Release Notes - 2.29.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.29.3 (RKE2).

Upgrade Notices📜

Loki - MR:
- Ensure that .Values.schemaConfig.configs v13 schema from date is at a point in time in the future.
Loki - MR:
- RKE Users must set .Values.loki.global.dnsService to rke2-coredns-rke2-coredns when in simple scalable mode for the gateway pod to work.
Tempo - MR:
- vParquet3 is now the default block format and vParquet is being deprecated. Reference: https://grafana.com/docs/tempo/v2.4.x/setup/upgrade/#transitiontovparquet3asdefaultblockformat
- The cache configuration has been refactored. Reference: https://grafana.com/docs/tempo/v2.4.x/setup/upgrade/#cacheconfigurationrefactored
- Several configuration parameters were updated, removed or renamed. Reference: https://grafana.com/docs/tempo/v2.4.x/setup/upgrade/#updatedremovedorrenamedconfigurationparameters

BigBang - MR:

The policy require-drop-all-capabilities is now set to Enforce. All BigBang provided packages have exceptions or configuration in place to satisfy this requirement.

For any non-BigBang applications, exceptions can be added via values as below, or ensure a Kyverno PolicyException resource is present in your app templates:

kyvernoPolicies:
  values:
    policies:
      require-drop-all-capabilities:
        exclude:
          any:
            # Neuvector needs access to host to inspect network traffic
            - resources:
                namespaces:
                  - neuvector
                names:
                  - neuvector-enforcer-pod*
                  - neuvector-controller-pod*
                  - neuvector-prometheus-exporter-pod*

Potential breaking change notice for upcoming release in 2.30.0📜

Gitlab📜

Gitlab v17 will contain a breaking change which now will disable the runner registration token method of provisioning a new runner, in favor of a new workflow that uses runner authentication tokens to register runners. More information about how to prepare for this change, or to re-enable the legacy mode until v18 can found here

Upgrades from previous releases📜

If coming from a version pre-2.28.1, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.28.1.

Packages📜

Package	Type	Package Version	BB Version
Istio Controlplane	Core	Istio `1.21.2` Tetrate Istio Distro `1.21.2`	`1.21.2-bb.2` 🔗
Istio Operator	Core	Istio Operator `1.21.2` Tetrate Istio Distro Operator `1.21.2`	`1.21.2-bb.0`
Jaeger	Core	`1.56.0`	`2.53.0-bb.1`
Kiali	Core	`1.85.0`	`1.85.0-bb.0` 🔗
Cluster Auditor	Core	`0.0.7`	`1.5.0-bb.17` 🔗
Gatekeeper	Core	`3.16.3`	`3.16.3-bb.0` 🔗
Kyverno	Core	`1.11.4`	`3.1.4-bb.8`
Kyverno Policies	Core	`3.0.4`	`3.0.4-bb.32`
Kyverno Reporter	Core	`2.19.0`	`2.23.1-bb.0` 🔗
Elasticsearch Kibana	Core	Kibana `8.14.0` Elasticsearch `8.14.0`	`1.16.0-bb.0` 🔗
Eck Operator	Core	`2.13.0`	`2.13.0-bb.0` 🔗
Fluentbit	Core	`3.0.4`	`0.46.7-bb.0`
Promtail	Core	`2.9.4`	`6.15.5-bb.5`
Loki	Core	`3.0.0`	`6.6.2-bb.2` 🔗
Neuvector	Core	`5.3.2`	`2.7.6-bb.2`
Tempo	Core	Tempo `2.5.0` Tempo Query `2.5.0`	`1.9.0-bb.0` 🔗
Monitoring	Core	Prometheus `2.52.0` Grafana `11.0.0` Alertmanager `0.27.0`	`59.1.0-bb.0` 🔗
Grafana	Core	`10.4.2`	`7.3.9-bb.2`
Twistlock	Core	`32.01.128`	`0.15.0-bb.11`
Wrapper	Core	N / A	`0.4.8` 🔗
Argocd	Addon	`2.11.2`	`6.11.1-bb.0` 🔗
Authservice	Addon	`1.0.1`	`1.0.1-bb.0` 🔗
Minio Operator	Addon	`5.0.15`	`5.0.15-bb.0`
Minio	Addon	`RELEASE.2024-06-04T19-20-08Z`	`5.0.15-bb.3` 🔗
Gitlab	Addon	`16.11.3`	`7.11.2-bb.5`
Gitlab Runner	Addon	`17.0.0`	`0.65.0-bb.0` 🔗
Nexus	Addon	`3.68.1-02`	`68.1.0-bb.0`
Sonarqube	Addon	`9.9.4-community`	`8.0.4-bb.6` 🔗
Fortify	Addon	`24.2.0.0186`	`1.1.2320154-bb.12` 🔗
Haproxy	Addon	`2.2.33`	`1.19.3-bb.5`
Anchore Enterprise	Addon	`5.4.1`	`2.4.2-bb.16` 🔗
Mattermost Operator	Addon	`1.21.0`	`1.21.0-bb.1`
Mattermost	Addon	`9.8.1`	`9.8.1-bb.0` 🔗
Velero	Addon	`1.13.2`	`6.6.0-bb.0` 🔗
Keycloak	Addon	`23.0.7`	`23.0.7-bb.9` 🔗
Vault	Addon	`1.14.10`	`0.25.0-bb.31` 🔗
Metrics Server	Addon	`0.7.1`	`3.12.1-bb.1`
Harbor	Addon	`2.10.2`	`1.14.2-bb.6`
Holocron	Addon	`3.3.0`	`1.0.9` 🔗
Thanos	Addon	`0.35.0`	`15.4.3-bb.0` 🔗

