Release Notes - 2.27.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.27.6 (RKE2).
Upgrade Notices📜
-
- Flux controller updates
| Package | Update | Change |
|—|—|—|
| registry1.dso.mil/ironbank/fluxcd/helm-controller (source) | major |
v0.37.4
->v1.0.1
| | registry1.dso.mil/ironbank/fluxcd/kustomize-controller (source) | minor |v1.2.2
->v1.3.0
| | registry1.dso.mil/ironbank/fluxcd/source-controller (source) | minor |v1.2.5
->v1.3.0
|
- Flux controller updates
| Package | Update | Change |
|—|—|—|
| registry1.dso.mil/ironbank/fluxcd/helm-controller (source) | major |
-
- Before running the upgrade for Neuvector 2.7.3-bb.0 delete following crd manually
$ kubectl delete crd nvvulnerabilityprofiles.neuvector.com $ kubectl delete crd nvcomplianceprofiles.neuvector.com
- Before running the upgrade for Neuvector 2.7.3-bb.0 delete following crd manually
Upgrades from previous releases📜
If coming from a version pre-2.26.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.26.0
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.21.1 Tetrate Istio Distro 1.21.1 |
1.21.1-bb.1 🔗 |
Istio Operator | Core | Istio Operator 1.21.2 Tetrate Istio Distro Operator 1.21.1 |
1.21.1-bb.0 🔗 |
Jaeger | Core | 1.56.0 |
2.53.0-bb.1 |
Kiali | Core | 1.84.0 |
1.84.0-bb.0 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.16 🔗 |
Gatekeeper | Core | 3.15.1 |
3.15.0-bb.7 |
Kyverno | Core | 1.11.4 |
3.1.4-bb.8 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.30 🔗 |
Kyverno Reporter | Core | 2.18.0 |
2.22.4-bb.3 |
Elasticsearch Kibana | Core | Kibana 8.13.2 Elasticsearch 8.13.2 |
1.14.0-bb.1 🔗 |
Eck Operator | Core | 2.12.1 |
2.12.1-bb.1 🔗 |
Fluentbit | Core | 3.0.3 |
0.46.5-bb.0 🔗 |
Promtail | Core | 2.9.4 |
6.15.5-bb.5 🔗 |
Loki | Core | 2.9.6 |
5.47.2-bb.4 🔗 |
Neuvector | Core | 5.3.2 |
2.7.6-bb.1 🔗 |
Tempo | Core | Tempo 2.3.0-ubi9 Tempo Query 2.3.1 |
1.7.1-bb.8 🔗 |
Monitoring | Core | Prometheus 2.52.0 Grafana 10.4.2 Alertmanager 0.27.0 |
58.5.1-bb.0 🔗 |
Grafana | Core | 10.4.2 |
7.3.9-bb.2 🔗 |
Twistlock | Core | 32.01.128 |
0.15.0-bb.7 |
Wrapper | Core | N / A | 0.4.7 |
Argocd | Addon | 2.10.7 |
6.7.15-bb.3 🔗 |
Authservice | Addon | 1.0.0 |
1.0.0-bb.1 🔗 |
Minio Operator | Addon | 5.0.14 |
5.0.14-bb.2 |
Minio | Addon | RELEASE.2024-05-01T01-11-10Z |
5.0.12-bb.13 🔗 |
Gitlab | Addon | 16.11.1 |
7.11.1-bb.2 🔗 |
Gitlab Runner | Addon | 16.10.0 |
0.63.0-bb.6 🔗 |
Nexus | Addon | 3.67.1-01 |
67.1.0-bb.4 🔗 |
Sonarqube | Addon | 9.9.4-community |
8.0.4-bb.4 🔗 |
Fortify | Addon | 23.2.0.0154 |
1.1.2320154-bb.5 |
Haproxy | Addon | 2.2.33 |
1.19.3-bb.5 🔗 |
Anchore Enterprise | Addon | 5.4.1 |
2.4.2-bb.14 🔗 |
Mattermost Operator | Addon | 1.21.0 |
1.21.0-bb.1 🔗 |
Mattermost | Addon | 9.7.3 |
9.7.3-bb.1 |
Velero | Addon | 1.13.1 |
6.0.0-bb.5 |
Keycloak | Addon | 23.0.7 |
23.0.7-bb.6 🔗 |
Vault | Addon | 1.14.10 |
0.25.0-bb.28 🔗 |
Metrics Server | Addon | 0.7.1 |
3.12.1-bb.1 |
Harbor | Addon | 2.10.2 |
1.14.2-bb.5 🔗 |
Holocron | Addon | 3.3.0 |
1.0.6 🔗 |
Thanos | Addon | 0.34.1 |
13.2.2-bb.4 |
Changes in 2.27.0📜
Big Bang MRs📜
- !4362: update helm release API version
- !4313: Update Flux
