Release Notes - 2.24.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.28.6 (RKE2).
Upgrade Notices📜
-
- Grafana pods may need to be manually deleted and restarted so that it pulls in the new configmap with the correct dashboard json changes.
-
-
This release sets Grafana ini setting
security.angular_support_enabled = false
to not load which will auto-migrate dashboards to their new counterparts. This setting will be permanent starting in v11. -
https://grafana.com/docs/grafana/latest/developers/angular_deprecation/
-
Upgrades from previous releases📜
If coming from a version pre-2.23.1
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.23.1
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.20.4 Tetrate Istio Distro 1.20.4 |
1.20.4-bb.1 🔗 |
Istio Operator | Core | Istio Operator 1.20.4 Tetrate Istio Distro Operator 1.20.4 |
1.20.4-bb.0 🔗 |
Jaeger | Core | 1.53.0 |
2.50.1-bb.0 |
Kiali | Core | 1.82.0 |
1.82.0-bb.0 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.14 |
Gatekeeper | Core | 3.15.0 |
3.15.0-bb.0 |
Kyverno | Core | 1.11.4 |
3.1.4-bb.4 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.28 🔗 |
Kyverno Reporter | Core | 2.18.0 |
2.22.4-bb.1 🔗 |
Elasticsearch Kibana | Core | Kibana 8.12.2 Elasticsearch 8.12.2 |
1.11.0-bb.1 🔗 |
Eck Operator | Core | 2.12.1 |
2.12.1-bb.0 🔗 |
Fluentbit | Core | 2.2.2 |
0.43.0-bb.4 🔗 |
Promtail | Core | 2.9.4 |
6.15.5-bb.3 🔗 |
Loki | Core | 2.9.4 |
5.42.0-bb.11 🔗 |
Neuvector | Core | 5.3.0 |
2.6.3-bb.17 🔗 |
Tempo | Core | Tempo 2.3.0-ubi9 Tempo Query 2.3.1 |
1.7.1-bb.3 |
Monitoring | Core | Prometheus 2.50.1 Grafana 10.4.0 Alertmanager 0.27.0 |
57.0.3-bb.2 🔗 |
Grafana | Core | 10.4.0 |
7.3.7-bb.1 🔗 |
Twistlock | Core | 32.01.128 |
0.15.0-bb.4 🔗 |
Wrapper | Core | N / A | 0.4.6 |
Argocd | Addon | 2.10.3 |
6.7.2-bb.1 |
Authservice | Addon | 1.0.0 |
1.0.0-bb.0 🔗 |
Minio Operator | Addon | 5.0.14 |
5.0.14-bb.0 🔗 |
Minio | Addon | RELEASE.2024-03-26T22-10-45Z |
5.0.12-bb.8 🔗 |
Gitlab | Addon | 16.10.1 |
7.10.1-bb.0 🔗 |
Gitlab Runner | Addon | 16.9.0 |
0.62.0-bb.0 🔗 |
Nexus | Addon | 3.66.0-02 |
66.0.0-bb.0 🔗 |
Sonarqube | Addon | 9.9.4-community |
8.0.4-bb.0 |
Fortify | Addon | 23.2.0.0154 |
1.1.2320154-bb.3 🔗 |
Haproxy | Addon | 2.2.32 |
1.19.3-bb.4 |
Anchore Enterprise | Addon | 4.9.3 |
2.0.2-bb.1 |
Mattermost Operator | Addon | 1.21.0 |
1.21.0-bb.0 🔗 |
Mattermost | Addon | 9.6.0 |
9.6.0-bb.0 🔗 |
Velero | Addon | 1.13.1 |
6.0.0-bb.1 🔗 |
Keycloak | Addon | 23.0.7 |
23.0.7-bb.2 |
Vault | Addon | 1.14.10 |
0.25.0-bb.20 🔗 |
Metrics Server | Addon | 0.7.0 |
3.12.0-bb.1 |
Harbor | Addon | 2.10.0 |
1.14.0-bb.6 |
Holocron | Addon | N / A | 1.0.2 |
Thanos | Addon | 0.34.1 |
13.2.2-bb.2 🔗 |
Changes in 2.24.0📜
Big Bang MRs📜
- !4081: Cypress blog post
- !4075: Fixing comments on fortify
- !4061: Ensuring ingress-certs is a documented rec override
- !4025: Update docs to reflect that Kyverno is Default Policy Engine
- !4031: adding istio hardened to the docs
- !4029: fixing more home home duplications
- !4028: Home home docs fix
Istio Controlplane📜
- !4103: istio update to 1.20.4-bb.1
# Changelog Updates
## [1.20.4-bb.1] - 2024-04-04
### Fixed
- Upgrade new istio dashboards to fix "Prometheus" vs "prometheus" datasource issue
## [1.20.4-bb.0] - 2024-03-25
### Changed
- ironbank/opensource/istio/install-cni updated from 1.19.7 to 1.20.4
