-02-06
### Updated
- Updated ironbank/opensource/grafana/promtail v2.9.2 -> v2.9.4
- Updated registry1.dso.mil/ironbank/opensource/grafana/promtail v2.9.2 -> v2.9.4
- Updated chart version to 6.15.5

Loki📜

  • !3845: minioOperator update to 5.0.12-bb.0
  • !3836: loki update to 5.42.0-bb.5
  • !3821: loki update to 5.42.0-bb.4
# Changelog Updates

## [5.42.0-bb.5] - 2024-02-08
### Changed
- Change testing to check for log data

## [5.42.0-bb.4] - 2024-02-06
### Changed
- Added testing to check for log data

Neuvector📜

  • !3822: neuvector update to 2.6.3-bb.9
# Changelog Updates

## [2.6.3-bb.9] - 2024-02-06
### Changed
- Updated to Gluon 0.4.8
- Removed cypress config as it is now coming from Gluon
- Renamed cypress script file name

Grafana📜

  • !3853: grafana update to 7.3.0-bb.1
  • !3848: grafana update to 7.3.0-bb.0
# Changelog Updates

## [7.3.0-bb.1] - 2024-02-15
### Changed
- Updated the allow-all-in-namespace istio auth policy

## [7.3.0-bb.0] - 2024-02-09
### Added
- Updated chart base to 7.2.1 -> 7.3.0
- Updated grafana-plugins 10.2.3 -> 10.3.1

Twistlock📜

  • !3838: twistlock update to 0.14.0-bb.2
  • !3847: twistlock update to 0.15.0-bb.0
  • !3832: twistlock update to 0.14.0-bb.1
# Changelog Updates

## [0.15.0-bb.0] - 2024-02-08
### Changed
- ironbank/twistlock/console/console updated from 31.03.103 to 32.01.128
- ironbank/twistlock/defender/defender updated from 31.03.103 to 32.01.128

## [0.14.0-bb.2] - 2024-02-08
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-ingress` policy
- Added istio `allow-tempo` policy
- Added istio `allow-defender-to-console-port` policy
- Added `allow-scraping` policy
- Added `allow-sidecar-scraping` policy
- Added istio custom policy template

## [0.14.0-bb.1] - 2024-02-08
### Changed
- Bumped default memory from 2Gi to 3Gi
- gluon updated from 0.4.7 to 0.4.8

Wrapper📜

  • !3861: wrapper update to 0.4.5
# Changelog Updates

## [0.4.5] - 2024-02-14
### Changed
- Added istio `allow-intra-namespace` authorization policy

Minio Operator📜

  • !3845: minioOperator update to 5.0.12-bb.0
# Changelog Updates

## [5.0.12-bb.0] - 2024-02-13
### Upgrade
- ironbank/opensource/minio/operator v5.0.11 -> v5.0.12
- registry1.dso.mil/ironbank/opensource/minio/operator v5.0.11 -> v5.0.12

## [5.0.11-bb.2] - 2024-02-09
### Upgrade
- Create authorization policy for minio namespace
- fix authorization policy for ingress gateways

Minio📜

  • !3869: update the regex for minio to account for default tenant values
  • !3819: updated minio git tag
  • !3845: minioOperator update to 5.0.12-bb.0
  • !3857: minio update to 5.0.12-bb.1
# Changelog Updates

## [5.0.12-bb.1] - 2024-02-13
### Changed
- Modified test-values.yaml to reduce pod creation, was causing issues with pipelines

## [5.0.12-bb.0] - 2024-02-13
### Changed
- Updated minio to `RELEASE.2024-02-09T21-25-16Z`
- Updated mc to `RELEASE.2024-02-09T22-18-24Z`
- Updated gluon to `0.4.8`

## [5.0.11-bb.6] - 2024-02-09
### Changed
- fixed ingress gateway authorization policy

## [5.0.11-bb.5] - 2024-02-06
### Changed
- Updated minio to `RELEASE.2024-02-04T22-36-13Z`

## [5.0.11-bb.4] - 2024-02-05
### Changed
- Updated minio to `RELEASE.2024-01-31T20-20-33Z`
- Updated mc to `RELEASE.2024-01-31T08-59-40Z`

## [5.0.11-bb.3] - 2024-01-23
### Changed
- Updated minio to `RELEASE.2024-01-18T22-51-28Z`
- Updated mc to `RELEASE.2024-01-18T07-03-39Z`

Gitlab📜

  • !3876: gitlab update to 7.9.0-bb.0
  • !3842: feat: configure gitlab groups from external oidc groups
# Changelog Updates