- !4150: Update registry1.dso.mil/ironbank/fluxcd/source-controller Docker tag to v1.2.5
- !4179: Enforce restrict capabilities
- !4277: update wording in doc
- !4238: Update aws-k3d-script.md to reflect updated output of k3d-dev.sh -h command
- !4160: Update policy-enforcement.md
Istio Controlplane📜
# Changelog Updates
## [1.21.1-bb.1] - 2024-05-13
### Removed
- Removed native sidecar support because we have to support 1.27.x
## [1.21.1-bb.0] - 2024-05-03
### Changed
- ironbank/opensource/istio/install-cni updated from 1.20.4 to 1.21.1
- ironbank/opensource/istio/pilot updated from 1.20.4 to 1.21.1
- ironbank/opensource/istio/proxyv2 updated from 1.20.4 to 1.21.1
- ironbank/tetrate/istio/install-cni updated from 1.20.4 to 1.21.1
- ironbank/tetrate/istio/pilot updated from 1.20.4 to 1.21.1
- ironbank/tetrate/istio/proxyv2 updated from 1.20.4 to 1.21.1
## [1.20.4-bb.3] - 2024-05-02
### Added
- Added custom network policies
## [1.20.4-bb.2] - 2024-04-23
### Added
- Added native sidecar support
Istio Operator📜
# Changelog Updates
## [1.21.1-bb.0] - 2024-05-03
### Changed
- Updated repo1 image to `1.21.1`
- Updated TID image to `1.21.1`
Kiali📜
# Changelog Updates
## [1.84.0-bb.0] - 2024-05-10
### Changed
- Updated Kiali to v1.84.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.84.0
## [1.83.0-bb.0] - 2024-05-08
### Changed
- Updated Kiali to v1.83.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.83.0
Cluster Auditor📜
- !4289: clusterAuditor update to 1.5.0-bb.16
# Changelog Updates
## [1.5.0-bb.16] - 2024-04-24
### Added
- Add support for additional custom network policies through the values yaml
Kyverno Policies📜
- !4359: Update Kyverno Policies to add neuvector-controller-pod
- !4296: kyvernoPolicies update to 3.0.4-bb.30
# Changelog Updates
## [3.0.4-bb.30] - 2024-05-03
### Changed
- gluon updated from 0.4.8 to 0.5.0
- ironbank/opensource/kubernetes/kubectl updated from v1.29.3 to v1.29.4
- ironbank/redhat/ubi/ubi9-minimal updated from 9.3 to 9.4
Elasticsearch Kibana📜
- !4245: elasticsearchKibana update to 1.14.0-bb.1
# Changelog Updates
## [1.14.0-bb.1] - 2024-04-29
### Added
- Support for delivering custom network policies via values yaml
Eck Operator📜
- !4243: eckOperator update to 2.12.1-bb.1
# Changelog Updates
## [2.12.1-bb.1] - 2024-04-24
### Added
- Support for custom network policy definition via values yaml
Fluentbit📜
- !4318: fluentbit update to 0.46.5-bb.0
- !4290: Update fluentbit tag 0.46.2 bb.2
- !4244: fluentbit update to 0.46.2-bb.1
# Changelog Updates
## [0.46.5-bb.0] - 2024-05-08
### Added
- Gluon 0.4.9 -> 0.5.0
- fluent-bit 3.0.2 -> 3.0.3
- configmap-reload v0.12.0 -> v0.13.0
## [0.46.2-bb.2] - 2024-05-02
### Added
- Drop unnecessary labels for Loki 3.0 support
## [0.46.2-bb.1] - 2024-04-29
### Added
- Support for custom network policies via values yaml
Promtail📜
- !4267: promtail update to 6.15.5-bb.5
# Changelog Updates
## [6.15.5-bb.5] - 2024-05-01
### Added
- Drop unnecessary labels for Loki 3.0 support
Loki📜
# Changelog Updates
## [5.47.2-bb.4] - 2024-05-07
### Fixed
- Match minIO chart version to it's pinned image
