Release Notes - 2.33.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.29.3 (RKE2).
Upgrade Notices📜
- Mattermost - MR:
- If Istio native sidecars are disabled, you’ll need to set
.values.addons.mattermost.values.database.readinessCheck.disableDefault
totrue
in yourvalues.yaml
file
- If Istio native sidecars are disabled, you’ll need to set
- GitLab - MR)
- This update requires Istio Native Sidecars to be enabled
Upgrades from previous releases📜
If coming from a version pre-2.32.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.32.0
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Istio Controlplane | Core | Istio 1.22.3 Tetrate Istio Distro 1.22.3 |
1.22.3-bb.1 |
Istio Operator | Core | Istio Operator 1.22.3 Tetrate Istio Distro Operator 1.22.3 |
1.22.3-bb.0 |
Jaeger | Core | 1.57.0 |
2.54.0-bb.2 |
Kiali | Core | 1.87.0 |
1.87.0-bb.0 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.21 🔗 |
Gatekeeper | Core | 3.16.3 |
3.16.3-bb.1 🔗 |
Kyverno | Core | 1.12.5 |
3.2.6-bb.0 🔗 |
Kyverno Policies | Core | 3.2.5 |
3.2.5-bb.2 🔗 |
Kyverno Reporter | Core | 2.20.1 |
2.24.0-bb.2 🔗 |
Elasticsearch Kibana | Core | Kibana 8.14.1 Elasticsearch 8.14.1 |
1.17.0-bb.4 🔗 |
Eck Operator | Core | 2.13.0 |
2.13.0-bb.2 |
Fluentbit | Core | 3.1.4 |
0.47.5-bb.1 🔗 |
Promtail | Core | 3.0.0 |
6.16.2-bb.1 |
Loki | Core | 3.1.0 |
6.7.1-bb.0 |
Neuvector | Core | 5.3.3 |
2.7.7-bb.3 🔗 |
Tempo | Core | Tempo 2.5.0 Tempo Query 2.5.0 |
1.10.1-bb.0 🔗 |
Monitoring | Core | Prometheus 2.53.0 Grafana 11.1.0 Alertmanager 0.27.0 |
61.2.0-bb.4 🔗 |
Grafana | Core | 11.1.0 |
8.3.6-bb.1 🔗 |
Twistlock | Core | 32.03.125 |
0.16.0-bb.0 🔗 |
Wrapper | Core | N / A | 0.4.10 |
Argocd | Addon | 2.11.7 |
7.3.11-bb.0 🔗 |
Authservice | Addon | 1.0.1 |
1.0.1-bb.4 |
Minio Operator | Addon | 5.0.16 |
5.0.16-bb.3 🔗 |
Minio | Addon | RELEASE.2024-06-04T19-20-08Z |
5.0.16-bb.0 |
Gitlab | Addon | 17.2.1 |
8.2.1-bb.0 🔗 |
Gitlab Runner | Addon | 17.1.0 |
0.66.0-bb.0 |
Nexus | Addon | 3.70.1-02 |
70.1.0-bb.0 🔗 |
Sonarqube | Addon | 9.9.6-community |
8.0.6-bb.2 |
Fortify | Addon | 24.2.0.0186 |
1.1.2320154-bb.15 |
Haproxy | Addon | 2.2.33 |
1.19.3-bb.7 |
Anchore Enterprise | Addon | 5.8.0 |
2.9.0-bb.0 🔗 |
Mattermost Operator | Addon | 1.22.0 |
1.22.0-bb.2 🔗 |
Mattermost | Addon | 9.10.1 |
9.10.1-bb.0 🔗 |
Velero | Addon | 1.14.0 |
6.7.0-bb.7 🔗 |
Keycloak | Addon | 25.0.2 |
2.4.3-bb.3 🔗 |
Vault | Addon | 1.14.10 |
0.25.0-bb.38 |
Metrics Server | Addon | 0.7.1 |
3.12.1-bb.3 |
Harbor | Addon | 2.11.0 |
1.15.0-bb.0 |
Holocron | Addon | 3.3.2 |
1.0.11 |
Thanos | Addon | 0.35.1 |
15.7.9-bb.6 🔗 |
External Secrets | Addon | 0.9.18 |
0.9.18-bb.7 |
Changes in 2.33.0📜
Big Bang MRs📜
- !4884: update to 1.30
- !4874: update helmRepo api version to v1 from v1beta2
- !4667: Resolve “Fixing Monitoring NS hardening consistency”
- !4849: Adds Fortify information to the default credentials user guide
- !4809: Add grafanaAlloy to values.schema.json
- !4775: Resolve “Fix Kustomize for the Package”
- !4754: Resolve “Enable driftDetection in flux”
Cluster Auditor📜
# Changelog Updates
## [1.5.0-bb.21] - 2024-07-30
### Changed
- Add pod labels required by Kiali
