Skip to content

Release Notes - 2.32.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.29.3 (RKE2).

Upgrade Notices📜

  • BigBang - MR:
  • External Secret Operator has been added to the big bang umbrella
  • Gitlab - MR:
  • This update requires istio native sidecars enabled.
  • Loki - MR:
  • Loki now has the option to expose it’s API via a virtual service. As called out in Loki documentation here, access to this API is NOT secured. If secure access is required, Loki’s API MUST be secured using a reverse proxy of your choosing.
  • Big Bang does NOT enable the API service by default.
  • Customers should be aware of the security implications of setting loki.values.istio.loki.enabled to true.
  • Loki - MR:
  • By default, Loki retains logs FOREVER. To change this retention period, you can set retention_period as demonstrated in the Loki package’s values.yaml.
  • Istio-controlplane - MR:
  • Istio gets updated to 1.22.3. BigBang apps should automatically cycle to get the latest sidecar config and version. Be sure to cycle pods for any community or tenant applications manually.
  • Istio-controlplane - MR:
  • This prefers an upgrade to K8s 1.29 for native sidecars. This gets rid of the istioproxy container and instead builds it into the existing container. This allows jobs to exit gracefully (rather than staying alive forever because istioproxy won’t exit), and allows init containers to run because envoy is built into each of them rather than coming up after init containers would run. This requires .Values.values.pilot.env contains {"ENABLE_NATIVE_SIDECARS": true}, so if you are currently passing values there, make sure to add this to them.
  • You can run this on 1.28 by enabling the SidecarContainers feature gate.
  • When upgrading, force the switch to init containers immediately by restarting all of your istiosupporting pods, e.g.
    for ns in $(kubectl get ns -l app.kubernetes.io/part-of=bigbang,istio-injection=enabled -o custom-columns=":metadata.name"); do
      kubectl rollout restart deployment -n $ns
      kubectl rollout restart statefulset -n $ns
      kubectl rollout restart daemonset -n $ns
    done
    
  • Minio-operator - MR:
  • ‘.secrets’ is deprecated since v5.0.15 and will be removed in next minor release (i.e. v5.1.0).
  • Please use ‘.tenant.configSecret’ instead.
  • Keycloak - MR:
  • This is a major version upgrade from 24.0.5 -> 25.0.1
  • If utilizing the Platform One custom Keycloak Plugin, you must update to the registry1.dso.mil/ironbank/bigbang/p1keycloakplugin:3.5.0 image in addons.keycloak.values.extraInitContainers.
  • Many Keycloak configuration environment variables are now conditionally defined directly in chart/templates/statefulset.yaml. If you were previously passing these via addons.keycloak.values.extraEnv you will need to switch to the updated values (if the defaults are not acceptable) to avoid duplicate environment variables and related helm upgrade failures.
  • Changes include:

    Config option New values path Default
    KC_HTTP_RELATIVE_PATH .Values.http.relativePath /auth
    KC_CACHE .Values.cache.stack ispn
    KC_CACHE_STACK .Values.cache.stack kubernetes
    KC_PROXY_HEADERS .Values.proxy.mode forwarded
    KC_HTTP_ENABLED .Values.proxy.http.enabled true
  • KC_PROXY config option is deprecated and should no longer be passed. See release notes for more information.

  • KC_HOSTNAME_STRICT_HTTPS config option has been removed. See upgrade guide for more information.
  • BigBang - MR:
  • This sets a metrics retention limit at 30 days in your s3 storage. This may be too short or too long dependent on your specific use cases. This retention policy can be overwritten by using the following values in your values.yaml file:
    compactor:
      retentionResolutionRaw: 30d
      retentionResolution5m: 30d
      retentionResolution1h: 10y
    

Upgrades from previous releases📜

If coming from a version pre-2.31.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.31.0.

