Skip to content

Release Notes - 2.40.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.30.3 (RKE2).

Upgrade Notices📜

  • Twistlock - MR:
    • As part of this upgrade, there is an automated deletion and recreation of deployments, daemonsets, and PVC (while retaining the PV).
      • You should run a manual backup. The data should be safe and retained, but you should still have a back up.
  • Loki - MR:
    • Any users that were using the Loki API VirtualService (loki.<yourdomain>) without explicitly enabling it will now need to set loki.values.istio.loki.enabled to true when upgrading/installing BigBang.
  • BigBang - MR:
    • Users can now provide a provider field for Flux HelmRepositories in Big Bang umbrella. This enables usage of OIDC for authenticating with cloud providers to pull charts.
  • Istio-controlplane - MR:
    • This release adds a default EnvoyFilter to increase the security of the Istio cluster. This filter which defaults to enabled can be disabled using e.g. istio.Values.defaultSecurityHeaders.enabled: false. The filter will add the following HTTP headers when the backend service does not already provide the header.
      • StrictTransportSecurity: maxage=31536000; includeSubDomains
      • XFrameOptions: SAMEORIGIN
      • XContentTypeOptions: nosniff
      • ReferrerPolicy: strictorigin
    • In the event these additional headers cause issues with any deployment, you can disable the filter and reach out to the Big Bang team.
  • BigBang - MR:
    • Nexus realms configuration has been moved and is no longer nested under sso. The realm key has been renamed to realms. e.g:
      addons:
      nexusRepositoryManager:
      values:
      realms:
      "DockerToken"  
      
  • Elasticsearch-kibana - MR:
    • Important: If prometheuselasticsearchexporter is enabled (metrics.enabled to true) in the ElasticsearchKibana package, upgrading to 1.20.0bb.0 involves changes to immutable selector labels that requires the elasticsearchmetrics deployment to be deleted before upgrading the release.
    • The ElasticsearchKibana autoRollingUpgrade field in values.yaml can deploy a preupgrade job that automates the required deployment deletion without any additional steps by using a helm preupgrade hook, so no additional actions is required. It should be noted, a brief outage is expected during upgrade while the elasticsearchmetrics deployment is being rolled out.
    • However, if you would rather manually delete the elasticsearchmetrics deployment prior to upgrade, then you would need to set the autoRollingUpgrade.enabled=false in the values.yaml and follow steps outlined below. The below command assumes that the ElasticsearchKibana package is deployed in the default Big Bang logging namespace for ElasticsearchKibana, one should look to confirm the namespace of their ElasticsearchKibana deployment:
      kubectl delete deploy l app=metrics n logging
      
    • Once the resources have been deleted, you can upgrade the release.

Upgrades from previous releases📜

If coming from a version pre-2.39.1, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.39.1.

Packages📜

Package Type Package Version BB Version
Updated Alloy BETA Addon 1.4.2 1.6.4-bb.0 🔗
Updated Anchore Enterprise Addon 5.10.0 3.0.0-bb.2 🔗
Argocd Addon 2.12.4 7.6.6-bb.0
Updated Authservice Addon 1.0.2 1.0.2-bb.1 🔗
Cluster Auditor Core 0.0.7 1.5.0-bb.22
Eck Operator Core 2.14.0 2.14.0-bb.0
Updated Elasticsearch Kibana Core Kibana 8.15.3 Elasticsearch 8.15.3 1.21.0-bb.0 🔗
External Secrets BETA Addon 0.10.2 0.10.2-bb.1
Fluentbit Core 3.1.9 0.47.10-bb.1
Fortify Addon 24.2.0.0186 1.1.2320154-bb.19
Updated Gatekeeper Core 3.17.1 3.17.1-bb.2 🔗
Updated Gitlab Addon 17.3.6 8.3.6-bb.3 🔗
Gitlab Runner Addon 17.2.1 0.67.1-bb.1
Grafana Core 11.2.2 8.5.5-bb.0
Haproxy Addon 2.2.33 1.19.3-bb.8
Harbor Addon 2.11.0 1.15.1-bb.1
Updated Holocron Addon 3.3.2 1.0.12 🔗
Updated Istio Controlplane Core Istio 1.23.2 Tetrate Istio Distro 1.23.2 1.23.2-bb.1 🔗
Istio Operator Core Istio Operator 1.23.2 Tetrate Istio Distro Operator 1.23.2 1.23.2-bb.0
Jaeger Core 1.61.0 2.57.0-bb.0
Keycloak Addon 25.0.6 2.5.1-bb.0
Kiali Core 1.89.7 1.89.7-bb.1
Kyverno Core 1.12.6 3.2.7-bb.0
Kyverno Policies Core 3.2.6 3.2.6-bb.0
Kyverno Reporter Core 2.20.2 2.24.2-bb.1
Updated Loki Core 3.2.0 6.18.0-bb.1 🔗
Mattermost Addon 10.1.2 10.1.2-bb.0
Mattermost Operator Addon 1.22.1 1.22.1-bb.0
Metrics Server Addon 0.7.2 3.12.2-bb.1
Updated Minio Addon RELEASE.2024-06-04T19-20-08Z 6.0.4-bb.2 🔗
Minio Operator Addon 6.0.4 6.0.4-bb.0
Updated Monitoring Core Prometheus 2.54.1 Grafana 11.1.0 Alertmanager 0.27.0 62.4.0-bb.1 🔗
Updated Neuvector Core 5.4.0 2.8.2-bb.1 🔗
Updated Nexus Addon 3.73.0-12 73.0.0-bb.1 🔗
Promtail Core 3.0.0 6.16.2-bb.4
Sonarqube Addon 10.6.0-community 10.6.1-bb.2
Updated Tempo Core Tempo 2.5.0 Tempo Query 2.5.0 1.10.3-bb.6 🔗
Updated Thanos Addon 0.36.1 15.7.27-bb.3 🔗
Updated Twistlock Core 32.07.123 0.17.0-bb.2 🔗
Updated Vault Addon 1.18.1 0.28.1-bb.12 🔗
Updated Velero Addon 1.14.1 7.2.2-bb.0 🔗
Wrapper Core N / A 0.4.10

