Release Notes - 2.32.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.29.3 (RKE2).
Upgrade Notices📜
- BigBang - MR:
- External Secret Operator has been added to the big bang umbrella
- Gitlab - MR:
- This update requires istio native sidecars enabled.
- Loki - MR:
- Loki now has the option to expose it’s API via a virtual service. As called out in Loki documentation here, access to this API is NOT secured. If secure access is required, Loki’s API MUST be secured using a reverse proxy of your choosing.
- Big Bang does NOT enable the API service by default.
- Customers should be aware of the security implications of setting
loki.values.istio.loki.enabled
to true. - Loki - MR:
- By default, Loki retains logs FOREVER. To change this retention period, you can set
retention_period
as demonstrated in the Loki package’svalues.yaml
. - Istio-controlplane - MR:
- Istio gets updated to
1.22.3
. BigBang apps should automatically cycle to get the latest sidecar config and version. Be sure to cycle pods for any community or tenant applications manually. - Istio-controlplane - MR:
- This prefers an upgrade to K8s 1.29 for native sidecars. This gets rid of the istioproxy container and instead builds it into the existing container. This allows jobs to exit gracefully (rather than staying alive forever because istioproxy won’t exit), and allows init containers to run because envoy is built into each of them rather than coming up after init containers would run. This requires
.Values.values.pilot.env
contains{"ENABLE_NATIVE_SIDECARS": true}
, so if you are currently passing values there, make sure to add this to them. - You can run this on 1.28 by enabling the SidecarContainers feature gate.
- When upgrading, force the switch to init containers immediately by restarting all of your istiosupporting pods, e.g.
for ns in $(kubectl get ns -l app.kubernetes.io/part-of=bigbang,istio-injection=enabled -o custom-columns=":metadata.name"); do kubectl rollout restart deployment -n $ns kubectl rollout restart statefulset -n $ns kubectl rollout restart daemonset -n $ns done
- Minio-operator - MR:
- ‘.secrets’ is deprecated since v5.0.15 and will be removed in next minor release (i.e. v5.1.0).
- Please use ‘.tenant.configSecret’ instead.
- Keycloak - MR:
- This is a major version upgrade from 24.0.5 -> 25.0.1
- If utilizing the Platform One custom Keycloak Plugin, you must update to the
registry1.dso.mil/ironbank/bigbang/p1keycloakplugin:3.5.0
image inaddons.keycloak.values.extraInitContainers
. - Many Keycloak configuration environment variables are now conditionally defined directly in
chart/templates/statefulset.yaml
. If you were previously passing these viaaddons.keycloak.values.extraEnv
you will need to switch to the updated values (if the defaults are not acceptable) to avoid duplicate environment variables and related helm upgrade failures. -
Changes include:
Config option New values path Default KC_HTTP_RELATIVE_PATH .Values.http.relativePath /auth KC_CACHE .Values.cache.stack ispn KC_CACHE_STACK .Values.cache.stack kubernetes KC_PROXY_HEADERS .Values.proxy.mode forwarded KC_HTTP_ENABLED .Values.proxy.http.enabled true -
KC_PROXY
config option is deprecated and should no longer be passed. See release notes for more information. KC_HOSTNAME_STRICT_HTTPS
config option has been removed. See upgrade guide for more information.- BigBang - MR:
