Release Notes - 2.21.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.28.6 (RKE2).
Upgrade Notices📜
Twistlock:
- An upgrade to v32 of the Twistlock image is included in this release. You must be on version 31 (included last release) before upgrading to v32. Twistlock does not support >1
minor version upgrades.
Upgrades from previous releases📜
If coming from a version pre-2.20.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.20.0
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.19.6 Tetrate Istio Distro 1.20.2 |
1.19.6-bb.2 🔗 |
Istio Operator | Core | Istio Operator 1.19.6 Tetrate Istio Distro Operator 1.20.2 |
1.19.6-bb.0 |
Jaeger | Core | 1.53.0 |
2.50.1-bb.0 |
Kiali | Core | 1.78.0 |
1.78.0-bb.5 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.13 🔗 |
Gatekeeper | Core | 3.15.0 |
3.15.0-bb.0 🔗 |
Kyverno | Core | 1.11.4 |
3.1.4-bb.2 🔗 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.24 |
Kyverno Reporter | Core | 2.18.0 |
2.22.0-bb.0 🔗 |
Elasticsearch Kibana | Core | Kibana 8.12.1 Elasticsearch 8.12.1 |
1.10.0-bb.3 🔗 |
Eck Operator | Core | 2.11.1 |
2.11.1-bb.0 🔗 |
Fluentbit | Core | 2.2.2 |
0.43.0-bb.1 |
Promtail | Core | 2.9.4 |
6.15.5-bb.0 🔗 |
Loki | Core | 2.9.4 |
5.42.0-bb.5 🔗 |
Neuvector | Core | 5.2.2 |
2.6.3-bb.9 🔗 |
Tempo | Core | Tempo 2.3.0-ubi9 Tempo Query 2.3.1 |
1.7.1-bb.2 |
Monitoring | Core | Prometheus 2.49.1 Grafana 10.3.1 Alertmanager 0.26.0 |
56.2.1-bb.1 |
Grafana | Core | 10.3.1 |
7.3.0-bb.1 🔗 |
Twistlock | Core | 32.01.128 |
0.15.0-bb.0 🔗 |
Wrapper | Core | N / A | 0.4.5 🔗 |
Argocd | Addon | 2.9.4 |
5.53.1-bb.2 |
Authservice | Addon | 0.5.3 |
0.5.3-bb.28 |
Minio Operator | Addon | 5.0.12 |
5.0.12-bb.0 🔗 |
Minio | Addon | RELEASE.2024-02-09T21-25-16Z |
5.0.12-bb.1 🔗 |
Gitlab | Addon | 16.9.0 |
7.9.0-bb.0 🔗 |
Gitlab Runner | Addon | 16.6.0 |
0.59.1-bb.3 |
Nexus | Addon | 3.64.0-03 |
64.0.0-bb.0 |
Sonarqube | Addon | 9.9.3-community |
8.0.3-bb.2 🔗 |
Fortify | Addon | 23.2.0.0154 |
1.1.2320154-bb.1 |
Haproxy | Addon | 2.2.32 |
1.19.3-bb.3 |
Anchore Enterprise | Addon | Enterprise 4.9.3 Engine 1.1.0 |
1.27.4-bb.7 |
Mattermost Operator | Addon | 1.20.1 |
1.20.1-bb.1 🔗 |
Mattermost | Addon | 9.5.1 |
9.5.1-bb.0 🔗 |
Velero | Addon | 1.12.3 |
5.2.2-bb.0 |
Keycloak | Addon | 21.1.2 |
18.4.3-bb.13 🔗 |
Vault | Addon | 1.14.9 |
0.25.0-bb.14 🔗 |
Metrics Server | Addon | 0.6.4 |
3.11.0-bb.3 🔗 |
Harbor | Addon | 2.10.0 |
1.14.0-bb.2 🔗 |
Holocron | Addon | N / A | 1.0.0 |
Thanos | Addon | 0.34.0 |
12.23.0-bb.2 |
Changes in 2.21.0📜
Big Bang MRs📜
Istio Controlplane📜
- !3843: istio update to 1.19.6-bb.2
# Changelog Updates
## [1.19.6-bb.2] - 2024-02-12
### Added
- added postInstallHook.containerResources values for hook-job.yaml
Kiali📜
- !3828: kiali update to 1.78.0-bb.5
# Changelog Updates
## [1.78.0-bb.5] - 2024-02-07
### Changed
- Made outboundTrafficPolicy.mode in `Sidecar` configurable
## [1.78.0-bb.4] - 2024-02-02
### Added
- Added template to allow end users to define ServiceEntries for external hostnames/endpoints to add to the istio service registry.
