Skip to content

Release Notes - 2.24.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.28.6 (RKE2).

Upgrade Notices📜

  • Istio - MR:

    • Grafana pods may need to be manually deleted and restarted so that it pulls in the new configmap with the correct dashboard json changes.
  • Grafana - MR:

    • This release sets Grafana ini setting security.angular_support_enabled = false to not load which will auto-migrate dashboards to their new counterparts. This setting will be permanent starting in v11.

    • https://grafana.com/docs/grafana/latest/developers/angular_deprecation/

Upgrades from previous releases📜

If coming from a version pre-2.23.1, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.23.1.

Packages📜

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.20.4 Tetrate Istio Distro 1.20.4 1.20.4-bb.1 🔗
Updated Istio Operator Core Istio Operator 1.20.4 Tetrate Istio Distro Operator 1.20.4 1.20.4-bb.0 🔗
Jaeger Core 1.53.0 2.50.1-bb.0
Updated Kiali Core 1.82.0 1.82.0-bb.0 🔗
Cluster Auditor Core 0.0.7 1.5.0-bb.14
Gatekeeper Core 3.15.0 3.15.0-bb.0
Kyverno Core 1.11.4 3.1.4-bb.4
Updated Kyverno Policies Core 3.0.4 3.0.4-bb.28 🔗
Updated Kyverno Reporter Core 2.18.0 2.22.4-bb.1 🔗
Updated Elasticsearch Kibana Core Kibana 8.12.2 Elasticsearch 8.12.2 1.11.0-bb.1 🔗
Updated Eck Operator Core 2.12.1 2.12.1-bb.0 🔗
Updated Fluentbit Core 2.2.2 0.43.0-bb.4 🔗
Updated Promtail Core 2.9.4 6.15.5-bb.3 🔗
Updated Loki Core 2.9.4 5.42.0-bb.11 🔗
Updated Neuvector Core 5.3.0 2.6.3-bb.17 🔗
Tempo Core Tempo 2.3.0-ubi9 Tempo Query 2.3.1 1.7.1-bb.3
Updated Monitoring Core Prometheus 2.50.1 Grafana 10.4.0 Alertmanager 0.27.0 57.0.3-bb.2 🔗
Updated Grafana Core 10.4.0 7.3.7-bb.1 🔗
Updated Twistlock Core 32.01.128 0.15.0-bb.4 🔗
Wrapper Core N / A 0.4.6
Argocd Addon 2.10.3 6.7.2-bb.1
Updated Authservice Addon 1.0.0 1.0.0-bb.0 🔗
Updated Minio Operator Addon 5.0.14 5.0.14-bb.0 🔗
Updated Minio Addon RELEASE.2024-03-26T22-10-45Z 5.0.12-bb.8 🔗
Updated Gitlab Addon 16.10.1 7.10.1-bb.0 🔗
Updated Gitlab Runner Addon 16.9.0 0.62.0-bb.0 🔗
Updated Nexus Addon 3.66.0-02 66.0.0-bb.0 🔗
Sonarqube Addon 9.9.4-community 8.0.4-bb.0
Updated Fortify Addon 23.2.0.0154 1.1.2320154-bb.3 🔗
Haproxy Addon 2.2.32 1.19.3-bb.4
Anchore Enterprise Addon 4.9.3 2.0.2-bb.1
Updated Mattermost Operator Addon 1.21.0 1.21.0-bb.0 🔗
Updated Mattermost Addon 9.6.0 9.6.0-bb.0 🔗
Updated Velero Addon 1.13.1 6.0.0-bb.1 🔗
Keycloak Addon 23.0.7 23.0.7-bb.2
Updated Vault Addon 1.14.10 0.25.0-bb.20 🔗
Metrics Server Addon 0.7.0 3.12.0-bb.1
Harbor Addon 2.10.0 1.14.0-bb.6
Holocron Addon N / A 1.0.2
Updated Thanos BETA Addon 0.34.1 13.2.2-bb.2 🔗

Changes in 2.24.0📜

Big Bang MRs📜

  • !4081: Cypress blog post
  • !4075: Fixing comments on fortify
  • !4061: Ensuring ingress-certs is a documented rec override
  • !4025: Update docs to reflect that Kyverno is Default Policy Engine
  • !4031: adding istio hardened to the docs
  • !4029: fixing more home home duplications
  • !4028: Home home docs fix

