Skip to content

ChangelogπŸ“œ

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.18.0-bb.1] - 2025-01-24πŸ“œ

ChangedπŸ“œ

  • remove upgrade-job

[0.18.0-bb.0] - 2024-11-26πŸ“œ

ChangedπŸ“œ

  • gluon updated from 0.5.8 to 0.5.12
  • ironbank/opensource/kubernetes/kubectl updated from v1.30.6 to v1.30.7
  • ironbank/twistlock/console/console updated from 32.07.123 to 33.01.137
  • ironbank/twistlock/defender/defender updated from 32.07.123 to 33.01.137
  • Added the maintenance track annotation and badge

[0.17.0-bb.2] - 2024-11-05πŸ“œ

ChangedπŸ“œ

  • Created the upgrade job for the label changes
  • Brought back the changes from 0.16.0-bb.4
  • Updated the volume upgrade job to be compatible with the upgrade job

[0.17.0-bb.1] - 2024-11-04πŸ“œ

AddedπŸ“œ

  • Added contributor scripts folder to allow for further setup of Twistlock deployments

[0.17.0-bb.0] - 2024-10-31πŸ“œ

ChangedπŸ“œ

  • ironbank/opensource/kubernetes/kubectl updated from v1.29.6 to v1.30.5
  • ironbank/twistlock/console/console updated from 32.03.125 to 32.07.123
  • ironbank/twistlock/defender/defender updated from 32.03.125 to 32.07.123

[0.16.0-bb.5] - 2024-10-30πŸ“œ

ChangedπŸ“œ

  • reverting the changes made in the previous release, they will come back later with a better upgrade process

[0.16.0-bb.4] - 2024-10-08πŸ“œ

ChangedπŸ“œ

  • Updated gluon to 0.5.8
  • refactored helpers to standardize labels
  • Updated the wait script
  • Added kiali labels
  • Added more stability to the cypress tests

[0.16.0-bb.3] - 2024-10-07πŸ“œ

ChangedπŸ“œ

  • Adds podsLabel input value and parses it through tpl

[0.16.0-bb.2] - 2024-09-10πŸ“œ

ChangedπŸ“œ

  • gluon updated from 0.5.3 to 0.5.4
  • Add gluon wait script

[0.16.0-bb.1] - 2024-08-13πŸ“œ

ChangedπŸ“œ

  • gluon updated from 0.5.2 to 0.5.3
  • ironbank/twistlock/defender/defender updated from 32.01.128 to 32.03.125

[0.16.0-bb.0] - 2024-07-27πŸ“œ

ChangedπŸ“œ

  • gluon updated from 0.5.0 to 0.5.2
  • ironbank/twistlock/console/console updated from 32.01.128 to 32.03.125

[0.15.0-bb.17] - 2024-07-25πŸ“œ

ChangedπŸ“œ

  • Added app and version labels to defender pods to conform to Kiali requirements
  • Updated docs/DEVELOPMENT_MAINTENANCE.md Modifications made to upstream section to reflect changes

[0.15.0-bb.16] - 2024-07-19πŸ“œ

ChangedπŸ“œ

  • Reduced Twistlock Defender Daemonsets resource request and limit to 2 CPU/2Gi RAM

[0.15.0-bb.15] - 2024-07-12πŸ“œ

ChangedπŸ“œ

  • Removed redundant entries in package test-values.yaml already in package values.yaml

[0.15.0-bb.14] - 2024-07-02πŸ“œ

ChangedπŸ“œ

  • Removed the shared authorization policies

[0.15.0-bb.13] - 2024-06-19πŸ“œ

ChangedπŸ“œ

  • Fixed resource requests and limits for Defender DaemonSet
  • Added DNS SAN init script

[0.15.0-bb.12] - 2024-06-05πŸ“œ

AddedπŸ“œ

  • Added Cypress tests

[0.15.0-bb.11] - 2024-05-22πŸ“œ

ChangedπŸ“œ

  • Add resource requests and limits for Defender DaemonSet

[0.15.0-bb.10] - 2024-05-15πŸ“œ

ChangedπŸ“œ

  • Add Priority Class argument for defenders

[0.15.0-bb.9] - 2024-05-15πŸ“œ

ChangedπŸ“œ

  • Fixed minor typo error on twistlock/allow-sidecar-scraping

[0.15.0-bb.8] - 2024-05-10πŸ“œ

ChangedπŸ“œ

  • gluon updated from 0.4.9 to 0.5.0

[0.15.0-bb.7] - 2024-04-30πŸ“œ

ChangedπŸ“œ

  • Updated security capabilities for defender

[0.15.0-bb.6] - 2024-04-18πŸ“œ

ChangedπŸ“œ

  • Updated grafana dashboards to be compatible with Thanos

[0.15.0-bb.5] - 2024-04-10πŸ“œ

ChangedπŸ“œ

  • gluon updated from 0.4.8 to 0.4.9

[0.15.0-bb.4] - 2024-03-29πŸ“œ

ChangedπŸ“œ

  • Updated resources values for defender to match and follow Guaranteed QoS

[0.15.0-bb.3] - 2024-03-13πŸ“œ

ChangedπŸ“œ

  • Added Istio Sidecar to restrict egress traffic to REGISTRY_ONLY
  • Added Istio ServiceEntry to explicitly allow egress