Packages📜

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.22.3 Tetrate Istio Distro 1.22.3 1.22.3-bb.1 🔗
Updated Istio Operator Core Istio Operator 1.22.3 Tetrate Istio Distro Operator 1.22.3 1.22.3-bb.0 🔗
Updated Jaeger Core 1.57.0 2.54.0-bb.2 🔗
Updated Kiali Core 1.87.0 1.87.0-bb.0 🔗
Cluster Auditor Core 0.0.7 1.5.0-bb.19
Gatekeeper Core 3.16.3 3.16.3-bb.0
Updated Kyverno Core 1.12.4 3.2.5-bb.3 🔗
Updated Kyverno Policies Core 3.0.4 3.0.4-bb.34 🔗
Updated Kyverno Reporter Core 2.19.0 2.24.0-bb.0 🔗
Updated Elasticsearch Kibana Core Kibana 8.14.1 Elasticsearch 8.14.1 1.17.0-bb.3 🔗
Eck Operator Core 2.13.0 2.13.0-bb.2
Updated Fluentbit Core 3.1.3 0.47.3-bb.0 🔗
Promtail Core 3.0.0 6.16.2-bb.1
Updated Loki Core 3.1.0 6.7.1-bb.0 🔗
Updated Neuvector Core 5.3.3 2.7.7-bb.2 🔗
Updated Tempo Core Tempo 2.5.0 Tempo Query 2.5.0 1.9.0-bb.2 🔗
Updated Monitoring Core Prometheus 2.53.0 Grafana 11.1.0 Alertmanager 0.27.0 61.2.0-bb.2 🔗
Updated Grafana Core 11.1.0 8.3.4-bb.0 🔗
Updated Twistlock Core 32.01.128 0.15.0-bb.16 🔗
Updated Wrapper Core N / A 0.4.10 🔗
Updated Argocd Addon 2.11.4 7.3.4-bb.0 🔗
Updated Authservice Addon 1.0.1 1.0.1-bb.4 🔗
Updated Minio Operator Addon 5.0.16 5.0.16-bb.1 🔗
Updated Minio Addon RELEASE.2024-06-04T19-20-08Z 5.0.16-bb.0 🔗
Updated Gitlab Addon 17.1.2 8.1.2-bb.3 🔗
Updated Gitlab Runner Addon 17.1.0 0.66.0-bb.0 🔗
Updated Nexus Addon 3.69.0-02 69.0.0-bb.2 🔗
Updated Sonarqube Addon 9.9.6-community 8.0.6-bb.2 🔗
Fortify Addon 24.2.0.0186 1.1.2320154-bb.15
Updated Haproxy Addon 2.2.33 1.19.3-bb.7 🔗
Updated Anchore Enterprise Addon 5.7.0 2.7.0-bb.6 🔗
Updated Mattermost Operator Addon 1.22.0 1.22.0-bb.0 🔗
Updated Mattermost Addon 9.10.0 9.10.0-bb.0 🔗
Updated Velero Addon 1.14.0 6.7.0-bb.4 🔗
Updated Keycloak Addon 25.0.2 2.4.3-bb.2 🔗
Updated Vault Addon 1.14.10 0.25.0-bb.38 🔗
Updated Metrics Server Addon 0.7.1 3.12.1-bb.3 🔗
Updated Harbor Addon 2.11.0 1.15.0-bb.0 🔗
Updated Holocron Addon 3.3.2 1.0.11 🔗
Updated Thanos Addon 0.35.1 15.7.9-bb.4 🔗
New External Secrets BETA Addon 0.9.18 0.9.18-bb.7

Changes in 2.32.0📜

Big Bang MRs📜

  • !4483: Resolve “Add ESO Charts to BB main repo”
  • !4755: Kyverno policies case inconsistency cleanup
  • !4696: Update kyverno policies enable

Istio Controlplane📜

  • !4769: istio update to 1.22.3-bb.1
  • !4757: istio update to 1.22.3-bb.0
  • !4691: istio update to 1.22.2-bb.2
  • !4681: istio update to 1.22.2-bb.1
# Changelog Updates