Istio Controlplane📜

  • !4103: istio update to 1.20.4-bb.1
# Changelog Updates

## [1.20.4-bb.1] - 2024-04-04
### Fixed
- Upgrade new istio dashboards to fix "Prometheus" vs "prometheus" datasource issue

## [1.20.4-bb.0] - 2024-03-25
### Changed
- ironbank/opensource/istio/install-cni updated from 1.19.7 to 1.20.4
- ironbank/opensource/istio/pilot updated from 1.19.7 to 1.20.4
- ironbank/opensource/istio/proxyv2 updated from 1.19.7 to 1.20.4
- ironbank/tetrate/istio/install-cni updated from 1.20.3 to 1.20.4
- ironbank/tetrate/istio/pilot updated from 1.20.3 to 1.20.4
- ironbank/tetrate/istio/proxyv2 updated from 1.20.3 to 1.20.4

Istio Operator📜

  • !4041: istioOperator update to 1.20.4-bb.0
# Changelog Updates

## [1.20.4-bb.0] - 2024-3-25
### Changed
- Updated repo1 image to `1.20.4`
- Updated TID image to `1.20.4`

Kiali📜

  • !4079: kiali update to 1.82.0-bb.0
  • !3974: kiali update to 1.80.0-bb.2
  • !4040: kiali update to 1.81.0-bb.0
# Changelog Updates

## [1.82.0-bb.0] - 2024-04-01
### Changed
- Updated Kiali to v1.82.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.82.0

## [1.81.0-bb.0] - 2024-03-14
### Changed
- Updated Kiali to v1.81.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.81.0

## [1.80.0-bb.2] - 2024-03-13
### Added
- Added allow-intranamespace policy
- Added allow-nothing-policy
- Added ingressgateway-authz-policy
- Added monitoring-authz-policy
- Added template for adding user defined policies

Kyverno Policies📜

  • !4022: kyvernoPolicies update to 3.0.4-bb.28
# Changelog Updates

## [3.0.4-bb.28] - 2024-03-20
### Changed
- Ensuring `kube-system` namespace is excluded from policy action

Kyverno Reporter📜

  • !4056: kyvernoReporter update to 2.22.4-bb.1
# Changelog Updates

## [2.22.4-bb.1] - 2024-03-27
### Changed
- Changed 01-prometheus.cy.js to wait before the test handle early network errors on cypress tests

Elasticsearch Kibana📜

  • !4065: Fix dig command in Loki and eckOperator to disable istio hardening
  • !4076: eckOperator update to 2.12.1-bb.0
  • !4000: eckOperator update to 2.11.1-bb.1
  • !4001: elasticsearchKibana update to 1.11.0-bb.1
# Changelog Updates

## [1.11.0-bb.1] - 2024-03-12
### Changed
- Add egress whitelist

Eck Operator📜

  • !4076: eckOperator update to 2.12.1-bb.0
  • !4000: eckOperator update to 2.11.1-bb.1
# Changelog Updates

## [2.12.1-bb.0] - 2024-03-29
### Changed
- Updated eck-operator chart from 2.11.1 to 2.12.1
- Adopted new metrics port configuration

## [2.11.1-bb.1] - 2024-03-12
### Changed
- Add egress whitelist

Fluentbit📜

  • !4065: Fix dig command in Loki and eckOperator to disable istio hardening
  • !4076: eckOperator update to 2.12.1-bb.0
  • !4000: eckOperator update to 2.11.1-bb.1
  • !4001: elasticsearchKibana update to 1.11.0-bb.1
  • !4020: fluentbit update to 0.43.0-bb.4
  • !4002: fluentbit update to 0.43.0-bb.3
# Changelog Updates

## [0.43.0-bb.4]
### Changed
- Use help functions for sidecar label

## [0.43.0-bb.3]
### Changed
- Adding Sidecar to deny egress that is external to istio services
- Adding customServiceEntries to allow egress to override sidecar

Promtail📜

  • !4015: promtail update to 6.15.5-bb.3
# Changelog Updates

## [6.15.5-bb.3] - 2024-03-08
### Changed
- Adding Sidecar to deny egress that is external to istio services
- Adding customServiceEntries to allow egress to override sidecar

Loki📜

  • !4065: Fix dig command in Loki and eckOperator to disable istio hardening
  • !4073: loki update to 5.42.0-bb.11
# Changelog Updates

## [5.42.0-bb.11] - 2024-03-29
### Added
- Add drop all capabilities to minio

Neuvector📜

  • !4033: neuvector update to 2.6.3-bb.17
  • !4019: Revert neuvector upgrade
  • !4008: neuvector update to 2.6.3-bb.15
# Changelog Updates

