Skip to content

Release Notes - 2.30.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.29.3 (RKE2).

Upgrade Notices📜

  • Gitlab - MR:
    • Upgrade to gitlab 17.x breaking changes📜

    • Runner registration tokens deprecated, action required.
    • gitlabrunners will be unavailable to the gitlab instance until after action is taken.
    • See the upgrade document for details on how to address this breaking change.
  • Grafana - MR:
    • Major grafana version upgrade. Adds specified OS’s for the nodeexporter. Deprecates all angular dashboard components.
  • Mattermost - MR:
    • These items were removed in the upstream mattermost release, be advised if you are using any of these features
      • Removed support for selfserve purchases of Mattermost Subscriptions in various flows, throughout Cloud and Self Hosted environments.
      • Removed support for selfserve true up review submission in the System Console.
      • Removed the PostPriority feature flag.
      • Removed SelfHostedPurchase setting from config.json
  • Monitoring - MR:
    • This version upgrades the Grafana chart to v8.0.x which introduces Grafana 11. This new major version of Grafana contains some breaking changes described in Breaking changes in Grafana v11.0.
  • BigBang - MR:
    • if monitoring or authservice have hardening turned on it will turn on istio-system policies. If istio-system hardening is turned on, the default deny for whole cluster is turned on, and you need to ensure that you have authorization policies created (usually through enabling hardening) that will allow traffic to flow normally. If you don’t you will get 403’s. See the hardening documentation for more information.
  • Fortify - MR:
    • The .Values.ssc.config.log4j section has been streamlined — previous values will not work. See CHANGELOG or values.yaml for more on the current log customization options.
  • Keycloak - MR:
    • Note that this might not be a seamless upgrade, because the clustering with older Keycloak versions might not work due to incompatible infinispan versions. One way to perform the upgrade is to run:

      kubectl delete sts <RELEASE_NAME>-keycloak && helm upgrade --install
      

      This ensures that all replicas are restarted with the same version. Note that all sessions are lost in this case, and users might need to login again.

      Upgrades from previous releases📜

If coming from a version pre-2.29.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.29.0.

Packages📜

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.22.1 Tetrate Istio Distro 1.22.1 1.22.1-bb.0 🔗
Updated Istio Operator Core Istio Operator 1.22.1 Tetrate Istio Distro Operator 1.22.1 1.22.1-bb.0 🔗
Updated Jaeger Core 1.57.0 2.54.0-bb.1 🔗
Updated Kiali Core 1.86.0 1.86.0-bb.2 🔗
Cluster Auditor Core 0.0.7 1.5.0-bb.17
Gatekeeper Core 3.16.3 3.16.3-bb.0
Kyverno Core 1.11.4 3.1.4-bb.8
Kyverno Policies Core 3.0.4 3.0.4-bb.32
Updated Kyverno Reporter Core 2.19.0 2.23.1-bb.1 🔗
Elasticsearch Kibana Core Kibana 8.14.0 Elasticsearch 8.14.0 1.16.0-bb.0
Updated Eck Operator Core 2.13.0 2.13.0-bb.1 🔗
Updated Fluentbit Core 3.0.6 0.46.10-bb.0 🔗
Promtail Core 2.9.4 6.15.5-bb.5
Updated Loki Core 3.0.0 6.6.2-bb.4 🔗
Updated Neuvector Core 5.3.3 2.7.7-bb.0 🔗
Updated Tempo Core Tempo 2.5.0 Tempo Query 2.5.0 1.9.0-bb.1 🔗
Updated Monitoring Core Prometheus 2.52.0 Grafana 11.0.0 Alertmanager 0.27.0 60.1.0-bb.0 🔗
Updated Grafana Core 11.0.0 8.0.0-bb.0 🔗
Twistlock Core 32.01.128 0.15.0-bb.11
Updated Wrapper Core N / A 0.4.9 🔗
Updated Argocd Addon 2.11.2 6.11.1-bb.1 🔗
Updated Authservice Addon 1.0.1 1.0.1-bb.2 🔗
Minio Operator Addon 5.0.15 5.0.15-bb.0
Minio Addon RELEASE.2024-06-04T19-20-08Z 5.0.15-bb.3
Updated Gitlab Addon 17.1.1 8.1.1-bb.0 🔗
Gitlab Runner Addon 17.0.0 0.65.0-bb.0
Updated Nexus Addon 3.69.0-02 69.0.0-bb.0 🔗
Sonarqube Addon 9.9.4-community 8.0.4-bb.6
Updated Fortify BETA Addon 24.2.0.0186 1.1.2320154-bb.14 🔗
Updated Haproxy Addon 2.2.33 1.19.3-bb.6 🔗
Anchore Enterprise Addon 5.4.1 2.4.2-bb.16
Mattermost Operator Addon 1.21.0 1.21.0-bb.1
Updated Mattermost Addon 9.9.0 9.9.0-bb.1 🔗
Updated Velero Addon 1.13.2 6.7.0-bb.0 🔗
Updated Keycloak Addon 24.0.5 24.0.5-bb.1 🔗
Updated Vault Addon 1.14.10 0.25.0-bb.35 🔗
Updated Metrics Server Addon 0.7.1 3.12.1-bb.2 🔗
Harbor Addon 2.10.2 1.14.2-bb.6
Holocron Addon 3.3.0 1.0.9
Updated Thanos Addon 0.35.1 15.7.9-bb.1 🔗

