Skip to content

Release Notes - 2.35.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.30.3 (RKE2).

Upgrade Notices📜

  • Istio-controlplane - MR:
    • Istio gets updated to 1.22.4. Big Bang apps should automatically cycle to get the latest sidecar version and config. Be sure to cycle pods for any community or tenant applications manually.
  • Mattermost - MR:
    • Postgresql using the builtin bitnami module does not upgrade gracefully. You must manually backup and restore your database before accepting this upgrade. Using the builtin postgresql module is not a supported configuration in production environments.
  • Velero - MR (not in this release):
    • You will need a temporary fix in the values for velero to run:
      addons:
          velero:
              values:
                  podLabels:
                      app: 'velero'
                      version: '1.14.1
      

Upgrades from previous releases📜

If coming from a version pre-2.34.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.34.0.

Packages📜

Package Type Package Version BB Version
Updated Istio Controlplane Core Istio 1.22.4 Tetrate Istio Distro 1.22.4 1.22.4-bb.1 🔗
Updated Istio Operator Core Istio Operator 1.22.4 Tetrate Istio Distro Operator 1.22.4 1.22.4-bb.0 🔗
Updated Jaeger Core 1.60.1 2.56.0-bb.0 🔗
Updated Kiali Core 1.89.0 1.89.0-bb.0 🔗
Cluster Auditor Core 0.0.7 1.5.0-bb.21
Gatekeeper Core 3.16.3 3.16.3-bb.1
Kyverno Core 1.12.5 3.2.6-bb.0
Kyverno Policies Core 3.2.5 3.2.5-bb.3
Kyverno Reporter Core 2.20.1 2.24.1-bb.0
Elasticsearch Kibana Core Kibana 8.14.3 Elasticsearch 8.14.3 1.18.0-bb.0
Updated Eck Operator Core 2.14.0 2.14.0-bb.0 🔗
Updated Fluentbit Core 3.1.6 0.47.7-bb.0 🔗
Promtail Core 3.0.0 6.16.2-bb.3
Loki Core 3.1.1 6.10.0-bb.0
Updated Neuvector Core 5.3.4 2.7.8-bb.1 🔗
Updated Tempo Core Tempo 2.5.0 Tempo Query 2.5.0 1.10.3-bb.0 🔗
Updated Monitoring Core Prometheus 2.53.0 Grafana 11.1.0 Alertmanager 0.27.0 62.1.0-bb.0 🔗
Updated Grafana Core 11.1.4 8.4.6-bb.1 🔗
Twistlock Core 32.03.125 0.16.0-bb.1
Wrapper Core N / A 0.4.10
Updated Argocd Addon 2.12.0 7.4.0-bb.1 🔗
Updated Authservice Addon 1.0.1 1.0.1-bb.5 🔗
Updated Minio Operator Addon 6.0.2 6.0.2-bb.2 🔗
Updated Minio Addon RELEASE.2024-06-04T19-20-08Z 6.0.2-bb.3 🔗
Updated Gitlab Addon 17.2.4 8.2.4-bb.0 🔗
Updated Gitlab Runner Addon 17.1.0 0.66.0-bb.1 🔗
Nexus Addon 3.71.0-06 71.0.0-bb.0
Sonarqube Addon 9.9.6-community 8.0.6-bb.3
Updated Fortify Addon 24.2.0.0186 1.1.2320154-bb.17 🔗
Updated Haproxy Addon 2.2.33 1.19.3-bb.8 🔗
Updated Anchore Enterprise Addon 5.8.1 2.9.0-bb.6 🔗
Mattermost Operator Addon 1.22.0 1.22.0-bb.5
Updated Mattermost Addon 9.10.1 9.10.1-bb.4 🔗
Updated Velero Addon 1.14.1 7.1.5-bb.0 🔗
Updated Keycloak Addon 25.0.2 2.4.3-bb.5 🔗
Updated Vault Addon 1.17.3 0.28.1-bb.2 🔗
Metrics Server Addon 0.7.1 3.12.1-bb.4
Harbor Addon 2.11.0 1.15.0-bb.1
Holocron Addon 3.3.2 1.0.11
Updated Thanos Addon 0.36.1 15.7.20-bb.0 🔗
External Secrets Addon 0.9.18 0.9.18-bb.7