- This sets a metrics retention limit at 30 days in your s3 storage. This may be too short or too long dependent on your specific use cases. This retention policy can be overwritten by using the following values in your
values.yaml
file:compactor: retentionResolutionRaw: 30d retentionResolution5m: 30d retentionResolution1h: 10y
Upgrades from previous releases📜
If coming from a version pre-2.31.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.31.0
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.22.3 Tetrate Istio Distro 1.22.3 |
1.22.3-bb.1 🔗 |
Istio Operator | Core | Istio Operator 1.22.3 Tetrate Istio Distro Operator 1.22.3 |
1.22.3-bb.0 🔗 |
Jaeger | Core | 1.57.0 |
2.54.0-bb.2 🔗 |
Kiali | Core | 1.87.0 |
1.87.0-bb.0 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.19 |
Gatekeeper | Core | 3.16.3 |
3.16.3-bb.0 |
Kyverno | Core | 1.12.4 |
3.2.5-bb.3 🔗 |
Kyverno Policies | Core | 3.0.4 |
3.0.4-bb.34 🔗 |
Kyverno Reporter | Core | 2.19.0 |
2.24.0-bb.0 🔗 |
Elasticsearch Kibana | Core | Kibana 8.14.1 Elasticsearch 8.14.1 |
1.17.0-bb.3 🔗 |
Eck Operator | Core | 2.13.0 |
2.13.0-bb.2 |
Fluentbit | Core | 3.1.3 |
0.47.3-bb.0 🔗 |
Promtail | Core | 3.0.0 |
6.16.2-bb.1 |
Loki | Core | 3.1.0 |
6.7.1-bb.0 🔗 |
Neuvector | Core | 5.3.3 |
2.7.7-bb.2 🔗 |
Tempo | Core | Tempo 2.5.0 Tempo Query 2.5.0 |
1.9.0-bb.2 🔗 |
Monitoring | Core | Prometheus 2.53.0 Grafana 11.1.0 Alertmanager 0.27.0 |
61.2.0-bb.2 🔗 |
Grafana | Core | 11.1.0 |
8.3.4-bb.0 🔗 |
Twistlock | Core | 32.01.128 |
0.15.0-bb.16 🔗 |
Wrapper | Core | N / A | 0.4.10 🔗 |
Argocd | Addon | 2.11.4 |
7.3.4-bb.0 🔗 |
Authservice | Addon | 1.0.1 |
1.0.1-bb.4 🔗 |
Minio Operator | Addon | 5.0.16 |
5.0.16-bb.1 🔗 |
Minio | Addon | RELEASE.2024-06-04T19-20-08Z |
5.0.16-bb.0 🔗 |
Gitlab | Addon | 17.1.2 |
8.1.2-bb.3 🔗 |
Gitlab Runner | Addon | 17.1.0 |
0.66.0-bb.0 🔗 |
Nexus | Addon | 3.69.0-02 |
69.0.0-bb.2 🔗 |
Sonarqube | Addon | 9.9.6-community |
8.0.6-bb.2 🔗 |
Fortify | Addon | 24.2.0.0186 |
1.1.2320154-bb.15 |
Haproxy | Addon | 2.2.33 |
1.19.3-bb.7 🔗 |
Anchore Enterprise | Addon | 5.7.0 |
2.7.0-bb.6 🔗 |
Mattermost Operator | Addon | 1.22.0 |
1.22.0-bb.0 🔗 |
Mattermost | Addon | 9.10.0 |
9.10.0-bb.0 🔗 |
Velero | Addon | 1.14.0 |
6.7.0-bb.4 🔗 |
Keycloak | Addon | 25.0.2 |
2.4.3-bb.2 🔗 |
Vault | Addon | 1.14.10 |
0.25.0-bb.38 🔗 |
Metrics Server | Addon | 0.7.1 |
3.12.1-bb.3 🔗 |
Harbor | Addon | 2.11.0 |
1.15.0-bb.0 🔗 |
Holocron | Addon | 3.3.2 |
1.0.11 🔗 |
Thanos | Addon | 0.35.1 |
15.7.9-bb.4 🔗 |
External Secrets | Addon | 0.9.18 |
0.9.18-bb.7 |
Changes in 2.32.0📜
Big Bang MRs📜
- !4483: Resolve “Add ESO Charts to BB main repo”
- !4755: Kyverno policies case inconsistency cleanup
- !4696: Update kyverno policies enable
Istio Controlplane📜
- !4769: istio update to 1.22.3-bb.1
- !4757: istio update to 1.22.3-bb.0
- !4691: istio update to 1.22.2-bb.2
- !4681: istio update to 1.22.2-bb.1
# Changelog Updates
## [1.22.3-bb.1] - 2024-07-22
### Changed
- Populated `spec.components.pilot.k8s.overlays`, `spec.components.ingressGateways.k8s.overlays` and `spec.components.egressGateways.k8s.overlays` in `chart/templates/controlplane.yaml` to set `version` label for istiod and gateways
## [1.22.3-bb.0] - 2024-07-18
### Changed
- ironbank/opensource/istio/install-cni updated from 1.22.2 to 1.22.3
- ironbank/opensource/istio/pilot updated from 1.22.2 to 1.22.3
- ironbank/opensource/istio/proxyv2 updated from 1.22.2 to 1.22.3
- ironbank/tetrate/istio/install-cni updated from 1.22.2 to 1.22.3
