Skip to content

Release Notes - 2.49.0πŸ“œ

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.30.3 (RKE2).

Upgrade NoticesπŸ“œ

  • Kyverno-policies - MR:
    • A new Kyverno Policy has been added which mutates pod specs to drop ALL capabilities in all containers if not already done. This policy works in tandem with the require-drop-all-capabilities policy to make it easier for SREs to securely deploy workloads to their clusters without having to explicitly modify the pod’s containers’ securityContexts to be compliant.
    • If Big Bang consumers are currently excluding certain workloads from the require-drop-all-capabilities policy due to incompatibilities with that policy, those exclusions should also be included for this new policy: add-default-capability-drop to avoid workload interruption.

Upgrades from previous releasesπŸ“œ

If coming from a version pre-2.48.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.48.0.

PackagesπŸ“œ

Package Type Package Version BB Version
Updated Alloy Addon 1.7.1 2.0.16-bb.0 πŸ”—
Updated Anchore Enterprise Addon 5.15.0 3.5.0-bb.1 πŸ”—
Updated Argocd Addon 2.14.3 7.8.7-bb.0 πŸ”—
Authservice Addon 1.0.4 1.0.4-bb.1
Cluster Auditor Core 0.0.7 1.5.0-bb.22
Eck Operator Core 2.16.1 2.16.1-bb.0
Elasticsearch Kibana Core Kibana 8.17.3 Elasticsearch 8.17.3 1.27.0-bb.0
Updated External Secrets Addon 0.14.3 0.14.3-bb.1 πŸ”—
Fluentbit Core 3.2.7 0.48.6-bb.0
Fortify Addon 24.4.2.0009 1.1.2320154-bb.22
Updated Gatekeeper Core 3.18.2 3.18.2-bb.1 πŸ”—
Updated Gitlab Addon 17.9.2 8.9.2-bb.0 πŸ”—
Updated Gitlab Runner Addon 17.8.0 0.73.0-bb.1 πŸ”—
Grafana Core 11.5.2 8.10.1-bb.0
Haproxy Addon 2.2.33 1.19.3-bb.10
Harbor Addon 2.11.0 1.16.1-bb.0
Holocron Addon 3.3.2 1.0.13
Istio Controlplane Core Istio 1.23.5 Tetrate Istio Distro 1.23.5 1.23.5-bb.0
Istio Operator Core Istio Operator 1.23.5 Tetrate Istio Distro Operator 1.23.5 1.23.5-bb.0
Updated Jaeger Core 1.62.0 2.57.0-bb.4 πŸ”—
Keycloak Addon 25.0.6 2.5.1-bb.6
Updated Kiali Core 2.6.0 2.6.0-bb.0 πŸ”—
Kyverno Core 1.13.4 3.3.6-bb.0
Updated Kyverno Policies Core 3.3.4 3.3.4-bb.3 πŸ”—
Kyverno Reporter Core 3.0.0 3.0.1-bb.2
Updated Loki Core 3.4.2 6.27.0-bb.0 πŸ”—
Updated Mattermost Addon 10.5.1 10.5.1-bb.3 πŸ”—
Mattermost Operator Addon 1.22.1 1.22.1-bb.1
Updated Metrics Server Addon 0.7.2 3.12.2-bb.2 πŸ”—
Updated Mimir BETA Addon '2.14.2' 5.5.1-bb.8 πŸ”—
Minio Addon RELEASE.2025-01-20T14-49-07Z 7.0.0-bb.2
Minio Operator Addon 7.0.0 7.0.0-bb.1
Updated Monitoring Core Prometheus 3.2.1 Grafana 11.5.2 Alertmanager 0.28.0 69.7.3-bb.0 πŸ”—
Neuvector Core 5.4.1 2.8.3-bb.1
Nexus Addon 3.75.0-06 75.0.0-bb.2
Promtail Core 3.4.2 6.16.6-bb.2
Sonarqube Addon 10.7.0-community 10.7.0-bb.0
Tempo Core Tempo 2.7.1 Tempo Query 2.7.1 1.18.2-bb.0
Updated Thanos Addon 0.37.2 15.9.1-bb.2 πŸ”—
Updated Twistlock Core 33.03.138 0.19.0-bb.3 πŸ”—
Updated Vault Addon 1.18.5 0.29.1-bb.9 πŸ”—
Velero Addon 1.15.2 8.3.0-bb.0
Wrapper Core N / A 0.4.12