## [1.5.0-bb.20] - 2024-07-24
### Changed
- Removed redundant entries in package test-values.yaml already in package values.yaml
Gatekeeper📜
- !4795: gatekeeper update to 3.16.3-bb.1
# Changelog Updates
## [3.16.3-bb.1] - 2024-07-11
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.29.5 -> v1.29.6
Kyverno📜
# Changelog Updates
## [3.2.6-bb.0] - 2024-07-30
### Changed
- Updated kyverno chart from `3.2.5` to `3.2.6` and app version from `v1.12.5` to `v1.12.5`
- Updated `kubectl` from `1.29.6` to `1.29.7`
- Updated `kyverno`, `background-controller`, `cleanup-controller`, `reports-controller`, `kyvernopre` from `v1.12.4` to `v1.12.5`
- Added reference to `kyvernocli` with version `v1.12.5`
## [3.2.5-bb.4] - 2024-07-30
### Changed
- Update secret sync test script to check for kyverno-bbtest-secret already existing.
- Update secret sync test script to check for secret sync policy before creating namespace.
- Update gluon to latest v0.5.2
Kyverno Policies📜
- !4868: kyvernoPolicies update to 3.2.5-bb.2
- !4846: kyvernoPolicies update to 3.2.5-bb.1
- !4784: kyvernoPolicies update to 3.2.5-bb.0
# Changelog Updates
## [3.2.5-bb.2] - 2024-07-31
### Changed
- Updated chart/templates/exception-require-non-root-group.yaml:apiVersion: from `kyverno.io/v2beta1` to the latest version `kyverno.io/v2`
- chart/templates/exception-require-non-root-user.yaml:apiVersion: from `kyverno.io/v2beta1` to `kyverno.io/v2`
- chart/templates/update-automountserviceaccounttokens.yaml apiVersion:
## [3.2.5-bb.1] - 2024-07-27
### Changed
- Gluon updated from `0.5.0` to `0.5.2`
- `ironbank/opensource/kubernetes/kubectl` updated from `v1.29.4` to `v1.29.7`
## [3.2.5-bb.0] - 2024-07-23
### Changed
- Updated versions in version and annotations under Chart.yaml to match Kyverno chart that we are currently using - 3.2.5
Kyverno Reporter📜
# Changelog Updates
## [2.24.0-bb.2] - 2024-08-05
### Changed
- Updated image from `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.20.0` to `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.20.1`
- Updated `gluon` package dependency version from `0.5.0` to `0.5.2`
## [2.24.0-bb.1] - 2024-07-26
### Changed
- Added `bigbang.labels` to `chart/templates/deployment.yaml`, `chart/templates/cronjob-summary-report.yaml` and `chart/templates/cronjob-violations-report.yaml` to conform to Kiali requirements
- Updated `docs/DEVELOPMENT_MAINTENANCE.md`
Elasticsearch Kibana📜
- !4863: elasticsearchKibana update to 1.17.0-bb.4
# Changelog Updates
## [1.17.0-bb.4] - 2024-07-26
### Changed
- Add `elasticsearch.podDisruptionBudget` to `values.yaml`
Fluentbit📜
# Changelog Updates
## [0.47.5-bb.1] - 2024-08-01
### Changed
- Remove redundant items from test/test-values.yaml
## [0.47.5-bb.0] - 2024-07-26
### Changed
- Updated fluent-bit: 3.1.3 -> 3.1.4
- Updated gluon: 0.5.0 -> 0.5.2
Neuvector📜
- !4794: neuvector update to 2.7.7-bb.3
# Changelog Updates
## [2.7.7-bb.3] - 2024-07-24
### Changed
- Added `version` pod label to deployments and daemonset to conform to Kiali requirements
- Updated `docs/DEVELOPMENT_MAINTENANCE.md` [Modifications made to upstream chart](https://repo1.dso.mil/big-bang/product/packages/neuvector/-/blob/main/docs/DEVELOPMENT_MAINTENANCE.md?ref_type=heads#modifications-made-to-upstream-chart) section to reflect changes