## [1.22.3-bb.1] - 2024-07-22
### Changed
- Populated `spec.components.pilot.k8s.overlays`, `spec.components.ingressGateways.k8s.overlays` and `spec.components.egressGateways.k8s.overlays` in `chart/templates/controlplane.yaml` to set `version` label for istiod and gateways

## [1.22.3-bb.0] - 2024-07-18
### Changed
- ironbank/opensource/istio/install-cni updated from 1.22.2 to 1.22.3
- ironbank/opensource/istio/pilot updated from 1.22.2 to 1.22.3
- ironbank/opensource/istio/proxyv2 updated from 1.22.2 to 1.22.3
- ironbank/tetrate/istio/install-cni updated from 1.22.2 to 1.22.3
- ironbank/tetrate/istio/pilot updated from 1.22.2 to 1.22.3
- ironbank/tetrate/istio/proxyv2 updated from 1.22.2 to 1.22.3

## [1.22.2-bb.2] - 2024-07-10
### Added
- Added native sidecar support

## [1.22.2-bb.1] - 2024-07-09
### Changed
- Standardized authorization policy template directory path

Istio Operator📜

  • !4756: istioOperator update to 1.22.3-bb.0
# Changelog Updates

## [1.22.3-bb.0] - 2024-07-18
### Changed
- Updated registry1.dso.mil/ironbank/opensource/istio/operator from 1.22.2 to 1.22.3
- Updated registry1.dso.mil/ironbank/tetrate/istio/operator from 1.22.2-tetratefips-v0 to 1.22.3-tetratefips-v0

Jaeger📜

  • !4675: jaeger update to 2.54.0-bb.2
# Changelog Updates

## [2.54.0-bb.2] - 2024-07-03
### Removed
- Removed shared authPolicies set at the Istio level

Kiali📜

  • !4708: kiali update to 1.87.0-bb.0
# Changelog Updates

## [1.87.0-bb.0] - 2024-07-11
### Changed
- Updated Kiali to v1.87.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.87.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.87.0

Kyverno📜

  • !4753: kyverno update to 3.2.5-bb.3
  • !4750: kyverno update to 3.2.5-bb.2
# Changelog Updates

## [3.2.5-bb.3] - 2024-07-18
### Changed
- Updated `kubectl` from `1.29.4` to `1.29.6`
- Updated `kyverno`, `background-controller`, `cleanup-controller`, `reports-controller`, `kyvernopre`  from `v1.12.3` to `v1.12.4`
- Added reference to `kyvernocli` with version `v1.12.4`
- Updated DEVELOPMENT_MAINTENANCE.md to accurately reflect list of files with `automountServiceAccountToken` changes.

## [3.2.5-bb.2] - 2024-07-18
### Removed
- Removed duplicate dashboard.json in `chart/charts/grafana/`

Kyverno Policies📜

  • !4735: kyvernoPolicies update to 3.0.4-bb.34
# Changelog Updates

## [3.0.4-bb.34] - 2024-07-16
### Changed
- Added metadata annotation to disallow-istio-injection-bypass policy

Kyverno Reporter📜

  • !4689: kyvernoReporter update to 2.24.0-bb.0
# Changelog Updates

## [2.24.0-bb.0] - 2024-07-02
### Changed
- Updated image from `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.19.0` to `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.20.0`
- Updated upstream chart reference from `2.23.1` to `2.24.0`

Elasticsearch Kibana📜

  • !4684: elasticsearchKibana update to 1.17.0-bb.3
# Changelog Updates

## [1.17.0-bb.3] - 2024-07-08
### Changed
- Fix the kibana-default peerAuthentication matchLabels selector

Fluentbit📜

  • !4810: Remove extra labels for fluentbit log shipping
  • !4770: fluentbit update to 0.47.3-bb.0
  • !4743: fluentbit update to 0.47.2-bb.0
  • !4703: fluentbit update to 0.47.1-bb.0
# Changelog Updates

