Changelogπ
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[0.18.0-bb.1] - 2025-01-24π
Changedπ
- remove upgrade-job
[0.18.0-bb.0] - 2024-11-26π
Changedπ
- gluon updated from 0.5.8 to 0.5.12
- ironbank/opensource/kubernetes/kubectl updated from v1.30.6 to v1.30.7
- ironbank/twistlock/console/console updated from 32.07.123 to 33.01.137
- ironbank/twistlock/defender/defender updated from 32.07.123 to 33.01.137
- Added the maintenance track annotation and badge
[0.17.0-bb.2] - 2024-11-05π
Changedπ
- Created the upgrade job for the label changes
- Brought back the changes from 0.16.0-bb.4
- Updated the volume upgrade job to be compatible with the upgrade job
[0.17.0-bb.1] - 2024-11-04π
Addedπ
- Added contributor scripts folder to allow for further setup of Twistlock deployments
[0.17.0-bb.0] - 2024-10-31π
Changedπ
- ironbank/opensource/kubernetes/kubectl updated from v1.29.6 to v1.30.5
- ironbank/twistlock/console/console updated from 32.03.125 to 32.07.123
- ironbank/twistlock/defender/defender updated from 32.03.125 to 32.07.123
[0.16.0-bb.5] - 2024-10-30π
Changedπ
- reverting the changes made in the previous release, they will come back later with a better upgrade process
[0.16.0-bb.4] - 2024-10-08π
Changedπ
- Updated gluon to 0.5.8
- refactored helpers to standardize labels
- Updated the wait script
- Added kiali labels
- Added more stability to the cypress tests
[0.16.0-bb.3] - 2024-10-07π
Changedπ
- Adds
podsLabel
input value and parses it throughtpl
[0.16.0-bb.2] - 2024-09-10π
Changedπ
- gluon updated from 0.5.3 to 0.5.4
- Add gluon wait script
[0.16.0-bb.1] - 2024-08-13π
Changedπ
- gluon updated from 0.5.2 to 0.5.3
- ironbank/twistlock/defender/defender updated from 32.01.128 to 32.03.125
[0.16.0-bb.0] - 2024-07-27π
Changedπ
- gluon updated from 0.5.0 to 0.5.2
- ironbank/twistlock/console/console updated from 32.01.128 to 32.03.125
[0.15.0-bb.17] - 2024-07-25π
Changedπ
- Added
app
andversion
labels to defender pods to conform to Kiali requirements - Updated
docs/DEVELOPMENT_MAINTENANCE.md
Modifications made to upstream section to reflect changes
[0.15.0-bb.16] - 2024-07-19π
Changedπ
- Reduced Twistlock Defender Daemonsets resource request and limit to 2 CPU/2Gi RAM
[0.15.0-bb.15] - 2024-07-12π
Changedπ
- Removed redundant entries in package test-values.yaml already in package values.yaml
[0.15.0-bb.14] - 2024-07-02π
Changedπ
- Removed the shared authorization policies
[0.15.0-bb.13] - 2024-06-19π
Changedπ
- Fixed resource requests and limits for Defender DaemonSet
- Added DNS SAN init script
[0.15.0-bb.12] - 2024-06-05π
Addedπ
- Added Cypress tests
[0.15.0-bb.11] - 2024-05-22π
Changedπ
- Add resource requests and limits for Defender DaemonSet
[0.15.0-bb.10] - 2024-05-15π
Changedπ
- Add Priority Class argument for defenders
[0.15.0-bb.9] - 2024-05-15π
Changedπ
- Fixed minor typo error on twistlock/allow-sidecar-scraping
[0.15.0-bb.8] - 2024-05-10π
Changedπ
- gluon updated from 0.4.9 to 0.5.0
[0.15.0-bb.7] - 2024-04-30π