Tempo📜
- !4823: tempo update to 1.10.1-bb.0
# Changelog Updates
## [1.10.1-bb.0] - 2024-07-26
### Updated
- Synchronized with upstream chart version 1.10.1
- Update gluon: 0.5.0 > 0.5.1
Monitoring📜
- !4824: Update Docs on changing the Grafana credentials
# Changelog Updates
## [61.2.0-bb.4] - 2024-08-05
### Fixed
- Use global imagePullSecret Only
## [61.2.0-bb.3] - 2024-08-01
### Changed
- Remove redundant items from test/test-values.yaml
Grafana📜
- !4864: grafana update to 8.3.6-bb.1
- !4822: grafana update to 8.3.6-bb.0
- !4811: grafana update to 8.3.4-bb.2
- !4796: grafana update to 8.3.4-bb.1
# Changelog Updates
## [8.3.6-bb.1] - 2024-08-01
### Changed
- Remove redundant items from `test/test-values.yaml`
## [8.3.6-bb.0] - 2024-07-25
### Changed
- gluon updated from 0.5.0 to 0.5.2
## [8.3.4-bb.2] - 2024-07-24
### Changed
- Updated `templates/deployment.yaml` and `templates/statefulset.yaml` to use `tpl` for `.Values.podLabels` to allow setting Kiali required `app` and `version` labels
- Set `app` and `version` label defaults via `.Values.podLabels`
## [8.3.4-bb.1] - 2024-07-24
### Changed
- Added update helm dep step to DEVELOPMENT_MAINTENANCE
- Updated gluon helm dependency from 0.4.10 to 0.5.0
Twistlock📜
# Changelog Updates
## [0.16.0-bb.0] - 2024-07-27
### Changed
- gluon updated from 0.5.0 to 0.5.2
- ironbank/twistlock/console/console updated from 32.01.128 to 32.03.125
## [0.15.0-bb.17] - 2024-07-25
### Changed
- Added `app` and `version` labels to defender pods to conform to Kiali requirements
- Updated `docs/DEVELOPMENT_MAINTENANCE.md` [Modifications made to upstream](https://repo1.dso.mil/big-bang/product/packages/twistlock/-/blob/main/docs/DEVELOPMENT_MAINTENANCE.md?ref_type=heads#modifications-made-to-upstream) section to reflect changes
Argocd📜
# Changelog Updates
## [7.3.11-bb.0] - 2024-07-29
### Changed
- Update ironbank/big-bang/argocd v2.11.5 -> v2.11.7
- Updated registry1.dso.mil/ironbank/big-bang/argocd v2.11.5 -> v2.11.7
- Updated gluon from 0.5.0 -> 0.5.2
## [7.3.9-bb.0] - 2024-07-19
### Changed
- Update ironbank/big-bang/argocd v2.11.3 -> v2.11.4
- Updated registry1.dso.mil/ironbank/big-bang/argocd v2.11.4 -> v2.11.5
- Updated registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.61.0 -> v1.62.0
- Updated redis-bb /registry1.dso.mil/bigbang 19.5.5-bb.0 -> 19.6.2-bb.0
Minio Operator📜
# Changelog Updates
## [5.0.16-bb.3] - 2024-07-31
### Added
- Added `bigbang.labels` helper function to authservice under `templates/bigbang`
- Added call to `bigbang.labels` function in pod template section of `chart/templates/console-deployment.yaml` and `chart/templates/operator-deployment.yaml`
## [5.0.16-bb.2] - 2024-07-24
### Changed
- Removed duplicate test values located in Big Bang repo
Gitlab📜
- !4875: gitlab update to 8.2.1-bb.0
# Changelog Updates
## [8.2.1-bb.0] - 2024-08-02
### Added
- Introduces `registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base:17.2.1` as `gitlabBase` image where we previously used `ubi9` for some `initContainers`.
