Release Notes - 2.30.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.29.3 (RKE2).
Upgrade Notices📜
- Gitlab - MR:
-
Upgrade to gitlab 17.x breaking changes📜
- Runner registration tokens deprecated, action required.
- gitlabrunners will be unavailable to the gitlab instance until after action is taken.
- See the upgrade document for details on how to address this breaking change.
-
- Grafana - MR:
- Major grafana version upgrade. Adds specified OS’s for the nodeexporter. Deprecates all angular dashboard components.
- Mattermost - MR:
- These items were removed in the upstream mattermost release, be advised if you are using any of these features
-
- Removed support for selfserve purchases of Mattermost Subscriptions in various flows, throughout Cloud and Self Hosted environments.
-
- Removed support for selfserve true up review submission in the System Console.
-
- Removed the PostPriority feature flag.
-
- Removed SelfHostedPurchase setting from config.json
- Monitoring - MR:
- This version upgrades the Grafana chart to v8.0.x which introduces Grafana 11. This new major version of Grafana contains some breaking changes described in Breaking changes in Grafana v11.0.
- BigBang - MR:
- if monitoring or authservice have hardening turned on it will turn on istio-system policies. If istio-system hardening is turned on, the default deny for whole cluster is turned on, and you need to ensure that you have authorization policies created (usually through enabling hardening) that will allow traffic to flow normally. If you don’t you will get 403’s. See the hardening documentation for more information.
- Fortify - MR:
- The
.Values.ssc.config.log4j
section has been streamlined — previous values will not work. SeeCHANGELOG
orvalues.yaml
for more on the current log customization options.
- The
- Keycloak - MR:
-
Note that this might not be a seamless upgrade, because the clustering with older Keycloak versions might not work due to incompatible infinispan versions. One way to perform the upgrade is to run:
kubectl delete sts <RELEASE_NAME>-keycloak && helm upgrade --install
This ensures that all replicas are restarted with the same version. Note that all sessions are lost in this case, and users might need to login again.
Upgrades from previous releases📜
-
If coming from a version pre-2.29.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.29.0
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.22.1 Tetrate Istio Distro 1.22.1 |
1.22.1-bb.0 🔗 |
Istio Operator | Core | Istio Operator 1.22.1 Tetrate Istio Distro Operator 1.22.1 |
1.22.1-bb.0 🔗 |
Jaeger | Core | 1.57.0 |
2.54.0-bb.1 🔗 |
Kiali | Core | 1.86.0 |
1.86.0-bb.2 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.17 |
Gatekeeper | Core | 3.16.3 |
3.16.3-bb.0 |
Kyverno | Core | 1.11.4 |
3.1.4-bb.8 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.32 |
Kyverno Reporter | Core | 2.19.0 |
2.23.1-bb.1 🔗 |
Elasticsearch Kibana | Core | Kibana 8.14.0 Elasticsearch 8.14.0 |
1.16.0-bb.0 |
Eck Operator | Core | 2.13.0 |
2.13.0-bb.1 🔗 |
Fluentbit | Core | 3.0.6 |
0.46.10-bb.0 🔗 |
Promtail | Core | 2.9.4 |
6.15.5-bb.5 |
Loki | Core | 3.0.0 |
6.6.2-bb.4 🔗 |
Neuvector | Core | 5.3.3 |
2.7.7-bb.0 🔗 |
Tempo | Core | Tempo 2.5.0 Tempo Query 2.5.0 |
1.9.0-bb.1 🔗 |
Monitoring | Core | Prometheus 2.52.0 Grafana 11.0.0 Alertmanager 0.27.0 |
60.1.0-bb.0 🔗 |
Grafana | Core | 11.0.0 |
8.0.0-bb.0 🔗 |
Twistlock | Core | 32.01.128 |
0.15.0-bb.11 |
Wrapper | Core | N / A | 0.4.9 🔗 |
Argocd | Addon | 2.11.2 |
6.11.1-bb.1 🔗 |
Authservice | Addon | 1.0.1 |
1.0.1-bb.2 🔗 |