## [0.47.3-bb.0] - 2024-07-16
### Changed
- Updated fluent-bit: 3.1.2 -> 3.1.3

## [0.47.1-bb.0] - 2024-06-10
### Changed
- Updated fluent-bit: 3.0.6 -> 3.1.1

## [0.47.2-bb.0] - 2024-07-16
### Changed
- Updated fluent-bit: 3.1.1 -> 3.1.2

Loki📜

  • !4759: loki update to 6.7.1-bb.0
  • !4748: loki update to 6.6.4-bb.6
  • !4745: loki update to 6.6.4-bb.5
  • !4734: loki update to 6.6.4-bb.4
  • !4720: loki update to 6.6.4-bb.3
  • !4695: loki update to 6.6.4-bb.2
# Changelog Updates

## [6.7.1-bb.0] - 2024-07-19
### Updated
- Updated loki-canary from v3.0.0 -> v3.1.0
- Updated loki from v3.0.0 -> v3.1.0
- Updated minio-instance from 5.0.15-bb.0 -> 5.0.16-bb.0
- Updated k8s-sidecar from 1.27.4 -> 1.27.5
- Updated kubectl from v1.29.6 -> v1.29.7

## [6.6.4-bb.6] - 2024-07-17
### Fixed
- Disable Loki VirtualService by default.

## [6.6.4-bb.5] - 2024-07-17
### Added
- Add support for the deletion of log entries from a specified stream and set retention to forever.

## [6.6.4-bb.4] - 2024-07-16
### Fixed
- Fixed Loki VirtualService for `scalable` and `monolith` deployments

## [6.6.4-bb.3] - 2024-07-15
### Changed
- Consolidated redundant simple/scalable loki peerauth

## [6.6.4-bb.2] - 2024-07-11
### Fixed
- Update retention grafana dashbaord

Neuvector📜

  • !4737: neuvector update to 2.7.7-bb.2
  • !4676: neuvector update to 2.7.7-bb.1
# Changelog Updates

## [2.7.7-bb.2] - 2024-07-13
### Changed
- Removed redundant entries in package test-values.yaml already in package values.yaml
- Updated cypress resources to standard 2 cpu and 4 Gi memory

## [2.7.7-bb.1] - 2024-07-02
### Changed
- Rename and remove istio authorization policies

Tempo📜

  • !4670: tempo update to 1.9.0-bb.2
# Changelog Updates

## [1.9.0-bb.2] - 2024-07-03
### Updated
- Set new default labels according to best practices

Monitoring📜

  • !4829: monitoring update to 61.2.0-bb.2
  • !4827: monitoring update to 61.2.0-bb.1
  • !4710: monitoring update to 61.2.0-bb.0
  • !4704: monitoring update to 60.4.0-bb.5
  • !4674: monitoring update to 60.4.0-bb.4
# Changelog Updates

## [61.2.0-bb.1] - 2024-07-29
### Updated
- Auth policy to allow prometheus to scrape when sso is enabled, but hardening is not.
- Adding a label selector to the shared auth policies to allow prometheus to scrape when sso is enabled, but hardening is not.

## [61.2.0-bb.0] - 2024-07-15
### Updated
- Updated Grafana: 11.0.0 -> 11.1.0
- Updated grafana-plugins: 11.0.0 -> 11.1.0
- Updated prometheus-config-reloader: v0.74.0 -> v0.75.0
- Updated prometheus-operator: v0.74.0 -> v0.75.0
- Updated kube-state-metrics chart: 5.20.1 -> 5.21.0
- Updated prometheus-node-exporter chart: 4.36.0 -> 4.37.0
- Updated grafana chart: 8.0.2 -> 8.3.2
- Updated prometheus-snmp-exporter chart: 5.4.0 -> 5.5.0