## [5.47.2-bb.3] - 2024-05-06
### Added
- Disabled anonymous usage statistics
Neuvector📜
- !4359: Update Kyverno Policies to add neuvector-controller-pod
- !4304: neuvector update to 2.7.6-bb.1
- !4208: SKIP UPGRADE neuvector update to 2.7.6-bb.0
# Changelog Updates
## [2.7.6-bb.1] - 2024-05-05
### Changed
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/prometheus-exporter from 5.3.0 to 5.3.2
## [2.7.6-bb.0] - 2024-04-14
### Changed
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/controller from 5.3.0 to 5.3.2
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/enforcer from 5.3.0 to 5.3.2
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/manager from 5.3.0 to 5.3.2
Tempo📜
- !4301: tempo update to 1.7.1-bb.8
# Changelog Updates
## [1.7.1-bb.8] - 2024-05-07
### Changed
- Disable anonymous reporting to Grafana Labs
Monitoring📜
- !4338: monitoring update to 58.5.1-bb.0
- !4319: monitoring update to 58.4.1-bb.0
- !4295: monitoring update to 58.3.3-bb.0
- !4256: monitoring update to 58.3.1-bb.0
# Changelog Updates
## [58.5.1-bb.0] - 2024-05-14
### Updated
- Updated Prometheus: 2.51.2 -> 2.52.0
## [58.4.1-bb.0] - 2024-05-09
### Updated
- kiwigrid/k8s-sidecar 1.26.1 -> 1.26.2
- thanos/thanos v0.34.1 -> v0.35.0
- prometheus/node_exporter 4.33.* -> 4.34.*
## [58.3.3-bb.0] - 2024-05-03
### Updated
- Updated Gluon: 0.4.10 -> 0.5.0
- Updated prometheus/node-exporter: v1.7.0 -> v1.8.0
- Updated ubi9-minimal 9.3 -> 9.4
## [58.3.1-bb.0] - 2024-05-01
### Updated
- Updated kubectl: 1.29.4
- Updated prometheus-config-reloader: v0.73.2
- Updated prometheus-operator: v0.73.2
- Updated prometheus-node-exporter: 4.33.0
Grafana📜
# Changelog Updates
## [7.3.9-bb.2] - 2024-05-09
### Changed
- Use ironbank `bats` image
## [7.3.9-bb.1] - 2024-05-08
### Changed
- Disable anonymous reporting to Grafana Labs
Argocd📜
# Changelog Updates
## [6.7.15-bb.3] - 2024-05-03
### Changed
- Updated gluon from 0.4.10 -> 0.5.0
## [6.7.15-bb.2] - 2024-04-30
### Changed
- Update securityContext for guestbook-ui
Authservice📜
- !4249: authservice update to 1.0.0-bb.1
# Changelog Updates
## [1.0.0-bb.1] - 2024-04-29
### Added
- Added the ability to deploy additional network policies from the values yaml
Minio📜
- !4303: minio update to 5.0.12-bb.13
# Changelog Updates
## [5.0.12-bb.13] - 2024-05-07
### Changed
- Updated gluon to 0.5.0
- Updated minio to `RELEASE.2024-05-01T01-11-10Z`
- Updated mc to `RELEASE.2024-04-29T09-56-05Z`
Gitlab📜
- !4288: gitlab update to 7.11.1-bb.2
- !4269: gitlab update to 7.11.0-bb.1
- !4258: gitlab update to 7.11.0-bb.0
# Changelog Updates
## [7.11.1-bb.2] - 2024-05-15
### Changed
- Changed the istio sidecar inject back to false so gitlab can come up
## [7.11.1-bb.1] - 2024-05-13
### Removed
- Removed the kubeversion from chart
## [7.11.1-bb.0] - 2024-05-03
### Changed
- Update ironbank/gitlab/gitlab/gitlab-webservice 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 16.11.0 -> 16.11.1
- Update registry1.dso.mil/ironbank/redhat/ubi/ubi9 9.3 -> 9.4
Gitlab Runner📜
# Changelog Updates
## [0.63.0-bb.6] - 2024-05-01
### Added
- Added Istio Authorization Policies Support
