Release Notes - 2.37.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.30.3 (RKE2).
Upgrade Notices📜
- Cluster-auditor - MR:
- If pinned to an older package version for this package, you will need to update that package to latest prior to upgrading your Big Bang umbrella version due to template updates accompanied by this MR.
- Elasticsearch-kibana - MR:
- Elasticsearch Statefulsets Update Strategy are set to OnDelete, so in order for the changes in this package mr to take effect (i.e tunneling certificates/mtls handling through istio-proxy) 1) istio must be enabled and 2) the elasticsearch pods need to be manually deleted (for more information see kubernetes documentation on statefulsets updates strategies).
- kubectl instructions
- To get a list of pods that will need to be manually restarted run the following
kubectl get pod -n logging -l elasticsearch.k8s.elastic.co/cluster-name=logging-ek
- If availability is important than you can manually do a rolling upgrade by deleting the pods one by one while waiting for them to restart
kubectl delete pod <name of pods> -n logging
- If availability is not important and you want to restart all the pods at once then run the following
kubectl delete pod -n logging -l elasticsearch.k8s.elastic.co/cluster-name=logging-ek
- After restarting all the pods and confirming that the pods are back in a ready state, check that elasticsearch cluster health is green by running
kubectl get elasticsearch -n logging
- To get a list of pods that will need to be manually restarted run the following
Upgrades from previous releases📜
If coming from a version pre-2.36.0
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.36.0
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Anchore Enterprise | Addon | 5.9.0 |
2.10.0-bb.0 |
Argocd | Addon | 2.12.3 |
7.5.2-bb.1 🔗 |
Authservice | Addon | 1.0.2 |
1.0.2-bb.0 🔗 |
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.22 🔗 |
Eck Operator | Core | 2.14.0 |
2.14.0-bb.0 |
Elasticsearch Kibana | Core | Kibana 8.15.1 Elasticsearch 8.15.1 |
1.19.0-bb.1 🔗 |
External Secrets | Addon | 0.10.2 |
0.10.2-bb.1 🔗 |
Fluentbit | Core | 3.1.7 |
0.47.9-bb.1 🔗 |
Fortify | Addon | 24.2.0.0186 |
1.1.2320154-bb.19 |
Gatekeeper | Core | 3.17.1 |
3.17.1-bb.0 🔗 |
Gitlab | Addon | 17.2.7 |
8.2.7-bb.1 🔗 |
Gitlab Runner | Addon | 17.2.1 |
0.67.1-bb.1 |
Grafana | Core | 11.2.0 |
8.5.1-bb.0 |
Haproxy | Addon | 2.2.33 |
1.19.3-bb.8 |
Harbor | Addon | 2.11.0 |
1.15.0-bb.1 |
Holocron | Addon | 3.3.2 |
1.0.11 |
Istio Controlplane | Core | Istio 1.22.5 Tetrate Istio Distro 1.22.5 |
1.22.5-bb.0 🔗 |
Istio Operator | Core | Istio Operator 1.22.5 Tetrate Istio Distro Operator 1.22.5 |
1.22.5-bb.0 🔗 |
Jaeger | Core | 1.60.1 |
2.56.0-bb.1 🔗 |
Keycloak | Addon | 25.0.4 |
2.5.0-bb.0 🔗 |
Kiali | Core | 1.89.3 |
1.89.3-bb.1 🔗 |
Kyverno | Core | 1.12.5 |
3.2.6-bb.3 🔗 |
Kyverno Policies | Core | 3.2.5 |
3.2.5-bb.6 🔗 |
Kyverno Reporter | Core | 2.20.1 |
2.24.1-bb.1 🔗 |
Loki | Core | 3.1.1 |
6.12.0-bb.5 🔗 |
Mattermost | Addon | 10.0.0 |
10.0.0-bb.2 🔗 |
Mattermost Operator | Addon | 1.22.0 |
1.22.0-bb.5 |
Metrics Server | Addon | 0.7.2 |
3.12.2-bb.0 🔗 |
Minio | Addon | RELEASE.2024-06-04T19-20-08Z |
6.0.3-bb.4 🔗 |
Minio Operator | Addon | 6.0.3 |
6.0.3-bb.0 🔗 |
Monitoring | Core | Prometheus 2.54.1 Grafana 11.1.0 Alertmanager 0.27.0 |