Changes in 2.40.0📜

Big Bang MRs📜

  • !5252: Add provider to the helmRepositories spec and set a default value of generic
  • !5351: added minio logic

Istio Controlplane📜

  • !5331: istio update to 1.23.2-bb.1
# Changelog Updates

## [1.23.2-bb.1] - 2024-10-21
### Added
- added default, global envoy filter for HSTS and other security headers

Gatekeeper📜

  • !5347: gatekeeper update to 3.17.1-bb.2
# Changelog Updates

## [3.17.1-bb.2] - 2024-10-21
### Changed
- `container.apparmor.security.beta.kubernetes.io` annotations are now deprecated replaced by the `securityContext.appArmorProfile` field for pods and containers

Elasticsearch Kibana📜

  • !5343: elasticsearchKibana update to 1.21.0-bb.0
  • !5310: elasticsearchKibana update to 1.20.0-bb.0
# Changelog Updates

## [1.21.0-bb.0] - 2024-10-25
### Changed
- gluon updated from 0.5.4 to 0.5.8
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.15.2 to 8.15.3
- ironbank/elastic/kibana/kibana updated from 8.15.2 to 8.15.3
- ironbank/opensource/kubernetes/kubectl updated from v1.30.5 to v1.30.6

## [1.20.0-bb.1] - 2024-10-25
### Changed
- Moved upgrade job into a separate directory in the bigbang folder

## [1.20.0-bb.0] - 2024-10-17
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.15.1 to 8.15.2
- ironbank/elastic/kibana/kibana updated from 8.15.1 to 8.15.2
- ironbank/opensource/bitnami/elasticsearch-exporter updated from 1.7.0 to 1.8.0
- prometheus-elasticsearch-exporter to 6.5.0
- Added an upgrade job to manually delete the prometheus-elasticsearch-exporter deployment as part of upgrade

Loki📜

  • !5370: loki update to 6.18.0-bb.1
  • !5340: loki update to 6.18.0-bb.0
# Changelog Updates

## [6.18.0-bb.1] - 2024-11-06
### Changed
- Now setting `istio.loki.enabled` to `false` by default

## [6.18.0-bb.0] - 2024-10-18
### Updated
- Updated `loki` from `v3.1.1` -> `v3.2.0`
- Updated `gluon` from `0.5.4` -> `0.5.8`
- Updated `k8s-sidecar` from `1.27.5` -> `1.28.0`
- Updated `kubectl` from `v1.29.8` -> `v1.30.5`
- Updated `memcached` from `1.6.30` -> `1.6.31`
- Updated `nginx` from `1.26.2` -> `1.27.2`

Neuvector📜

  • !5398: neuvector update to 2.8.2-bb.1
# Changelog Updates

## [2.8.2-bb.1] - 2024-11-13
### Changed
- Added an initContainer to fix the cert permissions until an upstream fix comes in

## [2.8.2-bb.0] - 2024-10-17
### Changed
- Updated chart version to `2.8.0`
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/controller from `5.3.4` to `5.4.0`
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/enforcer from `5.3.4` to `5.4.0`
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/manager from `5.3.4` to `5.4.0`

Tempo📜

  • !5320: tempo update to 1.10.3-bb.6
# Changelog Updates

## [1.10.3-bb.6] - 2024-10-14
### Added
- Added authorization policy to allow communication from Kiali

Monitoring📜

-!5388: monitoring update to 62.4.0-bb.1

# Changelog Updates

## [62.4.0-bb.1] - 2024-11-04
### Changed
- Changed Gluon: 0.5.0 -> 0.5.9
- Changed cypress tests to check for variable number of running pods
- Changed Grafana: 8.5.1 -> 8.5.12

Twistlock📜

  • !5387: twistlock update to 0.17.0-bb.2
  • !5366: twistlock update to 0.17.0-bb.1
  • !5345: twistlock update to 0.17.0-bb.0
# Changelog Updates

## [0.17.0-bb.2] - 2024-11-05
### Changed
- Created the upgrade job for the label changes
- Brought back the changes from 0.16.0-bb.4
- Updated the volume upgrade job to be compatible with the upgrade job