- ironbank/opensource/istio/pilot updated from 1.19.7 to 1.20.4
- ironbank/opensource/istio/proxyv2 updated from 1.19.7 to 1.20.4
- ironbank/tetrate/istio/install-cni updated from 1.20.3 to 1.20.4
- ironbank/tetrate/istio/pilot updated from 1.20.3 to 1.20.4
- ironbank/tetrate/istio/proxyv2 updated from 1.20.3 to 1.20.4
Istio Operator📜
- !4041: istioOperator update to 1.20.4-bb.0
# Changelog Updates
## [1.20.4-bb.0] - 2024-3-25
### Changed
- Updated repo1 image to `1.20.4`
- Updated TID image to `1.20.4`
Kiali📜
- !4079: kiali update to 1.82.0-bb.0
- !3974: kiali update to 1.80.0-bb.2
- !4040: kiali update to 1.81.0-bb.0
# Changelog Updates
## [1.82.0-bb.0] - 2024-04-01
### Changed
- Updated Kiali to v1.82.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.82.0
## [1.81.0-bb.0] - 2024-03-14
### Changed
- Updated Kiali to v1.81.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.81.0
## [1.80.0-bb.2] - 2024-03-13
### Added
- Added allow-intranamespace policy
- Added allow-nothing-policy
- Added ingressgateway-authz-policy
- Added monitoring-authz-policy
- Added template for adding user defined policies
Kyverno Policies📜
- !4022: kyvernoPolicies update to 3.0.4-bb.28
# Changelog Updates
## [3.0.4-bb.28] - 2024-03-20
### Changed
- Ensuring `kube-system` namespace is excluded from policy action
Kyverno Reporter📜
- !4056: kyvernoReporter update to 2.22.4-bb.1
# Changelog Updates
## [2.22.4-bb.1] - 2024-03-27
### Changed
- Changed 01-prometheus.cy.js to wait before the test handle early network errors on cypress tests
Elasticsearch Kibana📜
- !4065: Fix dig command in Loki and eckOperator to disable istio hardening
- !4076: eckOperator update to 2.12.1-bb.0
- !4000: eckOperator update to 2.11.1-bb.1
- !4001: elasticsearchKibana update to 1.11.0-bb.1
# Changelog Updates
## [1.11.0-bb.1] - 2024-03-12
### Changed
- Add egress whitelist
Eck Operator📜
# Changelog Updates
## [2.12.1-bb.0] - 2024-03-29
### Changed
- Updated eck-operator chart from 2.11.1 to 2.12.1
- Adopted new metrics port configuration
## [2.11.1-bb.1] - 2024-03-12
### Changed
- Add egress whitelist
Fluentbit📜
- !4065: Fix dig command in Loki and eckOperator to disable istio hardening
- !4076: eckOperator update to 2.12.1-bb.0
- !4000: eckOperator update to 2.11.1-bb.1
- !4001: elasticsearchKibana update to 1.11.0-bb.1
- !4020: fluentbit update to 0.43.0-bb.4
- !4002: fluentbit update to 0.43.0-bb.3
# Changelog Updates
## [0.43.0-bb.4]
### Changed
- Use help functions for sidecar label
## [0.43.0-bb.3]
### Changed
- Adding Sidecar to deny egress that is external to istio services
- Adding customServiceEntries to allow egress to override sidecar
Promtail📜
- !4015: promtail update to 6.15.5-bb.3
# Changelog Updates
## [6.15.5-bb.3] - 2024-03-08
### Changed
- Adding Sidecar to deny egress that is external to istio services
- Adding customServiceEntries to allow egress to override sidecar
Loki📜
- !4065: Fix dig command in Loki and eckOperator to disable istio hardening
- !4073: loki update to 5.42.0-bb.11
# Changelog Updates
## [5.42.0-bb.11] - 2024-03-29
### Added
- Add drop all capabilities to minio
Neuvector📜
- !4033: neuvector update to 2.6.3-bb.17
- !4019: Revert neuvector upgrade
- !4008: neuvector update to 2.6.3-bb.15
# Changelog Updates
## [2.6.3-bb.17] - 2024-03-22
### Changed
- Adding the monitoring authorization policy