62.4.0-bb.0 |
Neuvector | Core | 5.3.4 |
2.7.8-bb.4 🔗 |
Nexus | Addon | 3.72.0-04 |
72.0.0-bb.0 🔗 |
Promtail | Core | 3.0.0 |
6.16.2-bb.4 🔗 |
Sonarqube | Addon | 9.9.6-community |
8.0.6-bb.4 |
Tempo | Core | Tempo 2.5.0 Tempo Query 2.5.0 |
1.10.3-bb.5 |
Thanos | Addon | 0.36.1 |
15.7.20-bb.1 |
Twistlock | Core | 32.03.125 |
0.16.0-bb.1 |
Vault | Addon | 1.17.6 |
0.28.1-bb.8 🔗 |
Velero | Addon | 1.14.1 |
7.2.1-bb.1 🔗 |
Wrapper | Core | N / A | 0.4.10 |
Changes in 2.37.0📜
Istio Controlplane📜
# Changelog Updates
## [1.22.5-bb.0] - 2024-09-24
### Changed
- ironbank/opensource/istio/install-cni updated from 1.22.4 to 1.22.5
- ironbank/opensource/istio/pilot updated from 1.22.4 to 1.22.5
- ironbank/opensource/istio/proxyv2 updated from 1.22.4 to 1.22.5
- ironbank/opensource/kubernetes/kubectl updated from v1.29.6 to v1.30.5
- ironbank/tetrate/istio/install-cni updated from 1.22.4 to 1.22.5
- ironbank/tetrate/istio/pilot updated from 1.22.4 to 1.22.5
- ironbank/tetrate/istio/proxyv2 updated from 1.22.4 to 1.22.5
## [1.22.4-bb.2] - 2024-09-16
### Added
- Gluon post-install wait scripts
Istio Operator📜
- !5176: istioOperator update to 1.22.5-bb.0
# Changelog Updates
## [1.22.5-bb.0] - 2024-09-30
### Changed
- Updated registry1.dso.mil/ironbank/opensource/istio/operator from 1.22.3 to 1.22.5
- Updated registry1.dso.mil/ironbank/tetrate/istio/operator from 1.22.3-tetratefips-v0 to 1.22.5-tetratefips-v0
Jaeger📜
- !5139: jaeger update to 2.56.0-bb.1
# Changelog Updates
## [2.56.0-bb.1] - 2024-09-05
### Added
- Gluon post-install wait scripts
Kiali📜
# Changelog Updates
## [1.89.3-bb.1] - 2024-09-23
### Added
- Gluon post-install wait scripts
## [1.89.3-bb.0] - 2024-09-18
### Added
- Updated Kiali to v1.89.3
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.89.3
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.89.3
- Updated registry1.dso.mil/bigbang/gluon to 0.5.4
Cluster Auditor📜
- !5134: clusterAuditor update to 1.5.0-bb.22
# Changelog Updates
## [1.5.0-bb.22] - 2024-09-04
### Changed
- Removed Kiali labels from package, run input labels through `tpl` to evaluate template expressions
Gatekeeper📜
!5165: gatekeeper update to 3.17.1-bb.0
# Changelog Updates
## [3.17.1-bb.0] - 2024-09-27
### Changed
- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.17.0 -> 3.17.1
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.17.0 -> 3.17.1
- Updated gluon from 0.5.3 to 0.5.4
Kyverno📜
- !5172: kyverno update to 3.2.6-bb.3
- !5126: kyverno update to 3.2.6-bb.2
- !5123: kyverno update to 3.2.6-bb.1
# Changelog Updates
## [3.2.6-bb.3] - 2024-09-30
### Changed
- Updated secrets.sh with kubectl wait for namespace and secret creation
## [3.2.6-bb.2] - 2024-09-20
### Changed
- Updated secrets.sh with --wait=false on kubectl delete namespace
## [3.2.6-bb.1] - 2024-09-20
### Changed
- Updated secrets.sh and clusterpolicy.sh to fix early exit.
Kyverno Policies📜
- !5150: kyvernoPolicies update to 3.2.5-bb.6
# Changelog Updates
## [3.2.5-bb.6] - 2024-09-09
### Changed
- update ironbank public container signing key
Kyverno Reporter📜
- !5113: kyvernoReporter update to 2.24.1-bb.1
# Changelog Updates
## [2.24.1-bb.1] - 2024-08-26
### Changed
- Reverted previous Kiali label changes related to the epic and modified them to follow the new pattern.