## [2.6.3-bb.17] - 2024-03-22
### Changed
- Adding the monitoring authorization policy

## [2.6.3-bb.16] - 2024-03-21
### Changed
- Changed uid:gid to 1001:1001 for monitor.prometheus-exporter image to allow python package visibility

## [2.6.3-bb.15] - 2024-03-19
### Changed
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/controller from 5.2.2 to 5.3.0
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/enforcer from 5.2.2 to 5.3.0
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/manager from 5.2.2 to 5.3.0
- Updated Cypress tests

Monitoring📜

  • !4085: monitoring update to 57.0.3-bb.2
  • !4077: monitoring update to 57.0.3-bb.1
  • !4019: Revert neuvector upgrade
# Changelog Updates

## [57.0.3-bb.2] - 2024-04-02
### Updated
- Updated admissionWebhooks containers to support global.imageRegistry

## [57.0.3-bb.1] - 2024-03-27
### Updated
- Added istio Sidecar and ServiceEntry resources

## [57.0.3-bb.0] - 2024-03-20
### Updated
- Updated chart 56.2.1 -> 57.0.3
- Updated grafana-plugins 10.3.1 -> 10.4.0
- Updated k8s-sidecar 1.25.3 -> 1.26.1
- Updated kubectl v1.28.6 -> v1.28.8
- Updated prometheus-config-reloader v0.71.2 -> v0.72.0
- Updated prometheus-operator v0.71.2 -> v0.72.0
- Updated alertmanager v0.26.0 -> v0.27.0
- Updated prometheus v2.49.1 -> v2.50.1
- Updated thanos v0.33.0 -> v0.34.1
- Updated bats v1.10.0 -> v1.11.0

## [56.2.1-bb.10] - 2024-03-08
### Updated
- Openshift update for deploying Monitoring into Openshift cluster

Grafana📜

  • !4084: grafana update to 7.3.7-bb.1
  • !4048: grafana update to 7.3.7-bb.0
# Changelog Updates

## [7.3.7-bb.1] - 2024-03-29
### Changed
- Updating dashboards and sync script from upstream kube-prometheus-stack chart

## [7.3.7-bb.0] - 2024-03-19
### Changed
- Updated chart base to 7.3.1 -> 7.3.7
- Updated grafana-plugins 10.3.3 -> 10.4.0
- Updated k8s-sidecar 1.25.4 -> 1.26.1

Twistlock📜

  • !4064: twistlock update to 0.15.0-bb.4
  • !3989: twistlock update to 0.15.0-bb.3
# Changelog Updates

## [0.15.0-bb.4] - 2024-03-29
### Changed
- Updated resources values for defender to match and follow Guaranteed QoS

## [0.15.0-bb.3] - 2024-03-13
### Changed
- Added Istio Sidecar to restrict egress traffic to REGISTRY_ONLY
- Added Istio ServiceEntry to explicitly allow egress

Authservice📜

  • !4057: authservice update to 1.0.0-bb.0
# Changelog Updates

## [1.0.0-bb.0] - 2024-03-27
### Changed
- Updated authservice to 1.0.0

Minio Operator📜

  • !4035: minioOperator update to 5.0.14-bb.0
  • !4011: minioOperator update to 5.0.13-bb.0
# Changelog Updates

## [5.0.14-bb.0] - 2024-03-20
### Upgrade
- ironbank/opensource/minio/operator v5.0.13 -> v5.0.14
- registry1.dso.mil/ironbank/opensource/minio/operator v5.0.13 -> v5.0.14

## [5.0.13-bb.0] - 2024-03-15
### Upgrade
- ironbank/opensource/minio/operator v5.0.12 -> v5.0.13
- registry1.dso.mil/ironbank/opensource/minio/operator v5.0.12 -> v5.0.13

## [5.0.12-bb.4] - 2024-03-15
### Upgrade
- fixing and updating the minio authz policy

Minio📜

  • !4074: minio update to 5.0.12-bb.8
  • !4052: minio update to 5.0.12-bb.6
  • !4035: minioOperator update to 5.0.14-bb.0
  • !4011: minioOperator update to 5.0.13-bb.0
# Changelog Updates

## [5.0.12-bb.8] - 2024-03-28
### Changed
- Updated minio to `RELEASE.2024-03-26T22-10-45Z`
- Updated mc to `RELEASE.2024-03-25T16-41-14Z`