## [2.6.3-bb.16] - 2024-03-21
### Changed
- Changed uid:gid to 1001:1001 for monitor.prometheus-exporter image to allow python package visibility
## [2.6.3-bb.15] - 2024-03-19
### Changed
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/controller from 5.2.2 to 5.3.0
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/enforcer from 5.2.2 to 5.3.0
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/manager from 5.2.2 to 5.3.0
- Updated Cypress tests
Monitoring📜
- !4085: monitoring update to 57.0.3-bb.2
- !4077: monitoring update to 57.0.3-bb.1
- !4019: Revert neuvector upgrade
# Changelog Updates
## [57.0.3-bb.2] - 2024-04-02
### Updated
- Updated admissionWebhooks containers to support global.imageRegistry
## [57.0.3-bb.1] - 2024-03-27
### Updated
- Added istio Sidecar and ServiceEntry resources
## [57.0.3-bb.0] - 2024-03-20
### Updated
- Updated chart 56.2.1 -> 57.0.3
- Updated grafana-plugins 10.3.1 -> 10.4.0
- Updated k8s-sidecar 1.25.3 -> 1.26.1
- Updated kubectl v1.28.6 -> v1.28.8
- Updated prometheus-config-reloader v0.71.2 -> v0.72.0
- Updated prometheus-operator v0.71.2 -> v0.72.0
- Updated alertmanager v0.26.0 -> v0.27.0
- Updated prometheus v2.49.1 -> v2.50.1
- Updated thanos v0.33.0 -> v0.34.1
- Updated bats v1.10.0 -> v1.11.0
## [56.2.1-bb.10] - 2024-03-08
### Updated
- Openshift update for deploying Monitoring into Openshift cluster
Grafana📜
# Changelog Updates
## [7.3.7-bb.1] - 2024-03-29
### Changed
- Updating dashboards and sync script from upstream kube-prometheus-stack chart
## [7.3.7-bb.0] - 2024-03-19
### Changed
- Updated chart base to 7.3.1 -> 7.3.7
- Updated grafana-plugins 10.3.3 -> 10.4.0
- Updated k8s-sidecar 1.25.4 -> 1.26.1
Twistlock📜
# Changelog Updates
## [0.15.0-bb.4] - 2024-03-29
### Changed
- Updated resources values for defender to match and follow Guaranteed QoS
## [0.15.0-bb.3] - 2024-03-13
### Changed
- Added Istio Sidecar to restrict egress traffic to REGISTRY_ONLY
- Added Istio ServiceEntry to explicitly allow egress
Authservice📜
- !4057: authservice update to 1.0.0-bb.0
# Changelog Updates
## [1.0.0-bb.0] - 2024-03-27
### Changed
- Updated authservice to 1.0.0
Minio Operator📜
# Changelog Updates
## [5.0.14-bb.0] - 2024-03-20
### Upgrade
- ironbank/opensource/minio/operator v5.0.13 -> v5.0.14
- registry1.dso.mil/ironbank/opensource/minio/operator v5.0.13 -> v5.0.14
## [5.0.13-bb.0] - 2024-03-15
### Upgrade
- ironbank/opensource/minio/operator v5.0.12 -> v5.0.13
- registry1.dso.mil/ironbank/opensource/minio/operator v5.0.12 -> v5.0.13
## [5.0.12-bb.4] - 2024-03-15
### Upgrade
- fixing and updating the minio authz policy
Minio📜
- !4074: minio update to 5.0.12-bb.8
- !4052: minio update to 5.0.12-bb.6
- !4035: minioOperator update to 5.0.14-bb.0
- !4011: minioOperator update to 5.0.13-bb.0
# Changelog Updates
## [5.0.12-bb.8] - 2024-03-28
### Changed
- Updated minio to `RELEASE.2024-03-26T22-10-45Z`
- Updated mc to `RELEASE.2024-03-25T16-41-14Z`
## [5.0.12-bb.7] - 2024-03-28
### Changed
- Added capabilities: drop: -ALL
## [5.0.12-bb.6] - 2024-03-25
### Changed
- Updated minio to `RELEASE.2024-03-15T01-07-19Z`
- Updated mc to `RELEASE.2024-03-13T23-51-57Z`
## [5.0.12-bb.5] - 2024-03-15
### Added
- Adding the minio policy for limited intranamespace communication
Gitlab📜
# Changelog Updates
## [7.10.1-bb.0] - 2024-03-29
### Changed (16 changes)
- Update GitLab to appVersion 16.10.1