## [0.63.0-bb.5] - 2024-04-29
### Added
- Templates for Istio Sidecars and ServiceEntries, IstioHardened.md doc, values update
Nexus📜
- !4314: nexusRepositoryManager update to 67.1.0-bb.4
- !4254: nexusRepositoryManager update to 67.1.0-bb.3
# Changelog Updates
## [67.1.0-bb.4] - 2024-05-01
### Added
- Templates for Istio Sidecars and ServiceEntries, IstioHardened.md doc, values update
## [67.1.0-bb.3] - 2024-04-29
### Added
- Add support for additional custom network policies through the values yaml
Sonarqube📜
- !4266: sonarqube update to 8.0.4-bb.4
# Changelog Updates
## [8.0.4-bb.4] - 2024-04-29
### Added
- Added istio egress whitelist functionality
Haproxy📜
- !4274: haproxy update to 1.19.3-bb.5
# Changelog Updates
## [1.19.3-bb.5] - 2024-05-06
### Added
- Updated HAProxy `v2.2.32` -> `v2.2.33`
- Remove `SKIP UPDATE CHECK` prefix
Anchore Enterprise📜
- !4283: anchore update to 2.4.2-bb.14
- !3892: Update anchore to include hardening for testing
- !4262: anchore update to 2.4.2-bb.11
# Changelog Updates
## [2.4.2-bb.14] - 2024-05-03
### Changed
- Fixed db credential leaking in the ensure anchor db container
## [2.4.2-bb.12] - 2024-05-02
### Updated
- Added Sidecars, ServiceEntries, istiohardened doc, values update
## [2.4.2-bb.11] - 2024-04-30
### Changed
- Update kubeVersion constraints, set minimum kubeVersion and remove max version
Mattermost Operator📜
- !4201: mattermostOperator update to 1.21.0-bb.1
# Changelog Updates
## [1.21.0-bb.1] - 2024-04-15
### Changed
- Added Istio Sidecar to restrict egress traffic to REGISTRY_ONLY
- Added Istio ServiceEntry to explicitly allow egress
Keycloak📜
# Changelog Updates
## [23.0.7-bb.6] - 2024-05-07
### Added
- Added allow-nothing-policy
- Added ingressgateway-authz-policy
- Added keycloak-postgres-policy
- Added template for adding user defined policies
## [23.0.7-bb.5] - 2024-04-22
### Added
- Added custom network policies
Vault📜
- !4317: vault update to 0.25.0-bb.28
# Changelog Updates
## [0.25.0-bb.28] - 2024-05-08
### Removed
- Sidecar to deny egress that is external to istio services
- customServiceEntries to allow egress to override sidecar
## [0.25.0-bb.27] - 2024-05-01
### Added
- Sidecar to deny egress that is external to istio services
- customServiceEntries to allow egress to override sidecar
Harbor📜
# Changelog Updates
## [1.14.2-bb.5] - 2024-05-10
### Changed
- Set default `istio.mtls.mode` to STRICT
## [1.14.2-bb.4] - 2024-05-08
### Fixed
- Fixed harbor core annotation version
## [1.14.2-bb.3] - 2024-04-29
### Added
- Add istio egress whitelist functionality
Holocron📜
- !4260: holocron update to 1.0.6
# Changelog Updates
## [1.0.6] - 2024-04-26
### Updated
- Updated postgresql application version to 15.6
- Updated gluon dependency to 0.4.10
Known Issues📜
- Gitlab Runner ControlPlaneCidr passthrough issue: GitLab runner not passing control plane cidr+
- Anchore Enterprise API VirtualService Missing: Add API VirtualService back
- CAC user registration issues in 23.0.7: CAC user registration issues in 23.0.7
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.