Changedπ
- Updated security capabilities for defender
[0.15.0-bb.6] - 2024-04-18π
Changedπ
- Updated grafana dashboards to be compatible with Thanos
[0.15.0-bb.5] - 2024-04-10π
Changedπ
- gluon updated from 0.4.8 to 0.4.9
[0.15.0-bb.4] - 2024-03-29π
Changedπ
- Updated resources values for defender to match and follow Guaranteed QoS
[0.15.0-bb.3] - 2024-03-13π
Changedπ
- Added Istio Sidecar to restrict egress traffic to REGISTRY_ONLY
- Added Istio ServiceEntry to explicitly allow egress
[0.15.0-bb.2] - 2024-03-11π
Changedπ
- Updated security context for defender
- Updated resources for defender containers
[0.15.0-bb.1] - 2024-03-04π
Changedπ
- Openshift update for deploying Twistlock into Openshift cluster
[0.15.0-bb.0] - 2024-02-08π
Changedπ
- ironbank/twistlock/console/console updated from 31.03.103 to 32.01.128
- ironbank/twistlock/defender/defender updated from 31.03.103 to 32.01.128
[0.14.0-bb.2] - 2024-02-08π
Addedπ
- Added istio
allow-nothing
policy - Added istio
allow-ingress
policy - Added istio
allow-tempo
policy - Added istio
allow-defender-to-console-port
policy - Added
allow-scraping
policy - Added
allow-sidecar-scraping
policy - Added istio custom policy template
[0.14.0-bb.1] - 2024-02-08π
Changedπ
- Bumped default memory from 2Gi to 3Gi
- gluon updated from 0.4.7 to 0.4.8
[0.14.0-bb.0] - 2024-01-26π
Changedπ
- gluon updated from 0.4.6 to 0.4.7
- ironbank/twistlock/console/console updated from 30.02.123 to 31.03.103
- ironbank/twistlock/defender/defender updated from 30.02.123 to 31.03.103
[0.13.0-bb.10] - 2023-11-30π
Changedπ
- Updating OSCAL Component File.
[0.13.0-bb.9] - 2023-11-27π
Changedπ
- Updated PVC ironbank/big-bang/base updated from 2.0.0 to 2.1.0
[0.13.0-bb.8] - 2023-11-08π
Changedπ
- ironbank/big-bang/base updated from 2.0.0 to 2.1.0
[0.13.0-bb.7] - 2023-11-07π
Changedπ
- gluon updated from 0.4.1 to 0.4.4
[0.13.0-bb.6] - 2023-11-01π
Changedπ
- Increase init job memory limit
[0.13.0-bb.5] - 2023-10-18π
Changedπ
- Changed test url now that istio/ssl is configured to handle https
[0.13.0-bb.4] - 2023-10-17π
Addedπ
- Added appProtocol to service.yaml port 8083 definition to use istio explicit protocol selection
- Removed all files related to Cypress testing, using the scriopt for testing goign forward
[0.13.0-bb.3] - 2023-10-11π
Changedπ
- OSCAL version update from 1.0.0 to 1.1.1
[0.13.0-bb.2] - 2023-10-05π
Changedπ
- gluon updated from 0.4.0 to 0.4.1
- Updated Cypress to version 13.0.0
- Changed the Cypress file structure
- Changed to use the script for e2e testing instead of Cypress
[0.13.0-bb.1] - 2023-09-15π
Changedπ
- Support for group assertion for SSO through Init script
[0.13.0-bb.0] - 2023-09-01π
Changedπ
- ironbank/twistlock/console/console updated from 22.12.415 to 30.02.123
- ironbank/twistlock/defender/defender updated from 22.12.415 to 30.02.123
[0.12.0-bb.5] - 2023-06-22π
Changedπ
- Setting new variable for cypress test timeout
- If no value is given it will use default timeout value.