- ironbank/tetrate/istio/pilot updated from 1.22.2 to 1.22.3
- ironbank/tetrate/istio/proxyv2 updated from 1.22.2 to 1.22.3
## [1.22.2-bb.2] - 2024-07-10
### Added
- Added native sidecar support
## [1.22.2-bb.1] - 2024-07-09
### Changed
- Standardized authorization policy template directory path
Istio Operator📜
- !4756: istioOperator update to 1.22.3-bb.0
# Changelog Updates
## [1.22.3-bb.0] - 2024-07-18
### Changed
- Updated registry1.dso.mil/ironbank/opensource/istio/operator from 1.22.2 to 1.22.3
- Updated registry1.dso.mil/ironbank/tetrate/istio/operator from 1.22.2-tetratefips-v0 to 1.22.3-tetratefips-v0
Jaeger📜
- !4675: jaeger update to 2.54.0-bb.2
# Changelog Updates
## [2.54.0-bb.2] - 2024-07-03
### Removed
- Removed shared authPolicies set at the Istio level
Kiali📜
- !4708: kiali update to 1.87.0-bb.0
# Changelog Updates
## [1.87.0-bb.0] - 2024-07-11
### Changed
- Updated Kiali to v1.87.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.87.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.87.0
Kyverno📜
# Changelog Updates
## [3.2.5-bb.3] - 2024-07-18
### Changed
- Updated `kubectl` from `1.29.4` to `1.29.6`
- Updated `kyverno`, `background-controller`, `cleanup-controller`, `reports-controller`, `kyvernopre` from `v1.12.3` to `v1.12.4`
- Added reference to `kyvernocli` with version `v1.12.4`
- Updated DEVELOPMENT_MAINTENANCE.md to accurately reflect list of files with `automountServiceAccountToken` changes.
## [3.2.5-bb.2] - 2024-07-18
### Removed
- Removed duplicate dashboard.json in `chart/charts/grafana/`
Kyverno Policies📜
- !4735: kyvernoPolicies update to 3.0.4-bb.34
# Changelog Updates
## [3.0.4-bb.34] - 2024-07-16
### Changed
- Added metadata annotation to disallow-istio-injection-bypass policy
Kyverno Reporter📜
- !4689: kyvernoReporter update to 2.24.0-bb.0
# Changelog Updates
## [2.24.0-bb.0] - 2024-07-02
### Changed
- Updated image from `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.19.0` to `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.20.0`
- Updated upstream chart reference from `2.23.1` to `2.24.0`
Elasticsearch Kibana📜
- !4684: elasticsearchKibana update to 1.17.0-bb.3
# Changelog Updates
## [1.17.0-bb.3] - 2024-07-08
### Changed
- Fix the kibana-default peerAuthentication matchLabels selector
Fluentbit📜
- !4810: Remove extra labels for fluentbit log shipping
- !4770: fluentbit update to 0.47.3-bb.0
- !4743: fluentbit update to 0.47.2-bb.0
- !4703: fluentbit update to 0.47.1-bb.0
# Changelog Updates
## [0.47.3-bb.0] - 2024-07-16
### Changed
- Updated fluent-bit: 3.1.2 -> 3.1.3
## [0.47.1-bb.0] - 2024-06-10
### Changed
- Updated fluent-bit: 3.0.6 -> 3.1.1
## [0.47.2-bb.0] - 2024-07-16
### Changed
- Updated fluent-bit: 3.1.1 -> 3.1.2
Loki📜
- !4759: loki update to 6.7.1-bb.0
- !4748: loki update to 6.6.4-bb.6
- !4745: loki update to 6.6.4-bb.5
- !4734: loki update to 6.6.4-bb.4
- !4720: loki update to 6.6.4-bb.3
- !4695: loki update to 6.6.4-bb.2
# Changelog Updates
## [6.7.1-bb.0] - 2024-07-19
### Updated
- Updated loki-canary from v3.0.0 -> v3.1.0
- Updated loki from v3.0.0 -> v3.1.0
- Updated minio-instance from 5.0.15-bb.0 -> 5.0.16-bb.0
- Updated k8s-sidecar from 1.27.4 -> 1.27.5
- Updated kubectl from v1.29.6 -> v1.29.7
## [6.6.4-bb.6] - 2024-07-17
### Fixed
- Disable Loki VirtualService by default.
## [6.6.4-bb.5] - 2024-07-17
### Added
- Add support for the deletion of log entries from a specified stream and set retention to forever.
