Skip to content

Release Notes - 2.42.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.30.3 (RKE2).

Announcements📜

Due to the recent certificate renewal for *.dso.mil, the root CA for all dso.mil domains has transitioned to SSL.com TLS RSA Root CA 2022. This root CA is trusted by all major browser vendors but has not yet made it into the trust stores for Debian 12 (Bookworm), a foundational Linux distribution upon which many derivative container images are based. As a result, certain container images in use by Big Bang may require manual intervention to explicitly trust the certificates presented by login.dso.mil among other domains to prevent SSO errors for authservice-enabled applications within a Big Bang deployment.

Resolution📜

Big Bang exposes the ability to set trusted CAs for the JWKS fetch via sso.certificateAuthority.cert. By setting this to login.dso.mil’s cert bundle, the endpoint will be trusted explicitly and the JWKS fetch will succeed.

Unfortunately, istiod does not pick up changes to this cert bundle at runtime. If upgrading from a previous release with different certificates or no certificates at all, it’s important to restart the istiod deployment so that it can pick up the changes: 

kubectl -n istio-system rollout restart deployment/istiod

Upgrade Notices📜

  • Kyverno - MR:
    • refer to Kyverno v1.13.0 release notes:
    • Kyverno V1.13.x will remove wildcard view permissions for all Kyverno controllers, see the documentation section on Role Based Access Controls for more details.
  • Gitlab-runner - MR:
    • CI Pipelines Grafana Runner Dashboard is now available for deployment from the GitLab Runner package. Please reference these docs.
  • External-secrets - MR:
    • When upgrading to ESO 0.11.0, there is a possibility that some secrets may have keys removed. Backup of important secrets is recommended prior to upgrading.
    • See upstream release notes for more information
  • Eck-operator - MR:
    • Will perform rolling-restart/upgrade on Elastic cluster

Upgrades from previous releases📜

If coming from a version pre-2.41.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.41.0.

Packages📜

Package Type Package Version BB Version
Updated Alloy Addon 1.4.2 1.6.13-bb.0 🔗
Anchore Enterprise Addon 5.11.1 3.1.1-bb.3
Argocd Addon 2.13.1 7.7.5-bb.0
Authservice Addon 1.0.3 1.0.3-bb.0
Cluster Auditor Core 0.0.7 1.5.0-bb.22
Updated Eck Operator Core 2.15.0 2.15.0-bb.0 🔗
Updated Elasticsearch Kibana Core Kibana 8.16.1 Elasticsearch 8.16.1 1.23.0-bb.0 🔗
Updated External Secrets Addon 0.11.0 0.11.0-bb.0 🔗
Updated Fluentbit Core 3.2.2 0.48.3-bb.1 🔗
Updated Fortify Addon 24.4.1.0005 1.1.2320154-bb.21 🔗
Gatekeeper Core 3.17.1 3.17.1-bb.2
Updated Gitlab Addon 17.6.1 8.6.1-bb.0 🔗
Updated Gitlab Runner Addon 17.3.1 0.68.1-bb.2 🔗
Grafana Core 11.3.1 8.6.2-bb.0
Haproxy Addon 2.2.33 1.19.3-bb.8
Harbor Addon 2.11.0 1.16.0-bb.2
Holocron Addon 3.3.2 1.0.12
Updated Istio Controlplane Core Istio 1.23.3 Tetrate Istio Distro 1.23.3 1.23.3-bb.2 🔗
Istio Operator Core Istio Operator 1.23.3 Tetrate Istio Distro Operator 1.23.3 1.23.3-bb.0
Jaeger Core 1.61.0 2.57.0-bb.0
Updated Keycloak Addon 25.0.6 2.5.1-bb.3 🔗
Kiali Core 2.1.0 2.1.0-bb.0
Updated Kyverno Core 1.13.2 3.3.4-bb.0 🔗
Updated Kyverno Policies Core 3.3.4 3.3.4-bb.0 🔗
Kyverno Reporter Core 2.20.2 2.24.2-bb.1
Updated Loki Core 3.3.1 6.23.0-bb.0 🔗
Mattermost Addon 10.2.0 10.2.0-bb.0
Updated Mattermost Operator Addon 1.22.1 1.22.1-bb.1 🔗
Metrics Server Addon 0.7.2 3.12.2-bb.1
Updated Minio Addon RELEASE.2024-06-04T19-20-08Z 6.0.4-bb.4 🔗
Minio Operator Addon 6.0.4 6.0.4-bb.0
Monitoring Core Prometheus 2.54.1 Grafana 11.1.0 Alertmanager 0.27.0 62.4.0-bb.1
Updated Neuvector Core 5.4.1 2.8.3-bb.0 🔗
Nexus Addon 3.74.0-05 74.0.0-bb.0
Promtail Core 3.0.0 6.16.2-bb.4
Sonarqube Addon 10.6.0-community 10.6.1-bb.2
Tempo Core Tempo 2.5.0 Tempo Query 2.5.0 1.11.0-bb.0
Thanos Addon 0.36.1 15.8.1-bb.0
Twistlock Core 33.01.137 0.18.0-bb.0
Updated Vault Addon 1.18.2 0.29.1-bb.0 🔗
Updated Velero Addon 1.15.0 7.2.2-bb.4 🔗
Wrapper Core N / A 0.4.10

