Skip to content

Release Notes - 2.28.1📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.29.3 (RKE2).

Patch-Specific Changes📜

Gitlab📜

  • !4445: gitlab update to 7.11.2-bb.5
  • !4441: gitlab update to 7.11.2-bb.4

Upgrade Notices📜

  • BigBang - MR:
    • Resolves a bug in the flux settings for each HelmRelease. The previous logic would override flux settings for every deployed package if flux settings were overridden for any package at the package level. This fix will allow users to define global flux settings and also override for specific packages deployed with big bang. If you override your flux settings in any big bang packages please review these changes.
  • Loki - MR:
    • Loki 3.0 is a major version increase and comes with several breaking changes.
    • Here is the shortlist of things we think most people may encounter:
      • Loki now enforces a max line size of 256KB by default (you can disable this or increase this but this is how Grafana Labs runs Loki). Refer to Changes to default configure values.
      • Loki now enforces a max label limit of 15 labels per series, down from 30. Extra labels inflate the size of the index and reduce performance, you should almost never need more than 15 labels. Refer to Changes to default configure values.
      • Loki will automatically attempt to populate a service_name label on ingestion. Refer to service_name label.
      • loki.index_gateway.mode must remain set to simple. Setting it to ring will result in pod crashes due to a bug in loki 3.0.0. Reference: https://github.com/grafana/loki/issues/12270
      • Distributed deployment mode is now available using the Loki chart. However not yet supported/available using the umbrella Big Bang chart. This will be implemented and tested in a future release.
  • Gitlab-runner - MR:
    • A New Package Value for Gitlab Runner has been added “.Values.networkPolicies.kubeapiPort”. This is currently implemented in the network policy for Gitlab Runner to allow explicit Kube API access in conjunction with “.Values.networkPolicies.controlPlaneCidr”.
    • Defaults for values above if not set:
    • “.Values.networkPolicies.controlPlaneCidr” default value is “0.0.0.0/0”
    • “.Values.networkPolicies.kubeapiPort” default value is (“443”, “6443”)

Potential breaking change notice for upcoming release in 2.29📜

Release 2.29.0📜

Gitlab📜

  • Gitlab v17 will contain a breaking change which now will disable the runner registration token method of provisioning a new runner, in favor of a new workflow that uses runner authentication tokens to register runners. More information about how to prepare for this change, or to re-enable the legacy mode until v18 can found here

Kyverno📜

  • The Kyverno policy require-drop-all-capabilities will be set to Enforce. All BigBang provided packages have exceptions or configuration in place to satisfy this requirement.
    • For any non-BigBang applications, exceptions can be added via values as below, or ensure a Kyverno PolicyException resource is present in your app templates:
      kyvernoPolicies:
        values:
          policies:
            require-drop-all-capabilities:
              exclude:
                any:
                  # Neuvector needs access to host to inspect network traffic
                  - resources:
                      namespaces:
                        - neuvector
                      names:
                        - neuvector-enforcer-pod*
                        - neuvector-controller-pod*
                        - neuvector-prometheus-exporter-pod*
      

Upgrades from previous releases📜

If coming from a version pre-2.27.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.27.0.