Changes in 2.49.0πŸ“œ

Big Bang MRsπŸ“œ

  • !5877: PR-108
  • !5879: chore(ol-istio): removed unused gateway schema values
  • !5793: Mimir Disable limit on max_global_series_per_user
  • !5846: feat(istio): added iterable gateways
  • !5856: remove unnecessary enabled entries
  • !5849: Resolve β€œEnable driftDetection for Storage and Collab packages”

AlloyπŸ“œ

  • !5886: alloy update to 2.0.16-bb.0
  • !5876: alloy update to 2.0.4-bb.1
# Changelog Updates

## [2.0.16-bb.0] - 2025-03-07
### Changed
- k8s-monitoring updated from 2.0.4 to 2.0.16
- Alloy updated from 1.5.1 to 1.7.1
- configmap-reload updated from v0.12.0 to v0.14.0

## [2.0.4-bb.1] - 2025-02-20
### Changed
- add default value of enableReporting to false to disable reaching out to internet

Anchore EnterpriseπŸ“œ

  • !5895: anchore update to 3.5.0-bb.1
  • !5865: anchore update to 3.5.0-bb.0
# Changelog Updates

## [3.5.0-bb.1] - 2025-03-12
### Changed
- Added Dynamic Network Policy

## [3.5.0-bb.0] - 2025-03-07
### Changed
- Updated Anchore Enterprise chart to `3.5.0`
- Updated Anchore Enterprise tag to `5.15.0`
- Updated Anchore Enterprise UI tag to `5.15.0`

ArgocdπŸ“œ

  • !5906: update argocd 7.8.7-bb.0
# Changelog Updates

## [7.8.7-bb.0] - 2025-03-05
### Changed
- registry1.dso.mil/ironbank/big-bang/argocd v2.14.2 -> v2.14.3
- ironbank/big-bang/argocd v2.14.2 -> v2.14.3

External SecretsπŸ“œ

  • !5884: externalSecrets update to 0.14.3-bb.1
# Changelog Updates

## [0.14.3-bb.1] - 2025-03-11
### Changed
- Resolve errors from enabling drift detection for ESO

GatekeeperπŸ“œ

  • !5813: gatekeeper update to 3.18.2-bb.1
# Changelog Updates

## [3.18.2-bb.1] - 2025-02-21
### Changed
- Updated gluon from 0.5.12 to 0.5.14
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl from v1.29.12 -> v1.30.10

GitlabπŸ“œ

  • !5898: gitlab update to 8.9.2-bb.0
# Changelog Updates

## [8.9.2-bb.0] - 2025-03-17
### Changed
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.67.0 -> v1.68.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.9.1 -> 17.9.2

## [8.9.1-bb.1] - 2025-03-06
### Changed
- Added configuration for dynamic network policy support

Gitlab RunnerπŸ“œ

  • !5874: SKIP UPGRADE gitlabRunner update to 0.73.0-bb.1
# Changelog Updates

## [0.73.0-bb.1] - 2025-03-06
### Changed
- Changed cypress test to use  data-testid

JaegerπŸ“œ

  • !5878: jaeger update to 2.57.0-bb.4
  • !5871: jaeger update to 2.57.0-bb.3
# Changelog Updates

## [2.57.0-bb.4] - 2025-03-11
### Updated
- jaegertracing/jaeger-collector 1.65.0 -> 1.66.0
- jaegertracing/jaeger-es-index-cleaner 1.65.0 -> 1.67.0
- jaegertracing/jaeger-ingester 1.65.0 -> 1.66.0
- jaegertracing/jaeger-query 1.65.0 -> 1.66.0
- kubernetes/kubectl v1.30.9 -> v1.30.10

## [2.57.0-bb.3] - 2025-03-10
### Add
- Istio Operator-less network policy support

KialiπŸ“œ

  • !5873: kiali update to 2.6.0-bb.0
# Changelog Updates

## [2.6.0-bb.0] - 2026-03-10
### Updated
- Updated Kiali and Kiali-operator to v2.6.0

Kyverno PoliciesπŸ“œ

  • !5718: kyvernoPolicies update to 3.3.4-bb.3
# Changelog Updates

## [3.3.4-bb.3] - 2025-01-21
### Changed
- Added `add-default-capability-drop` policy

## [3.3.4-bb.2] - 2024-12-15
### Changed
- Added `additionalPolicyExceptions` to values.yaml
- Added `additional-PolicyExceptions.yaml`

