Release Notes - 2.31.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.29.3 (RKE2).
Upgrade Notices📜
- BigBang - MR:
- Any custom containers specified via
addons.keycloak.values.extraContainers
oraddons.keycloak.values.extraInitContainers
must now explicitly drop all capabilities as below, or an exception must be added to the Kyvernorequire-drop-all-capabilities
policy.addons: keycloak: values: extraInitContainers: |- - name: plugin image: registry1.dso.mil/ironbank/big-bang/p1-keycloak-plugin:3.4.0 ... securityContext: capabilities: drop: - ALL
- Any custom containers specified via
-
Monitoring - MR:
- The SNMP Exporter can now be enabled by setting
monitoring.values.snmpExporter.enabled
totrue
.
- The SNMP Exporter can now be enabled by setting
-
- This upgrade changes the default labels that will be appended to logs shipped to Loki. This will not affect existing logs or the data within these logs, however, logs going forward will only be given these set labels according to Loki best practices.
-
- The
minio.values.tenant.pools[].name
field is now required and may cause errors on upgrade if not set. Minio users are advised to confirm this field is set before upgrading.
- The
-
- This release corrects a bug that previously prevented override of the twistlock defender pod resource requests and limits. It also significantly increases the default values for these fields. Twistlock users are advised to review cluster resources and adjust these values accordingly before upgrading.
Future Changes📜
Users are advised that the upcoming release, 2.32.0
enables Kubernetes Native Sidecars in Istio, which minimally requires kubernetes version 1.28.0-0
or higher.
Upgrades from previous releases📜
If coming from a version pre-2.30.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.30.0
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.22.2 Tetrate Istio Distro 1.22.2 |
1.22.2-bb.0 🔗 |
Istio Operator | Core | Istio Operator 1.22.2 Tetrate Istio Distro Operator 1.22.2 |
1.22.2-bb.0 🔗 |
Jaeger | Core | 1.57.0 |
2.54.0-bb.1 |
Kiali | Core | 1.86.2 |
1.86.2-bb.0 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.19 🔗 |
Gatekeeper | Core | 3.16.3 |
3.16.3-bb.0 |
Kyverno | Core | 1.11.4 |
3.1.4-bb.8 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.33 🔗 |
Kyverno Reporter | Core | 2.19.0 |
2.23.1-bb.1 |
Elasticsearch Kibana | Core | Kibana 8.14.1 Elasticsearch 8.14.1 |
1.17.0-bb.2 🔗 |
Eck Operator | Core | 2.13.0 |
2.13.0-bb.2 🔗 |
Fluentbit | Core | 3.0.6 |
0.46.10-bb.2 🔗 |
Promtail | Core | 3.0.0 |
6.16.2-bb.1 🔗 |
Loki | Core | 3.0.0 |
6.6.4-bb.1 🔗 |
Neuvector | Core | 5.3.3 |
2.7.7-bb.0 |
Tempo | Core | Tempo 2.5.0 Tempo Query 2.5.0 |
1.9.0-bb.1 |
Monitoring | Core | Prometheus 2.53.0 Grafana 11.0.0 Alertmanager 0.27.0 |
60.4.0-bb.2 🔗 |
Grafana | Core | 11.1.0 |
8.2.2-bb.1 🔗 |
Twistlock | Core | 32.01.128 |
0.15.0-bb.14 🔗 |
Wrapper | Core | N / A | 0.4.9 |
Argocd | Addon | 2.11.3 |
7.3.2-bb.1 🔗 |
Authservice | Addon | 1.0.1 |
1.0.1-bb.2 |
Minio Operator | Addon | 5.0.15 |
5.0.15-bb.1 🔗 |
Minio | Addon | RELEASE.2024-06-04T19-20-08Z |
5.0.15-bb.5 🔗 |
Gitlab | Addon | 17.1.2 |
8.1.2-bb.0 🔗 |
Gitlab Runner | Addon | 17.0.0 |
0.65.0-bb.3 🔗 |
Nexus | Addon | 3.69.0-02 |
69.0.0-bb.1 🔗 |
Sonarqube | Addon | 9.9.6-community |
8.0.6-bb.0 🔗 |
Fortify | Addon | 24.2.0.0186 |
1.1.2320154-bb.15 🔗 |
Haproxy | Addon | 2.2.33 |
1.19.3-bb.6 |
Anchore Enterprise | Addon | 5.4.1 |
2.4.2-bb.18 🔗 |
Mattermost Operator | Addon | 1.21.0 |
1.21.0-bb.1 |
Mattermost | Addon | 9.9.0 |
9.9.0-bb.4 🔗 |
Velero | Addon | 1.14.0 |
6.7.0-bb.2 🔗 |
Keycloak | Addon | 24.0.5 |
24.0.5-bb.1 🔗 |
Vault | Addon | 1.14.10 |
0.25.0-bb.35 |
Metrics Server | Addon | 0.7.1 |
3.12.1-bb.2 |
Harbor | Addon | 2.10.2 |
1.14.2-bb.6 |
Holocron | Addon | 3.3.2 |
1.0.10 🔗 |