Packages📜

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.21.2 Tetrate Istio Distro 1.21.2 1.21.2-bb.0 🔗
Updated Istio Operator Core Istio Operator 1.21.2 Tetrate Istio Distro Operator 1.21.2 1.21.2-bb.0 🔗
Jaeger Core 1.56.0 2.53.0-bb.1
Kiali Core 1.84.0 1.84.0-bb.0
Cluster Auditor Core 0.0.7 1.5.0-bb.16
Updated Gatekeeper Core 3.16.2 3.16.0-bb.1 🔗
Kyverno Core 1.11.4 3.1.4-bb.8
Updated Kyverno Policies Core 3.0.4 3.0.4-bb.32 🔗
Updated Kyverno Reporter Core 2.18.0 2.22.4-bb.5 🔗
Updated Elasticsearch Kibana Core Kibana 8.13.4 Elasticsearch 8.13.4 1.15.0-bb.0 🔗
Eck Operator Core 2.12.1 2.12.1-bb.1
Updated Fluentbit Core 3.0.4 0.46.7-bb.0 🔗
Promtail Core 2.9.4 6.15.5-bb.5
Updated Loki Core 3.0.0 6.5.2-bb.1 🔗
Updated Neuvector Core 5.3.2 2.7.6-bb.2 🔗
Tempo Core Tempo 2.3.0-ubi9 Tempo Query 2.3.1 1.7.1-bb.8
Updated Monitoring Core Prometheus 2.52.0 Grafana 11.0.0 Alertmanager 0.27.0 58.6.0-bb.0 🔗
Grafana Core 10.4.2 7.3.9-bb.2
Updated Twistlock Core 32.01.128 0.15.0-bb.11 🔗
Wrapper Core N / A 0.4.7
Updated Argocd Addon 2.10.7 6.7.15-bb.5 🔗
Authservice Addon 1.0.0 1.0.0-bb.1
Updated Minio Operator Addon 5.0.15 5.0.15-bb.0 🔗
Updated Minio Addon RELEASE.2024-05-10T01-41-38Z 5.0.15-bb.0 🔗
Updated Gitlab Addon 16.11.3 7.11.2-bb.5 🔗
Updated Gitlab Runner Addon 16.11.0 0.64.0-bb.0 🔗
Updated Nexus Addon 3.68.1-02 68.1.0-bb.0 🔗
Updated Sonarqube Addon 9.9.4-community 8.0.4-bb.5 🔗
Fortify Addon 23.2.0.0154 1.1.2320154-bb.5
Haproxy Addon 2.2.33 1.19.3-bb.5
Updated Anchore Enterprise Addon 5.4.1 2.4.2-bb.15 🔗
Mattermost Operator Addon 1.21.0 1.21.0-bb.1
Updated Mattermost Addon 9.8.0 9.8.0-bb.0 🔗
Updated Velero Addon 1.13.2 6.4.0-bb.0 🔗
Updated Keycloak Addon 23.0.7 23.0.7-bb.8 🔗
Updated Vault Addon 1.14.10 0.25.0-bb.30 🔗
Metrics Server Addon 0.7.1 3.12.1-bb.1
Updated Harbor Addon 2.10.2 1.14.2-bb.6 🔗
Updated Holocron Addon 3.3.0 1.0.7 🔗
Updated Thanos Addon 0.34.1 13.2.2-bb.7 🔗

Changes in 2.28.0📜

Big Bang MRs📜

  • !4246: Adding OpenShift Test Values
  • !4263: #1993 : Pass big bang values through to package charts
  • !4230: Add values file for fips tests
  • !4389: add loki cluster tags to promtail
  • !4372: revert changed README.md
  • !4273: Fixing Flux Logic
  • !4357: Keycloak documentation update for UI credentials
  • !4365: Reenabling hardening gitlab/runner

Istio Controlplane📜

  • !4358: istio update to 1.21.2-bb.0
# Changelog Updates

## [1.21.2-bb.0] - 2024-05-16
### Changed
- ironbank/opensource/istio/install-cni updated from 1.21.1 to 1.21.2
- ironbank/opensource/istio/pilot updated from 1.21.1 to 1.21.2
- ironbank/opensource/istio/proxyv2 updated from 1.21.1 to 1.21.2
- ironbank/tetrate/istio/install-cni updated from 1.21.1 to 1.21.2
- ironbank/tetrate/istio/pilot updated from 1.21.1 to 1.21.2
- ironbank/tetrate/istio/proxyv2 updated from 1.21.1 to 1.21.2

Istio Operator📜

  • !4361: istioOperator update to 1.21.2-bb.0
# Changelog Updates

## [1.21.2-bb.0] - 2024-05-16
### Changed
- Updated repo1 image to `1.21.2`
- Updated TID image to `1.21.2`
- Added default value for `operatorNamespace` so helm lint passes
- Documented existing modifications to upstream chart in `docs/DEVELOPMENT_MAINTENANCE.md`

Gatekeeper📜

  • !4400: gatekeeper update to 3.16.0-bb.1
  • !4342: gatekeeper update to 3.16.0-bb.0
# Changelog Updates

## [3.16.0-bb.1] - 2024-05-24
### Changed
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper `v3.16.0` -> `v3.16.2`
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl `v1.29.4` -> `v1.29.5`