[0.15.0-bb.2] - 2024-03-11πŸ“œ

ChangedπŸ“œ

  • Updated security context for defender
  • Updated resources for defender containers

[0.15.0-bb.1] - 2024-03-04πŸ“œ

ChangedπŸ“œ

  • Openshift update for deploying Twistlock into Openshift cluster

[0.15.0-bb.0] - 2024-02-08πŸ“œ

ChangedπŸ“œ

  • ironbank/twistlock/console/console updated from 31.03.103 to 32.01.128
  • ironbank/twistlock/defender/defender updated from 31.03.103 to 32.01.128

[0.14.0-bb.2] - 2024-02-08πŸ“œ

AddedπŸ“œ

  • Added istio allow-nothing policy
  • Added istio allow-ingress policy
  • Added istio allow-tempo policy
  • Added istio allow-defender-to-console-port policy
  • Added allow-scraping policy
  • Added allow-sidecar-scraping policy
  • Added istio custom policy template

[0.14.0-bb.1] - 2024-02-08πŸ“œ

ChangedπŸ“œ

  • Bumped default memory from 2Gi to 3Gi
  • gluon updated from 0.4.7 to 0.4.8

[0.14.0-bb.0] - 2024-01-26πŸ“œ

ChangedπŸ“œ

  • gluon updated from 0.4.6 to 0.4.7
  • ironbank/twistlock/console/console updated from 30.02.123 to 31.03.103
  • ironbank/twistlock/defender/defender updated from 30.02.123 to 31.03.103

[0.13.0-bb.10] - 2023-11-30πŸ“œ

ChangedπŸ“œ

  • Updating OSCAL Component File.

[0.13.0-bb.9] - 2023-11-27πŸ“œ

ChangedπŸ“œ

  • Updated PVC ironbank/big-bang/base updated from 2.0.0 to 2.1.0

[0.13.0-bb.8] - 2023-11-08πŸ“œ

ChangedπŸ“œ

  • ironbank/big-bang/base updated from 2.0.0 to 2.1.0

[0.13.0-bb.7] - 2023-11-07πŸ“œ

ChangedπŸ“œ

  • gluon updated from 0.4.1 to 0.4.4

[0.13.0-bb.6] - 2023-11-01πŸ“œ

ChangedπŸ“œ

  • Increase init job memory limit

[0.13.0-bb.5] - 2023-10-18πŸ“œ

ChangedπŸ“œ

  • Changed test url now that istio/ssl is configured to handle https

[0.13.0-bb.4] - 2023-10-17πŸ“œ

AddedπŸ“œ

  • Added appProtocol to service.yaml port 8083 definition to use istio explicit protocol selection
  • Removed all files related to Cypress testing, using the scriopt for testing goign forward

[0.13.0-bb.3] - 2023-10-11πŸ“œ

ChangedπŸ“œ

  • OSCAL version update from 1.0.0 to 1.1.1

[0.13.0-bb.2] - 2023-10-05πŸ“œ

ChangedπŸ“œ

  • gluon updated from 0.4.0 to 0.4.1
  • Updated Cypress to version 13.0.0
  • Changed the Cypress file structure
  • Changed to use the script for e2e testing instead of Cypress

[0.13.0-bb.1] - 2023-09-15πŸ“œ

ChangedπŸ“œ

  • Support for group assertion for SSO through Init script

[0.13.0-bb.0] - 2023-09-01πŸ“œ

ChangedπŸ“œ

  • ironbank/twistlock/console/console updated from 22.12.415 to 30.02.123
  • ironbank/twistlock/defender/defender updated from 22.12.415 to 30.02.123

[0.12.0-bb.5] - 2023-06-22πŸ“œ

ChangedπŸ“œ

  • Setting new variable for cypress test timeout
  • If no value is given it will use default timeout value.