LokiπŸ“œ

  • !5860: loki update to 6.27.0-bb.0
# Changelog Updates

## [6.27.0-bb.0] - 2025-03-05
### Changed
- docker.io/grafana/loki-canary 3.3.2 -> 3.4.2
- minio-instance 6.0.4-bb.2 -> 7.0.0-bb.2
- registry1.dso.mil/ironbank/grafana/grafana-enterprise-logs v3.3.0 -> v3.4.1
- registry1.dso.mil/ironbank/ironbank/opensource/grafana/enterprise-logs-provisioner 3.4.0 -> 3.4.1
- registry1.dso.mil/ironbank/opensource/grafana/loki 3.3.2 -> 3.4.2
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.30.9 -> v1.30.10
- registry1.dso.mil/ironbank/opensource/memcached/memcached 1.6.36 -> 1.6.37

MattermostπŸ“œ

  • !5902: mattermost update to 10.5.1-bb.3
# Changelog Updates

## [10.5.1-bb.3] - 2025-03-13
### Changed
- ironbank/opensource/kubernetes/kubectl updated from v1.30.10 to v1.30.11

Metrics ServerπŸ“œ

  • !5870: metricsServer update to 3.12.2-bb.2
# Changelog Updates

## [3.12.2-bb.2] - 2025-03-07
### Upgraded
- Update kubectl `1.29.8` -> `1.30.10`
- Update gluon `0.5.4` -> `0.5.14`
- Update addon-resizer `1.8.21` -> `1.8.23`

MimirπŸ“œ

  • !5915: mimir update to 5.5.1-bb.8
  • !5882: mimir update to 5.5.1-bb.7
# Changelog Updates

## [5.5.1-bb.8] - 2025-03-19
### Added
- Added minio label to existing netpol to allow istio-proxy scraping

## [5.5.1-bb.7] - 2025-03-11
### Added
- Added network policy to allow prometheus scraping on port 15020 for the istio-proxy podMonitors

MonitoringπŸ“œ

  • !5891: monitoring update to 69.7.3-bb.0
# Changelog Updates

## [69.7.3-bb.0] - 2025-03-05
### Updated
- Updated grafana-plugins 11.4.0 -> 11.5.2
- Updated k8s-sidecar 1.29.0 -> 1.30.0
- Updated kube-state-metrics v2.14.0 -> v2.15.0
- Updated kubectl v1.30.9 -> v1.30.10
- Updated prometheus-config-reloader v0.79.2 -> v0.80.1
- Updated prometheus-operator v0.79.2 -> v0.80.1
- Updated alertmanager v0.27.0 -> v0.28.0
- Updated node-exporter v1.8.2 -> v1.9.0
- Updated prometheus v3.1.0 -> v3.2.1
- Updated snmp_exporter v0.27.0 -> v0.28.0

ThanosπŸ“œ

  • !5880: thanos update to 15.9.1-bb.2
# Changelog Updates

## [15.9.1-bb.2] - 2025-03-07
### Upgraded
- Upgraded kutectl from `1.30.9` to `1.30.10`
- Upgraded bitnami-common `2.29.1` to `2.30.0`

TwistlockπŸ“œ

  • !5903: Add dynamic network policy for twistlock
  • !5894: twistlock update to 0.19.0-bb.3
  • !5757: twistlock update to 0.19.0-bb.0 (twistlock v33.03.138)
# Changelog Updates

## [0.19.0-bb.3] - 2025-03-14
### Changed
- Added Istio Operator-less network policy support

## [0.19.0-bb.2] - 2025-03-12
### Changed
- Edited contrib script `twistlock-defenders.sh` and `chart/scripts/contrib/scripts/il2-bb-sil-prod-example.env` env file to allow manual deployment of twistlock to support multi-cluster scenarios.

## [0.19.0-bb.0] - 2025-02-01
### Changed
- gluon updated from 0.5.12 to 0.5.14
- ironbank/opensource/kubernetes/kubectl updated from v1.30.7 to v1.30.9
- ironbank/twistlock/console/console updated from 33.01.137 to 33.03.138
- ironbank/twistlock/defender/defender updated from 33.01.137 to 33.03.138

VaultπŸ“œ

  • !5848: vault update to 0.29.1-bb.9
# Changelog Updates

## [0.29.1-bb.9] - 2025-02-28
### Changed
- registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s (source) v1.6.1 -> v1.6.2

Known IssuesπŸ“œ

  • Kyverno-Reporter - ISSUE
    • there is currently a bug within the prometheus Kyverno Reporter (serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0) target Workaround Steps
      • set both the default-istio-system and policy-reporter-default peerauthentication’s to PERMISSIVE 
            kubectl edit peerauthentication default-istio-system -n istio-system
    kubectl edit peerauthentication policy-reporter-default -n kyverno-reporter

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

FutureπŸ“œ

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.