## [0.17.0-bb.1] - 2024-11-04
### Added
- Added contributor scripts folder to allow for further setup of Twistlock deployments

## [0.17.0-bb.0] - 2024-10-31
### Changed
- ironbank/opensource/kubernetes/kubectl updated from v1.29.6 to v1.30.5
- ironbank/twistlock/console/console updated from 32.03.125 to 32.07.123
- ironbank/twistlock/defender/defender updated from 32.03.125 to 32.07.123

Authservice📜

  • !5356: authservice update to 1.0.2-bb.1
# Changelog Updates

## [1.0.2-bb.1] - 2024-11-04
### Changed
- Updated pod labels to use authservice.labels so version will be included

Minio📜

  • !5385: minio update to 6.0.4-bb.2
  • !5365: minio update to 6.0.4-bb.1
# Changelog Updates

## [6.0.4-bb.2] - 2024-11-08
### Changed
- Upgraded gluon from 0.5.8 to 0.5.10

## [6.0.4-bb.1] - 2024-11-04
### Changed
- Patch registry1.dso.mil/ironbank/opensource/minio/mc RELEASE.2024-10-08T09-37-26Z -> RELEASE.2024-10-29T15-34-59Z

Gitlab📜

  • !5382: gitlab update to 8.3.6-bb.3
# Changelog Updates

## [8.3.6-bb.3] - 2024-11-07
### Changed
- move token job for GCPE to GCPE prep for subchart

## [8.3.6-bb.2] - 2024-11-05
### Changed
- add webhook token job for GCPE integration

Nexus📜

  • !5328: nexusRepositoryManager update to 73.0.0-bb.1
# Changelog Updates

## [73.0.0-bb.1] - 2024-09-17
### Changed
- Refactored realm configuration from under sso configuration. Renamed to realms.

Anchore Enterprise📜

  • !5380: anchore update to 3.0.0-bb.2
  • !5368: anchore update to 3.0.0-bb.1
# Changelog Updates

## [3.0.0-bb.2] - 2024-11-07
### Changed
- Updated startmigrationpod value to false

## [3.0.0-bb.1] - 2024-11-04
### Changed
- fix istio error

## [3.0.0-bb.0] - 2024-10-22
### Changed
- Updated Anchore Enterprise chart to `3.0.0`
- Updated gluon to `0.5.8`
- Updated enterprise to `5.10.0`
- Updated enterpriseui to `5.10.0`
- Updated redis to `20.2.1-bb.0`
- Updated redis patch to `7.4.1`
- Updated kubectl to `1.30.5`

Velero📜

  • !5346: velero update to 7.2.2-bb.0
  • !5338: velero update to 7.2.1-bb.5
# Changelog Updates

## [7.2.2-bb.0] - 2024-10-31
### Changed
- Upgrade to upstream chart version 7.2.2

## [7.2.1-bb.5] - 2024-10-30
### Changed
- Fixed caCert issue preventing tls certs from being used with Backupstoragelocations

## [7.2.1-bb.4] - 2024-10-25
### Removed
- Reverted old Kiali Label commits

Vault📜

  • !5375: vault update to 0.28.1-bb.12
# Changelog Updates

## [0.28.1-bb.12] - 2024-11-06
### Changed
- Updated ironbank image to 1.18.1
- Updated gluon to 0.5.9

Holocron📜

  • !5355: holocron update to 1.0.12
# Changelog Updates

## [1.0.12] - 2024-11-04
### Updated
- Removed repeated literals in templates
- Configured templates to pass resource name and index to labels function in helpers template
- Updated labels to be correct on both deployment and pod resources

Thanos📜

  • !5363: thanos update to 15.7.27-bb.3
# Changelog Updates

## [15.7.27-bb.3] - 2024-10-25
### Changed
- Moved pre-upgrade hook resources to separate charts

## [15.7.27-bb.2] - 2024-10-21
### Added
- Added pre-upgrade hook to automate upgrade process

## [15.7.27-bb.1] - 2024-10-10
### Upgraded
- Removed hardcoded minio matchLabels

## [15.7.27-bb.0] - 2024-10-03
### Upgraded
- Upgraded gluon from `0.5.3` -> `0.5.4`
- Upgraded minio-instance from `5.0.15-bb.2` -> `6.0.3-bb.2`

Alloy📜

  • !5364: alloy update to 1.6.4-bb.0
  • !5307: alloy update to 1.6.0-bb.0
# Changelog Updates

## [1.6.4-bb.0] - 2024-11-02
### Changed
- k8s-monitoring updated from 1.6.0 to 1.6.4

## [1.6.0-bb.0] - 2024-10-22
### Changed
- k8s-monitoring updated from 1.5.4 to 1.6.0
- gluon updated from 0.5.4 to 0.5.8
- ironbank/opensource/grafana/alloy updated from v1.3.1 to v1.4.2

Known Issues📜

  • Kiali - ISSUE
  • On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the flowcontrol.apiserver.k8s.io/v1beta2 api version (no longer served as of v1.29).

In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.

$ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.