Changes in 2.29.0📜

Big Bang MRs📜

!4495: add holocron dev client for sso
!4435: Set DriftDetection to disabled in flux settings
!4460: fix(istio): Add line to allow enabling/disabling individual ingress gateways
!4486: Update ingress-certs.yaml
!4474: Update docs/understanding-bigbang/README.md, docs/FAQ.md, README.md
!4447: add sso client id for fortify to dev values
!4458: Add K3D_FIX_MOUNTS=1 export to k3d deploy command for istio cni support
!4455: version updates for release 2.28.1
!4451: Basic edits/updates made to README.md
!4386: Update registry1.dso.mil/ironbank/fluxcd/notification-controller Docker tag to v1.3.0
!4154: set policy to enforce
!4415: Resolve “Update documentation to reflect Kyverno (not gatekeeper) as core supported solution for policy enforcement in bigbang”
!4420: add loki rules by default

Istio Controlplane📜

!4505: istio update to 1.21.2-bb.2

# Changelog Updates

## [1.21.2-bb.2] - 2024-06-12
### Changed
- Revert to correct overwritten dashboard changes

## [1.21.2-bb.1] - 2024-05-28
### Changed
- Added the shared istio authorization policies

Kiali📜

!4416: kiali update to 1.85.0-bb.0

# Changelog Updates

## [1.85.0-bb.0] - 2024-05-28
### Changed
- Updated Kiali to v1.85.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.85.0

Cluster Auditor📜

!4453: clusterAuditor update to 1.5.0-bb.17

# Changelog Updates

## [1.5.0-bb.17] - 2024-06-03
### Changed
- Updated to gluon 0.5.0

Gatekeeper📜

!4463: gatekeeper update to 3.16.3-bb.0
!4442: gatekeeper update to 3.16.2-bb.1

# Changelog Updates

## [3.16.3-bb.0] - 2024-06-04
### Changed
- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.16.2 -> v3.16.3
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.16.2 -> v3.16.3

## [3.16.2-bb.1] - 2024-05-31
### Changed
- Revert disableAudit to false

## [3.16.2-bb.0] - 2024-05-24
### Changed
- Updated Chart appVersion to v3.16.2

Kyverno Reporter📜

!4421: kyvernoReporter update to 2.23.1-bb.0

# Changelog Updates

## [2.23.1-bb.0] - 2024-05-24
### Changed
- Updated image from `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.18.1` to `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.19.0`
- Updated upstream chart reference from `2.22.4` to `2.23.1`

Elasticsearch Kibana📜

!4478: elasticsearchKibana update to 1.16.0-bb.0

# Changelog Updates

## [1.16.0-bb.0] - 2024-06-06
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.13.4 to 8.14.0
- ironbank/elastic/kibana/kibana updated from 8.13.4 to 8.14.0

Eck Operator📜

!4477: eckOperator update to 2.13.0-bb.0

# Changelog Updates

## [2.13.0-bb.0] - 2024-06-07
### Updated
- eck-operator 2.12.1 -> 2.13.0

Loki📜

!4492: loki update to 6.6.2-bb.2
!4467: loki update to 6.6.2-bb.1
!4443: loki update to 6.6.2-bb.0

