Skip to content

Release Notes - 2.31.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.29.3 (RKE2).

Upgrade Notices📜

  • BigBang - MR:
    • Any custom containers specified via addons.keycloak.values.extraContainers or addons.keycloak.values.extraInitContainers must now explicitly drop all capabilities as below, or an exception must be added to the Kyverno require-drop-all-capabilities policy.
      addons:
        keycloak:
          values:
            extraInitContainers: |-
              - name: plugin
                image: registry1.dso.mil/ironbank/big-bang/p1-keycloak-plugin:3.4.0
                ...
                securityContext:
                  capabilities:
                    drop:
                      - ALL
      
  • Monitoring - MR:

    • The SNMP Exporter can now be enabled by setting monitoring.values.snmpExporter.enabled to true.
  • Promtail - MR:

    • This upgrade changes the default labels that will be appended to logs shipped to Loki. This will not affect existing logs or the data within these logs, however, logs going forward will only be given these set labels according to Loki best practices.
  • Minio

    • The minio.values.tenant.pools[].name field is now required and may cause errors on upgrade if not set. Minio users are advised to confirm this field is set before upgrading.
  • Twistlock - MR

    • This release corrects a bug that previously prevented override of the twistlock defender pod resource requests and limits. It also significantly increases the default values for these fields. Twistlock users are advised to review cluster resources and adjust these values accordingly before upgrading.

Future Changes📜

Users are advised that the upcoming release, 2.32.0 enables Kubernetes Native Sidecars in Istio, which minimally requires kubernetes version 1.28.0-0 or higher.

Upgrades from previous releases📜

If coming from a version pre-2.30.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.30.0.

Packages📜

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.22.2 Tetrate Istio Distro 1.22.2 1.22.2-bb.0 🔗
Updated Istio Operator Core Istio Operator 1.22.2 Tetrate Istio Distro Operator 1.22.2 1.22.2-bb.0 🔗
Jaeger Core 1.57.0 2.54.0-bb.1
Updated Kiali Core 1.86.2 1.86.2-bb.0 🔗
Updated Cluster Auditor Core 0.0.7 1.5.0-bb.19 🔗
Gatekeeper Core 3.16.3 3.16.3-bb.0
Kyverno Core 1.11.4 3.1.4-bb.8
Updated Kyverno Policies Core 3.0.4 3.0.4-bb.33 🔗
Kyverno Reporter Core 2.19.0 2.23.1-bb.1
Updated Elasticsearch Kibana Core Kibana 8.14.1 Elasticsearch 8.14.1 1.17.0-bb.2 🔗
Updated Eck Operator Core 2.13.0 2.13.0-bb.2 🔗
Updated Fluentbit Core 3.0.6 0.46.10-bb.2 🔗
Updated Promtail Core 3.0.0 6.16.2-bb.1 🔗
Updated Loki Core 3.0.0 6.6.4-bb.1 🔗
Neuvector Core 5.3.3 2.7.7-bb.0
Tempo Core Tempo 2.5.0 Tempo Query 2.5.0 1.9.0-bb.1
Updated Monitoring Core Prometheus 2.53.0 Grafana 11.0.0 Alertmanager 0.27.0 60.4.0-bb.2 🔗
Updated Grafana Core 11.1.0 8.2.2-bb.1 🔗
Updated Twistlock Core 32.01.128 0.15.0-bb.14 🔗
Wrapper Core N / A 0.4.9
Updated Argocd Addon 2.11.3 7.3.2-bb.1 🔗
Authservice Addon 1.0.1 1.0.1-bb.2
Updated Minio Operator Addon 5.0.15 5.0.15-bb.1 🔗
Updated Minio Addon RELEASE.2024-06-04T19-20-08Z 5.0.15-bb.5 🔗
Updated Gitlab Addon 17.1.2 8.1.2-bb.0 🔗
Updated Gitlab Runner Addon 17.0.0 0.65.0-bb.3 🔗
Updated Nexus Addon 3.69.0-02 69.0.0-bb.1 🔗
Updated Sonarqube Addon 9.9.6-community 8.0.6-bb.0 🔗
Updated Fortify Addon 24.2.0.0186 1.1.2320154-bb.15 🔗
Haproxy Addon 2.2.33 1.19.3-bb.6
Updated Anchore Enterprise Addon 5.4.1 2.4.2-bb.18 🔗
Mattermost Operator Addon 1.21.0 1.21.0-bb.1
Updated Mattermost Addon 9.9.0 9.9.0-bb.4 🔗
Updated Velero Addon 1.14.0 6.7.0-bb.2 🔗
Updated Keycloak Addon 24.0.5 24.0.5-bb.1 🔗
Vault Addon 1.14.10 0.25.0-bb.35
Metrics Server Addon 0.7.1 3.12.1-bb.2
Harbor Addon 2.10.2 1.14.2-bb.6
Updated Holocron Addon 3.3.2 1.0.10 🔗
Updated Thanos Addon 0.35.1 15.7.9-bb.2 🔗