## [3.16.0-bb.0] - 2024-05-14
### Changed
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper `v3.15.1` -> `v3.16.0`
- Updated ironbank/opensource/openpolicyagent/gatekeeper `v3.15.1` -> `v3.16.0`
- Updated to latest gluon `0.4.9` -> `0.5.0`
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl `v1.29.3` -> `v1.29.4`

Kyverno Policies📜

  • !4403: kyvernoPolicies update to 3.0.4-bb.32
  • !4364: kyvernoPolicies update to 3.0.4-bb.31
# Changelog Updates

## [3.0.4-bb.32] - 2024-05-23
### Changed
- setting autogen rules to `Deployment,ReplicaSet,DaemonSet,StatefulSet` as default to mitagate false positive behavior

## [3.0.4-bb.31] - 2024-05-16
### Changed
- updated commentted example in values.yaml file for `update-automountserviceaccounttokens:`

Kyverno Reporter📜

  • !4337: kyvernoReporter update to 2.22.4-bb.5
# Changelog Updates

## [2.22.4-bb.5] - 2024-05-12
### Changed
- Updated `gluon` package dependency version from `0.4.10` to `0.5.0`

Elasticsearch Kibana📜

  • !4374: elasticsearchKibana update to 1.15.0-bb.0
# Changelog Updates

## [1.15.0-bb.0] - 2024-05-14
### Changed
- gluon updated from 0.4.10 to 0.5.0
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.13.2 to 8.13.4
- ironbank/elastic/kibana/kibana updated from 8.13.2 to 8.13.4

Fluentbit📜

  • !4395: fluentbit update to 0.46.7-bb.0
# Changelog Updates

## [0.46.7-bb.00] - 2024-05-22
### Changed
- Updated fluent-bit: 3.0.3 -> 3.0.4

Loki📜

  • !4376: loki update to 6.5.2-bb.1
  • !4373: loki update to 6.5.2-bb.0
  • !4229: Update loki values and update loki to 6.3.4-bb.0
# Changelog Updates

## [6.5.2-bb.1] - 2024-05-20
### Fixed
- Fixed typo in README.md

## [6.5.2-bb.0] - 2024-05-17
### Upgrade
- Updated k8s-sidecar 1.26.1 -> 1.27.1
- Updated kubectl 1.29.3 -> 1.29.5
- Updated memcached 1.6.23 -> 1.6.27
- Updated nginx 1.25.4 -> 1.26.0
- Updated rollout-operator 0.13.0 -> 0.15.0
- Updated grafana-agent-operator 0.3.21 -> 0.3.22

## [6.3.4-bb.0] - 2024-05-14
### Upgrade
- Updated loki 2.9.6 -> 3.0.0
- Updated minio-instance 5.0.12-bb.6 -> 5.0.12-bb.13
- Updated grafana-agent-operator 0.3.19 -> 0.3.20
- Updated gluon 0.4.9 -> 0.5.0
- Added rollout-operator 0.13.0

Neuvector📜

  • !4407: neuvector update to 2.7.6-bb.2
# Changelog Updates

## [2.7.6-bb.2] - 2024-05-22
### Changed
- Fix monitoring sub chart dependency. Update to 2.6.3.
- Update from gluon 0.4.8 to 0.5.0

Monitoring📜

  • !4391: Update monitoring to 58.6.0-bb.0
  • !4379: monitoring update to 58.5.3-bb.1
  • !4368: monitoring update to 58.5.3-bb.0
# Changelog Updates

## [58.6.0-bb.0] - 2024-05-21
### Updated
- Updated prometheus-config-reloader: v0.73.2 -> v0.74.0
- Updated prometheus-operator: v0.73.2 -> v0.74.0

## [58.5.3-bb.1] - 2024-05-17
### Added
- Added additional namespace and port for hardened thanos

## [58.5.3-bb.0] - 2024-05-16
### Updated
- Updated Grafana: 10.4.2 -> 11.0.0
- Updated k8s-sidecar: 1.26.2 -> 1.27.1
- Updated kubectl: v1.29.4 -> v1.29.5

Twistlock📜

  • !4396: twistlock update to 0.15.0-bb.11
  • !4347: twistlock update to 0.15.0-bb.10
  • !4345: twistlock update to 0.15.0-bb.9
  • !4333: twistlock update to 0.15.0-bb.8
# Changelog Updates