Elasticsearch Kibana📜
- !5158: elasticsearchKibana update to 1.19.0-bb.1
- !5151: elasticsearchKibana update to 1.19.0-bb.0
- !5147: elasticsearchKibana update to 1.18.0-bb.5
- !5132: elasticsearchKibana update to 1.18.0-bb.4
- !5088: elasticsearchKibana update to 1.18.0-bb.3
# Changelog Updates
## [1.19.0-bb.1] - 2024-09-26
### Changed
- Now setting `securityContext` on rolling upgrade `Job` to comply with Kyverno policies
## [1.19.0-bb.0] - 2024-09-26
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.14.3 to 8.15.1
- ironbank/elastic/kibana/kibana updated from 8.14.3 to 8.15.1
- ironbank/opensource/kubernetes/kubectl updated from v1.29.6 to v1.30.5
## [1.18.0-bb.5] - 2024-09-25
### Changed
- Reverted changes made from 1.18.0-bb.3
## [1.18.0-bb.4] - 2024-09-17
### Added
- Gluon post-install wait scripts
## [1.18.0-bb.3] - 2024-09-16
### Changed
- Disabled Elasticsearch selfSignedCertificate if Istio is enabled
- Enforced mtls in the Destination Rule if Istio is enabled
- Enable Elasticsearch virtual service by default
Fluentbit📜
- !5118: fluentbit update to 0.47.9-bb.1
# Changelog Updates
## [0.47.9-bb.1] - 2024-09-19
### Removed
- Removed duplicate parsers in the customParsers field in values.yaml
Promtail📜
- !5122: promtail update to 6.16.2-bb.4
# Changelog Updates
## [6.16.2-bb.4] - 2024-08-30
### Changed
- Updating Promtail `oscal-component.yaml` to include Lula validations for automated assessment
### Added
- Added `oscal-assessment-results.yaml` as a threshold for automated governance
Loki📜
- !5142: loki update to 6.12.0-bb.5
- !5133: fix (loki): guard monolith local storage config with minio enablement check
# Changelog Updates
## [6.12.0-bb.5] - 2024-09-24
### Changed
- Give grafana an extra minute to check for loki datasource connection in cypress testing
Neuvector📜
# Changelog Updates
## [2.7.8-bb.4] - 2024-09-20
### Changed
- Updated gluon to `0.5.2`
## [2.7.8-bb.3] - 2024-09-14
### Changed
- Removed previous kiali label epic changes in `2.7.7-bb.3` and updated to new pattern.
Argocd📜
# Changelog Updates
## [7.5.2-bb.1] - 2024-09-30
### Changed
- Updated redis-20.0.1-bb.1.tgz dependency chart
## [7.5.2-bb.0] - 2024-09-16
### Changed
- Update gluon 0.5.3 -> 0.5.4
- Update ironbank/big-bang/argocd v2.12.0 -> v2.12.3
- Update redis chart 19.6.2-bb.0 -> 20.0.1-bb.0
- Update registry1.dso.mil/ironbank/big-bang/argocd v2.12.0 -> v2.12.3
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.62.0 -> v1.63.0
- Update registry1.dso.mil/ironbank/bitnami/redis 7.2.5 -> 7.4.0
Authservice📜
- !5115: authservice update to 1.0.2-bb.0
# Changelog Updates
## [1.0.2-bb.0] - 2024-09-11
### Changed
- redis updated from 19.5.0 to 20.0.1
- ironbank/bitnami/redis updated from 7.2.5 to 7.4.0
- ironbank/istio-ecosystem/authservice updated from 1.0.1 to 1.0.2
Minio Operator📜
- !5036: minioOperator update to 6.0.3-bb.0
# Changelog Updates
## [6.0.3-bb.0] - 2024-08-29
### Changed
- Upgraded registry1.dso.mil/ironbank/opensource/minio/operator v6.0.2 -> v6.0.3
Minio📜
- !5146: minio update to 6.0.3-bb.4
- !5138: minio update to 6.0.3-bb.3
- !5042: minio update to 6.0.2-bb.4
# Changelog Updates
## [6.0.3-bb.4] - 2024-09-25
### Changed
- Added wait job config
## [6.0.3-bb.3] - 2024-09-23
### Changed
- Upgraded mc to RELEASE.2024-09-16T17-43-14Z
## [6.0.3-bb.2] - 2024-09-17
### Changed
- Fixed a bug in istio authorization policies introduced in 6.0.3-bb.1 that resulted in failing RBAC access denied when istio hardening was enabled
