Skip to content

Release Notes - 2.37.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.30.3 (RKE2).

Upgrade Notices📜

  • Cluster-auditor - MR:
    • If pinned to an older package version for this package, you will need to update that package to latest prior to upgrading your Big Bang umbrella version due to template updates accompanied by this MR.
  • Elasticsearch-kibana - MR:
    • Elasticsearch Statefulsets Update Strategy are set to OnDelete, so in order for the changes in this package mr to take effect (i.e tunneling certificates/mtls handling through istio-proxy) 1) istio must be enabled and 2) the elasticsearch pods need to be manually deleted (for more information see kubernetes documentation on statefulsets updates strategies).
    • kubectl instructions
      • To get a list of pods that will need to be manually restarted run the following
        kubectl get pod -n logging -l elasticsearch.k8s.elastic.co/cluster-name=logging-ek
        
      • If availability is important than you can manually do a rolling upgrade by deleting the pods one by one while waiting for them to restart
        kubectl delete pod <name of pods> -n logging
        
      • If availability is not important and you want to restart all the pods at once then run the following
        kubectl delete pod -n logging -l elasticsearch.k8s.elastic.co/cluster-name=logging-ek
        
      • After restarting all the pods and confirming that the pods are back in a ready state, check that elasticsearch cluster health is green by running
        kubectl get elasticsearch -n logging
        

Upgrades from previous releases📜

If coming from a version pre-2.36.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.36.0.

Packages📜

Package Type Package Version BB Version
Anchore Enterprise Addon 5.9.0 2.10.0-bb.0
Updated Argocd Addon 2.12.3 7.5.2-bb.1 🔗
Updated Authservice Addon 1.0.2 1.0.2-bb.0 🔗
Updated Cluster Auditor Core 0.0.7 1.5.0-bb.22 🔗
Eck Operator Core 2.14.0 2.14.0-bb.0
Updated Elasticsearch Kibana Core Kibana 8.15.1 Elasticsearch 8.15.1 1.19.0-bb.1 🔗
Updated External Secrets BETA Addon 0.10.2 0.10.2-bb.1 🔗
Updated Fluentbit Core 3.1.7 0.47.9-bb.1 🔗
Fortify Addon 24.2.0.0186 1.1.2320154-bb.19
Updated Gatekeeper Core 3.17.1 3.17.1-bb.0 🔗
Updated Gitlab Addon 17.2.7 8.2.7-bb.1 🔗
Gitlab Runner Addon 17.2.1 0.67.1-bb.1
Grafana Core 11.2.0 8.5.1-bb.0
Haproxy Addon 2.2.33 1.19.3-bb.8
Harbor Addon 2.11.0 1.15.0-bb.1
Holocron Addon 3.3.2 1.0.11
Updated Istio Controlplane Core Istio 1.22.5 Tetrate Istio Distro 1.22.5 1.22.5-bb.0 🔗
Updated Istio Operator Core Istio Operator 1.22.5 Tetrate Istio Distro Operator 1.22.5 1.22.5-bb.0 🔗
Updated Jaeger Core 1.60.1 2.56.0-bb.1 🔗
Updated Keycloak Addon 25.0.4 2.5.0-bb.0 🔗
Updated Kiali Core 1.89.3 1.89.3-bb.1 🔗
Updated Kyverno Core 1.12.5 3.2.6-bb.3 🔗
Updated Kyverno Policies Core 3.2.5 3.2.5-bb.6 🔗
Updated Kyverno Reporter Core 2.20.1 2.24.1-bb.1 🔗
Updated Loki Core 3.1.1 6.12.0-bb.5 🔗
Updated Mattermost Addon 10.0.0 10.0.0-bb.2 🔗
Mattermost Operator Addon 1.22.0 1.22.0-bb.5
Updated Metrics Server Addon 0.7.2 3.12.2-bb.0 🔗
Updated Minio Addon RELEASE.2024-06-04T19-20-08Z 6.0.3-bb.4 🔗
Updated Minio Operator Addon 6.0.3 6.0.3-bb.0 🔗
Monitoring Core Prometheus 2.54.1 Grafana 11.1.0 Alertmanager 0.27.0 62.4.0-bb.0
Updated Neuvector Core 5.3.4 2.7.8-bb.4 🔗
Updated Nexus Addon 3.72.0-04 72.0.0-bb.0 🔗
Updated Promtail Core 3.0.0 6.16.2-bb.4 🔗
Sonarqube Addon 9.9.6-community 8.0.6-bb.4
Tempo Core Tempo 2.5.0 Tempo Query 2.5.0 1.10.3-bb.5
Thanos Addon 0.36.1 15.7.20-bb.1
Twistlock Core 32.03.125 0.16.0-bb.1
Updated Vault Addon 1.17.6 0.28.1-bb.8 🔗
Updated Velero Addon 1.14.1 7.2.1-bb.1 🔗
Wrapper Core N / A 0.4.10