Thanos | Addon | 0.35.1 |
15.7.9-bb.2 🔗 |
Changes in 2.31.0📜
Big Bang MRs📜
- !4617: Update docs/developer/package-integration/sso.md,…
- !4650: Update docs/prerequisites/kubernetes-preconfiguration.md
- !4630: Update docs/developer/package-integration/testing.md,…
- !4563: Update docs/developer/package-integration/network-policies.md,…
- !4471: chore(deps): update registry1.dso.mil/ironbank/big-bang/utilities docker tag to v1.0.3
- !4542: Update docs/developer/testing.md, docs/developer/vendor-distro-integration.md,…
- !4579: Add package architecture for external-secrets
- !4554: Update doc request
Istio Controlplane📜
- !4632: istio update to 1.22.2-bb.0
# Changelog Updates
## [1.22.2-bb.0] - 2024-07-01
### Changed
- ironbank/opensource/istio/install-cni updated from 1.22.1 to 1.22.2
- ironbank/opensource/istio/pilot updated from 1.22.1 to 1.22.2
- ironbank/opensource/istio/proxyv2 updated from 1.22.1 to 1.22.2
- ironbank/tetrate/istio/install-cni updated from 1.22.1 to 1.22.2
- ironbank/tetrate/istio/pilot updated from 1.22.1 to 1.22.2
- ironbank/tetrate/istio/proxyv2 updated from 1.22.1 to 1.22.2
Istio Operator📜
- !4633: istioOperator update to 1.22.2-bb.0
# Changelog Updates
## [1.22.2-bb.0] - 2024-07-01
### Changed
- Updated registry1.dso.mil/ironbank/opensource/istio/operator from 1.22.1 to 1.22.2
- Updated registry1.dso.mil/ironbank/tetrate/istio/operator from 1.22.1-tetratefips-v0 to 1.22.2-tetratefips-v0
Kiali📜
- !4597: kiali update to 1.86.2-bb.0
# Changelog Updates
## [1.86.2-bb.0] - 2024-06-27
### Changed
- Updated Kiali to v1.86.2
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.86.2
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.86.2
Cluster Auditor📜
- !4653: clusterAuditor update to 1.5.0-bb.19
# Changelog Updates
## [1.5.0-bb.19] - 2024-07-03
### Changed
- Removing the shared authorization policies
## [1.5.0-bb.18] - 2024-06-25
### Changed
- Updated DEVELOPMENT_MAINTENANCE.md with instructions for integration testing in pipeline
Kyverno Policies📜
- !4660: kyvernoPolicies update to 3.0.4-bb.33
- !4594: Keycloak remove drop all capabilities kyverno exception
# Changelog Updates
## [3.0.4-bb.33] - 2024-06-17
### Changed
- Fixed error in execption-require-non-root-group.yaml and in the non-root-user.yaml
Elasticsearch Kibana📜
- !4661: Enable Service Account Annotation for elasticsearch
- !4643: elasticsearchKibana update to 1.17.0-bb.1
- !4602: elasticsearchKibana update to 1.17.0-bb.0
# Changelog Updates
## [1.17.0-bb.2] - 2024-07-06
### Added
- Added service account annotations for elasticsearch and kibana
## [1.17.0-bb.1] - 2024-07-02
### Removed
- Removed shared authPolicies set at the Istio level
## [1.17.0-bb.0] - 2024-06-25
### Changed
- Update prometheus-elasticsearch-exporter from 5.7.0 to 5.8.1
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.14.0 to 8.14.1
- ironbank/elastic/kibana/kibana updated from 8.14.0 to 8.14.1
Eck Operator📜
- !4641: eckOperator update to 2.13.0-bb.2
# Changelog Updates
## [2.13.0-bb.2] - 2024-07-02
### Removed
- Removed shared authPolicies set at the Istio level
Fluentbit📜
# Changelog Updates
## [0.46.10-bb.2] - 2024-07-02
### Removed
- Removed shared authPolicies set at the Istio level
## [0.46.10-bb.1] - 2024-06-25
### Added
- Added missing drift changed in chart
Promtail📜
- !4640: promtail update to 6.16.2-bb.1
- !4634: promtail update to 6.16.2-bb.0
- !4600: promtail update to 6.15.5-bb.7
- !4591: fix cluster label section to external_label
# Changelog Updates
## [6.16.2-bb.1] - 2024-07-02
### Removed
- Removed shared authPolicies set at the Istio level
## [6.16.2-bb.0] - 2024-07-02
### Updated
- Update promtail from `v2.9.4` -> `v3.0.0`
- Update configmap-reload from `v0.12.0` -> `v0.13.1`
## [6.15.5-bb.7] - 2024-06-27
### Updated
- Set new default labels according to best practices