### Fixed
- Restored missing authPolicy required for Grafana<->Prometheus communication with SSO enabled.

## [60.4.0-bb.5] - 2024-07-11
### Removed
- Removed AlertManager peerAuthentication policy and enabled TLS connection to AlertManager

## [60.4.0-bb.4] - 2024-07-09
### Added
- Added kiali authPolicy to allow graph building

Grafana📜

  • !4724: grafana update to 8.3.4-bb.0
# Changelog Updates

## [8.3.4-bb.0] - 2024-07-15
### Changed
- ironbank/kiwigrid/k8s-sidecar updated from 1.27.4 to 1.27.5

Twistlock📜

  • !4762: twistlock update to 0.15.0-bb.16
  • !4721: twistlock update to 0.15.0-bb.15
# Changelog Updates

## [0.15.0-bb.16] - 2024-07-19
### Changed
- Reduced Twistlock Defender Daemonsets resource request and limit to 2 CPU/2Gi RAM

## [0.15.0-bb.15] - 2024-07-12
### Changed
- Removed redundant entries in package test-values.yaml already in package values.yaml

Wrapper📜

  • !4687: wrapper update to 0.4.10
# Changelog Updates

## [0.4.10] - 2024-07-09
### Changed
- Changed the default istio hardening state to istio's default

Argocd📜

  • !4685: argocd update to 7.3.4-bb.0
# Changelog Updates

## [7.3.4-bb.0] - 2024-07-05
### Changed
- Update ironbank/big-bang/argocd v2.11.3 -> v2.11.4
- 

Authservice📜

  • !4818: fixing the digs
  • !4817: fix clusterWideHardened enabled logic
  • !4813: authservice update to 1.0.1-bb.4
  • !4733: authservice update to 1.0.1-bb.3
# Changelog Updates

## [1.0.1-bb.4] - 2024-07-26
### Added
- Fix the issue with sso and kiali when not using hardening
- Made the jwt-authz policy ACTION explicit

## [1.0.1-bb.3] - 2024-07-16
### Added
- Added `bigbang.labels` helper function to authservice under `templates/bigbang`
- Added call to `bigbang.labels` function in pod template section of `chart/templates/deployment.yaml`
- Added `redis-bb.master.podLabels` and `redis-bb.replica.podLabels` entries for `app` and `version` in `chart/values.yaml`

Minio Operator📜

  • !4722: minioOperator update to 5.0.16-bb.1
  • !4715: minioOperator update to 5.0.16-bb.0
# Changelog Updates

## [5.0.16-bb.1] - 2024-07-16
### Changed
- Removed shared Authorization Policies

## [5.0.16-bb.0] - 2024-07-09
### Upgrade
- Upgrade MinIO Tenant CRD to 5.0.16

Minio📜

  • !4714: minio update to 5.0.16-bb.0
  • !4699: minio update to 5.0.15-bb.7
  • !4698: minio update to 5.0.15-bb.6
# Changelog Updates

## [5.0.16-bb.0] - 2024-06-27
### Changed
- Updated mc to `RELEASE.2024-07-03T20-17-25Z`
- Updated chart to v5.0.16

## [5.0.15-bb.7] - 2024-07-12
### Changed
- Removed shared authpolicies implemented directly in istio

## [5.0.15-bb.6] - 2024-07-11
### Changed
- Remove redundant entries in package test-values.yaml already in package values.yaml
- Update cypress resources to standard 2 cpu and 4 Gi memory

Gitlab📜

  • !4768: gitlab update to 8.1.2-bb.3
  • !4752: gitlab update to 8.1.2-bb.1
# Changelog Updates

## [8.1.2-bb.3] - 2024-07-19
### Changed
- Switched the istio injection back on

## [8.1.2-bb.2] - 2024-07-18
### Added
- Added information about testing on bigbang for certain integration changes

## [8.1.2-bb.1] - 2024-07-15
### Changed
- Change registry image in test to pull from registry1

Gitlab Runner📜

# Changelog Updates

## [0.66.0-bb.0] - 2024-07-17
## [Changed]
* Upgrade gitlab runner from 17.0.0 to 17.1.0:

Nexus📜

  • !4709: nexusRepositoryManager update to 69.0.0-bb.2
# Changelog Updates

## [69.0.0-bb.2] - 2024-07-11
### Changed
- Refactor script tests to use IB secured base alpine linux image and devops-tester image