Changes in 2.31.0📜

Big Bang MRs📜

  • !4617: Update docs/developer/package-integration/sso.md,…
  • !4650: Update docs/prerequisites/kubernetes-preconfiguration.md
  • !4630: Update docs/developer/package-integration/testing.md,…
  • !4563: Update docs/developer/package-integration/network-policies.md,…
  • !4471: chore(deps): update registry1.dso.mil/ironbank/big-bang/utilities docker tag to v1.0.3
  • !4542: Update docs/developer/testing.md, docs/developer/vendor-distro-integration.md,…
  • !4579: Add package architecture for external-secrets
  • !4554: Update doc request

Istio Controlplane📜

  • !4632: istio update to 1.22.2-bb.0
# Changelog Updates

## [1.22.2-bb.0] - 2024-07-01
### Changed
- ironbank/opensource/istio/install-cni updated from 1.22.1 to 1.22.2
- ironbank/opensource/istio/pilot updated from 1.22.1 to 1.22.2
- ironbank/opensource/istio/proxyv2 updated from 1.22.1 to 1.22.2
- ironbank/tetrate/istio/install-cni updated from 1.22.1 to 1.22.2
- ironbank/tetrate/istio/pilot updated from 1.22.1 to 1.22.2
- ironbank/tetrate/istio/proxyv2 updated from 1.22.1 to 1.22.2

Istio Operator📜

  • !4633: istioOperator update to 1.22.2-bb.0
# Changelog Updates

## [1.22.2-bb.0] - 2024-07-01
### Changed
- Updated registry1.dso.mil/ironbank/opensource/istio/operator from 1.22.1 to 1.22.2
- Updated registry1.dso.mil/ironbank/tetrate/istio/operator from 1.22.1-tetratefips-v0 to 1.22.2-tetratefips-v0

Kiali📜

  • !4597: kiali update to 1.86.2-bb.0
# Changelog Updates

## [1.86.2-bb.0] - 2024-06-27
### Changed
- Updated Kiali to v1.86.2
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.86.2
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.86.2

Cluster Auditor📜

  • !4653: clusterAuditor update to 1.5.0-bb.19
# Changelog Updates

## [1.5.0-bb.19] - 2024-07-03
### Changed
- Removing the shared authorization policies

## [1.5.0-bb.18] - 2024-06-25
### Changed
- Updated DEVELOPMENT_MAINTENANCE.md with instructions for integration testing in pipeline

Kyverno Policies📜

  • !4660: kyvernoPolicies update to 3.0.4-bb.33
  • !4594: Keycloak remove drop all capabilities kyverno exception
# Changelog Updates

## [3.0.4-bb.33] - 2024-06-17
### Changed
- Fixed error in execption-require-non-root-group.yaml and in the non-root-user.yaml

Elasticsearch Kibana📜

  • !4661: Enable Service Account Annotation for elasticsearch
  • !4643: elasticsearchKibana update to 1.17.0-bb.1
  • !4602: elasticsearchKibana update to 1.17.0-bb.0
# Changelog Updates