[0.12.0-bb.4] - 2023-06-22π
Changedπ
- Updated gluon from 0.3.2 -> 0.4.0
[0.12.0-bb.3] - 2023-06-20π
Changedπ
- Changed chart/values.yaml to nest serviceMonitor under monitoring
[0.12.0-bb.2] - 2023-05-31π
Changedπ
- Changed chart/Chart.yaml condition
[0.12.0-bb.1] - 2023-05-11π
Addedπ
- Added TLDR documentation for Container Models
[0.12.0-bb.0] - 2023-02-17π
Changedπ
- ironbank/twistlock/console/console updated from 22.06.197 to 22.12.415
- ironbank/twistlock/defender/defender updated from 22.06.197 to 22.12.415
[0.11.4-bb.3] - 2023-02-09π
Changedπ
- Add init job resources values and templating
[0.11.4-bb.2] - 2022-01-17π
Changedπ
- Update gluon to new registry1 location + latest version (0.3.2)
[0.11.4-bb.1] - 2022-12-05π
Fixedπ
- Quote value for privileged for stringData
Addedπ
- Add docs for WAAS
[0.11.4-bb.0] - 2022-11-17π
Addedπ
- Added Grafana dasboards
[0.11.3-bb.2] - 2022-10-20π
Changedπ
- Modified volume job to add retries on chown + exit with error properly
[0.11.3-bb.1] - 2022-10-14π
Addedπ
- Added drop security context capability to defender and console
[0.11.3-bb.0] - 2022-10-12π
Addedπ
- Configurable trusted image policy via init job
[0.11.2-bb.0] - 2022-10-06π
Fixedπ
- Added affinity for volume upgrade job
- Set job to run by default
- Add resources for volume job, modify wait logic to handle edge cases with unhealthy console
[0.11.1-bb.0] - 2022-10-02π
Changedπ
- increase Mem for console to 2gb
[0.11.0-bb.0] - 2022-09-27π
Addedπ
- Set Twistlock console to run as nonroot
- Added upgrade option for those with local volumes through the volume-upgrade-job
[0.10.0-bb.2] - 2022-09-22π
Addedπ
- Enable mTLS for Twistlock metrics
- Updated Gluon to
0.3.1
[0.10.0-bb.1] - 2022-09-02π
Addedπ
- Add support for SAML SSO via init script
[0.10.0-bb.0] - 2022-08-26π
Changedπ
- Updated console and defender to
22.06.197
[0.9.1-bb.0] - 2022-09-01π
Addedπ
- Conditional PrometheusRule template for Defender count alerts fulfilled by the monitoring stack
[0.9.0-bb.4] - 2022-08-15π
Fixedπ
- Update Defenderβs daemonSet to support/add tolerations
[0.9.0-bb.3] - 2022-06-30π
Fixedπ
- Fixed handling of metrics/servicemonitor + creation of user for metrics
- Adjust job TTL to 30 minutes to provide time for viewing debug logging
[0.9.0-bb.2] - 2022-07-04π
Updatedπ
- Make Twistlock more customization via values.yaml
[0.9.0-bb.1] - 2022-06-28π
Updatedπ
- Updated bb base image to 2.0.0
- Updated gluon to 0.2.10
[0.9.0-bb.0] - 2022-06-16π
Updatedπ
- Updated to 22.06.179 (console and defender)
- Updated to latest gluon library + latest base image
[0.8.0-bb.0] - 2022-06-10π
Addedπ
- Added oscal-component.yaml
[0.7.0-bb.0] - 2022-05-05π
Addedπ
- Added initialization job to setup users, license, defenders, policies, and other misc settings
Changedπ
- Refactored names and labels to use _helpers.tpl
- Added labels to all resources
[0.6.0-bb.0] - 2022-05-03π
Changedπ
- Updated twistlock image to 22.01.880
[0.5.0-bb.0] - 2022-03-24π
Addedπ
- Added Tempo Zipkin Egress Policy
[0.4.0-bb.1] - 2022-02-28π
Addedπ
- Added mTLS PeerAuthentication
- Added mTLS exception for defenders