Sonarqube📜

  • !4729: sonarqube update to 8.0.6-bb.2
  • !4668: sonarqube update to 8.0.6-bb.1
# Changelog Updates

## [8.0.6-bb.2] - 2024-07-16
### Changed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc

## [8.0.6-bb.1] - 2024-07-09
### Changed
- Added in waits between cypress test calls to avoid having cypress tests lock out and fail with failed response hanging

Haproxy📜

  • !4746: haproxy update to 1.19.3-bb.7
# Changelog Updates

## [1.19.3-bb.7] - 2024-07-17
### Added
- Added `bigbang.labels` helper function to postgresql subchart under `templates/bigbang`
- Added call to `bigbang.labels` helper function in `chart/templates/deployment.yaml` and `chart/templates/daemonset.yaml` under `spec.template.metadata.labels`

Anchore Enterprise📜

  • !4812: anchore update to 2.7.0-bb.6
  • !4808: anchore update to 2.7.0-bb.5
  • !4764: anchore update to 2.7.0-bb.2
  • !4738: anchore update to 2.7.0-bb.1
# Changelog Updates

## [2.7.0-bb.6] - 2024-07-26
### Changed
- Fixed feeds subchart secret.yaml reference

## [2.7.0-bb.5] - 2024-07-25
### Added
- Added `egress-postgres.yaml` to allow for external Postgres DB

## [2.7.0-bb.4] - 2024-07-23
### Changed
- Updated Anchore Feeds chart to `2.7.0`

## [2.7.0-bb.3] - 2024-07-23
### Changed
- Fixed Mismatch between analyzer Service selector and Pod Labels

## [2.7.0-bb.2] - 2024-07-19
### Changed
- Updated Anchore Enterprise tag to `5.7.0`
- Updated Anchore Enterprise UI tag to `5.7.0`
- Updated Postgresql to `16.2`
- Updated kubectl to 1.29.7

## [2.7.0-bb.1] - 2024-07-17
### Changed
- Removed rbacAuth from serviceMonitor template

Mattermost Operator📜

  • !4744: mattermostOperator update to 1.22.0-bb.0
  • !4697: mattermostOperator update to 1.21.0-bb.2
# Changelog Updates

## [1.22.0-bb.0] - 2024-07-13
### Changed
- ironbank/opensource/mattermost/mattermost-operator updated from 1.21.0 to 1.22.0

## [1.21.0-bb.2] - 2024-06-25
### Changed
- Removed shared istio auth policies

Mattermost📜

  • !4774: mattermost update to 9.10.0-bb.0
  • !4700: mattermost update to 9.9.1-bb.1
  • !4679: mattermost update to 9.9.1-bb.0
# Changelog Updates

## [9.10.0-bb.0] - 2024-07-18
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.9.1 to 9.10.0

## [9.9.1-bb.1] - 2024-07-12
### Changed
- Removing shared auth policies

## [9.9.1-bb.0] - 2024-07-09
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.9.0 to 9.9.1

Velero📜

  • !4723: velero update to 6.7.0-bb.4
  • !4718: velero update to 6.7.0-bb.3
# Changelog Updates

## [6.7.0-bb.4] - 2024-07-16
### Changed
- Removed shared auth policies

## [6.7.0-bb.3] - 2024-07-10
### Changed
- Added bigbang test integration within DEVELOPMENT_MAINTENANCE.md

Keycloak📜

  • !4772: keycloak update to 2.4.3-bb.2
  • !4736: keycloak update to 2.4.3-bb.1
  • !4692: keycloak update to 2.4.3-bb.0
# Changelog Updates