## [1.17.0-bb.2] - 2024-07-06
### Added
- Added service account annotations for elasticsearch and kibana

## [1.17.0-bb.1] - 2024-07-02
### Removed
- Removed shared authPolicies set at the Istio level

## [1.17.0-bb.0] - 2024-06-25
### Changed
- Update prometheus-elasticsearch-exporter from 5.7.0 to 5.8.1
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.14.0 to 8.14.1
- ironbank/elastic/kibana/kibana updated from 8.14.0 to 8.14.1

Eck Operator📜

  • !4641: eckOperator update to 2.13.0-bb.2
# Changelog Updates

## [2.13.0-bb.2] - 2024-07-02
### Removed
- Removed shared authPolicies set at the Istio level

Fluentbit📜

  • !4642: fluentbit update to 0.46.10-bb.2
  • !4580: fluentbit update to 0.46.10-bb.1
# Changelog Updates

## [0.46.10-bb.2] - 2024-07-02
### Removed
- Removed shared authPolicies set at the Istio level

## [0.46.10-bb.1] - 2024-06-25
### Added
- Added missing drift changed in chart

Promtail📜

  • !4640: promtail update to 6.16.2-bb.1
  • !4634: promtail update to 6.16.2-bb.0
  • !4600: promtail update to 6.15.5-bb.7
  • !4591: fix cluster label section to external_label
# Changelog Updates

## [6.16.2-bb.1] - 2024-07-02
### Removed
- Removed shared authPolicies set at the Istio level

## [6.16.2-bb.0] - 2024-07-02
### Updated
- Update promtail from `v2.9.4` -> `v3.0.0`
- Update configmap-reload from `v0.12.0` -> `v0.13.1`

## [6.15.5-bb.7] - 2024-06-27
### Updated
- Set new default labels according to best practices

## [6.15.5-bb.6] - 2024-06-26
### Added
- Drop unnecessary labels for Loki 3.0 support
- Fixed duplicate exportTo attribute

Loki📜

  • !4646: loki update to 6.6.4-bb.1
  • !4629: loki update to 6.6.4-bb.0
  • !4622: loki update to 6.6.2-bb.7
  • !4611: loki update to 6.6.2-bb.6
  • !4609: loki update to 6.6.2-bb.5
# Changelog Updates

## [6.6.4-bb.1] - 2024-07-03
### Removed
- Removed shared authPolicies set at the Istio level

## [6.6.4-bb.0] - 2024-07-01
### Updated
- Update `k8s-sidecar` from `1.27.2` -> `1.27.4`
- Update `kubectl` from `v1.29.5` -> `v1.29.6`
- Update `memcached` from `1.6.27` -> `1.6.29`
- Update `nginx` from `1.26.0` -> `1.26.1`

## [6.6.2-bb.7] - 2024-07-01
### Fixed
- Fixed minio pool to use required pool name

## [6.6.2-bb.6] - 2024-06-28
### Fixed
- Cypress intermittent failures fix

## [6.6.2-bb.5] - 2024-06-27
### Fixed
- Removes the `service_name` default label

Monitoring📜

  • !4654: monitoring update to 60.4.0-bb.2
  • !4610: monitoring update to 60.4.0-bb.1
  • !4601: monitoring update to 60.4.0-bb.0
# Changelog Updates

## [60.4.0-bb.2]
### Fixed
- Resolved URL issue between Prometheus and Alertmanager

## [60.4.0-bb.1] - 2024-06-28
### Added
- Added prometheus-snmp-exporter: v0.26.0
- Updated kube-state-metrics: 5.20.0 -> 5.20.1

## [60.4.0-bb.0] - 2024-06-26
### Updated
- Updated kubectl: v1.29.5 -> v1.29.6
- Updated prometheus: v2.52.0 -> v2.53.0

Grafana📜

  • !4647: grafana update to 8.2.2-bb.1
  • !4638: grafana update to 8.2.2-bb.0
  • !4631: grafana update to 8.0.0-bb.1
# Changelog Updates