- Update chart version 7.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl from 16.9.2 to 16.10.1
Gitlab Runner📜
- !4012: gitlabRunner update to 0.62.0-bb.0
# Changelog Updates
## [0.62.0-bb.0] - 2024-03-12
### Changed
- Updated images to v16.9.0
- Updated gluon to 0.4.8
## [0.59.1-bb.4] - 2024-03-05
### Changed
- Added Openshift update for deploying gitlab-runner into Openshift cluster
Nexus📜
- !4042: nexusRepositoryManager update to 66.0.0-bb.0
# Changelog Updates
## [66.0.0-bb.0] - 2024-03-22
### Changed
- Updated chart to version: 66.0.0-bb.0 | appVersion: 3.66.0-02
- registry1.dso.mil/ironbank/google/go-containerregistry/crane v0.19.0 -> v0.19.1
Fortify📜
- !4069: fortify update to 1.1.2320154-bb.3
# Changelog Updates
## [1.1.2320154-bb.3] - 2024-03-27
### Added
- Added allow-intranamespace policy
- Added allow-nothing-policy
- Added ingressgateway-authz-policy
- Added monitoring-authz-policy
- Added allow-mysql-policy
- Added template for adding user defined policies
Mattermost Operator📜
- !4063: mattermostOperator update to 1.21.0-bb.0
# Changelog Updates
## [1.21.0-bb.0] - 2024-03-26
### Changed
- ironbank/opensource/mattermost/mattermost-operator updated from 1.20.1 to 1.21.0
Mattermost📜
- !4063: mattermostOperator update to 1.21.0-bb.0
- !4036: mattermost update to 9.6.0-bb.0
- !3996: mattermost update to 9.5.2-bb.0
# Changelog Updates
## [9.6.0-bb.0] - 2024-03-19
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.5.2 to 9.6.0
- helm release updated from 1.x.x to 2.x
## [9.5.2-bb.0] - 2024-03-12
### Changed
- gluon updated from 0.4.7 to 0.4.8
- ironbank/opensource/mattermost/mattermost updated from 9.5.1 to 9.5.2
Velero📜
- !4037: velero update to 6.0.0-bb.1
# Changelog Updates
## [6.0.0-bb.1] - 2024-03-20
### Changed
- ironbank/opensource/nginx/nginx 1.25.3 -> 1.25.4
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.6 -> v1.28.8
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.9.0 -> v1.9.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.9.0 -> v1.9.1
- velero/velero-plugin-for-aws v1.9.0 -> v1.9.1
## [6.0.0-bb.0] - 2024-02-05
### Changed
- registry1.dso.mil/ironbank/opensource/velero/velero v1.12.3 -> v1.13.1
- registry1.dso.mil/ironbank/opensource/velero/velero 1.12.3 -> 1.13.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.8.2 -> v1.9.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.6.3 -> v0.7.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.8.2 -> v1.9.0
- velero/velero-plugin-for-aws v1.8.2 -> v1.9.0
- velero/velero-plugin-for-csi v0.6.3 -> v0.7.0
- velero/velero-restore-helper v1.12.3 -> v1.13.1
Vault📜
- !4023: Update Vault to 0.25.0-bb.20
# Changelog Updates
## [0.25.0-bb.20] - 2024-03-15
### Updated
- Updated registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s 1.3.1 -> v1.4.0
Thanos📜
- !4087: thanos update to 13.2.2-bb.2
# Changelog Updates
## [13.2.2-bb.2] - 2024-04-02
### Added
- Create `NetworkPolicy` for egress to external object stores
Known Issues📜
- Gitlab Runner ControlPlaneCidr passthrough issue: GitLab runner not passing control plane cidr+
- Anchore Enterprise API VirtualService Missing: Add API VirtualService back
- CAC user registration issues in 23.0.7: CAC user registration issues in 23.0.7
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.