## [6.6.4-bb.4] - 2024-07-16
### Fixed
- Fixed Loki VirtualService for `scalable` and `monolith` deployments
## [6.6.4-bb.3] - 2024-07-15
### Changed
- Consolidated redundant simple/scalable loki peerauth
## [6.6.4-bb.2] - 2024-07-11
### Fixed
- Update retention grafana dashbaord
Neuvector📜
# Changelog Updates
## [2.7.7-bb.2] - 2024-07-13
### Changed
- Removed redundant entries in package test-values.yaml already in package values.yaml
- Updated cypress resources to standard 2 cpu and 4 Gi memory
## [2.7.7-bb.1] - 2024-07-02
### Changed
- Rename and remove istio authorization policies
Tempo📜
- !4670: tempo update to 1.9.0-bb.2
# Changelog Updates
## [1.9.0-bb.2] - 2024-07-03
### Updated
- Set new default labels according to best practices
Monitoring📜
- !4829: monitoring update to 61.2.0-bb.2
- !4827: monitoring update to 61.2.0-bb.1
- !4710: monitoring update to 61.2.0-bb.0
- !4704: monitoring update to 60.4.0-bb.5
- !4674: monitoring update to 60.4.0-bb.4
# Changelog Updates
## [61.2.0-bb.1] - 2024-07-29
### Updated
- Auth policy to allow prometheus to scrape when sso is enabled, but hardening is not.
- Adding a label selector to the shared auth policies to allow prometheus to scrape when sso is enabled, but hardening is not.
## [61.2.0-bb.0] - 2024-07-15
### Updated
- Updated Grafana: 11.0.0 -> 11.1.0
- Updated grafana-plugins: 11.0.0 -> 11.1.0
- Updated prometheus-config-reloader: v0.74.0 -> v0.75.0
- Updated prometheus-operator: v0.74.0 -> v0.75.0
- Updated kube-state-metrics chart: 5.20.1 -> 5.21.0
- Updated prometheus-node-exporter chart: 4.36.0 -> 4.37.0
- Updated grafana chart: 8.0.2 -> 8.3.2
- Updated prometheus-snmp-exporter chart: 5.4.0 -> 5.5.0
### Fixed
- Restored missing authPolicy required for Grafana<->Prometheus communication with SSO enabled.
## [60.4.0-bb.5] - 2024-07-11
### Removed
- Removed AlertManager peerAuthentication policy and enabled TLS connection to AlertManager
## [60.4.0-bb.4] - 2024-07-09
### Added
- Added kiali authPolicy to allow graph building
Grafana📜
- !4724: grafana update to 8.3.4-bb.0
# Changelog Updates
## [8.3.4-bb.0] - 2024-07-15
### Changed
- ironbank/kiwigrid/k8s-sidecar updated from 1.27.4 to 1.27.5
Twistlock📜
# Changelog Updates
## [0.15.0-bb.16] - 2024-07-19
### Changed
- Reduced Twistlock Defender Daemonsets resource request and limit to 2 CPU/2Gi RAM
## [0.15.0-bb.15] - 2024-07-12
### Changed
- Removed redundant entries in package test-values.yaml already in package values.yaml
Wrapper📜
- !4687: wrapper update to 0.4.10
# Changelog Updates
## [0.4.10] - 2024-07-09
### Changed
- Changed the default istio hardening state to istio's default
Argocd📜
- !4685: argocd update to 7.3.4-bb.0
# Changelog Updates
## [7.3.4-bb.0] - 2024-07-05
### Changed
- Update ironbank/big-bang/argocd v2.11.3 -> v2.11.4
-
Authservice📜
- !4818: fixing the digs
- !4817: fix clusterWideHardened enabled logic
- !4813: authservice update to 1.0.1-bb.4
- !4733: authservice update to 1.0.1-bb.3
# Changelog Updates
## [1.0.1-bb.4] - 2024-07-26
### Added
- Fix the issue with sso and kiali when not using hardening
- Made the jwt-authz policy ACTION explicit
## [1.0.1-bb.3] - 2024-07-16
### Added
- Added `bigbang.labels` helper function to authservice under `templates/bigbang`
- Added call to `bigbang.labels` function in pod template section of `chart/templates/deployment.yaml`
- Added `redis-bb.master.podLabels` and `redis-bb.replica.podLabels` entries for `app` and `version` in `chart/values.yaml`
Minio Operator📜
# Changelog Updates
## [5.0.16-bb.1] - 2024-07-16
### Changed
- Removed shared Authorization Policies
## [5.0.16-bb.0] - 2024-07-09
### Upgrade
- Upgrade MinIO Tenant CRD to 5.0.16
Minio📜
- !4714: minio update to 5.0.16-bb.0