## [7.9.0-bb.0] - 2024-02-20
### Changed (17 changes)
- Update GitLab to appVersion 16.9.0
- Update chart version 7.9.0
- Update ironbank/gitlab/gitlab/gitlab-webservice from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter from v1.57.0 to 1.58.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl from 16.8.1 to 16.9.0

Sonarqube📜

  • !3813: sonarqube update to 8.0.3-bb.2
# Changelog Updates

## [8.0.3-bb.2] - 2024-02-05
* Updated postgresql12 image to 12.17

Mattermost Operator📜

  • !3761: mattermostOperator update to 1.20.1-bb.1
# Changelog Updates

## [1.20.1-bb.1] - 2021-01-23
### Changed
- Added allow-intranet authorization policy
- Added allow-nothing authorization policy
- Added monitoring authorization policy
- Added custom authorization policy template
- Enabled Istio hardnening in test
- Moved the peer authentications

Mattermost📜

  • !3866: mattermost update to 9.5.1-bb.0
  • !3845: minioOperator update to 5.0.12-bb.0
  • !3761: mattermostOperator update to 1.20.1-bb.1
  • !3820: mattermost update to 9.4.2-bb.0
# Changelog Updates

## [9.5.1-bb.0] - 2024-02-20
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.4.2 to 9.5.1
- ironbank/opensource/postgres/postgresql12 updated from 12.17 to 12.18
- updated postgresql subchart to 10.3.5
- minio-instance updated from 5.0.11-bb.3 to 5.0.12-bb.1
- minio image updated from minio:RELEASE.2024-01-18T22-51-28Z to minio:RELEASE.2024-02-09T21-25-16Z
- mc image updated from 2024-01-18T07-03-39Z to RELEASE.2024-02-09T22-18-24Z

## [9.4.2-bb.1] - 2024-02-08
### Changed
- disabling the db probe init container if istio is hardened

## [9.4.2-bb.0] - 2024-02-07
### Changed
- registry1.dso.mil/ironbank/opensource/mattermost/mattermost v9.3.0 -> 9.4.2
- minio-instance updated from 5.0.11-bb.1 to 5.0.11-bb.3
- updated gluon form 0.4.5 to 0.4.7
- minio image updated from RELEASE.2023-11-20T22-40-07Z to RELEASE.2024-01-18T22-51-28Z
- mc image updated from RELEASE.2023-11-20T16-30-59Z to RELEASE.2024-01-18T07-03-39Z

## [9.3.0-bb.3] - 2024-02-02
### Updated
- allow-intranamespace authz policy added
- allow-nothing authz policy added
- monitoring authz policy added
- template authz policy added

Keycloak📜

  • !3852: keycloak update to 18.4.3-bb.13
# Changelog Updates

## [18.4.3-bb.13] - 2024-02-14
### Updated
- Update Keycloak version to 21.1.2

## [18.4.3-bb.12] - 2024-01-16
### Updated
- Gluon update to 4.7
- Allow Customers to perform custom Cypress test scripts

Vault📜

  • !3815: vault update to 0.25.0-bb.14
  • !3794: vault update to 0.25.0-bb.12
  • !3845: minioOperator update to 5.0.12-bb.0
  • !3855: Resolve “Incomplete conditional formatting causes vault errors when istio is disabled”
  • !3793: Wildcard implementation to harden all service accounts - vault + bug fix
# Changelog Updates

## [0.25.0-bb.14] - 2024-02-05
### Updated
- renamed allow-api-access policy

## [0.25.0-bb.13] - 2024-02-02
### Updated
- allow-api-access policy

## [0.25.0-bb.12] - 2024-02-02
### Updated
- Updated registry1.dso.mil/ironbank/hashicorp/vault 1.14.8 -> 1.14.9

## [0.25.0-bb.11] - 2024-01-18
### Updated
- allow-intranamespace policy
- allow-nothing-policy
- ingressgateway-authz-policy
- monitoring-authz-policy
- promtail-authz-policy
- template for adding user defined policies
- enabling hardening during testing

Metrics Server📜

  • !3850: metricsServer update to 3.11.0-bb.3
# Changelog Updates

## [3.11.0-bb.3] - 2024-02-14
### Added
- Add `helmv3` to package managers and upgrade Gluon from 0.3.2 -> 0.4.8

Harbor📜

  • !3860: harbor update to 1.14.0-bb.2
# Changelog Updates

## [1.14.0-bb.2] - 2024-02-15
### Fixed
- Fixed Prometheus Network Policy

Known Issues📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.