## [6.15.5-bb.6] - 2024-06-26
### Added
- Drop unnecessary labels for Loki 3.0 support
- Fixed duplicate exportTo attribute
Loki📜
- !4646: loki update to 6.6.4-bb.1
- !4629: loki update to 6.6.4-bb.0
- !4622: loki update to 6.6.2-bb.7
- !4611: loki update to 6.6.2-bb.6
- !4609: loki update to 6.6.2-bb.5
# Changelog Updates
## [6.6.4-bb.1] - 2024-07-03
### Removed
- Removed shared authPolicies set at the Istio level
## [6.6.4-bb.0] - 2024-07-01
### Updated
- Update `k8s-sidecar` from `1.27.2` -> `1.27.4`
- Update `kubectl` from `v1.29.5` -> `v1.29.6`
- Update `memcached` from `1.6.27` -> `1.6.29`
- Update `nginx` from `1.26.0` -> `1.26.1`
## [6.6.2-bb.7] - 2024-07-01
### Fixed
- Fixed minio pool to use required pool name
## [6.6.2-bb.6] - 2024-06-28
### Fixed
- Cypress intermittent failures fix
## [6.6.2-bb.5] - 2024-06-27
### Fixed
- Removes the `service_name` default label
Monitoring📜
- !4654: monitoring update to 60.4.0-bb.2
- !4610: monitoring update to 60.4.0-bb.1
- !4601: monitoring update to 60.4.0-bb.0
# Changelog Updates
## [60.4.0-bb.2]
### Fixed
- Resolved URL issue between Prometheus and Alertmanager
## [60.4.0-bb.1] - 2024-06-28
### Added
- Added prometheus-snmp-exporter: v0.26.0
- Updated kube-state-metrics: 5.20.0 -> 5.20.1
## [60.4.0-bb.0] - 2024-06-26
### Updated
- Updated kubectl: v1.29.5 -> v1.29.6
- Updated prometheus: v2.52.0 -> v2.53.0
Grafana📜
- !4647: grafana update to 8.2.2-bb.1
- !4638: grafana update to 8.2.2-bb.0
- !4631: grafana update to 8.0.0-bb.1
# Changelog Updates
## [8.2.2-bb.1] - 2024-07-02
### Removed
- Removed shared authPolicies set at the Istio level
## [8.2.2-bb.0] - 2024-07-02
### Changed
- Updated `ironbank/big-bang/grafana/grafana-plugins` 11.0.0 -> 11.1.0
- Updated `ironbank/kiwigrid/k8s-sidecar` 1.27.2 -> 1.27.4
- Updated `registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins` 11.0.0 -> 11.1.0
- Updated `registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar` 1.27.2 -> 1.27.4
- Fix readme version log to use chart version instead of app version
## [8.0.0-bb.1] - 2024-07-02
### Changed
- Synchronized with upstream helm chart version 8.0.0
Twistlock📜
# Changelog Updates
## [0.15.0-bb.14] - 2024-07-02
### Changed
- Removed the shared authorization policies
## [0.15.0-bb.13] - 2024-06-19
### Changed
- Fixed resource requests and limits for Defender DaemonSet
- Add DNS SAN script
## [0.15.0-bb.12] - 2024-06-05
### Added
- Added Cypress tests
Argocd📜
# Changelog Updates
## [7.3.2-bb.1] - 2024-07-01
### Changed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc
## [7.3.2-bb.0] - 2024-06-28
### Changed
- Update ironbank/big-bang/argocd v2.11.2 -> v2.11.3
- Update redis 19.5.0-bb.0 -> 19.5.5-bb.0
- Update registry1.dso.mil/ironbank/big-bang/argocd v2.11.2 -> v2.11.3
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.59.0 -> v1.61.0
Minio Operator📜
- !4612: minioOperator update to 5.0.15-bb.1
# Changelog Updates
## [5.0.15-bb.1] - 2024-06-28
### Upgrade
- Upgrade MinIO Tenant CRD to 5.0.15
Minio📜
# Changelog Updates
## [5.0.15-bb.5] - 2024-06-27
### Changed
- Updated mc to `RELEASE.2024-06-24T19-40-33Z`
## [5.0.15-bb.4] - 2024-06-21
### Changed
- Updated mc to `RELEASE.2024-06-12T14-34-03Z`
Gitlab📜
# Changelog Updates
## [8.1.2-bb.0] - 2024-07-12
### Changed
- Update ironbank/gitlab/gitlab/gitlab-webservice 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.1.1 -> 17.1.2
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.1.1 -> 17.1.2
## [8.1.1-bb.1] - 2024-07-01
### Changed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc
Gitlab Runner📜
- !4608: gitlabRunner update to 0.65.0-bb.2
- !4628: gitlabRunner update to 0.65.0-bb.3
- !4588: gitlabRunner update to 0.65.0-bb.1