Changes in 2.35.0📜

Big Bang MRs📜

  • !4880: Resolve “Istio injection for namespaces should be optional for all charts”

Istio Controlplane📜

  • !4991: istio update to 1.22.4-bb.1
  • !4989: istio update to 1.22.4-bb.0
# Changelog Updates

## [1.22.4-bb.1] - 2024-08-22
### Changed
- Updating Istio `oscal-component.yaml` to include Lula validations for automated assessment

### Added
- Added `oscal-assessment-results.yaml` as a threshold for automated governance

## [1.22.4-bb.0] - 2024-08-21
### Changed
- ironbank/opensource/istio/install-cni updated from 1.22.3 to 1.22.4
- ironbank/opensource/istio/pilot updated from 1.22.3 to 1.22.4
- ironbank/opensource/istio/proxyv2 updated from 1.22.3 to 1.22.4
- ironbank/tetrate/istio/install-cni updated from 1.22.3 to 1.22.4
- ironbank/tetrate/istio/pilot updated from 1.22.3 to 1.22.4
- ironbank/tetrate/istio/proxyv2 updated from 1.22.3 to 1.22.4


### Istio Operator

- [!4988](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/4988): istioOperator update to 1.22.4-bb.0

```markdown
# Changelog Updates

## [1.22.4-bb.0] - 2024-08-21
### Changed
- Updated registry1.dso.mil/ironbank/opensource/istio/operator from 1.22.3 to 1.22.4
- Updated registry1.dso.mil/ironbank/tetrate/istio/operator from 1.22.3-tetratefips-v0 to 1.22.4-tetratefips-v0

Jaeger📜

  • !5012: jaeger update to 2.56.0-bb.0
# Changelog Updates

## [2.56.0-bb.0] - 2024-08-22
### Added
- Update jaegar 2.54.0 -> 2.56.0
- Update jaegertracing 1.57.0 -> 1.60.0
- Update gluon 0.5.0 -> 0.5.3

Kiali📜

  • !4978: kiali update to 1.89.0-bb.0
# Changelog Updates

## [1.89.0-bb.0] - 2024-08-20
### Changed
- Updated Kiali to v1.89.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.89.0
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.89.1

Eck Operator📜

  • !5006: eckOperator update to 2.14.0-bb.0
# Changelog Updates

## [2.14.0-bb.0] - 2024-08-21
### Changed
- eck-operator 2.13.0 -> 2.14.0

Fluentbit📜

  • !4959: fluentbit update to 0.47.7-bb.0
# Changelog Updates

## [0.47.7-bb.0] - 2024-08-16
### Changed
- Updated fluent-bit: 3.1.5 -> 3.1.6

Neuvector📜

  • !4974: neuvector update to 2.7.8-bb.1
# Changelog Updates

## [2.7.8-bb.1] - 2024-08-20
### Changed
- Changed cypress tests to support retries

Tempo📜

  • !5013: tempo update to 1.10.3-bb.0
  • !5007: tempo update to 1.10.1-bb.1
# Changelog Updates

## [1.10.3-bb.0] - 2024-08-23
### Updated
- Synchronized with upstream chart version 1.10.3
- Update gluon: 0.5.1 > 0.5.3

## [1.10.1-bb.1] - 2024-08-23
### Changed
- Updated templating in `chart/templates/statefulset.yaml` to add `tpl` for label interpretation

Monitoring📜

  • !4976: monitoring update to 62.1.0-bb.0
# Changelog Updates

## [62.1.0-bb.0] - 2024-08-20
### Updated
- Updated `kube-prometheus-stack` from `61.2.0` -> `62.1.0`

Grafana📜

  • !5008: grafana update to 8.4.6-bb.1
  • !5000: grafana update to 8.4.6-bb.0
# Changelog Updates

## [8.4.6-bb.1] - 2024-08-26
### Updated
- Removed previous kiali label epic changes and updated to new pattern

## [8.4.6-bb.0] - 2024-08-20
### Changed
- ironbank/big-bang/grafana/grafana-plugins updated from 11.1.3 to 11.1.4

Argocd📜

  • !5021: argocd update to 7.4.0-bb.1