## [8.2.2-bb.1] - 2024-07-02
### Removed
- Removed shared authPolicies set at the Istio level

## [8.2.2-bb.0] - 2024-07-02
### Changed
- Updated `ironbank/big-bang/grafana/grafana-plugins` 11.0.0 -> 11.1.0
- Updated `ironbank/kiwigrid/k8s-sidecar` 1.27.2 -> 1.27.4
- Updated `registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins` 11.0.0 -> 11.1.0
- Updated `registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar` 1.27.2 -> 1.27.4
- Fix readme version log to use chart version instead of app version

## [8.0.0-bb.1] - 2024-07-02
### Changed
- Synchronized with upstream helm chart version 8.0.0

Twistlock📜

  • !4655: twistlock update to 0.15.0-bb.14
  • !4582: twistlock update to 0.15.0-bb.13
# Changelog Updates

## [0.15.0-bb.14] - 2024-07-02
### Changed
- Removed the shared authorization policies

## [0.15.0-bb.13] - 2024-06-19
### Changed
- Fixed resource requests and limits for Defender DaemonSet
- Add DNS SAN script

## [0.15.0-bb.12] - 2024-06-05
### Added
- Added Cypress tests

Argocd📜

  • !4637: argocd update to 7.3.2-bb.1
  • !4616: argocd update to 7.3.2-bb.0
# Changelog Updates

## [7.3.2-bb.1] - 2024-07-01
### Changed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc

## [7.3.2-bb.0] - 2024-06-28
### Changed
- Update ironbank/big-bang/argocd v2.11.2 -> v2.11.3
- Update redis 19.5.0-bb.0 -> 19.5.5-bb.0
- Update registry1.dso.mil/ironbank/big-bang/argocd v2.11.2 -> v2.11.3
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.59.0 -> v1.61.0

Minio Operator📜

  • !4612: minioOperator update to 5.0.15-bb.1
# Changelog Updates

## [5.0.15-bb.1] - 2024-06-28
### Upgrade
- Upgrade MinIO Tenant CRD to 5.0.15

Minio📜

  • !4603: minio update to 5.0.15-bb.5
  • !4574: minio update to 5.0.15-bb.4
# Changelog Updates

## [5.0.15-bb.5] - 2024-06-27
### Changed
- Updated mc to `RELEASE.2024-06-24T19-40-33Z`

## [5.0.15-bb.4] - 2024-06-21
### Changed
- Updated mc to `RELEASE.2024-06-12T14-34-03Z`

Gitlab📜

  • !4701: gitlab update to 8.1.2-bb.0
  • !4626: gitlab update to 8.1.1-bb.1
# Changelog Updates

## [8.1.2-bb.0] - 2024-07-12
### Changed
- Update ironbank/gitlab/gitlab/gitlab-webservice 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.1.1 -> 17.1.2

## [8.1.1-bb.1] - 2024-07-01
### Changed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc

Gitlab Runner📜

  • !4608: gitlabRunner update to 0.65.0-bb.2
  • !4628: gitlabRunner update to 0.65.0-bb.3
  • !4588: gitlabRunner update to 0.65.0-bb.1
# Changelog Updates

## [0.65.0-bb.3] - 2024-07-01
### Fixed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc

## [0.65.0-bb.2] - 2024-06-21
### Fixed
- Removed duplicate istio.hardened entry in chart/values.yaml

## [0.65.0-bb.1] - 2024-06-20
### Fixed
- Updated authorizationPolicy to properly reflect matchLabel selector and port for metrics

Nexus📜

  • !4656: nexusRepositoryManager update to 69.0.0-bb.1
# Changelog Updates

## [69.0.0-bb.1] - 2024-06-26
### Changed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc

Sonarqube📜

  • !4627: sonarqube update to 8.0.5-bb.3
  • !4657: sonarqube update to 8.0.6-bb.0
  • !4598: sonarqube update to 8.0.5-bb.1
  • !4587: sonarqube update to 8.0.5-bb.0
# Changelog Updates