# Changelog Updates

## [6.6.2-bb.2] - 2024-06-5
### Fix
- Set from date for `v13` schema to date of bb release

## [6.6.2-bb.1] - 2024-05-29
### Fixed
- Fix Gateway deployment
- Fix VirtualService Routing

## [6.6.2-bb.0] - 2024-05-29
### Upgrade
- Upgraded kiwigrid/k8s-sidecar from 1.27.1 to 1.27.2

Tempo📜

!4473: tempo update to 1.9.0-bb.0
!4427: tempo update to 1.8.0-bb.0

# Changelog Updates

## [1.9.0-bb.0] - 2024-06-06
### Changed
- Updated Tempo: 2.4.2 -> 2.5.0
- Updated Tempo Query: 2.4.2 -> 2.5.0

## [1.8.0-bb.0] - 2024-05-29
### Changed
- Updated Tempo: 2.3.0 -> 2.4.2
- Updated Tempo Query: 2.3.1 -> 2.4.2
- Updated gluon: 0.4.7 -> 0.5.0

Monitoring📜

!4465: monitoring update to 59.1.0-bb.0
!4428: monitoring update to 58.6.1-bb.0

# Changelog Updates

## [59.1.0-bb.0] - 2024-06-06
### Updated
- Chart's appVersion synchronized with upstream chart

## [58.6.1-bb.0] - 2024-05-31
### Updated
- Updated k8s-sidecar: 1.27.1 -> 1.27.2

Wrapper📜

!4410: wrapper update to 0.4.8

# Changelog Updates

## [0.4.8] - 2024-05-28
### Changed
- Fixed the ingressgateway authorization policy

Argocd📜

!4466: argocd update to 6.11.1-bb.0
!4417: argocd update to 6.11.0-bb.1

# Changelog Updates

## [6.11.1-bb.0] - 2024-06-03
### Changed
- Updated ArgoCD chart to 6.11.1
- Updated ArgoCD from 2.11.0 -> 2.11.2
- Updated redis dependency chart from 19.3.2-bb.0 -> 19.5.0-bb.0
- Updated redis-exporter from 1.58.0 -> 1.59.0
- Updated redis-bb from 7.2.4 -> 7.2.5

## [6.11.0-bb.1] - 2024-05-28
### Fixed
- Disabled redisSecretInit by default

Authservice📜

!4412: authservice update to 1.0.1-bb.0

# Changelog Updates

## [1.0.1-bb.0] - 2024-05-28
### Changed
- redis updated from 18.7.1 to 19.5.0
- ironbank/bitnami/redis updated from 7.2.4 to 7.2.5
- ironbank/istio-ecosystem/authservice updated from 1.0.0 to 1.0.1

Minio📜

!4480: minio update to 5.0.15-bb.3
!4449: minio update to 5.0.15-bb.2
!4434: minio update to 5.0.15-bb.1

# Changelog Updates

## [5.0.15-bb.3] - 2024-06-06
### Changed
- Updated minio to `RELEASE.2024-06-04T19-20-08Z`
- Updated mc to `RELEASE.2024-06-01T15-03-35Z`

## [5.0.15-bb.2] - 2024-06-03
### Changed
- Updated minio to `RELEASE.2024-05-28T17-19-04Z`

## [5.0.15-bb.1] - 2024-05-29
### Changed
- Updated minio to `RELEASE.2024-05-27T19-17-46Z`
- Updated registry1.dso.mil/ironbank/opensource/minio/mc  to `RELEASE.2024-05-24T09-08-49Z`

Gitlab Runner📜

!4429: gitlabRunner update to 0.65.0-bb.0

# Changelog Updates

## [0.65.0-bb.0] - 2024-05-24
### Changed
- Updated registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner 16.11.0 -> 17.0.0
- Updated registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper 16.11.1 -> 17.0.0

Sonarqube📜

!4432: sonarqube update to 8.0.4-bb.6

# Changelog Updates

## [8.0.4-bb.6] - 2024-05-21
### Changed
- Update securityContext for sonarqube StatefulSets

Fortify📜

!4512: fortify update to 1.1.2320154-bb.12
!4488: fortify update to 1.1.2320154-bb.11
!4457: fortify update to 1.1.2320154-bb.8
!4470: fortify update to 1.1.2320154-bb.9