Minio Operator | Addon | 5.0.15 |
5.0.15-bb.0 |
Minio | Addon | RELEASE.2024-06-04T19-20-08Z |
5.0.15-bb.3 |
Gitlab | Addon | 17.1.1 |
8.1.1-bb.0 🔗 |
Gitlab Runner | Addon | 17.0.0 |
0.65.0-bb.0 |
Nexus | Addon | 3.69.0-02 |
69.0.0-bb.0 🔗 |
Sonarqube | Addon | 9.9.4-community |
8.0.4-bb.6 |
Fortify | Addon | 24.2.0.0186 |
1.1.2320154-bb.14 🔗 |
Haproxy | Addon | 2.2.33 |
1.19.3-bb.6 🔗 |
Anchore Enterprise | Addon | 5.4.1 |
2.4.2-bb.16 |
Mattermost Operator | Addon | 1.21.0 |
1.21.0-bb.1 |
Mattermost | Addon | 9.9.0 |
9.9.0-bb.1 🔗 |
Velero | Addon | 1.13.2 |
6.7.0-bb.0 🔗 |
Keycloak | Addon | 24.0.5 |
24.0.5-bb.1 🔗 |
Vault | Addon | 1.14.10 |
0.25.0-bb.35 🔗 |
Metrics Server | Addon | 0.7.1 |
3.12.1-bb.2 🔗 |
Harbor | Addon | 2.10.2 |
1.14.2-bb.6 |
Holocron | Addon | 3.3.0 |
1.0.9 |
Thanos | Addon | 0.35.1 |
15.7.9-bb.1 🔗 |
Changes in 2.30.0📜
Big Bang MRs📜
- !4558: Update docs/developer/package-integration/flux.md,…
- !4544: Updated test-values overrides for OpenShift
- !4541: fix: adjust flux values to perform 3 retries on failed install
- !4546: revert flux timeouts to 20min by default
- !4537: add env check for Pod IP
- !4515: Update docs/developer/develop-package.md,…
- !4454: fix: update rke2 and eks overrides
- !4506: Update docs/developer/README.md, docs/developer/ci-workflow.md
- !4497: Update docs/understanding-bigbang/licensing-model.md
- !4500: Backout drift detection
- !4472: Increase neuvector istio proxy enforcer memory limit
Istio Controlplane📜
# Changelog Updates
## [1.22.1-bb.0] - 2024-06-14
### Changed
- ironbank/opensource/istio/install-cni updated from 1.21.2 to 1.22.1
- ironbank/opensource/istio/pilot updated from 1.21.2 to 1.22.1
- ironbank/opensource/istio/proxyv2 updated from 1.21.2 to 1.22.1
- ironbank/tetrate/istio/install-cni updated from 1.21.2 to 1.22.1
- ironbank/tetrate/istio/pilot updated from 1.21.2 to 1.22.1
- ironbank/tetrate/istio/proxyv2 updated from 1.21.2 to 1.22.1
## [1.21.2-bb.3] - 2024-06-12
### Changed
- Moved the package specific shared istio authorization to their helm charts
Istio Operator📜
- !4528: istioOperator update to 1.22.1-bb.0
# Changelog Updates
## [1.22.1-bb.0] - 2024-06-12
### Changed
- Updated repo1 image to `1.22.1`
- Updated TID image to `1.22.1`
Jaeger📜
- !4535: jaeger update to 2.54.0-bb.1
# Changelog Updates
## [2.54.0-bb.1] - 2024-06-14
### Added
- Update DEVELOPMENT_MAINTENANCE.md to document the Big Bang specific changes from upstream
## [2.54.0-bb.0] - 2024-05-23
### Added
- Update to jaegar 2.54.0
Kiali📜
- !4572: kiali update to 1.86.0-bb.1
# Changelog Updates
## [1.86.0-bb.2] - 2024-06-25
### Changed
- Removed shared authorization policies
## [1.86.0-bb.1] - 2024-06-25
### Changed
- Updating DEVELOPMENT_MAINTENANCE.md to fix bb docs
## [1.86.0-bb.0] - 2024-06-18
### Changed
- Updated Kiali to v1.86.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.86.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.86.0
Kyverno Reporter📜
- !4555: kyvernoReporter update to 2.23.1-bb.1
# Changelog Updates
## [2.23.1-bb.1] - 2024-06-21
### Changed
- Updated DEVELOPMENT_MAINTENANCE.md with instructions for integration testing in pipeline
Eck Operator📜
- !4487: eckOperator update to 2.13.0-bb.1
# Changelog Updates
## [2.13.0-bb.1] - 2024-06-10
### Updated
- Synchronized with upstream chart version 2.13.0
Fluentbit📜
# Changelog Updates
## [0.46.10-bb.0] - 2024-06-10
### Changed
- Updated fluent-bit: 3.0.4 -> 3.0.6
## [0.46.7-bb.1] - 2024-05-23
### Added
- Added `cluster` label to the log stream
Loki📜
# Changelog Updates
## [6.6.2-bb.4] - 2024-06-24
### Added
- Cypress retries and wait added to tests