## [8.0.6-bb.0] - 2024-07-03
### Changed
- Update registry1.dso.mil/ironbank/big-bang/sonarqube-9 9.9.5-community -> 9.9.6-community

## [8.0.5-bb.3] - 2024-07-01
### Fixed
- Resolved issue with sso helm template matching up with values.yaml file.

## [8.0.5-bb.2] - 2024-06-27
### Added
- Added SSO ability to pull SAML config and write setting to the SonarQube API.

## [8.0.5-bb.1] - 2024-06-27
### Fixed
- Removed duplicated chart.yaml artifact

## [8.0.5-bb.0] - 2024-06-18
### Changed
- Update gluon 0.4.9 -> 0.5.0
- Update registry1.dso.mil/ironbank/big-bang/sonarqube-9 9.9.4-community -> 9.9.5-community
- Update registry1.dso.mil/ironbank/opensource/postgres/postgresql12 12.18 -> 12.19

Fortify📜

  • !4639: fortify update to 1.1.2320154-bb.15
# Changelog Updates

## [1.1.2320154-bb.15] - 2024-06-25
### Changed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc

Anchore Enterprise📜

  • !4636: anchore update to 2.4.2-bb.18
  • !4615: anchore update to 2.4.2-bb.17
# Changelog Updates

## [2.4.2-bb.18] - 2024-07-01
### Updated
- Removed the shared AuthorizationPolicies

## [2.4.2-bb.17] - 2024-06-27
### Updated
- Update upstream reference from github.com/anchore/anchore-charts/tree/master/stable/enterprise to github.com/anchore/anchore-charts/tree/main/stable/enterprise

Mattermost📜

  • !4665: SKIP UPGRADE mattermost update to 9.9.0-bb.4
# Changelog Updates

## [9.9.0-bb.4] - 2024-07-08
### Changed
- Reverted postgresql 15 to prior v10/v12

## [9.9.0-bb.3] - 2024-06-28
### Changed
- Corrected postgresl pod security context settings for kyverno

## [9.9.0-bb.2] - 2024-06-26
### Changed
- update "postgresql" (https://github.com/bitnami/charts) from "master" (c2ac165a579a8f06dede2b6fede2f4ec2bfea495) to "postgresql/12.12.10" (d278c2b6792e02c5f327e96df4f031cab7bc0819)
- Update postgresql ironbank image to 15.7
- remove postgresql(Username|Password|Database) settings in favor of auth.* settings

Velero📜

  • !4596: velero update to 6.7.0-bb.2
  • !4595: velero update to 6.7.0-bb.1
# Changelog Updates

## [6.7.0-bb.2] - 2024-06-26
### Changed
- registry1.dso.mil/ironbank/opensource/velero/velero v1.13.2 -> v1.14.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.9.2 -> v1.10.0

## [6.7.0-bb.1] - 2024-06-27
### Changed
- Fixed duplicate exportTo attribute in serviceentry.yaml

Keycloak📜

  • !4594: Keycloak remove drop all capabilities kyverno exception
  • !4590: Keycloak plugin init container drop all capabilities
# Changelog Updates

## [24.0.5-bb.1] - 2024-06-26
### Added
- Changed route weight in VirtualService to be explicit

Holocron📜

  • !4525: Resolve “Enable KeyCloak protection for Holocron”
  • !4607: holocron update to 1.0.10
# Changelog Updates

## [1.0.10] - 2024-06-14
### Updated
- Updated API and chart version 3.3.0 => 3.3.2
- Updated Dashboard 3.5.3 => 3.5.4

Thanos📜

  • !4614: Add support for Thanos compactor
# Changelog Updates

## [15.7.9-bb.2] - 2024-07-01
### Fixed
- Add istio AuthorizationPolicy for compactor component to minio

Known Issues📜

  • Kiali - ISSUE

    • On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the flowcontrol.apiserver.k8s.io/v1beta2 api version (no longer served as of v1.29).

    In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.

    $ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io
    

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.