[0.12.0-bb.4] - 2023-06-22πŸ“œ

ChangedπŸ“œ

  • Updated gluon from 0.3.2 -> 0.4.0

[0.12.0-bb.3] - 2023-06-20πŸ“œ

ChangedπŸ“œ

  • Changed chart/values.yaml to nest serviceMonitor under monitoring

[0.12.0-bb.2] - 2023-05-31πŸ“œ

ChangedπŸ“œ

  • Changed chart/Chart.yaml condition

[0.12.0-bb.1] - 2023-05-11πŸ“œ

AddedπŸ“œ

  • Added TLDR documentation for Container Models

[0.12.0-bb.0] - 2023-02-17πŸ“œ

ChangedπŸ“œ

  • ironbank/twistlock/console/console updated from 22.06.197 to 22.12.415
  • ironbank/twistlock/defender/defender updated from 22.06.197 to 22.12.415

[0.11.4-bb.3] - 2023-02-09πŸ“œ

ChangedπŸ“œ

  • Add init job resources values and templating

[0.11.4-bb.2] - 2022-01-17πŸ“œ

ChangedπŸ“œ

  • Update gluon to new registry1 location + latest version (0.3.2)

[0.11.4-bb.1] - 2022-12-05πŸ“œ

FixedπŸ“œ

  • Quote value for privileged for stringData

AddedπŸ“œ

  • Add docs for WAAS

[0.11.4-bb.0] - 2022-11-17πŸ“œ

AddedπŸ“œ

  • Added Grafana dasboards

[0.11.3-bb.2] - 2022-10-20πŸ“œ

ChangedπŸ“œ

  • Modified volume job to add retries on chown + exit with error properly

[0.11.3-bb.1] - 2022-10-14πŸ“œ

AddedπŸ“œ

  • Added drop security context capability to defender and console

[0.11.3-bb.0] - 2022-10-12πŸ“œ

AddedπŸ“œ

  • Configurable trusted image policy via init job

[0.11.2-bb.0] - 2022-10-06πŸ“œ

FixedπŸ“œ

  • Added affinity for volume upgrade job
  • Set job to run by default
  • Add resources for volume job, modify wait logic to handle edge cases with unhealthy console

[0.11.1-bb.0] - 2022-10-02πŸ“œ

ChangedπŸ“œ

  • increase Mem for console to 2gb

[0.11.0-bb.0] - 2022-09-27πŸ“œ

AddedπŸ“œ

  • Set Twistlock console to run as nonroot
  • Added upgrade option for those with local volumes through the volume-upgrade-job

[0.10.0-bb.2] - 2022-09-22πŸ“œ

AddedπŸ“œ

  • Enable mTLS for Twistlock metrics
  • Updated Gluon to 0.3.1

[0.10.0-bb.1] - 2022-09-02πŸ“œ

AddedπŸ“œ

  • Add support for SAML SSO via init script

[0.10.0-bb.0] - 2022-08-26πŸ“œ

ChangedπŸ“œ

  • Updated console and defender to 22.06.197

[0.9.1-bb.0] - 2022-09-01πŸ“œ

AddedπŸ“œ

  • Conditional PrometheusRule template for Defender count alerts fulfilled by the monitoring stack

[0.9.0-bb.4] - 2022-08-15πŸ“œ

FixedπŸ“œ

  • Update Defender’s daemonSet to support/add tolerations

[0.9.0-bb.3] - 2022-06-30πŸ“œ

FixedπŸ“œ

  • Fixed handling of metrics/servicemonitor + creation of user for metrics
  • Adjust job TTL to 30 minutes to provide time for viewing debug logging

[0.9.0-bb.2] - 2022-07-04πŸ“œ

UpdatedπŸ“œ

  • Make Twistlock more customization via values.yaml

[0.9.0-bb.1] - 2022-06-28πŸ“œ

UpdatedπŸ“œ

  • Updated bb base image to 2.0.0
  • Updated gluon to 0.2.10

[0.9.0-bb.0] - 2022-06-16πŸ“œ

UpdatedπŸ“œ

  • Updated to 22.06.179 (console and defender)
  • Updated to latest gluon library + latest base image

[0.8.0-bb.0] - 2022-06-10πŸ“œ

AddedπŸ“œ

  • Added oscal-component.yaml

[0.7.0-bb.0] - 2022-05-05πŸ“œ

AddedπŸ“œ

  • Added initialization job to setup users, license, defenders, policies, and other misc settings

ChangedπŸ“œ

  • Refactored names and labels to use _helpers.tpl
  • Added labels to all resources

[0.6.0-bb.0] - 2022-05-03πŸ“œ

ChangedπŸ“œ

  • Updated twistlock image to 22.01.880

[0.5.0-bb.0] - 2022-03-24πŸ“œ

AddedπŸ“œ

  • Added Tempo Zipkin Egress Policy

[0.4.0-bb.1] - 2022-02-28πŸ“œ

AddedπŸ“œ

  • Added mTLS PeerAuthentication
  • Added mTLS exception for defenders

[0.4.0-bb.0] - 2022-01-31πŸ“œ

ChangedπŸ“œ

  • Updated to 22.01.840 image versions
  • Added documentation for running on k3d

[0.3.0-bb.0] - 2022-01-31πŸ“œ

ChangedπŸ“œ

  • Update Chart.yaml to follow new standardization for release automation
  • Added renovate check to update new standardization