# Changelog Updates
## [0.65.0-bb.3] - 2024-07-01
### Fixed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc
## [0.65.0-bb.2] - 2024-06-21
### Fixed
- Removed duplicate istio.hardened entry in chart/values.yaml
## [0.65.0-bb.1] - 2024-06-20
### Fixed
- Updated authorizationPolicy to properly reflect matchLabel selector and port for metrics
Nexus📜
- !4656: nexusRepositoryManager update to 69.0.0-bb.1
# Changelog Updates
## [69.0.0-bb.1] - 2024-06-26
### Changed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc
Sonarqube📜
- !4627: sonarqube update to 8.0.5-bb.3
- !4657: sonarqube update to 8.0.6-bb.0
- !4598: sonarqube update to 8.0.5-bb.1
- !4587: sonarqube update to 8.0.5-bb.0
# Changelog Updates
## [8.0.6-bb.0] - 2024-07-03
### Changed
- Update registry1.dso.mil/ironbank/big-bang/sonarqube-9 9.9.5-community -> 9.9.6-community
## [8.0.5-bb.3] - 2024-07-01
### Fixed
- Resolved issue with sso helm template matching up with values.yaml file.
## [8.0.5-bb.2] - 2024-06-27
### Added
- Added SSO ability to pull SAML config and write setting to the SonarQube API.
## [8.0.5-bb.1] - 2024-06-27
### Fixed
- Removed duplicated chart.yaml artifact
## [8.0.5-bb.0] - 2024-06-18
### Changed
- Update gluon 0.4.9 -> 0.5.0
- Update registry1.dso.mil/ironbank/big-bang/sonarqube-9 9.9.4-community -> 9.9.5-community
- Update registry1.dso.mil/ironbank/opensource/postgres/postgresql12 12.18 -> 12.19
Fortify📜
- !4639: fortify update to 1.1.2320154-bb.15
# Changelog Updates
## [1.1.2320154-bb.15] - 2024-06-25
### Changed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc
Anchore Enterprise📜
# Changelog Updates
## [2.4.2-bb.18] - 2024-07-01
### Updated
- Removed the shared AuthorizationPolicies
## [2.4.2-bb.17] - 2024-06-27
### Updated
- Update upstream reference from github.com/anchore/anchore-charts/tree/master/stable/enterprise to github.com/anchore/anchore-charts/tree/main/stable/enterprise
Mattermost📜
- !4665: SKIP UPGRADE mattermost update to 9.9.0-bb.4
# Changelog Updates
## [9.9.0-bb.4] - 2024-07-08
### Changed
- Reverted postgresql 15 to prior v10/v12
## [9.9.0-bb.3] - 2024-06-28
### Changed
- Corrected postgresl pod security context settings for kyverno
## [9.9.0-bb.2] - 2024-06-26
### Changed
- update "postgresql" (https://github.com/bitnami/charts) from "master" (c2ac165a579a8f06dede2b6fede2f4ec2bfea495) to "postgresql/12.12.10" (d278c2b6792e02c5f327e96df4f031cab7bc0819)
- Update postgresql ironbank image to 15.7
- remove postgresql(Username|Password|Database) settings in favor of auth.* settings
Velero📜
# Changelog Updates
## [6.7.0-bb.2] - 2024-06-26
### Changed
- registry1.dso.mil/ironbank/opensource/velero/velero v1.13.2 -> v1.14.0
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.9.2 -> v1.10.0
## [6.7.0-bb.1] - 2024-06-27
### Changed
- Fixed duplicate exportTo attribute in serviceentry.yaml
Keycloak📜
- !4594: Keycloak remove drop all capabilities kyverno exception
- !4590: Keycloak plugin init container drop all capabilities
# Changelog Updates
## [24.0.5-bb.1] - 2024-06-26
### Added
- Changed route weight in VirtualService to be explicit
Holocron📜
# Changelog Updates
## [1.0.10] - 2024-06-14
### Updated
- Updated API and chart version 3.3.0 => 3.3.2
- Updated Dashboard 3.5.3 => 3.5.4
Thanos📜
- !4614: Add support for Thanos compactor
# Changelog Updates
## [15.7.9-bb.2] - 2024-07-01
### Fixed
- Add istio AuthorizationPolicy for compactor component to minio
Known Issues📜
-
- On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the
flowcontrol.apiserver.k8s.io/v1beta2
api version (no longer served as of v1.29).
In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.
$ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io
- On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
- Please take some time to respond to our survey on Kyverno Policies
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.