## [6.6.2-bb.3] - 2024-06-13
### Fix
- Synchronize chart with upstream version 6.6.2
Neuvector📜
# Changelog Updates
## [2.7.7-bb.0] - 2024-06-24
### Changed
- Updated chart version to `2.7.7`
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/controller from 5.3.2 to 5.3.3
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/enforcer from 5.3.2 to 5.3.3
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/manager from 5.3.2 to 5.3.3
## [2.7.6-bb.3] - 2024-06-18
### Changed
- Removed duplicate network attachment definition for OpenShift deployments
- Resolved naming conflict for cluster roles deployed to OpenShift
Tempo📜
- !4494: tempo update to 1.9.0-bb.1
# Changelog Updates
## [1.9.0-bb.1] - 2024-06-10
### Changed
- Synchronized with upstream chart version 1.9.0
Monitoring📜
- !4519: monitoring update to 60.1.0-bb.0
# Changelog Updates
## [60.1.0-bb.0] - 2024-06-13
### Updated
- Updated node-exporter: v1.8.0 -> v1.8.1
- Updated thanos: v0.35.0 -> v0.35.1
- Updated kube-state-metrics chart: 5.19.x -> 5.20.x
- Updated prometheus-node-exporter chart: 4.34.x -> 4.36.x
- Updated grafana chart: 7.3.* -> 8.0.*
## [59.1.0-bb.1] - 2024-06-06
### Updated
- Moved the shared monitoring policy into the monitoring chart
Grafana📜
- !4552: grafana update to 8.0.0-bb.0
# Changelog Updates
## [8.0.0-bb.0] - 2024-06-04
### Changed
- gluon updated from 0.4.10 to 0.5.0
- ironbank/big-bang/grafana/grafana-plugins updated from 10.4.2 to 11.0.0
- ironbank/kiwigrid/k8s-sidecar updated from 1.26.1 to 1.27.2
- ironbank/redhat/ubi/ubi9-minimal updated from 9.3 to 9.4
Wrapper📜
- !4551: wrapper update to 0.4.9
# Changelog Updates
## [0.4.9] - 2024-06-20
### Changed
- Removed the allow nothing policy
- Renamed the istio authorization policies
- Added the IstioHardened doc
Argocd📜
- !4510: argocd update to 6.11.1-bb.1
# Changelog Updates
## [6.11.1-bb.1] - 2024-06-07
### Changed
- Updated registry1.dso.mil/ironbank/opensource/dexidp/dex from 2.39.1 -> 2.40.0
Authservice📜
- !4577: authservice update to 1.0.1-bb.2
# Changelog Updates
## [1.0.1-bb.2] - 2024-06-21
### Changed
- Removed shared authorization policies
## [1.0.1-bb.1] - 2024-05-31
### Changed
- Moved the shared kiali policy into authservice
Gitlab📜
# Changelog Updates
## [8.1.1-bb.0] - 2024-06-27
### Changed
- Update ironbank/gitlab/gitlab/gitlab-webservice 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.60.0 -> v1.61.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.0.2 -> 17.1.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.0.2 -> 17.1.1
## [8.0.2-bb.0] - 2024-06-17
### Changed
- Update ironbank/gitlab/gitlab/gitlab-webservice 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.59.0 -> v1.60.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.0.1 -> 17.0.2
- Update registry1.dso.mil/ironbank/opensource/postgres/postgresql 14.11 -> 14.12
## [8.0.1-bb.0] - 2024-05-23
### Changed
- Skipped 17.0.0 release, see this [Gitlab security release](https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/) for details.
- Update ironbank/gitlab/gitlab/gitlab-webservice 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 16.11.2 -> 17.0.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 16.11.2 -> 17.0.1
Nexus📜
- !4502: nexusRepositoryManager update to 69.0.0-bb.0
# Changelog Updates
## [69.0.0-bb.0] - 2024-06-07
### Changed
- Updated chart to version: 69.0.0-bb.0 | appVersion: 3.69.0-02
Fortify📜
- !4532: fortify update to 1.1.2320154-bb.14
# Changelog Updates
## [1.1.2320154-bb.14] - 2024-06-14
### Changed
- Overhauled log4j config customization.