### Changed
- Update appVersion 17.1.2 -> 17.2.1
- Update helm chart 8.1.2 -> 8.2.1
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.61.0 -> v1.62.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.1.2 -> 17.2.1
Nexus📜
- !4777: nexusRepositoryManager update to 70.1.0-bb.0
# Changelog Updates
## [70.1.0-bb.0] - 2024-07-19
### Changed
- Updated chart to version: 70.1.0-bb.0 | appVersion: 3.70.1-02
- Updated devops-tester 1.0.0 -> 1.1.1
Anchore Enterprise📜
# Changelog Updates
## [2.9.0-bb.0] - 2024-08-01
### Changed
- Updated Anchore Enterprise chart to `2.9.0`
- Updated Anchore Enterprise tag to `5.8.0`
- Updated Anchore Enterprise UI tag to `5.8.0`
- Updated Anchore Feeds chart to `2.8.0`
- Updated Cypress dependency to `v13.13.2`
## [2.7.0-bb.8] - 2024-07-31
### Changed
- Updated Gluon subchart dependency to `0.5.2`
- Updated Redis chart dependency to `19.6.2-bb.0`
## [2.7.0-bb.7] - 2024-07-30
### Changed
- Updated charts to be able to exclude imagePullSecrets
Mattermost Operator📜
# Changelog Updates
## [1.22.0-bb.2] - 2024-07-29
### Changed
- Updated ironbank image to latest v1.22.0
- Updated CRD references to v1.22.0; the KPTfile and actual content were already pulled from v1.22.0 upstream but the chart references lagged at 1.20.1.
## [1.22.0-bb.1] - 2024-07-23
### Changed
- Added integration testing instructions for External Secrets Operator
Mattermost📜
- !4853: mattermost update to 9.10.1-bb.0
- !4801: mattermost update to 9.10.0-bb.3
- !4792: mattermost update to 9.10.0-bb.2
- !4790: mattermost update to 9.10.0-bb.1
# Changelog Updates
## [9.10.1-bb.0] - 2024-07-30
### Changed
- gluon updated from 0.5.0 to 0.5.2
- ironbank/opensource/mattermost/mattermost updated from 9.10.0 to 9.10.1
## [9.10.0-bb.3] - 2024-07-25
### Changed
- Documentation updates to move release notes from a README item to a chart annotation
## [9.10.0-bb.2] - 2024-07-24
### Changed
- Adding the init container back
## [9.10.0-bb.1] - 2024-07-23
### Changed
- Added integration testing instructions for External Secrets Operator
Velero📜
# Changelog Updates
## [6.7.0-bb.7] - 2024-08-02
### Changed
- Updated kubectl to v1.29.7
- URL fixes in DEVELOPMENT_MAINTENANCE.md
## [6.7.0-bb.6] - 2024-08-02
### Changed
- Updated test-values.yaml file to remove duplicate values that are already set in the chart defaults
## [6.7.0-bb.5] - 2024-08-01
### Added
- Added `bigbang.labels` helper function to authservice under `templates/bigbang`
- Added call to `bigbang.labels` function in pod template section of `chart/templates/deployment.yaml`
Keycloak📜
- !4857: keycloak update to 2.4.3-bb.3
# Changelog Updates
## [2.4.3-bb.3] - 2024-08-01
### Added
- Added "start" argument to the chart/values.yaml.
Thanos📜
# Changelog Updates
## [15.7.9-bb.6] - 2024-07-29
### Fixed
- Remove unnecessary `match` rule in VirtualService
## [15.7.9-bb.5] - 2024-07-19
### Changed
- Set retention to forever with values to set to 0s
Known Issues📜
-
- On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the
flowcontrol.apiserver.k8s.io/v1beta2
api version (no longer served as of v1.29).
In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.
$ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io
- On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.