  • !4960: argocd update to 7.4.0-bb.0
# Changelog Updates

## [7.4.0-bb.1] - 2024-08-22
### Changed
- Updated cypress test to use new test project
- Removed kyverno policy overrides from test values

## [7.4.0-bb.0] - 2024-08-09
### Changed
- Update gluon 0.5.2 -> 0.5.3
- Update registry1.dso.mil/ironbank/big-bang/argocd v2.11.7 -> v.2.12.0
- Update registry1.dso.mil/ironbank/opensource/dexidp/dex v2.40.0 -> v2.41.1

Authservice📜

  • !5001: authservice update to 1.0.1-bb.5
# Changelog Updates

## [1.0.1-bb.5] - 2024-08-23
### Updated
- Removed previous kiali label epic changes and updated to new pattern

Minio Operator📜

  • !4997: feat: Add Kiali labels for Minio/MinioOperator
# Changelog Updates

## [6.0.2-bb.2] - 2024-08-26
### Added
- Added `podLabels` input value
- Added usage of `podLabels` in `chart/templates/operator-deployment.yaml`

### Removed
- Removed `bigbang.labels` helper function to authservice under `templates/bigbang`
- Removed call to `bigbang.labels` function in pod template section of `chart/templates/operator-deployment.yaml`

Minio📜

  • !4997: feat: Add Kiali labels for Minio/MinioOperator
  • !4977: minio update to 6.0.2-bb.2
# Changelog Updates

## [6.0.2-bb.3] - 2024-08-26
### Added
- Added `podLabels` input value
- Added usage of `podLabels` in `chart/templates/tenant.yaml`

## [6.0.2-bb.2] - 2024-08-21
### Changed
- Updated to RELEASE.2024-08-17T11-33-50Z

Gitlab📜

  • !5020: gitlab update to 8.2.4-bb.0
  • !4981: gitlab update to 8.2.2-bb.1
# Changelog Updates

## [8.2.4-bb.0] - 2024-08-27
### Changed
- Update gitlab appVersion from 17.2.2 -> 17.2.4
- Update chart version from 8.2.2-bb.1 -> 8.2.4-bb.0
- Update gluon from 0.5.0 -> 0.5.3
- Update ironbank/gitlab/gitlab/gitlab-webservice (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl (source) 17.2.2 -> 17.2.4
- Update registry1.dso.mil/ironbank/opensource/postgres/postgresql (source) -> 14.12 -> 14.13

## [8.2.2-bb.1] - 2024-08-20
### Changed
- Update renovate.json to include package rule which ensures postgres version remains on major version 14

Gitlab Runner📜

  • !4996: gitlabRunner update to 0.66.0-bb.1
# Changelog Updates

## [0.66.0-bb.1] - 2024-08-20
### Changed
- Update kyverno cluster policy to handle the runner secret sync to multiple external namespaces

Fortify📜

  • !4992: fortify update to 1.1.2320154-bb.17
# Changelog Updates

## [1.1.2320154-bb.17] - 2024-08-22
### Added
- Added allow-sidecar-scraping NetworkPolicy

Haproxy📜

  • !5005: haproxy update to 1.19.3-bb.8
# Changelog Updates

## [1.19.3-bb.8] - 2024-08-26
### Updated
- Removed previous kiali label epic changes and updated to new pattern

Anchore Enterprise📜

  • !4969: anchore update to 2.9.0-bb.6
  • !4969: anchore update to 2.9.0-bb.5
# Changelog Updates

## [2.9.0-bb.6] - 2024-08-23
### Changed
- Updated templating in `chart/deps/feeds/deps/postgresql/templates/statefulset-replicas.yaml` to add `tpl` for label interpretation
- Updated templating in `chart/deps/feeds/deps/postgresql/templates/statefulset.yaml` to add `tpl` for label interpretation
- Updated templating in `chart/deps/feeds/templates/_common.tpl` to add `tpl` for label interpretation