### Removed
- Removed our recently-added `initContainer` (`log4j-config-pinner`) in favor of using the vendor-provided `COM_FORTIFY_SSC_LOG4J2_OVERRIDE` to wire in our own (opt-in!) volume-mounted custom XML configuration overrides at `/opt/bigbang/log4j2-config-override.xml`.
- Previous `.Values.ssc.config.log4j` options have been removed in favor of the two new options described below.
### Added
- Set `.Values.ssc.config.log4j.enableDebugConfig` to `true` to have SSC use log level `debug` and print logs to `STDOUT`. Not recommended as an always-on default.
- Should you need to *fully* customize Fortify SSC's log configuration, paste in your own log4j2 config as a multiline XML string at `.Values.ssc.config.log4j.customXMLConfigString`.
## [1.1.2320154-bb.13] - 2024-06-13
### Removed
- resource overrides from test values
Haproxy📜
- !4576: haproxy update to 1.19.3-bb.6
# Changelog Updates
## [1.19.3-bb.6] - 2024-06-21
### Changed
- Removed shared authorization policies
Mattermost📜
# Changelog Updates
## [9.9.0-bb.1] - 2024-06-18
### Changed
- Only enable the postgresql peer exception when installing postgresql
## [9.9.0-bb.0] - 2024-06-18
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.8.1 to 9.9.0
- postgresql chart newline change (DOS -> UNIX newlines)
Velero📜
- !4571: velero update to 6.7.0-bb.0
# Changelog Updates
## [6.7.0-bb.0] - 2024-06-18
### Changed
- Updated to latest chart version `6.7.0`
- velero/velero-plugin-for-aws v1.9.2 -> v1.10.0
- velero/velero-restore-helper v1.13.2 -> v1.14.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.29.5 -> v1.29.9
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.9.2 -> v1.10.0
Keycloak📜
- !4585: keycloak update to 24.0.5-bb.1
- !4557: keycloak update to 23.0.7-bb.11
- !4511: keycloak update to 23.0.7-bb.10
# Changelog Updates
## [24.0.5-bb.1] - 2024-06-26
### Added
- Changed route weight in VirtualService to be explicit
## [24.0.5-bb.0] - 2024-06-25
### Updated
- Updating Keycloak 23.0.7 -> 24.0.5
- Updating Gluon 0.4.7 -> 0.5.0
- Updating Postgresql 12.15 -> 12.18
- Updating BB base image 2.0.0 -> 2.1.0
- Updating development certs
## [23.0.7-bb.12] - 2024-06-25
### Changed
- Removed shared authorization policies
## [23.0.7-bb.11] - 2024-06-20
### Added
- Templates for Istio Sidecars and ServiceEntries, values update
## [23.0.7-bb.10] - 2024-06-10
### Added
- Added holocron client to ci json for baby yoda realm
Vault📜
- !4549: vault update to 0.25.0-bb.35
- !4533: vault update to 0.25.0-bb.34
- !4496: vault update to 0.25.0-bb.32
# Changelog Updates
## [0.25.0-bb.35] - 2024-06-20
### Changed
- Add explicit weight to vault istio virtualservice destinations
## [0.25.0-bb.34] - 2024-06-18
### Added
- Updated cluster role resource to avoid naming conflict for OpenShift deployments
## [0.25.0-bb.33] - 2024-06-12
### Added
- Update cypress test
## [0.25.0-bb.32] - 2024-06-10
### Updated
- Updated minio-instance 5.0.12-bb.2 -> 5.0.15-bb.2
Metrics Server📜
- !4491: metricsServer update to 3.12.1-bb.2
# Changelog Updates
## [3.12.1-bb.2] - 2024-06-10
### Added
- Check for upstream drift
- Add Kubernetes version conditional to values.rbac.pspenabled
Thanos📜
- !4569: thanos update to 15.7.9-bb.1
- !4503: Enable Thanos Object Level Storage
- !4550: thanos update to 15.7.9-bb.0
- !4523: thanos update to 15.4.3-bb.1
# Changelog Updates
## [15.7.9-bb.1] - 2024-06-24
### Fixed
- Point Istio Virtual Service to `query-frontend` pod
- Add additional authPols for virtual service change
## [15.7.9-bb.0] - 2024-06-18
### Upgraded
- Upgrade Thanos from `v0.34.1` -> `v0.35.1`
## [15.4.3-bb.1] - 2024-06-14
### Upgraded
- Checked for upstream diff and updated the DEVELOPMENT_MAINTENANCE.md to log the big bang-specific changes
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.