## [6.0.3-bb.1] - 2024-09-12
### Changed
- Upgraded minio to v6.0.3
## [6.0.2-bb.5] - 2024-09-05
### Changed
- Removed hardcoded match labels
## [6.0.2-bb.4] - 2024-08-29
### Changed
- Updated mc to `RELEASE.2024-08-26T10-49-58Z`
Gitlab📜
- !5161: gitlab update to 8.2.7-bb.1
# Changelog Updates
## [8.2.7-bb.1] - 2024-09-27
### Changed
- Update ironbank/bitnami/redis (source) 7.0.0-debian-10-r3 -> 7.4.0
Nexus📜
- !5101: nexusRepositoryManager update to 72.0.0-bb.0
# Changelog Updates
## [72.0.0-bb.0] - 2024-09-17
### Changed
- Updated chart to version: 72.0.0-bb.0 | appVersion: 3.72.0-04
- Updated Gluon 0.5.3 -> 0.5.4
## [71.0.0-bb.1] - 2024-09-13
### Added
- Updated `.Values.nexus.blobstores.blobstore[]` functionality to store each separate `.blobstore_data` item as a separate Kubernetes `Secret`, more effectively protecting any cloud credentials the user might need to pass to Nexus in order to create blobstores on S3 or Azure.
Mattermost📜
- !5160: mattermost update to 10.0.0-bb.2
- !5131: mattermost update to 10.0.0-bb.0
- !5099: mattermost update to 9.11.1-bb.1
# Changelog Updates
## [10.0.0-bb.2] - 2024-09-26
### Changed
- Add netpol for waitjob pod
## [10.0.0-bb.1] - 2024-09-24
### Changed
- add wait job
## [10.0.0-bb.0] - 2024-09-19
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.11.1 to 10.0.0
## [9.11.1-bb.1] - 2024-09-13
### Changed
- gluon updated from 0.5.3 to 0.5.4
- minio-instance updated from 6.0.2 to 6.0.3
Velero📜
# Changelog Updates
## [7.2.1-bb.1] - 2024-09-25
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.29.9 -> v1.30.5
## [7.2.1-bb.0] - 2024-09-17
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.29.8 -> v1.29.9
- Updated chart to 7.2.1
## [7.1.5-bb.1] - 2024-09-12
### Changed
- Changed label in `node-agent` Daemonset to allow for templated values (`chart/templates/node-agent-daemonset.yaml`)
Keycloak📜
- !5141: keycloak update to 2.5.0-bb.0
# Changelog Updates
## [2.5.0-bb.0] - 2024-09-17
### Updated
- Keycloak to -> 25.0.4
- Postgresql -> 12.20
- Gluon -> 0.5.3
Vault📜
# Changelog Updates
## [0.28.1-bb.8] - 2024-09-27
### Changed
- Upgraded registry1.dso.mil/ironbank/hashicorp/vault 1.17.5 -> 1.17.6
- ironbank/hashicorp/vault 1.17.5-> 1.17.6
## [0.28.1-bb.7] - 2024-09-18
### Changed
- Updated minio-instance from 6.0.2-bb.2 -> 6.0.3-bb.2
Metrics Server📜
# Changelog Updates
## [3.12.2-bb.0] - 2024-09-25
### Upgraded
- Update metrics-server `v0.7.1` -> `v0.7.2`
- Update addOnResizer `1.8.20` -> `1.8.21`
- Update kubectl `v1.29.3` -> `v1.29.8`
- Update gluon `0.4.9` -> `0.5.4`
- Chart updated `3.12.1-bb.6` -> `3.12.2-bb.0`
## [3.12.1-bb.6] - 2024-09-24
### Fixed
- Fixed issue with changes due to upstream drift
## [3.12.1-bb.5] - 2024-09-17
### Changed
- Fixed chart template drift from upstream
External Secrets📜
- !5186: externalSecrets update to 0.10.2-bb.1
# Changelog Updates
## [0.10.2-bb.1] - 2024-10-02
### Added
- Added network policy allow-sidecar-scraping
## [0.10.2-bb.0] - 2024-08-30
### Changed
- Updated ESO to v0.10.2
- Updated to gluon 0.5.3
Known Issues📜
- Kiali - ISSUE
- On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the
flowcontrol.apiserver.k8s.io/v1beta2
api version (no longer served as of v1.29).
In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.
$ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.