## [2.4.3-bb.2] - 2024-07-19
### Added
- Update ironbank/opensource/keycloak/keycloak 25.0.1 -> 25.0.2
- Update registry1.dso.mil/ironbank/opensource/keycloak/keycloak 25.0.1 -> 25.0.2

## [2.4.3-bb.1] - 2024-07-16
### Added
- Added `bigbang.labels` helper function to postgresql subchart under `templates/bigbang`
- Added call to `bigbang.labels` function in pod template section of `chart/deps/postgresql/templates/statefulset.yaml` and `chart/deps/postgresql/templates/statefulset-readreplicas.yaml`
- Added `podLabels` entries for `app` and `version` in `chart/values.yaml`
- Updated `docs/DEVELOPMENT_MAINTENANCE.md` [Modifications made to upstream chart](https://repo1.dso.mil/big-bang/product/packages/keycloak/-/blob/main/docs/DEVELOPMENT_MAINTENANCE.md#modifications-made-to-upstream-chart) section to reflect aforementioned changes

## [2.4.3-bb.0] - 2024-07-11
### Updated
- Update Keycloak 24.0.5 -> 25.0.1
- Update Postgresql 12.18 -> 12.19
- Update to `keycloakx` chart and add Kptfile to track
- Update cypress test for new verbiage
- Update cypress keycloak user hook job conditional
- Update `KC_PROXY` to new `KC_PROXY_HEADERS`
- Update development themes to reference correct `keycloak.v2` parent
- Explicitly specify `platform: linux/amd64` in `docker-compose.yaml`
- Remove `KC_HOSTNAME_STRICT_HTTPS` env from docs as it is no longer valid

Vault📜

  • !4739: vault update to 0.25.0-bb.38
  • !4719: vault update to 0.25.0-bb.37
  • !4713: vault update to 0.25.0-bb.36
# Changelog Updates

## [0.25.0-bb.38] - 2024-07-16
### Changed
- Removed duplicate entries in test-values.yaml compared with values.yaml

## [0.25.0-bb.37] - 2024-06-25
### Changed
- Removed shared istio auth policies
- Removed shared istio auth policies

## [0.25.0-bb.36] - 2024-07-10
### Changed
- Added documentation related to performing integration tests of sections of code and settings that have potential integration impacts

Metrics Server📜

  • !4671: metricsServer update to 3.12.1-bb.3
# Changelog Updates

## [3.12.1-bb.3] - 2024-07-03
### Removed
- Removed shared authPolicies set at the Istio level

Harbor📜

  • !4688: harbor update to 1.15.0-bb.0
# Changelog Updates

## [1.15.0-bb.0] - 2024-07-10
### Changed
- Updated goharbor/redis-photon minor v2.10.2 -> v2.11.0
- Updated redis (source) minor 19.3.2-bb.0 -> 19.5.5-bb.0
- Updated registry1.dso.mil/bigbang-ci/devops-tester (source) minor 1.0.0 -> 1.1.1
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-core (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-core (source) minor 2.10.2 -> 2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/registry (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/nginx/nginx (source) patch 1.26.0 -> 1.26.1
- Add Authorization Policies for core, exporter, and jobservice

Holocron📜

  • !4686: holocron update to 1.0.11
# Changelog Updates

## [1.0.11] - 2024-07-04
### Updated
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc

Thanos📜

  • !4705: Thanos default retention
  • !4678: thanos update to 15.7.9-bb.3
# Changelog Updates

## [15.7.9-bb.4] - 2024-07-05
### Removed
- Removed shared authPolicies set at the Istio level

## [15.7.9-bb.3] - 2024-07-01
### Fixed
- Remove references to deprecated common service account in values.yaml and README

Known Issues📜

  • Kiali - ISSUE

    • On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the flowcontrol.apiserver.k8s.io/v1beta2 api version (no longer served as of v1.29).

    In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.

    $ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io
    

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.