Changes in 2.37.0📜

Istio Controlplane📜

  • !5173: istio update to 1.22.5-bb.0
  • !5135: istio update to 1.22.4-bb.2
# Changelog Updates

## [1.22.5-bb.0] - 2024-09-24
### Changed
- ironbank/opensource/istio/install-cni updated from 1.22.4 to 1.22.5
- ironbank/opensource/istio/pilot updated from 1.22.4 to 1.22.5
- ironbank/opensource/istio/proxyv2 updated from 1.22.4 to 1.22.5
- ironbank/opensource/kubernetes/kubectl updated from v1.29.6 to v1.30.5
- ironbank/tetrate/istio/install-cni updated from 1.22.4 to 1.22.5
- ironbank/tetrate/istio/pilot updated from 1.22.4 to 1.22.5
- ironbank/tetrate/istio/proxyv2 updated from 1.22.4 to 1.22.5

## [1.22.4-bb.2] - 2024-09-16
### Added
- Gluon post-install wait scripts

Istio Operator📜

  • !5176: istioOperator update to 1.22.5-bb.0
# Changelog Updates

## [1.22.5-bb.0] - 2024-09-30
### Changed
- Updated registry1.dso.mil/ironbank/opensource/istio/operator from 1.22.3 to 1.22.5
- Updated registry1.dso.mil/ironbank/tetrate/istio/operator from 1.22.3-tetratefips-v0 to 1.22.5-tetratefips-v0

Jaeger📜

  • !5139: jaeger update to 2.56.0-bb.1
# Changelog Updates

## [2.56.0-bb.1] - 2024-09-05
### Added
- Gluon post-install wait scripts

Kiali📜

  • !5154: kiali update to 1.89.3-bb.1
  • !5114: kiali update to 1.89.3-bb.0
# Changelog Updates

## [1.89.3-bb.1] - 2024-09-23
### Added
- Gluon post-install wait scripts

## [1.89.3-bb.0] - 2024-09-18
### Added
- Updated Kiali to v1.89.3
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali to 1.89.3
- Updated registry1.dso.mil/ironbank/opensource/kiali/kiali-operator to 1.89.3
- Updated registry1.dso.mil/bigbang/gluon to 0.5.4

Cluster Auditor📜

  • !5134: clusterAuditor update to 1.5.0-bb.22
# Changelog Updates

## [1.5.0-bb.22] - 2024-09-04
### Changed
- Removed Kiali labels from package, run input labels through `tpl` to evaluate template expressions

Gatekeeper📜

!5165: gatekeeper update to 3.17.1-bb.0

# Changelog Updates

## [3.17.1-bb.0] - 2024-09-27
### Changed
- Updated ironbank/opensource/openpolicyagent/gatekeeper v3.17.0 -> 3.17.1
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.17.0 -> 3.17.1
- Updated gluon from 0.5.3 to 0.5.4

Kyverno📜

  • !5172: kyverno update to 3.2.6-bb.3
  • !5126: kyverno update to 3.2.6-bb.2
  • !5123: kyverno update to 3.2.6-bb.1
# Changelog Updates

## [3.2.6-bb.3] - 2024-09-30
### Changed
- Updated secrets.sh with kubectl wait for namespace and secret creation

## [3.2.6-bb.2] - 2024-09-20
### Changed
- Updated secrets.sh with --wait=false on kubectl delete namespace

## [3.2.6-bb.1] - 2024-09-20
### Changed
- Updated secrets.sh and clusterpolicy.sh to fix early exit.

Kyverno Policies📜

  • !5150: kyvernoPolicies update to 3.2.5-bb.6
# Changelog Updates

## [3.2.5-bb.6] - 2024-09-09
### Changed
- update ironbank public container signing key

Kyverno Reporter📜

  • !5113: kyvernoReporter update to 2.24.1-bb.1
# Changelog Updates

## [2.24.1-bb.1] - 2024-08-26
### Changed
- Reverted previous Kiali label changes related to the epic and modified them to follow the new pattern.