- Updated creation of new istio resources to be reliant on the value of `.Values.istio.hardened.enabled`
## [1.78.0-bb.3] - 2024-01-30
### Added
- Added Istio Sidecar resource to restrict Egress to REGISTRY_ONLY
Cluster Auditor📜
- !3858: clusterAuditor update to 1.5.0-bb.13
# Changelog Updates
## [1.5.0-bb.13] - 2024-01-24
### Changed
- Updated gluon to 4.8; allow consumers to utilize custom scripts
Gatekeeper📜
# Changelog Updates
## [3.15.0-bb.0] - 2024-02-07
### Changed
- Updated gluon 0.4.7 -> 0.4.8
- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.14.0 -> v3.15.0
## [3.14.0-bb.8] - 2024-01-31
### Changed
- Updated `K8sPSPSeccomp` constraint to check for `spec.securityContext.seccompProfile.type` instead of `seccomp.security.alpha.kubernetes.io/pod` & `container.seccomp.security.alpha.kubernetes.io/[name]` as they were removed in Kubernetes 1.25
Kyverno📜
- !3863: kyverno update to 3.1.4-bb.2
# Changelog Updates
## [3.1.4-bb.2] - 2024-2-16
### Changed
- Added the resource limits for pre-delete and post-upgrade pods.
Kyverno Reporter📜
- !3835: kyvernoReporter update to 2.22.0-bb.0
# Changelog Updates
## [2.22.0-bb.0] - 2024-02-06
### Changed
- Updated upstream chart reference from `2.21.6` to `2.22.0`
- Updated image from to `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.17.5` to `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.18.0`
Elasticsearch Kibana📜
- !3862: SKIP UPGRADE elasticsearchKibana update to 1.10.0-bb.3
- !3854: elasticsearchKibana update to 1.10.0-bb.1
- !3840: elasticsearchKibana update to 1.10.0-bb.0
# Changelog Updates
## [1.10.0-bb.3] - 2024-02-19
### Fixed
- Fixed selector to allow the istio ingress gateway
## [1.10.0-bb.2] - 2024-02-19
### Added
- Added default principal from jaeger namespace to the list of allowed principals for the jaeger-es-index-templates
## [1.10.0-bb.1] - 2024-02-15
### Changed
- Updated the allow-all-in-namespace istio auth policy
## [1.10.0-bb.0] - 2024-02-07
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.12.0 to 8.12.1
- ironbank/elastic/kibana/kibana updated from 8.12.0 to 8.12.1
Eck Operator📜
- !3831: eckOperator update to 2.11.1-bb.0
# Changelog Updates
## [2.11.1-bb.0] - 2024-02-6
### Changed
Promtail📜
- !3844: Promtail update to 6.15.5-bb.0
# Changelog Updates
## [6.15.5-bb.0] - 2024-02-06
### Updated
- Updated ironbank/opensource/grafana/promtail v2.9.2 -> v2.9.4
- Updated registry1.dso.mil/ironbank/opensource/grafana/promtail v2.9.2 -> v2.9.4
- Updated chart version to 6.15.5
Loki📜
- !3845: minioOperator update to 5.0.12-bb.0
- !3836: loki update to 5.42.0-bb.5
- !3821: loki update to 5.42.0-bb.4
# Changelog Updates
## [5.42.0-bb.5] - 2024-02-08
### Changed
- Change testing to check for log data
## [5.42.0-bb.4] - 2024-02-06
### Changed
- Added testing to check for log data
Neuvector📜
- !3822: neuvector update to 2.6.3-bb.9
# Changelog Updates
## [2.6.3-bb.9] - 2024-02-06
### Changed
- Updated to Gluon 0.4.8
- Removed cypress config as it is now coming from Gluon
- Renamed cypress script file name
Grafana📜
# Changelog Updates
## [7.3.0-bb.1] - 2024-02-15
### Changed
- Updated the allow-all-in-namespace istio auth policy