Changes in 2.42.0📜

Big Bang MRs📜

  • !5499: Resolve “Flux CPU limits cause deployments to take longer than they should”
  • !5498: Resolve “Values Secret isn’t technically valid yaml after templating”

Istio Controlplane📜

  • !5503: istio update to 1.23.3-bb.2 
# Changelog Updates

## [1.23.3-bb.2] - 2024-12-10
### Changed
- Removed global cpu limit for istio proxy

Kyverno📜

  • !5504: kyverno update to 3.3.4-bb.0
# Changelog Updates

## [3.3.4-bb.0] - 2024-12-10
### Changed
- Updated upstream chart from `3.2.7` to `3.3.3` and app version from `v1.12.6` to `v1.13.2`
- Updated `background-controller`, `cleanup-controller`, `reports-controller`, `kyverno`, `kyvernocli`, `kyvernopre` from `v1.12.6` to `v1.13.2`
- Updated `ubi9-minimal` from `9.4` to `9.5`
- Updated `kubectl` from `v1.30.5` to `v1.30.6`

Kyverno Policies📜

  • !5463: kyvernoPolicies update to 3.2.6-bb.3
# Changelog Updates

## [3.2.6-bb.3] - 2024-12-03
### Changed
- Updated `require-labels` test manifest

## [3.2.6-bb.2] - 2024-12-03
### Changed
- Cleaned up `require-labels` policy to match current Kiali label requirements

Elasticsearch Kibana📜

  • !5493: elasticsearchKibana update to 1.23.0-bb.0
# Changelog Updates

## [1.23.0-bb.0] - 2024-11-26
### Changed
- gluon updated from 0.5.10 to 0.5.12
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.16.0 to 8.16.1
- ironbank/elastic/kibana/kibana updated from 8.16.0 to 8.16.1
- ironbank/opensource/kubernetes/kubectl updated from v1.30.6 to v1.30.7

Eck Operator📜

  • !5464: eckOperator update to 2.15.0-bb.0
# Changelog Updates

## [2.15.0-bb.0] - 2024-12-02
### Changed
- eck-operator 2.14.0 -> 2.15.0

## [2.14.0-bb.1] - 2024-11-22
### Changed
- Added the maintenance track annotation and badge

Fluentbit📜

  • !5479: fluentbit update to 0.48.3-bb.0
# Changelog Updates

## [0.48.3-bb.1] - 2024-12-11
### Changed
- Updated Kyverno policy due to deprecated field

## [0.48.3-bb.0] - 2024-12-04
### Updated
- Updated fluent-bit: 3.2.1 -> 3.2.2

Loki📜

  • !5505: loki update to 6.23.0-bb.0
  • !5476: loki update to 6.22.0-bb.0
# Changelog Updates

## [6.23.0-bb.0] - 2024-12-09
### Updated
- Updated `loki` from `v3.3.0` -> `v3.3.1`
- Updated `loki-canary` from `3.3.0` -> `3.3.1`
- Updated `memcached` from `1.6.32` -> `1.6.33`

## [6.22.0-bb.0] - 2024-12-03
### Updated
- Updated `loki` from `v3.2.0` -> `v3.3.0`
- Updated `gluon` from `0.5.8` -> `0.5.12`
- Updated `kubectl` from `v1.30.5` -> `v1.30.7`
- Updated `loki-canary` from `3.2.1` -> `3.3.0`
- Updated `nginx` from `1.27.2` -> `1.27.3`
- Updated `minio-instance` from `6.0.2-bb.0` -> `6.0.4-bb.2`
- Updated `grafana-agent-operator` from `0.4.1` -> `0.5.0`
- Updated `rollout-operator` from `0.16.0` -> `0.20.0`

Neuvector📜

  • !5477: neuvector update to 2.8.3-bb.0
# Changelog Updates

## [2.8.3-bb.0] - 2024-12-03
### Changed
- updated gluon from `0.5.2` -> `0.5.12`
- Updated chart version from  `2.8.2` to `2.8.3`
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/controller from `5.4.0` to `5.4.1`
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/enforcer from `5.4.0` to `5.4.1`
- Updated registry1.dso.mil/ironbank/neuvector/neuvector/manager from `5.4.0` to `5.4.1`

Minio📜

  • !5478: minio update to 6.0.4-bb.4
  • !5465: minio update to 6.0.4-bb.3
# Changelog Updates

## [6.0.4-bb.4] - 2024-12-03
### Changed
- registry1.dso.mil/ironbank/opensource/minio/mc RELEASE.2024-10-29T15-34-59Z -> RELEASE.2024-11-17T19-35-25Z
- gluon from 0.5.10 to 0.5.12