Elasticsearch Kibana📜

  • !5158: elasticsearchKibana update to 1.19.0-bb.1
  • !5151: elasticsearchKibana update to 1.19.0-bb.0
  • !5147: elasticsearchKibana update to 1.18.0-bb.5
  • !5132: elasticsearchKibana update to 1.18.0-bb.4
  • !5088: elasticsearchKibana update to 1.18.0-bb.3
# Changelog Updates

## [1.19.0-bb.1] - 2024-09-26
### Changed
- Now setting `securityContext` on rolling upgrade `Job` to comply with Kyverno policies

## [1.19.0-bb.0] - 2024-09-26
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.14.3 to 8.15.1
- ironbank/elastic/kibana/kibana updated from 8.14.3 to 8.15.1
- ironbank/opensource/kubernetes/kubectl updated from v1.29.6 to v1.30.5

## [1.18.0-bb.5] - 2024-09-25
### Changed
- Reverted changes made from 1.18.0-bb.3

## [1.18.0-bb.4] - 2024-09-17
### Added
- Gluon post-install wait scripts

## [1.18.0-bb.3] - 2024-09-16
### Changed
- Disabled Elasticsearch selfSignedCertificate if Istio is enabled
- Enforced mtls in the Destination Rule if Istio is enabled
- Enable Elasticsearch virtual service by default

Fluentbit📜

  • !5118: fluentbit update to 0.47.9-bb.1
# Changelog Updates

## [0.47.9-bb.1] - 2024-09-19
### Removed
- Removed duplicate parsers in the customParsers field in values.yaml

Promtail📜

  • !5122: promtail update to 6.16.2-bb.4
# Changelog Updates

## [6.16.2-bb.4] - 2024-08-30
### Changed
- Updating Promtail `oscal-component.yaml` to include Lula validations for automated assessment

### Added
- Added `oscal-assessment-results.yaml` as a threshold for automated governance

Loki📜

  • !5142: loki update to 6.12.0-bb.5
  • !5133: fix (loki): guard monolith local storage config with minio enablement check
# Changelog Updates

## [6.12.0-bb.5] - 2024-09-24
### Changed
- Give grafana an extra minute to check for loki datasource connection in cypress testing

Neuvector📜

  • !5127: neuvector update to 2.7.8-bb.4
  • !5107: neuvector update to 2.7.8-bb.3
# Changelog Updates

## [2.7.8-bb.4] - 2024-09-20
### Changed
- Updated gluon to `0.5.2`

## [2.7.8-bb.3] - 2024-09-14
### Changed
- Removed previous kiali label epic changes in `2.7.7-bb.3` and updated to new pattern.

Argocd📜

  • !5170: argocd update to 7.5.2-bb.1
  • !5120: argocd update to 7.5.2-bb.0
# Changelog Updates

## [7.5.2-bb.1] - 2024-09-30
### Changed
- Updated redis-20.0.1-bb.1.tgz dependency chart

## [7.5.2-bb.0] - 2024-09-16
### Changed
- Update gluon 0.5.3 -> 0.5.4
- Update ironbank/big-bang/argocd v2.12.0 -> v2.12.3
- Update redis chart 19.6.2-bb.0 -> 20.0.1-bb.0
- Update registry1.dso.mil/ironbank/big-bang/argocd v2.12.0 -> v2.12.3
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.62.0 -> v1.63.0
- Update registry1.dso.mil/ironbank/bitnami/redis 7.2.5 -> 7.4.0

Authservice📜

  • !5115: authservice update to 1.0.2-bb.0
# Changelog Updates

## [1.0.2-bb.0] - 2024-09-11
### Changed
- redis updated from 19.5.0 to 20.0.1
- ironbank/bitnami/redis updated from 7.2.5 to 7.4.0
- ironbank/istio-ecosystem/authservice updated from 1.0.1 to 1.0.2

Minio Operator📜

  • !5036: minioOperator update to 6.0.3-bb.0
# Changelog Updates

## [6.0.3-bb.0] - 2024-08-29
### Changed
- Upgraded registry1.dso.mil/ironbank/opensource/minio/operator v6.0.2 -> v6.0.3

Minio📜

  • !5146: minio update to 6.0.3-bb.4
  • !5138: minio update to 6.0.3-bb.3
  • !5042: minio update to 6.0.2-bb.4
# Changelog Updates

## [6.0.3-bb.4] - 2024-09-25
### Changed
- Added wait job config

## [6.0.3-bb.3] - 2024-09-23
### Changed
- Upgraded mc to RELEASE.2024-09-16T17-43-14Z

## [6.0.3-bb.2] - 2024-09-17
### Changed
- Fixed a bug in istio authorization policies introduced in 6.0.3-bb.1 that resulted in failing RBAC access denied when istio hardening was enabled