## [7.3.0-bb.0] - 2024-02-09
### Added
- Updated chart base to 7.2.1 -> 7.3.0
- Updated grafana-plugins 10.2.3 -> 10.3.1
Twistlock📜
- !3838: twistlock update to 0.14.0-bb.2
- !3847: twistlock update to 0.15.0-bb.0
- !3832: twistlock update to 0.14.0-bb.1
# Changelog Updates
## [0.15.0-bb.0] - 2024-02-08
### Changed
- ironbank/twistlock/console/console updated from 31.03.103 to 32.01.128
- ironbank/twistlock/defender/defender updated from 31.03.103 to 32.01.128
## [0.14.0-bb.2] - 2024-02-08
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-ingress` policy
- Added istio `allow-tempo` policy
- Added istio `allow-defender-to-console-port` policy
- Added `allow-scraping` policy
- Added `allow-sidecar-scraping` policy
- Added istio custom policy template
## [0.14.0-bb.1] - 2024-02-08
### Changed
- Bumped default memory from 2Gi to 3Gi
- gluon updated from 0.4.7 to 0.4.8
Wrapper📜
- !3861: wrapper update to 0.4.5
# Changelog Updates
## [0.4.5] - 2024-02-14
### Changed
- Added istio `allow-intra-namespace` authorization policy
Minio Operator📜
- !3845: minioOperator update to 5.0.12-bb.0
# Changelog Updates
## [5.0.12-bb.0] - 2024-02-13
### Upgrade
- ironbank/opensource/minio/operator v5.0.11 -> v5.0.12
- registry1.dso.mil/ironbank/opensource/minio/operator v5.0.11 -> v5.0.12
## [5.0.11-bb.2] - 2024-02-09
### Upgrade
- Create authorization policy for minio namespace
- fix authorization policy for ingress gateways
Minio📜
- !3869: update the regex for minio to account for default tenant values
- !3819: updated minio git tag
- !3845: minioOperator update to 5.0.12-bb.0
- !3857: minio update to 5.0.12-bb.1
# Changelog Updates
## [5.0.12-bb.1] - 2024-02-13
### Changed
- Modified test-values.yaml to reduce pod creation, was causing issues with pipelines
## [5.0.12-bb.0] - 2024-02-13
### Changed
- Updated minio to `RELEASE.2024-02-09T21-25-16Z`
- Updated mc to `RELEASE.2024-02-09T22-18-24Z`
- Updated gluon to `0.4.8`
## [5.0.11-bb.6] - 2024-02-09
### Changed
- fixed ingress gateway authorization policy
## [5.0.11-bb.5] - 2024-02-06
### Changed
- Updated minio to `RELEASE.2024-02-04T22-36-13Z`
## [5.0.11-bb.4] - 2024-02-05
### Changed
- Updated minio to `RELEASE.2024-01-31T20-20-33Z`
- Updated mc to `RELEASE.2024-01-31T08-59-40Z`
## [5.0.11-bb.3] - 2024-01-23
### Changed
- Updated minio to `RELEASE.2024-01-18T22-51-28Z`
- Updated mc to `RELEASE.2024-01-18T07-03-39Z`
Gitlab📜
# Changelog Updates
## [7.9.0-bb.0] - 2024-02-20
### Changed (17 changes)
- Update GitLab to appVersion 16.9.0
- Update chart version 7.9.0
- Update ironbank/gitlab/gitlab/gitlab-webservice from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter from v1.57.0 to 1.58.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse from 16.8.1 to 16.9.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl from 16.8.1 to 16.9.0
Sonarqube📜
- !3813: sonarqube update to 8.0.3-bb.2
# Changelog Updates
## [8.0.3-bb.2] - 2024-02-05
* Updated postgresql12 image to 12.17
Mattermost Operator📜
- !3761: mattermostOperator update to 1.20.1-bb.1
# Changelog Updates
## [1.20.1-bb.1] - 2021-01-23
### Changed
- Added allow-intranet authorization policy
- Added allow-nothing authorization policy