## [5.0.12-bb.7] - 2024-03-28
### Changed
- Added capabilities: drop: -ALL

## [5.0.12-bb.6] - 2024-03-25
### Changed
- Updated minio to `RELEASE.2024-03-15T01-07-19Z`
- Updated mc to `RELEASE.2024-03-13T23-51-57Z`

## [5.0.12-bb.5] - 2024-03-15
### Added
- Adding the minio policy for limited intranamespace communication

Gitlab📜

  • !4070: gitlab update to 7.10.1-bb.0
  • !4012: gitlabRunner update to 0.62.0-bb.0
# Changelog Updates

## [7.10.1-bb.0] - 2024-03-29
### Changed (16 changes)
- Update GitLab to appVersion 16.10.1
- Update chart version 7.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse from 16.9.2 to 16.10.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl from 16.9.2 to 16.10.1

Gitlab Runner📜

  • !4012: gitlabRunner update to 0.62.0-bb.0
# Changelog Updates

## [0.62.0-bb.0] - 2024-03-12
### Changed
- Updated images to v16.9.0
- Updated gluon to 0.4.8

## [0.59.1-bb.4] - 2024-03-05
### Changed
- Added Openshift update for deploying gitlab-runner into Openshift cluster

Nexus📜

  • !4042: nexusRepositoryManager update to 66.0.0-bb.0
# Changelog Updates

## [66.0.0-bb.0] - 2024-03-22
### Changed
- Updated chart to version: 66.0.0-bb.0 | appVersion: 3.66.0-02
- registry1.dso.mil/ironbank/google/go-containerregistry/crane v0.19.0 -> v0.19.1

Fortify📜

  • !4069: fortify update to 1.1.2320154-bb.3
# Changelog Updates

## [1.1.2320154-bb.3] - 2024-03-27
### Added
- Added allow-intranamespace policy
- Added allow-nothing-policy
- Added ingressgateway-authz-policy
- Added monitoring-authz-policy
- Added allow-mysql-policy
- Added template for adding user defined policies

Mattermost Operator📜

  • !4063: mattermostOperator update to 1.21.0-bb.0
# Changelog Updates

## [1.21.0-bb.0] - 2024-03-26
### Changed
- ironbank/opensource/mattermost/mattermost-operator updated from 1.20.1 to 1.21.0

Mattermost📜

  • !4063: mattermostOperator update to 1.21.0-bb.0
  • !4036: mattermost update to 9.6.0-bb.0
  • !3996: mattermost update to 9.5.2-bb.0
# Changelog Updates

## [9.6.0-bb.0] - 2024-03-19
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.5.2 to 9.6.0
- helm release updated from 1.x.x to 2.x

## [9.5.2-bb.0] - 2024-03-12
### Changed
- gluon updated from 0.4.7 to 0.4.8
- ironbank/opensource/mattermost/mattermost updated from 9.5.1 to 9.5.2

Velero📜

  • !4037: velero update to 6.0.0-bb.1
# Changelog Updates

## [6.0.0-bb.1] - 2024-03-20
### Changed
- ironbank/opensource/nginx/nginx 1.25.3 -> 1.25.4
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.28.6 -> v1.28.8
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.9.0 -> v1.9.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.9.0 -> v1.9.1
- velero/velero-plugin-for-aws v1.9.0 -> v1.9.1

## [6.0.0-bb.0] - 2024-02-05
### Changed
- registry1.dso.mil/ironbank/opensource/velero/velero v1.12.3 -> v1.13.1
- registry1.dso.mil/ironbank/opensource/velero/velero 1.12.3 -> 1.13.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.8.2 -> v1.9.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.6.3 -> v0.7.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.8.2 -> v1.9.0
- velero/velero-plugin-for-aws v1.8.2 -> v1.9.0
- velero/velero-plugin-for-csi v0.6.3 -> v0.7.0
- velero/velero-restore-helper v1.12.3 -> v1.13.1

Vault📜

  • !4023: Update Vault to 0.25.0-bb.20
# Changelog Updates

## [0.25.0-bb.20] - 2024-03-15
### Updated
- Updated registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s 1.3.1 -> v1.4.0

Thanos📜

  • !4087: thanos update to 13.2.2-bb.2
# Changelog Updates

## [13.2.2-bb.2] - 2024-04-02
### Added
- Create `NetworkPolicy` for egress to external object stores

Known Issues📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.