## [6.0.3-bb.1] - 2024-09-12
### Changed
- Upgraded minio to v6.0.3

## [6.0.2-bb.5] - 2024-09-05
### Changed
- Removed hardcoded match labels

## [6.0.2-bb.4] - 2024-08-29
### Changed
- Updated mc to `RELEASE.2024-08-26T10-49-58Z`

Gitlab📜

  • !5161: gitlab update to 8.2.7-bb.1
# Changelog Updates

## [8.2.7-bb.1] - 2024-09-27
### Changed
- Update ironbank/bitnami/redis (source) 7.0.0-debian-10-r3 -> 7.4.0

Nexus📜

  • !5101: nexusRepositoryManager update to 72.0.0-bb.0
# Changelog Updates

## [72.0.0-bb.0] - 2024-09-17
### Changed
- Updated chart to version: 72.0.0-bb.0 | appVersion: 3.72.0-04
- Updated Gluon 0.5.3 -> 0.5.4

## [71.0.0-bb.1] - 2024-09-13
### Added
- Updated `.Values.nexus.blobstores.blobstore[]` functionality to store each separate `.blobstore_data` item as a separate Kubernetes `Secret`, more effectively protecting any cloud credentials the user might need to pass to Nexus in order to create blobstores on S3 or Azure.

Mattermost📜

  • !5160: mattermost update to 10.0.0-bb.2
  • !5131: mattermost update to 10.0.0-bb.0
  • !5099: mattermost update to 9.11.1-bb.1
# Changelog Updates

## [10.0.0-bb.2] - 2024-09-26
### Changed
- Add netpol for waitjob pod

## [10.0.0-bb.1] - 2024-09-24
### Changed
- add wait job

## [10.0.0-bb.0] - 2024-09-19
### Changed
- ironbank/opensource/mattermost/mattermost updated from 9.11.1 to 10.0.0

## [9.11.1-bb.1] - 2024-09-13
### Changed
- gluon updated from 0.5.3 to 0.5.4
- minio-instance updated from 6.0.2 to 6.0.3

Velero📜

  • !5152: velero update to 7.2.1-bb.1
  • !5128: velero update to 7.2.1-bb.0
# Changelog Updates

## [7.2.1-bb.1] - 2024-09-25
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.29.9 -> v1.30.5

## [7.2.1-bb.0] - 2024-09-17
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.29.8 -> v1.29.9
- Updated chart to 7.2.1

## [7.1.5-bb.1] - 2024-09-12
### Changed
- Changed label in `node-agent` Daemonset to allow for templated values (`chart/templates/node-agent-daemonset.yaml`)

Keycloak📜

  • !5141: keycloak update to 2.5.0-bb.0
# Changelog Updates

## [2.5.0-bb.0] - 2024-09-17
### Updated
- Keycloak to -> 25.0.4
- Postgresql -> 12.20
- Gluon -> 0.5.3

Vault📜

  • !5159: vault update to 0.28.1-bb.8
  • !5116: vault update to 0.28.1-bb.7
# Changelog Updates

## [0.28.1-bb.8] - 2024-09-27
### Changed
- Upgraded registry1.dso.mil/ironbank/hashicorp/vault 1.17.5 -> 1.17.6
- ironbank/hashicorp/vault 1.17.5-> 1.17.6

## [0.28.1-bb.7] - 2024-09-18
### Changed
- Updated minio-instance from 6.0.2-bb.2 -> 6.0.3-bb.2

Metrics Server📜

  • !5148: metricsServer update to 3.12.2-bb.0
  • !5140: metricsServer update to 3.12.1-bb.6
# Changelog Updates

## [3.12.2-bb.0] - 2024-09-25
### Upgraded
- Update metrics-server `v0.7.1` -> `v0.7.2`
- Update addOnResizer `1.8.20` -> `1.8.21`
- Update kubectl `v1.29.3` -> `v1.29.8`
- Update gluon `0.4.9` -> `0.5.4`
- Chart updated `3.12.1-bb.6` -> `3.12.2-bb.0`

## [3.12.1-bb.6] - 2024-09-24
### Fixed
- Fixed issue with changes due to upstream drift

## [3.12.1-bb.5] - 2024-09-17
### Changed
- Fixed chart template drift from upstream

External Secrets📜

  • !5186: externalSecrets update to 0.10.2-bb.1
# Changelog Updates

## [0.10.2-bb.1] - 2024-10-02
### Added
- Added network policy allow-sidecar-scraping

## [0.10.2-bb.0] - 2024-08-30
### Changed
- Updated ESO to v0.10.2
- Updated to gluon 0.5.3

Known Issues📜

  • Kiali - ISSUE
  • On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the flowcontrol.apiserver.k8s.io/v1beta2 api version (no longer served as of v1.29).

In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.

$ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.