- Added monitoring authorization policy
- Added custom authorization policy template
- Enabled Istio hardnening in test
- Moved the peer authentications
Mattermost📜
- !3866: mattermost update to 9.5.1-bb.0
- !3845: minioOperator update to 5.0.12-bb.0
- !3761: mattermostOperator update to 1.20.1-bb.1
- !3820: mattermost update to 9.4.2-bb.0
# Changelog Updates
## [9.5.1-bb.0] - 2024-02-20
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.4.2 to 9.5.1
- ironbank/opensource/postgres/postgresql12 updated from 12.17 to 12.18
- updated postgresql subchart to 10.3.5
- minio-instance updated from 5.0.11-bb.3 to 5.0.12-bb.1
- minio image updated from minio:RELEASE.2024-01-18T22-51-28Z to minio:RELEASE.2024-02-09T21-25-16Z
- mc image updated from 2024-01-18T07-03-39Z to RELEASE.2024-02-09T22-18-24Z
## [9.4.2-bb.1] - 2024-02-08
### Changed
- disabling the db probe init container if istio is hardened
## [9.4.2-bb.0] - 2024-02-07
### Changed
- registry1.dso.mil/ironbank/opensource/mattermost/mattermost v9.3.0 -> 9.4.2
- minio-instance updated from 5.0.11-bb.1 to 5.0.11-bb.3
- updated gluon form 0.4.5 to 0.4.7
- minio image updated from RELEASE.2023-11-20T22-40-07Z to RELEASE.2024-01-18T22-51-28Z
- mc image updated from RELEASE.2023-11-20T16-30-59Z to RELEASE.2024-01-18T07-03-39Z
## [9.3.0-bb.3] - 2024-02-02
### Updated
- allow-intranamespace authz policy added
- allow-nothing authz policy added
- monitoring authz policy added
- template authz policy added
Keycloak📜
- !3852: keycloak update to 18.4.3-bb.13
# Changelog Updates
## [18.4.3-bb.13] - 2024-02-14
### Updated
- Update Keycloak version to 21.1.2
## [18.4.3-bb.12] - 2024-01-16
### Updated
- Gluon update to 4.7
- Allow Customers to perform custom Cypress test scripts
Vault📜
- !3815: vault update to 0.25.0-bb.14
- !3794: vault update to 0.25.0-bb.12
- !3845: minioOperator update to 5.0.12-bb.0
- !3855: Resolve “Incomplete conditional formatting causes vault errors when istio is disabled”
- !3793: Wildcard implementation to harden all service accounts - vault + bug fix
# Changelog Updates
## [0.25.0-bb.14] - 2024-02-05
### Updated
- renamed allow-api-access policy
## [0.25.0-bb.13] - 2024-02-02
### Updated
- allow-api-access policy
## [0.25.0-bb.12] - 2024-02-02
### Updated
- Updated registry1.dso.mil/ironbank/hashicorp/vault 1.14.8 -> 1.14.9
## [0.25.0-bb.11] - 2024-01-18
### Updated
- allow-intranamespace policy
- allow-nothing-policy
- ingressgateway-authz-policy
- monitoring-authz-policy
- promtail-authz-policy
- template for adding user defined policies
- enabling hardening during testing
Metrics Server📜
- !3850: metricsServer update to 3.11.0-bb.3
# Changelog Updates
## [3.11.0-bb.3] - 2024-02-14
### Added
- Add `helmv3` to package managers and upgrade Gluon from 0.3.2 -> 0.4.8
Harbor📜
- !3860: harbor update to 1.14.0-bb.2
# Changelog Updates
## [1.14.0-bb.2] - 2024-02-15
### Fixed
- Fixed Prometheus Network Policy
Known Issues📜
- Twistlock Defender SecurityContext Capabilities bug: Twistlock Defender SecurityContext Capabilities bug
- Gitlab Runner ControlPlaneCidr passthrough issue: GitLab runner not passing control plane cidr
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.