- !4699: minio update to 5.0.15-bb.7
- !4698: minio update to 5.0.15-bb.6
# Changelog Updates
## [5.0.16-bb.0] - 2024-06-27
### Changed
- Updated mc to `RELEASE.2024-07-03T20-17-25Z`
- Updated chart to v5.0.16
## [5.0.15-bb.7] - 2024-07-12
### Changed
- Removed shared authpolicies implemented directly in istio
## [5.0.15-bb.6] - 2024-07-11
### Changed
- Remove redundant entries in package test-values.yaml already in package values.yaml
- Update cypress resources to standard 2 cpu and 4 Gi memory
Gitlab📜
# Changelog Updates
## [8.1.2-bb.3] - 2024-07-19
### Changed
- Switched the istio injection back on
## [8.1.2-bb.2] - 2024-07-18
### Added
- Added information about testing on bigbang for certain integration changes
## [8.1.2-bb.1] - 2024-07-15
### Changed
- Change registry image in test to pull from registry1
Gitlab Runner📜
# Changelog Updates
## [0.66.0-bb.0] - 2024-07-17
## [Changed]
* Upgrade gitlab runner from 17.0.0 to 17.1.0:
Nexus📜
- !4709: nexusRepositoryManager update to 69.0.0-bb.2
# Changelog Updates
## [69.0.0-bb.2] - 2024-07-11
### Changed
- Refactor script tests to use IB secured base alpine linux image and devops-tester image
Sonarqube📜
# Changelog Updates
## [8.0.6-bb.2] - 2024-07-16
### Changed
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc
## [8.0.6-bb.1] - 2024-07-09
### Changed
- Added in waits between cypress test calls to avoid having cypress tests lock out and fail with failed response hanging
Haproxy📜
- !4746: haproxy update to 1.19.3-bb.7
# Changelog Updates
## [1.19.3-bb.7] - 2024-07-17
### Added
- Added `bigbang.labels` helper function to postgresql subchart under `templates/bigbang`
- Added call to `bigbang.labels` helper function in `chart/templates/deployment.yaml` and `chart/templates/daemonset.yaml` under `spec.template.metadata.labels`
Anchore Enterprise📜
- !4812: anchore update to 2.7.0-bb.6
- !4808: anchore update to 2.7.0-bb.5
- !4764: anchore update to 2.7.0-bb.2
- !4738: anchore update to 2.7.0-bb.1
# Changelog Updates
## [2.7.0-bb.6] - 2024-07-26
### Changed
- Fixed feeds subchart secret.yaml reference
## [2.7.0-bb.5] - 2024-07-25
### Added
- Added `egress-postgres.yaml` to allow for external Postgres DB
## [2.7.0-bb.4] - 2024-07-23
### Changed
- Updated Anchore Feeds chart to `2.7.0`
## [2.7.0-bb.3] - 2024-07-23
### Changed
- Fixed Mismatch between analyzer Service selector and Pod Labels
## [2.7.0-bb.2] - 2024-07-19
### Changed
- Updated Anchore Enterprise tag to `5.7.0`
- Updated Anchore Enterprise UI tag to `5.7.0`
- Updated Postgresql to `16.2`
- Updated kubectl to 1.29.7
## [2.7.0-bb.1] - 2024-07-17
### Changed
- Removed rbacAuth from serviceMonitor template
Mattermost Operator📜
# Changelog Updates
## [1.22.0-bb.0] - 2024-07-13
### Changed
- ironbank/opensource/mattermost/mattermost-operator updated from 1.21.0 to 1.22.0
## [1.21.0-bb.2] - 2024-06-25
### Changed
- Removed shared istio auth policies
Mattermost📜
- !4774: mattermost update to 9.10.0-bb.0
- !4700: mattermost update to 9.9.1-bb.1
- !4679: mattermost update to 9.9.1-bb.0
# Changelog Updates
## [9.10.0-bb.0] - 2024-07-18
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.9.1 to 9.10.0
## [9.9.1-bb.1] - 2024-07-12
### Changed
- Removing shared auth policies
## [9.9.1-bb.0] - 2024-07-09
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.9.0 to 9.9.1
Velero📜
# Changelog Updates
## [6.7.0-bb.4] - 2024-07-16
### Changed
- Removed shared auth policies
## [6.7.0-bb.3] - 2024-07-10
### Changed
- Added bigbang test integration within DEVELOPMENT_MAINTENANCE.md
Keycloak📜
- !4772: keycloak update to 2.4.3-bb.2
- !4736: keycloak update to 2.4.3-bb.1
- !4692: keycloak update to 2.4.3-bb.0