## [6.0.4-bb.3] - 2024-12-03
### Changed
- Added app.kubernetes.io/name label to minio.labels helper
- Created new helper for tenants to ensure it also gets the app.kubernetes.io/version label
- Updated tenant deployment to include newly created helper
- Removed previous solution to fix Kiali Labels applied in 6.0.2-bb.3

Gitlab📜

  • !5489: gitlab update to 8.6.1-bb.0 
# Changelog Updates

## [8.6.1-bb.0] - 2024-12-06
### Changed
- ironbank/gitlab/gitlab/gitlab-webservice (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl (source) 17.5.2 -> 17.6.1
- registry1.dso.mil/ironbank/opensource/postgres/postgresql (source) 14.14 -> 14.15

Gitlab Runner📜

  • !5504: gitlabRunner update to 0.68.1-bb.2
  • !5490: gitlabRunner update to 0.68.1-bb.1
  • !5474: gitlabRunner update to 0.68.1-bb.0
# Changelog Updates

## [0.68.1-bb.2] - 2024-12-11
### Changed
- Updated Kyverno policy due to deprecated field

## [0.68.1-bb.1] - 2024-12-06
### Changed
- removed gitlab-ci-pipelines_rev1.json in favor of gitlab-ci-pipelines-exporter feature chart: <https://repo1.dso.mil/big-bang/product/maintained/gitlab-ci-pipelines-exporter>

## [0.68.1-bb.0] - 2024-12-04
### Changed
- gluon 0.5.4 -> 0.5.10
- ironbank/gitlab/gitlab-runner/gitlab-runner (source) 17.2.1 -> 17.3.1
- ironbank/gitlab/gitlab-runner/gitlab-runner (source) v17.2.1 -> v17.3.1
- ironbank/gitlab/gitlab-runner/gitlab-runner-helper (source) v17.2.1 -> v17.3.1
- registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner (source) v17.2.1 -> v17.3.1
- registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper (source) v17.2.1 -> v17.3.1
- registry1.dso.mil/ironbank/redhat/ubi/ubi9 (source) 9.4 -> 9.5

Fortify📜

  • !5488: fortify update to 1.1.2320154-bb.21
# Changelog Updates

## [1.1.2320154-bb.21] - 2024-12-11
### Changed
- Updated Fortify to version 24.4.1.0005

Mattermost Operator📜

  • !5480: mattermostOperator update to 1.22.1-bb.1
# Changelog Updates

## [1.22.1-bb.1] - 2024-12-03
### Changed
- Added mattermost-operator.podLabels and imported into the deployment

Velero📜

  • !5481: velero update to 7.2.2-bb.4
# Changelog Updates

## [7.2.2-bb.4] - 2024-12-04
### Added
- Updated ironbank/opensource/nginx/nginx (source) 1.27.2 -> 1.27.3

Keycloak📜

  • !5500: keycloak update to 2.5.1-bb.3
# Changelog Updates

## [2.5.1-bb.3] - 2024-12-09
### Updated
- Re-added truststore.pfx as the omission of the file in 2.5.1-bb.1 was causing issue for customers that use the truststore

Vault📜

  • !5484: vault update to 0.29.1-bb.0
  • !5472: vault update to 0.29.0-bb.1
# Changelog Updates

## [0.29.1-bb.0] - 2024-12-04
### Changed
- Updated gluon 0.5.10 -> 0.5.12
- Updated registry1.dso.mil/ironbank/hashicorp/vault (source) 1.18.1 -> 1.18.2
- Updated minio-instance from 6.0.3-bb.2 -> 6.0.4-bb.2

## [0.29.0-bb.1] - 2024-12-04
### Changed
- Updated minio-instance from 6.0.4-bb.2 -> 6.0.4-bb.3
- Updated gluon to 0.5.12
- Added missing label for app.kubernetes.io/version

External Secrets📜

  • !5492: externalSecrets update to 0.11.0-bb.0
  • !5456: externalSecrets update to 0.10.4-bb.1
# Changelog Updates

## [0.11.0-bb.0] - 2024-12-4
### Changed
- Updated chart to v0.11.0
- Updated gluon to 0.5.12
- Updated kubectl to v1.30.7

## [0.10.4-bb.1] - 2024-11-14
### Changed
- Removed namespace in the secret-store.yaml template
- Added ExternalSecret template using secretConfiguration

Alloy📜

  • !5486: alloy update to 1.6.13-bb.0
# Changelog Updates

## [1.6.13-bb.0] - 2024-12-06
### Changed
- ironbank/opensource/grafana/alloy updated from v1.4.2 to v1.5.1

## [1.6.12-bb.0] - 2024-12-02
### Changed
- k8s-monitoring updated from 1.6.4 to 1.6.12

## [1.6.4-bb.1] - 2024-11-18
### Changed
- Updates to renovate to fix dependency versions (script is in renovate-runner)
- Added maintenance track badge and annotation

## [1.6.4-bb.2] - 2024-11-22
### Changed
- Fixed the maintenance track annotation

Known Issues📜

  • Kiali - ISSUE
  • On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the flowcontrol.apiserver.k8s.io/v1beta2 api version (no longer served as of v1.29).

In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.

$ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.