## [0.15.0-bb.11] - 2024-05-22
### Changed
- Add resource requests and limits for Defender DaemonSet

## [0.15.0-bb.10] - 2024-05-15
### Changed
- Add Priority Class argument for defenders

## [0.15.0-bb.9] - 2024-05-15
### Changed
- Fixed minor typo error on twistlock/allow-sidecar-scraping

## [0.15.0-bb.8] - 2024-05-10
### Changed
- gluon updated from 0.4.9 to 0.5.0

Argocd📜

  • !4366: Resolve “Reenabling hardening argocd gitlab/runner”
  • !4378: argocd update to 6.7.15-bb.5
  • !4330: argocd update to 6.7.15-bb.4
# Changelog Updates

## [6.7.15-bb.5] - 2024-05-20
### Fixed
- Argocd Authz Authorization Policy

## [6.7.15-bb.4] - 2024-05-08
### Added
- Added Istio Sidecar to restrict egress traffic to REGISTRY_ONLY
- Added Istio ServiceEntry
- Added istiohardened doc

Minio Operator📜

  • !4334: minioOperator update to 5.0.15-bb.0
# Changelog Updates

## [5.0.15-bb.0] - 2024-05-09
### Upgrade
- ironbank/opensource/minio/operator v5.0.14 -> v5.0.15
- registry1.dso.mil/ironbank/opensource/minio/operator v5.0.14 -> v5.0.15

Minio📜

  • !4397: minio update to 5.0.15-bb.0
  • !4363: minio update to 5.0.12-bb.14
# Changelog Updates

## [5.0.15-bb.0] - 2024-05-17
### Changed
- Updated minio to `RELEASE.2024-05-10T01-41-38Z`
- Updated registry1.dso.mil/ironbank/opensource/minio/mc  to `RELEASE.2024-05-09T17-04-24Z`
- Updated chart to 5.0.15

## [5.0.12-bb.14] - 2024-05-09
### Changed
- Updated minio to `RELEASE.2024-05-07T06-41-25Z`

Gitlab📜

  • !4419: gitlab update to 7.11.2-bb.2
  • !4371: gitlab update to 7.11.2-bb.1
  • !4370: gitlab update to 7.11.2-bb.0
  • !4288: gitlab update to 7.11.1-bb.2
# Changelog Updates

## [7.11.2-bb.2] - 2024-05-29
### Changed
- Fixed the securityContext for webservice-test-runner

## [7.11.2-bb.1] - 2024-05-17
### Changed
- Update securityContext for webservice-test-runner

## [7.11.2-bb.0] - 2024-05-15
### Changed
- Update ironbank/gitlab/gitlab/gitlab-webservice 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter 1.58.0 -> 1.59.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 16.11.1 -> 16.11.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 16.11.1 -> 16.11.2

Gitlab Runner📜

  • !4369: gitlabRunner update to 0.64.0-bb.0
  • !4329: gitlabRunner update to 0.63.0-bb.10
  • !4344: gitlabRunner update to 0.63.0-bb.9
# Changelog Updates

## [0.64.0-bb.0] - 2024-05-02
### Changed
- Updated gluon 0.4.10 -> 0.5.0
- Updated registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner 16.10.0 -> 16.11.0
- Updated registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper 16.10.0 -> 16.11.0
- Updated registry1.dso.mil/ironbank/redhat/ubi/ubi9 9.3 -> 9.4

## [0.63.0-bb.10] - 2024-05-14
### Changed
- Refactored kubeapiPort to kubeAPIPort and added documentation for kubeAPIPort

## [0.63.0-bb.9] - 2024-05-14
### Changed
- Updated grafana dashboards to work with both prometheus and thanos datasource's

## [0.63.0-bb.8] - 2024-05-13
### Removed
- Removed the kubeversion from chart

## [0.63.0-bb.7] - 2024-05-08
### Changed
- Fixed bug with Control Plane CIDR for Network Policies. Refactored egress network policies for Gitlab Runner.