[0.2.0-bb.0] - 2022-01-18πŸ“œ

ChangedπŸ“œ

  • Relocated bbtests from test-values.yaml to values.yaml

[0.1.0-bb.0] - 2021-12-14πŸ“œ

AddedπŸ“œ

  • Add annotations to console deployment

[0.0.12-bb.0] - 2021-11-22πŸ“œ

ChangedπŸ“œ

  • Rename hostname to domain

[0.0.11-bb.0] - 2021-10-27πŸ“œ

ChangedπŸ“œ

  • Add image pull policy for the console

[0.0.10-bb.0] - 2021-10-27πŸ“œ

ChangedπŸ“œ

  • Updated console to version 21.08.520
  • Updated renovate.json for defender image + appVersion

AddedπŸ“œ

  • tests/images.txt for package release CI
  • New network policy to allow for egress to twistlock upstream services

[0.0.9-bb.1] - 2021-10-18πŸ“œ

ChangedπŸ“œ

  • VS API version to v1beta1 to solve deprecation
  • @micah.nagel added to CODEOWNERS, @joshwolf removed

[0.0.9-bb.0] - 2021-09-10πŸ“œ

AddedπŸ“œ

  • Documentation link to PCC default configuration for version 21.04.412
  • Network Policy template specifically for Defenders communication
  • networkPolicies.nodeCidr value to explicity set ingress CIDR for Defender WebSocket connections

[0.0.8-bb.1] - 2021-08-26πŸ“œ

AddedπŸ“œ

  • Added istio sidecar scraping network policy

[0.0.8-bb.0] - 2021-08-16πŸ“œ

AddedπŸ“œ

  • Upgrade twistlock console to version 21.04.439

[0.0.7-bb.0] - 2021-08-09πŸ“œ

AddedπŸ“œ

  • Add conditional syslog audit integration for twistlock console.

[0.0.6-bb.2] - 2021-08-06πŸ“œ

AddedπŸ“œ

  • Add Resource limit and request.

[0.0.6-bb.1] - 2021-07-21πŸ“œ

AddedπŸ“œ

  • Add openshift toggle. If it’s set, add port 5353 egress rule.

[0.0.6-bb.0] - 2021-06-09πŸ“œ

FixedπŸ“œ

  • Bug with istio network policy, allow egress in ns

[0.0.5-bb.0] - 2021-06-02πŸ“œ

ChangedπŸ“œ

  • Network policy resource Templates

[0.0.4-bb.3] - 2021-06-01πŸ“œ

AddedπŸ“œ

  • Gluon test library dependency

ChangedπŸ“œ

  • CI Test infrastructure. Migrating to helm tests with script capabilities.

[0.0.4-bb.2] - 2021-05-26πŸ“œ

AddedπŸ“œ

  • Network policy resource Templates

[0.0.4-bb.0] - 2021-05-12πŸ“œ

AddedπŸ“œ

  • Moved all resources into chart/templates/console/
  • Updated twistlock to 21.04.412

[0.0.3-bb.4] - 2021-04-06πŸ“œ

AddedπŸ“œ

  • Resource and Toleration Values

[0.0.3-bb.3] - 2021-04-05πŸ“œ

ChangedπŸ“œ

  • Affinity values modified to standardize

[0.0.3-bb.2] - 2021-03-31πŸ“œ

AddedπŸ“œ

  • Values passthroughs for affinity and anti-affinity added

ChangedπŸ“œ

  • Split out resources into separate yaml files

[0.0.3-bb.0] - 2021-02-12πŸ“œ

AddedπŸ“œ

  • Options under istio values to control labels, annotations, gateways and full URL modification for twistlock VirtualService.

ChangedπŸ“œ

  • Position of β€œhostname” value in values, from β€œconsole.hostname” to toplevel β€œhostname”.

[0.0.2-bb.2] - 2021-02-11πŸ“œ

AddedπŸ“œ

  • imagePullSecret array to values.

ChangedπŸ“œ

  • Image based on 20.12 version from IronBank.

[0.0.2-bb.1] - 2021-01-27πŸ“œ

ChangedπŸ“œ

  • Updating all β€œdsop.io” URLs to β€œdso.mil”.

[0.0.2-bb.0] - 2020-12-15πŸ“œ

AddedπŸ“œ

  • Istio flag to enable VirtualService when true.

[0.0.1-bb.0] - 2020-06-15πŸ“œ

AddedπŸ“œ

  • Initial manifests for deploying Twistlock version 20.04.196.