Changes in 2.30.0📜

Big Bang MRs📜

  • !4558: Update docs/developer/package-integration/flux.md,…
  • !4544: Updated test-values overrides for OpenShift
  • !4541: fix: adjust flux values to perform 3 retries on failed install
  • !4546: revert flux timeouts to 20min by default
  • !4537: add env check for Pod IP
  • !4515: Update docs/developer/develop-package.md,…
  • !4454: fix: update rke2 and eks overrides
  • !4506: Update docs/developer/README.md, docs/developer/ci-workflow.md
  • !4497: Update docs/understanding-bigbang/licensing-model.md
  • !4500: Backout drift detection
  • !4472: Increase neuvector istio proxy enforcer memory limit

Istio Controlplane📜

  • !4529: istio update to 1.22.1-bb.0
  • !4520: istio update to 1.21.2-bb.3
# Changelog Updates

## [1.22.1-bb.0] - 2024-06-14
### Changed
- ironbank/opensource/istio/install-cni updated from 1.21.2 to 1.22.1
- ironbank/opensource/istio/pilot updated from 1.21.2 to 1.22.1
- ironbank/opensource/istio/proxyv2 updated from 1.21.2 to 1.22.1
- ironbank/tetrate/istio/install-cni updated from 1.21.2 to 1.22.1
- ironbank/tetrate/istio/pilot updated from 1.21.2 to 1.22.1
- ironbank/tetrate/istio/proxyv2 updated from 1.21.2 to 1.22.1

## [1.21.2-bb.3] - 2024-06-12
### Changed
- Moved the package specific shared istio authorization to their helm charts

Istio Operator📜

  • !4528: istioOperator update to 1.22.1-bb.0
# Changelog Updates

## [1.22.1-bb.0] - 2024-06-12
### Changed
- Updated repo1 image to `1.22.1`
- Updated TID image to `1.22.1`

Jaeger📜

  • !4535: jaeger update to 2.54.0-bb.1
# Changelog Updates

## [2.54.0-bb.1] - 2024-06-14
### Added
- Update DEVELOPMENT_MAINTENANCE.md to document the Big Bang specific changes from upstream

## [2.54.0-bb.0] - 2024-05-23
### Added
- Update to jaegar 2.54.0

Kiali📜

  • !4572: kiali update to 1.86.0-bb.1
# Changelog Updates

## [1.86.0-bb.2] - 2024-06-25
### Changed
- Removed shared authorization policies

## [1.86.0-bb.1] - 2024-06-25
### Changed
- Updating DEVELOPMENT_MAINTENANCE.md to fix bb docs

## [1.86.0-bb.0] - 2024-06-18
### Changed
- Updated Kiali to v1.86.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.86.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.86.0

Kyverno Reporter📜

  • !4555: kyvernoReporter update to 2.23.1-bb.1
# Changelog Updates

## [2.23.1-bb.1] - 2024-06-21
### Changed
- Updated DEVELOPMENT_MAINTENANCE.md with instructions for integration testing in pipeline

Eck Operator📜

  • !4487: eckOperator update to 2.13.0-bb.1
# Changelog Updates

## [2.13.0-bb.1] - 2024-06-10
### Updated
- Synchronized with upstream chart version 2.13.0

Fluentbit📜

  • !4530: fluentbit update to 0.46.10-bb.0
  • !4501: fluentbit update to 0.46.7-bb.1
# Changelog Updates

## [0.46.10-bb.0] - 2024-06-10
### Changed
- Updated fluent-bit: 3.0.4 -> 3.0.6

## [0.46.7-bb.1] - 2024-05-23
### Added
- Added `cluster` label to the log stream

Loki📜

  • !4564: loki update to 6.6.2-bb.4
  • !4543: loki update to 6.6.2-bb.3
  • !4498: Loki “distributed” mode
# Changelog Updates