Nexus📜

  • !4393: nexusRepositoryManager update to 68.1.0-bb.0
# Changelog Updates

## [68.1.0-bb.0] - 2024-05-21
### Changed
- Updated chart to version: 68.1.0-bb.0 | appVersion: 3.68.1-02
- Updated Gluon 0.4.9 -> 0.5.0

Sonarqube📜

  • !4381: sonarqube update to 8.0.4-bb.5
# Changelog Updates

## [8.0.4-bb.5] - 2024-05-16
### Changed
- Update documentation development_maintenance.md for prometheus exporter
- Updated documentation Prometheus.md with prometheus exporter and podmonitor
- Added the ability to monitor sonarqube pods using prometheus targets
- Added /templete/bigbang/prometheus-podmonitor.yaml
- Added istio peerauthentication policy `peer-authentication-podmonitor`
- Updated istio `allow-http-envoy` policy to allow podmonitor ports (8000, 8001)

Anchore Enterprise📜

  • !4408: anchore update to 2.4.2-bb.15
# Changelog Updates

## [2.4.2-bb.15] - 2024-05-22
### Changed
- Added new label to upgrade job containers to allow access if network policies are enabled

Mattermost📜

  • !4406: mattermost update to 9.8.0-bb.0
  • !4394: mattermost update to 9.7.3-bb.3
  • !4388: mattermost update to 9.7.3-bb.2
# Changelog Updates

## [9.8.0-bb.0] - 2024-05-23
### Changed
- gluon updated from 0.4.10 to 0.5.0
- ironbank/opensource/mattermost/mattermost updated from 9.7.3 to 9.8.0
- ironbank/opensource/postgres/postgresql12 updated from 12.18 to 12.19

## [9.7.3-bb.3] - 2024-05-22
### Added
- IAM Roles for Service Accounts (IRSA) using fileStore.roleARN

## [9.7.3-bb.2] - 2024-05-03
### Changed
- Added ./tests/images.txt to include postgres12 image

Velero📜

  • !4390: velero update to 6.4.0-bb.0
  • !4346: velero update to 6.1.0-bb.0
  • !4335: velero update to 6.0.0-bb.6
# Changelog Updates

## [6.4.0-bb.0] - 2024-05-20
### Changed
- Updated to latest chart version `6.4.0`
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.29.4 -> v1.29.5

## [6.1.0-bb.0] - 2024-05-15
### Changed
- Updated to latest chart version `6.1.0`
- ironbank/opensource/nginx/nginx 1.25.4 -> 1.26.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi v0.7.0 -> v0.7.1

## [6.0.0-bb.6] - 2024-04-29
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.29.3 -> v1.29.4
- registry1.dso.mil/ironbank/opensource/velero/velero v1.13.1 -> v1.13.2
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.9.1 -> v1.9.2
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.9.1 -> v1.9.2

Keycloak📜

  • !4375: keycloak update to 23.0.7-bb.8
  • !4339: keycloak update to 23.0.7-bb.7
# Changelog Updates

## [23.0.7-bb.8] - 2024-05-20
### Added
- Added thanos client to ci json for baby yoda realm

## [23.0.7-bb.7] - 2024-05-014
### Added
- Added thanos client for development SSO to baby yoda realm

Vault📜

  • !4387: vault update to 0.25.0-bb.30
  • !4380: vault update to 0.25.0-bb.29
# Changelog Updates

## [0.25.0-bb.30] - 2024-05-21
### Added
- Update grafana dashboard to use `piechart`instead of broken `grafana-piechart-panel`

## [0.25.0-bb.29] - 2024-05-21
### Added
- gluon 0.4.9 -> 0.4.10
- registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s v1.4.0 -> v1.4.1

Harbor📜

  • !4383: harbor update to 1.14.2-bb.6
# Changelog Updates

## [1.14.2-bb.6] - 2024-05-21
### Changed
- Updated gluon to 0.5.0
- Updated redis chart to 19.3.2-bb.0
- Updated nginx to 1.26.0
- Updated postgres to 12.19

Holocron📜

  • !4401: holocron update to 1.0.7
# Changelog Updates

## [1.0.7] - 2024-05-08
### Updated
- Updated gluon dependency to 0.5.0

Thanos📜

  • !4392: thanos update to 13.2.2-bb.7
# Changelog Updates

## [13.2.2-bb.7] - 2024-05-15
### Added
- Added support for Istio Authorization Policies

## [13.2.2-bb.6] - 2024-05-14
### Fixed
- Fixed broken minIO subchart

## [13.2.2-bb.5] - 2024-05-14
### Added
- Added SSO/authservice integration

Known Issues📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.