# Changelog Updates

## [1.1.2320154-bb.12] - 2024-06-13
### Added
- Fixed link to tests/wait.sh that was breaking bb-docs: [docs/log-configuration.md](docs/log-configuration.md)

## [1.1.2320154-bb.11] - 2024-06-11
### Changed
- correct mysql chart from 11.1.2 to 9.19.0

## [1.1.2320154-bb.10] - 2024-06-08
### Changed
- gluon updated from 0.4.7 to 0.5.0
- mysql updated from 9.14.4 to 11.1.2
- ironbank/bitnami/mysql8 updated from 8.0.35 to 8.0.36
- ironbank/google/golang/golang-1.20 updated from 1.20.12 to 1.20.14
- ironbank/microfocus/fortify/ssc updated from 23.2.0.0154 to 24.2.0.0186

## [1.1.2320154-bb.9] - 2024-06-06
### Added
- Sidecar and service entry resource for whitelist

## [1.1.2320154-bb.8] - 2024-06-04
### Added
- Adds new developer documentation on the surprisingly complex how and why of our log4j configuration override workflow: [docs/log-configuration.md](docs/log-configuration.md)

### Fixed
- Bugfix to previous release — log4j config pinning init container failed as it was using a container that did not expose the COM_FORTIFY_SSC_HOME environment variable.
- Improved wording of the CI test in `wait.sh` to allow operators to better judge the results of that CI test.

## [1.1.2320154-bb.7] - 2024-05-31
### Fixed
- Bugfix to previous release — log4j config customization was getting overwritten at boot but should now stay put.

### Added
- Added a new CI test to confirm our custom config file is in force after a successful fortify SSC boot.

## [1.1.2320154-bb.6] - 2024-05-28
### Added
- Configurable log level for Fortify SSC: `ssc.config.log4j.rootLevel: "warn"`
- _Opt-in_ cloning of Fortify SSC's primary rotating-files-on-disk logger to `STDOUT`: `ssc.config.log4j.copyRootToStdout: true`

Anchore Enterprise📜

!4440: anchore update to 2.4.2-bb.16

# Changelog Updates

## [2.4.2-bb.16] - 2024-05-23
### Updated
- Added Cypress tests for pipelines
- Update Gluon subchart dependency to 0.5.0

Mattermost📜

!4462: mattermost update to 9.8.1-bb.0

# Changelog Updates

## [9.8.1-bb.0] - 2024-06-05
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.8.0 to 9.8.1

Velero📜

!4482: velero update to 6.6.0-bb.0

# Changelog Updates

## [6.6.0-bb.0] - 2024-06-05
### Changed
- Updated to latest chart version `6.6.0`
- ironbank/opensource/nginx/nginx 1.26.0 -> 1.26.1

Keycloak📜

!4479: keycloak update to 23.0.7-bb.9

# Changelog Updates

## [23.0.7-bb.9] - 2024-06-06
### Changed
- Corrected postgresql initContainer template values path

Vault📜

!4425: vault update to 0.25.0-bb.31

# Changelog Updates

## [0.25.0-bb.31] - 2024-05-29
### Changed
- gluon 0.4.10 -> 0.5.0

Holocron📜

!4484: holocron update to 1.1.0
!4490: holocron update to 1.0.9
!4422: holocron update to 1.0.8

# Changelog Updates

## [1.1.0] - 2024-06-10
### Added
- Added values to allow setting labels on pods

## [1.0.9] - 2024-06-07
### Updated
- Updated Dashboard dependency 3.3.3 => 3.5.3

## [1.0.8] - 2024-05-28
### Added
- Templates for Istio Sidecars and ServiceEntries, IstioHardened.md doc, values update

Thanos📜

!4476: thanos update to 15.4.3-bb.0

# Changelog Updates

## [15.4.3-bb.0] - 2024-05-16
### Upgraded
- Updated image `thanos` 0.34.1 -> 0.35.0 15.4.3-bb.0 for new chart version
- Updated chart `minio-instance` 5.0.11-bb.4 -> 5.0.12-bb.4 for new chart version
- Update gluon from 0.4.8 -> 0.5.0

Known Issues📜

CAC user registration issues in 23.0.7: CAC user registration issues in 23.0.7

Helpful Links📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Open issues here
Join our chat
Check out the documentation for guidance on how to get started

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.