## [6.6.2-bb.4] - 2024-06-24
### Added
- Cypress retries and wait added to tests

## [6.6.2-bb.3] - 2024-06-13
### Fix
- Synchronize chart with upstream version 6.6.2

Neuvector📜

  • !4562: neuvector update to 2.7.7-bb.0
  • !4548: neuvector update to 2.7.6-bb.3
# Changelog Updates

## [2.7.7-bb.0] - 2024-06-24
### Changed
- Updated chart version to `2.7.7`
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/controller from 5.3.2 to 5.3.3
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/enforcer from 5.3.2 to 5.3.3
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/manager from 5.3.2 to 5.3.3

## [2.7.6-bb.3] - 2024-06-18
### Changed
- Removed duplicate network attachment definition for OpenShift deployments
- Resolved naming conflict for cluster roles deployed to OpenShift

Tempo📜

  • !4494: tempo update to 1.9.0-bb.1
# Changelog Updates

## [1.9.0-bb.1] - 2024-06-10
### Changed
- Synchronized with upstream chart version 1.9.0

Monitoring📜

  • !4519: monitoring update to 60.1.0-bb.0
# Changelog Updates

## [60.1.0-bb.0] - 2024-06-13
### Updated
- Updated node-exporter: v1.8.0 -> v1.8.1
- Updated thanos: v0.35.0 -> v0.35.1
- Updated kube-state-metrics chart: 5.19.x -> 5.20.x
- Updated prometheus-node-exporter chart: 4.34.x -> 4.36.x
- Updated grafana chart: 7.3.* -> 8.0.*

## [59.1.0-bb.1] - 2024-06-06
### Updated
- Moved the shared monitoring policy into the monitoring chart

Grafana📜

  • !4552: grafana update to 8.0.0-bb.0
# Changelog Updates

## [8.0.0-bb.0] - 2024-06-04
### Changed
- gluon updated from 0.4.10 to 0.5.0
- ironbank/big-bang/grafana/grafana-plugins updated from 10.4.2 to 11.0.0
- ironbank/kiwigrid/k8s-sidecar updated from 1.26.1 to 1.27.2
- ironbank/redhat/ubi/ubi9-minimal updated from 9.3 to 9.4

Wrapper📜

  • !4551: wrapper update to 0.4.9
# Changelog Updates

## [0.4.9] - 2024-06-20
### Changed
- Removed the allow nothing policy
- Renamed the istio authorization policies
- Added the IstioHardened doc

Argocd📜

  • !4510: argocd update to 6.11.1-bb.1
# Changelog Updates

## [6.11.1-bb.1] - 2024-06-07
### Changed
- Updated registry1.dso.mil/ironbank/opensource/dexidp/dex from 2.39.1 -> 2.40.0

Authservice📜

  • !4577: authservice update to 1.0.1-bb.2
# Changelog Updates

## [1.0.1-bb.2] - 2024-06-21
### Changed
- Removed shared authorization policies

## [1.0.1-bb.1] - 2024-05-31
### Changed
- Moved the shared kiali policy into authservice

Gitlab📜

  • !4604: gitlab update to 8.1.1-bb.0
  • !4531: gitlab update to 8.0.2-bb.0
# Changelog Updates

## [8.1.1-bb.0] - 2024-06-27
### Changed
- Update ironbank/gitlab/gitlab/gitlab-webservice 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.60.0 -> v1.61.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.0.2 -> 17.1.1

## [8.0.2-bb.0] - 2024-06-17
### Changed
- Update ironbank/gitlab/gitlab/gitlab-webservice 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.59.0 -> v1.60.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/opensource/postgres/postgresql 14.11 -> 14.12

## [8.0.1-bb.0] - 2024-05-23
### Changed
- Skipped 17.0.0 release, see this [Gitlab security release](https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/) for details.
- Update ironbank/gitlab/gitlab/gitlab-webservice 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 16.11.2 -> 17.0.1

Nexus📜

  • !4502: nexusRepositoryManager update to 69.0.0-bb.0
# Changelog Updates

## [69.0.0-bb.0] - 2024-06-07
### Changed
- Updated chart to version: 69.0.0-bb.0 | appVersion: 3.69.0-02

Fortify📜

  • !4532: fortify update to 1.1.2320154-bb.14
# Changelog Updates

## [1.1.2320154-bb.14] - 2024-06-14
### Changed
- Overhauled log4j config customization.

### Removed
- Removed our recently-added `initContainer` (`log4j-config-pinner`) in favor of using the vendor-provided `COM_FORTIFY_SSC_LOG4J2_OVERRIDE` to wire in our own (opt-in!) volume-mounted custom XML configuration overrides at `/opt/bigbang/log4j2-config-override.xml`.
- Previous `.Values.ssc.config.log4j` options have been removed in favor of the two new options described below.