# Changelog Updates
## [2.4.3-bb.2] - 2024-07-19
### Added
- Update ironbank/opensource/keycloak/keycloak 25.0.1 -> 25.0.2
- Update registry1.dso.mil/ironbank/opensource/keycloak/keycloak 25.0.1 -> 25.0.2
## [2.4.3-bb.1] - 2024-07-16
### Added
- Added `bigbang.labels` helper function to postgresql subchart under `templates/bigbang`
- Added call to `bigbang.labels` function in pod template section of `chart/deps/postgresql/templates/statefulset.yaml` and `chart/deps/postgresql/templates/statefulset-readreplicas.yaml`
- Added `podLabels` entries for `app` and `version` in `chart/values.yaml`
- Updated `docs/DEVELOPMENT_MAINTENANCE.md` [Modifications made to upstream chart](https://repo1.dso.mil/big-bang/product/packages/keycloak/-/blob/main/docs/DEVELOPMENT_MAINTENANCE.md#modifications-made-to-upstream-chart) section to reflect aforementioned changes
## [2.4.3-bb.0] - 2024-07-11
### Updated
- Update Keycloak 24.0.5 -> 25.0.1
- Update Postgresql 12.18 -> 12.19
- Update to `keycloakx` chart and add Kptfile to track
- Update cypress test for new verbiage
- Update cypress keycloak user hook job conditional
- Update `KC_PROXY` to new `KC_PROXY_HEADERS`
- Update development themes to reference correct `keycloak.v2` parent
- Explicitly specify `platform: linux/amd64` in `docker-compose.yaml`
- Remove `KC_HOSTNAME_STRICT_HTTPS` env from docs as it is no longer valid
Vault📜
- !4739: vault update to 0.25.0-bb.38
- !4719: vault update to 0.25.0-bb.37
- !4713: vault update to 0.25.0-bb.36
# Changelog Updates
## [0.25.0-bb.38] - 2024-07-16
### Changed
- Removed duplicate entries in test-values.yaml compared with values.yaml
## [0.25.0-bb.37] - 2024-06-25
### Changed
- Removed shared istio auth policies
- Removed shared istio auth policies
## [0.25.0-bb.36] - 2024-07-10
### Changed
- Added documentation related to performing integration tests of sections of code and settings that have potential integration impacts
Metrics Server📜
- !4671: metricsServer update to 3.12.1-bb.3
# Changelog Updates
## [3.12.1-bb.3] - 2024-07-03
### Removed
- Removed shared authPolicies set at the Istio level
Harbor📜
- !4688: harbor update to 1.15.0-bb.0
# Changelog Updates
## [1.15.0-bb.0] - 2024-07-10
### Changed
- Updated goharbor/redis-photon minor v2.10.2 -> v2.11.0
- Updated redis (source) minor 19.3.2-bb.0 -> 19.5.5-bb.0
- Updated registry1.dso.mil/bigbang-ci/devops-tester (source) minor 1.0.0 -> 1.1.1
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-core (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-core (source) minor 2.10.2 -> 2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/registry (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter (source) minor v2.10.2 -> v2.11.0
- Updated registry1.dso.mil/ironbank/opensource/nginx/nginx (source) patch 1.26.0 -> 1.26.1
- Add Authorization Policies for core, exporter, and jobservice
Holocron📜
- !4686: holocron update to 1.0.11
# Changelog Updates
## [1.0.11] - 2024-07-04
### Updated
- Removed the allow nothing policy
- Moved the authorization policies
- Updated the istio hardened doc
Thanos📜
# Changelog Updates
## [15.7.9-bb.4] - 2024-07-05
### Removed
- Removed shared authPolicies set at the Istio level
## [15.7.9-bb.3] - 2024-07-01
### Fixed
- Remove references to deprecated common service account in values.yaml and README
Known Issues📜
-
- On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the
flowcontrol.apiserver.k8s.io/v1beta2
api version (no longer served as of v1.29).
In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.
$ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io
- On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
- Please take some time to respond to our survey on Kyverno Policies
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.