Release Notes - 2.22.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.28.6 (RKE2).
Upgrade Notices📜
- BigBang - MR:
- Flux controller upgrades include:
- source-controller v1.2.2 to v1.2.4
- helm-controller v0.37.1 to v0.37.4
- notification-controller v1.2.3 to v1.2.4
- kustomize-controller v1.2.1 to v1.2.2
Upgrades from previous releases📜
If coming from a version pre-2.21.2
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.21.2
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.19.7 Tetrate Istio Distro 1.20.3 |
1.19.7-bb.0 🔗 |
Istio Operator | Core | Istio Operator 1.19.7 Tetrate Istio Distro Operator 1.20.3 |
1.19.7-bb.1 🔗 |
Jaeger | Core | 1.53.0 |
2.50.1-bb.0 |
Kiali | Core | 1.80.0 |
1.80.0-bb.0 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.14 |
Gatekeeper | Core | 3.15.0 |
3.15.0-bb.0 |
Kyverno | Core | 1.11.4 |
3.1.4-bb.2 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.25 🔗 |
Kyverno Reporter | Core | 2.18.0 |
2.22.0-bb.0 |
Elasticsearch Kibana | Core | Kibana 8.12.2 Elasticsearch 8.12.2 |
1.11.0-bb.0 🔗 |
Eck Operator | Core | 2.11.1 |
2.11.1-bb.0 |
Fluentbit | Core | 2.2.2 |
0.43.0-bb.1 |
Promtail | Core | 2.9.4 |
6.15.5-bb.0 |
Loki | Core | 2.9.4 |
5.42.0-bb.7 🔗 |
Neuvector | Core | 5.2.2 |
2.6.3-bb.9 |
Tempo | Core | Tempo 2.3.0-ubi9 Tempo Query 2.3.1 |
1.7.1-bb.3 🔗 |
Monitoring | Core | Prometheus 2.49.1 Grafana 10.3.1 Alertmanager 0.26.0 |
56.2.1-bb.3 🔗 |
Grafana | Core | 10.3.3 |
7.3.1-bb.0 🔗 |
Twistlock | Core | 32.01.128 |
0.15.0-bb.0 |
Wrapper | Core | N / A | 0.4.6 🔗 |
Argocd | Addon | 2.10.1 |
6.1.0-bb.2 |
Authservice | Addon | 0.5.3 |
0.5.3-bb.29 🔗 |
Minio Operator | Addon | 5.0.12 |
5.0.12-bb.0 |
Minio | Addon | RELEASE.2024-02-09T21-25-16Z |
5.0.12-bb.2 🔗 |
Gitlab | Addon | 16.9.1 |
7.9.1-bb.0 |
Gitlab Runner | Addon | 16.6.0 |
0.59.1-bb.3 |
Nexus | Addon | 3.65.0-02 |
65.0.0-bb.0 🔗 |
Sonarqube | Addon | 9.9.3-community |
8.0.3-bb.2 |
Fortify | Addon | 23.2.0.0154 |
1.1.2320154-bb.1 |
Haproxy | Addon | 2.2.32 |
1.19.3-bb.3 |
Anchore Enterprise | Addon | Enterprise 4.9.3 Engine 1.1.0 |
1.27.4-bb.7 |
Mattermost Operator | Addon | 1.20.1 |
1.20.1-bb.1 |
Mattermost | Addon | 9.5.1 |
9.5.1-bb.1 🔗 |
Velero | Addon | 1.12.3 |
5.2.2-bb.1 🔗 |
Keycloak | Addon | 21.1.2 |
18.4.3-bb.13 |
Vault | Addon | 1.14.9 |
0.25.0-bb.15 🔗 |
Metrics Server | Addon | 0.7.0 |
3.12.0-bb.0 🔗 |
Harbor | Addon | 2.10.0 |
1.14.0-bb.4 🔗 |
Holocron | Addon | N / A | 1.0.0 |
Thanos | Addon | 0.34.1 |
13.2.2-bb.0 🔗 |
Changes in 2.22.0📜
Big Bang MRs📜
- !3659: Update Flux
- !3894: Closing loophole in flux-system - statefulsets and deployments - automountserviceaccounttoken
- !3887: Container Hardening Team testing strategy for Big Bang image updates
Istio Controlplane📜
- !3873: istio update to 1.19.7-bb.0
# Changelog Updates
## [1.19.7-bb.0] - 2024-02-13
### Changed
- ironbank/opensource/istio/install-cni updated from 1.19.6 to 1.19.7
- ironbank/opensource/istio/pilot updated from 1.19.6 to 1.19.7
- ironbank/opensource/istio/proxyv2 updated from 1.19.6 to 1.19.7
- ironbank/tetrate/istio/install-cni updated from 1.20.2 to 1.20.3
- ironbank/tetrate/istio/pilot updated from 1.20.2 to 1.20.3
- ironbank/tetrate/istio/proxyv2 updated from 1.20.2 to 1.20.3
Istio Operator📜
- !3873: istio update to 1.19.7-bb.0
# Changelog Updates
## [1.19.7-bb.1] - 2024-1-12
### Added
- fix: adds runAs user and group
## [1.19.7-bb.0] - 2024-1-12
### Added
- Updated repo1 image to `1.19.7`
- Updated TID image to `1.20.3`
Kiali📜
- !3899: kiali update to 1.80.0-bb.0
# Changelog Updates
## [1.80.0-bb.0] - 2024-02-28
### Changed
- Updated kiali and kiali-operator images updated to v1.80.0
Kyverno Policies📜
- !3878: kyvernoPolicies update to 3.0.4-bb.25
# Changelog Updates
## [3.0.4-bb.25] - 2024-02-20
### Changed
- ironbank/opensource/kubernetes/kubectl updated from v1.28.6 to v1.28.7
- gluon chart updated from 0.3.1 to 0.4.8
Elasticsearch Kibana📜
- !3900: elasticsearchKibana update to 1.11.0-bb.0
# Changelog Updates
## [1.11.0-bb.0] - 2024-02-28
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.12.1 to 8.12.2
- ironbank/elastic/kibana/kibana updated from 8.12.1 to 8.12.2