### Added
- Set `.Values.ssc.config.log4j.enableDebugConfig` to `true` to have SSC use log level `debug` and print logs to `STDOUT`. Not recommended as an always-on default.
- Should you need to *fully* customize Fortify SSC's log configuration, paste in your own log4j2 config as a multiline XML string at `.Values.ssc.config.log4j.customXMLConfigString`.

## [1.1.2320154-bb.13] - 2024-06-13
### Removed
- resource overrides from test values

Haproxy📜

  • !4576: haproxy update to 1.19.3-bb.6
# Changelog Updates

## [1.19.3-bb.6] - 2024-06-21
### Changed
- Removed shared authorization policies

Mattermost📜

  • !4538: mattermost update to 9.9.0-bb.1
  • !4534: mattermost update to 9.9.0-bb.0
# Changelog Updates

## [9.9.0-bb.1] - 2024-06-18
### Changed
- Only enable the postgresql peer exception when installing postgresql

## [9.9.0-bb.0] - 2024-06-18
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.8.1 to 9.9.0
- postgresql chart newline change (DOS -> UNIX newlines)

Velero📜

  • !4571: velero update to 6.7.0-bb.0
# Changelog Updates

## [6.7.0-bb.0] - 2024-06-18
### Changed
- Updated to latest chart version `6.7.0`
- velero/velero-plugin-for-aws v1.9.2 -> v1.10.0
- velero/velero-restore-helper v1.13.2 -> v1.14.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.29.5 -> v1.29.9
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.9.2 -> v1.10.0

Keycloak📜

  • !4585: keycloak update to 24.0.5-bb.1
  • !4557: keycloak update to 23.0.7-bb.11
  • !4511: keycloak update to 23.0.7-bb.10
# Changelog Updates

## [24.0.5-bb.1] - 2024-06-26
### Added
- Changed route weight in VirtualService to be explicit

## [24.0.5-bb.0] - 2024-06-25
### Updated
- Updating Keycloak 23.0.7 -> 24.0.5
- Updating Gluon 0.4.7 -> 0.5.0
- Updating Postgresql 12.15 -> 12.18
- Updating BB base image 2.0.0 -> 2.1.0
- Updating development certs

## [23.0.7-bb.12] - 2024-06-25
### Changed
- Removed shared authorization policies

## [23.0.7-bb.11] - 2024-06-20
### Added
- Templates for Istio Sidecars and ServiceEntries, values update

## [23.0.7-bb.10] - 2024-06-10
### Added
- Added holocron client to ci json for baby yoda realm

Vault📜

  • !4549: vault update to 0.25.0-bb.35
  • !4533: vault update to 0.25.0-bb.34
  • !4496: vault update to 0.25.0-bb.32
# Changelog Updates

## [0.25.0-bb.35] - 2024-06-20
### Changed
- Add explicit weight to vault istio virtualservice destinations

## [0.25.0-bb.34] - 2024-06-18
### Added
- Updated cluster role resource to avoid naming conflict for OpenShift deployments

## [0.25.0-bb.33] - 2024-06-12
### Added
- Update cypress test

## [0.25.0-bb.32] - 2024-06-10
### Updated
- Updated minio-instance 5.0.12-bb.2 -> 5.0.15-bb.2

Metrics Server📜

  • !4491: metricsServer update to 3.12.1-bb.2
# Changelog Updates

## [3.12.1-bb.2] - 2024-06-10
### Added
- Check for upstream drift
- Add Kubernetes version conditional to values.rbac.pspenabled

Thanos📜

  • !4569: thanos update to 15.7.9-bb.1
  • !4503: Enable Thanos Object Level Storage
  • !4550: thanos update to 15.7.9-bb.0
  • !4523: thanos update to 15.4.3-bb.1
# Changelog Updates

## [15.7.9-bb.1] - 2024-06-24
### Fixed
- Point Istio Virtual Service to `query-frontend` pod
- Add additional authPols for virtual service change

## [15.7.9-bb.0] - 2024-06-18
### Upgraded
- Upgrade Thanos from `v0.34.1` -> `v0.35.1`

## [15.4.3-bb.1] - 2024-06-14
### Upgraded
- Checked for upstream diff and updated the DEVELOPMENT_MAINTENANCE.md to log the big bang-specific changes

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.