[0.4.0-bb.0] - 2022-01-31π
Changedπ
- Updated to 22.01.840 image versions
- Added documentation for running on k3d
[0.3.0-bb.0] - 2022-01-31π
Changedπ
- Update Chart.yaml to follow new standardization for release automation
- Added renovate check to update new standardization
[0.2.0-bb.0] - 2022-01-18π
Changedπ
- Relocated bbtests from
test-values.yaml
tovalues.yaml
[0.1.0-bb.0] - 2021-12-14π
Addedπ
- Add annotations to console deployment
[0.0.12-bb.0] - 2021-11-22π
Changedπ
- Rename hostname to domain
[0.0.11-bb.0] - 2021-10-27π
Changedπ
- Add image pull policy for the console
[0.0.10-bb.0] - 2021-10-27π
Changedπ
- Updated console to version
21.08.520
- Updated renovate.json for defender image + appVersion
Addedπ
tests/images.txt
for package release CI- New network policy to allow for egress to twistlock upstream services
[0.0.9-bb.1] - 2021-10-18π
Changedπ
- VS API version to v1beta1 to solve deprecation
- @micah.nagel added to CODEOWNERS, @joshwolf removed
[0.0.9-bb.0] - 2021-09-10π
Addedπ
- Documentation link to PCC default configuration for version 21.04.412
- Network Policy template specifically for Defenders communication
- networkPolicies.nodeCidr value to explicity set ingress CIDR for Defender WebSocket connections
[0.0.8-bb.1] - 2021-08-26π
Addedπ
- Added istio sidecar scraping network policy
[0.0.8-bb.0] - 2021-08-16π
Addedπ
- Upgrade twistlock console to version 21.04.439
[0.0.7-bb.0] - 2021-08-09π
Addedπ
- Add conditional syslog audit integration for twistlock console.
[0.0.6-bb.2] - 2021-08-06π
Addedπ
- Add Resource limit and request.
[0.0.6-bb.1] - 2021-07-21π
Addedπ
- Add openshift toggle. If itβs set, add port 5353 egress rule.
[0.0.6-bb.0] - 2021-06-09π
Fixedπ
- Bug with istio network policy, allow egress in ns
[0.0.5-bb.0] - 2021-06-02π
Changedπ
- Network policy resource Templates
[0.0.4-bb.3] - 2021-06-01π
Addedπ
- Gluon test library dependency
Changedπ
- CI Test infrastructure. Migrating to helm tests with script capabilities.
[0.0.4-bb.2] - 2021-05-26π
Addedπ
- Network policy resource Templates
[0.0.4-bb.0] - 2021-05-12π
Addedπ
- Moved all resources into
chart/templates/console/
- Updated twistlock to 21.04.412
[0.0.3-bb.4] - 2021-04-06π
Addedπ
- Resource and Toleration Values
[0.0.3-bb.3] - 2021-04-05π
Changedπ
- Affinity values modified to standardize
[0.0.3-bb.2] - 2021-03-31π
Addedπ
- Values passthroughs for affinity and anti-affinity added
Changedπ
- Split out resources into separate yaml files
[0.0.3-bb.0] - 2021-02-12π
Addedπ
- Options under istio values to control labels, annotations, gateways and full URL modification for twistlock VirtualService.
Changedπ
- Position of βhostnameβ value in values, from βconsole.hostnameβ to toplevel βhostnameβ.
[0.0.2-bb.2] - 2021-02-11π
Addedπ
- imagePullSecret array to values.
Changedπ
- Image based on 20.12 version from IronBank.
[0.0.2-bb.1] - 2021-01-27π
Changedπ
- Updating all βdsop.ioβ URLs to βdso.milβ.
[0.0.2-bb.0] - 2020-12-15π
Addedπ
- Istio flag to enable VirtualService when true.
[0.0.1-bb.0] - 2020-06-15π
Addedπ
- Initial manifests for deploying Twistlock version 20.04.196.