## [1.10.0-bb.4] - 2024-02-21
### Changed
- Changed cypress test logic to (hopefully) be more reliable
Loki📜
- !3882: loki update to 5.42.0-bb.7
- !3867: closing loophole in monitoring/loki - statefulsets and deployments - automountserviceaccounttoken
- !3868: loki update to 5.42.0-bb.6
# Changelog Updates
## [5.42.0-bb.7] - 2024-02-20
### Fixed
- Fixed loki dashboard json UID
## [5.42.0-bb.6] - 2024-02-20
### Added
- Add support for fluentbit AuthPolicies
Tempo📜
- !3891: tempo update to 1.7.1-bb.3
# Changelog Updates
## [1.7.1-bb.3] - 2024-02-23
### Changed
- Added istio sidecar to set outboundTrafficPolicy to REGISTRY_ONLY
- Added customServiceEntries to explicitly allow egress for external hosts
- Updated kiali and monitoring authorizationPolicies to access Tempo
Monitoring📜
- !3895: monitoring update to 56.2.1-bb.2
# Changelog Updates
## [56.2.1-bb.3] - 2024-02-27
### Updated
- Updated CleanUpgrade, cleanupProxy, kubectlImage containers to support global.imageRegistry
## [56.2.1-bb.2] - 2024-02-26
### Updated
- Create PeerAuthentication exception for prometheus if more than one replica is set
Grafana📜
- !3867: closing loophole in monitoring/loki - statefulsets and deployments - automountserviceaccounttoken
- !3871: grafana update to 7.3.1-bb.0
# Changelog Updates
## [7.3.1-bb.0] - 2024-02-21
### Added
- Updated chart base to 7.3.0 -> 7.3.1
- Updated grafana-plugins 10.3.1 -> 10.3.3
- Updated k8s-sidecar 1.25.3 -> 1.25.4
Wrapper📜
- !3904: wrapper update to 0.4.6
# Changelog Updates
## [0.4.6] - 2024-02-27
### Changed
- Added support for multiple domains
- Removed value package.istio.hosts[*].domain
Authservice📜
- !3901: authservice update to 0.5.3-bb.29
# Changelog Updates
## [0.5.3-bb.29] - 2024-02-13
### Changed
- Added istio Sidecar and ServiceEntry resources
Minio📜
- !3872: minio update to 5.0.12-bb.2
# Changelog Updates
## [5.0.12-bb.2] - 2024-02-20
### Changed
- Updated Renovate to include helmv3
Nexus📜
- !3875: nexusRepositoryManager update to 65.0.0-bb.0
# Changelog Updates
## [65.0.0-bb.0] - 2024-02-19
### Changed
- Updated chart to version: 65.0.0-bb.0 | appVersion: 3.65.0-02
- registry1.dso.mil/ironbank/google/go-containerregistry/crane v0.17.0 -> v0.19.0
Mattermost📜
- !3886: mattermost update to 9.5.1-bb.1
# Changelog Updates
## [9.5.1-bb.1] - 2024-02-22
### Changed
- Updated renovate.json to account for gluon updates
Velero📜
- !3881: velero update to 5.2.2-bb.1
# Changelog Updates
## [5.2.2-bb.1] - 2024-02-08
### Added
- Added istio `allow-nothing` policy
- Added istio `monitoring-authz` policy
- Added istio `tempo-authz` policy
- Added istio `allow-http-envoy-prom` policy
- Added istio `allow-http` policy
- Added istio custom policy template
Vault📜
- !3879: vault update to 0.25.0-bb.15
# Changelog Updates
## [0.25.0-bb.15] - 2024-02-22
### Changed
- Updated to gluon to 4.8
Metrics Server📜
- !3898: metricsServer update to 3.12.0-bb.0
# Changelog Updates
## [3.12.0-bb.0] - 2024-02-23
### Added
- Update metrics-server v0.6.4 -> v0.7.0
- Update kubectl v1.28.4 -> v1.28.7
Harbor📜
- !3870: harbor update to 1.14.0-bb.3
# Changelog Updates
## [1.14.0-bb.4] - 2024-02-21
### Added
- Added istio `allow-nothing` policy
- Added istio `allow-ingress polic(y|ies)`
- Added istio `custom policy` template
- Added isito `allow-prometheus-scraping` policy
- Added istio `allow-namespace-wide-communication` policy
## [1.14.0-bb.3] - 2024-02-21
### Added
- Added port to Prometheus Network Policy for envoy status
Thanos📜
- !3914: Thanos exposed objstoreConfig removed in favor of values overrides
- !3877: thanos update to 13.2.2-bb.0
- !3864: Closing loophole in thanos - statefulsets and deployments - automountserviceaccounttoken
# Changelog Updates
## [13.2.2-bb.0] - 2024-02-22
### Upgraded
- Updated image `thanos` 0.34.0 -> 0.34.1 13.2.2-bb.0 for new chart version
- Updated chart `minio-instance` 5.0.10-bb.4 -> 5.0.11-bb.4 for new chart version
Known Issues📜
- Twistlock Defender SecurityContext Capabilities bug: Twistlock Defender SecurityContext Capabilities bug
- Gitlab Runner ControlPlaneCidr passthrough issue: GitLab runner not passing control plane cidr
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.