- Updated templating in `chart/deps/postgresql/templates/statefulset-replicas.yaml` to add `tpl` for label interpretation
- Updated templating in `chart/deps/postgresql/templates/statefulset.yaml` to add `tpl` for label interpretation
- Updated templating in `chart/templates/_common.tpl` to add `tpl` for label interpretation

## [2.9.0-bb.5] - 2024-08-20
### Changed
- Updated Anchore Feeds chart to `2.8.1`

## [2.9.0-bb.4] - 2024-08-19
### Changed
- Updated Redis chart dependency to `20.0.1-bb.0`
- Updated Redis to 7.4.0
- Updated kubectl to 1.29.8
- Updated Cypress dependency to `v13.13.3`

Mattermost📜

  • !4904: feat: Add Kiali labels for Mattermost/MattermostOperator
  • !4918: mattermost update to 9.10.1-bb.3
  • !4912: mattermost update to 9.10.1-bb.2
# Changelog Updates

## [9.10.1-bb.4] - 2024-08-13
### Changed
- Update usage of podLabels in mattermost chart

## [9.10.1-bb.3] - 2024-08-13
### Added
- Added minio-operator-authz-policy.yaml to allow minio-operator access to monitor the tenant

## [9.10.1-bb.2] - 2024-08-12
### Changed
- Upgrade builtin postgresql 10.3.5 -> 12.12.10

Velero📜

  • !5030: velero update to 7.1.5-bb.0
  • !5010: velero update to 6.7.0-bb.10
  • !4985: velero update to 6.7.0-bb.9
# Changelog Updates

## [7.1.5-bb.0] - 2024-08-30
### Updated
- Updated velero version to 7.1.5
- velero/velero-plugin-for-aws v1.9.2 -> v1.10.1
- velero/velero-restore-helper v1.13.2 -> v1.14.1

## [6.7.0-bb.10] - 2024-08-27
### Updated
- Removed previous kiali label epic changes and updated to new pattern

## [6.7.0-bb.9] - 2024-08-21
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.29.7 -> v1.29.8
- Updated ironbank/opensource/nginx/nginx 1.26.1 -> 1.26.2

Keycloak📜

  • !4998: keycloak update to 2.4.3-bb.5
# Changelog Updates

## [2.4.3-bb.5] - 2024-08-23
### Updated
- Removed previous kiali label epic changes and updated to new pattern

Vault📜

  • !5014: update vault to 0.28.1-bb.2
  • !4993: vault update to 0.28.1-bb.1
# Changelog Updates

## [0.28.1-bb.2] - 2024-08-27
### Updated
- Modified templating for `extraLabels` on `csi-daemonset.yaml`, `injector-deployment.yaml` and `server-statefulset.yaml` to use `tpl` to support passing kiali-required labels

## [0.28.1-bb.1] - 2024-08-21
### Changed
- ironbank/hashicorp/vault 1.14.10 -> 1.17.3
- Updated minio-instance 5.0.15-bb.2 -> 6.0.2-bb.2

Thanos📜

  • !4987: thanos update to 15.7.20-bb.0
# Changelog Updates

## [15.7.20-bb.0] - 2024-08-21
### Upgraded
- Upgraded Thanos from `v0.36.0` -> `v0.36.1`

Known Issues📜

  • Kiali - ISSUE
  • On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the flowcontrol.apiserver.k8s.io/v1beta2 api version (no longer served as of v1.29).

In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.

$ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io
- During BigBang upgrade testing it was discovered that the Loki data source within grafana was broken. Looking into it it appeared that drift detecion had deleted all of the Loki services. The fix was to delete the Loki Helm release, make sure all secrets are destroyed and then
$ flux reconcile -n bigbang helmrelease gitlab --force --with-source

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.