Release Notes - 2.50.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.30.3 (RKE2).

Deprecation Notice📜

Grafana Promtail has been deprecated and will be removed in a future Big Bang release. Big Bang will be migrating to Grafana Alloy as the core log aggregator.

Please plan to migrate your Promtail configurations to Alloy using Grafana’s documented procedure.

We will be launching a soft migration as part of Big Bang 3.0 from Promtail to Alloy. Big Bang will cease to support Promtail by version 3.05, wherein by that time all Promtail configurations should be converted to Grafana Alloy.

Upgrade Notices📜

Alloy - MR:
- Important: If Alloy package is enabled (addons.alloy.enabled set to true) in Big Bang values.yaml, upgrading to Alloy to 2.0.16-bb.1 requires migrating the Alloy package from the monitoring namespace to its own alloy namespace. Due to how Flux handles HelmRelease updates, some lingering resources will not be automatically removed. These resources must be deleted manually or through automation.
- The Alloy autoRollingUpgrade feature provides an automated upgrade job that deletes any resources with the helm.toolkit.fluxcd.io/name=alloy label in the monitoring namespace. This migration process completely removes Alloy from the monitoring namespace and performs a clean installation in the new alloy namespace.
- The autoRollingUpgrade.enabled is set to true by default in the Alloy values.yaml in which case, no additional action is required. However, a brief outage is expected during the upgrade as the Alloy migration is applied.
- If you prefer to disable the upgrade job and manually complete the pre-upgrade steps, set addons.alloy.values.autoRollingUpgrade.enabled=false in Big Bang values.yaml and follow the steps outlined below. The following commands assume that the Alloy package is deployed in the default Big Bang monitoring namespace. Verify the namespace of your Alloy deployment before proceeding.
Istio-controlplane - MR:
- Classification banners: This version of the istio control plane includes a bundled EnvoyFilter that makes it simple to add classification banners to any of your workloads.
Kyverno-policies - MR:
- This is a new feature to test policy exceptions before potentially making them permanent or to allow one off exceptions to those who accept the risks. The policy exceptions feature is disabled by default and can be enabled only for specific namespaces. As a result, by default this feature is only enabled for a specific namespace within test-values.yaml:
```
features:
  policyexceptions:
    enabled: true
    # -- Restrict policy exceptions to a single namespace
    namespace: 'kyverno'
```
- This can be enabled within kyverno for those who accept the risks by setting the feature to be enabled within values.yaml and then editing the desired namespace for allowed exceptions, or by passing in an override with the above yaml snippit as an example. Once enabled, there’s a sample policyexception in the kyverno-policies values.yaml that can then be overwritten. Another example, exists within the test-values.yaml that was used to test the feature.

Upgrades from previous releases📜

If coming from a version pre-2.49.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.49.0.

Packages📜

Package	Type	Package Version	BB Version
Alloy	Addon	`1.7.1`	`2.0.16-bb.2` 🔗
Anchore Enterprise	Addon	`5.15.0`	`3.5.0-bb.1`
Argocd	Addon	`2.14.5`	`7.8.11-bb.0` 🔗
Authservice	Addon	`1.0.4`	`1.0.4-bb.1`
Bbctl	Core	N / A	`1.0.0-bb.2`
Cluster Auditor	Core	`0.0.7`	`1.5.0-bb.22`
Eck Operator	Core	`2.16.1`	`2.16.1-bb.1` 🔗
Elasticsearch Kibana	Core	Kibana `8.17.4` Elasticsearch `8.17.4`	`1.28.0-bb.2` 🔗
External Secrets	Addon	`0.14.4`	`0.14.4-bb.0` 🔗
Fluentbit	Core	`3.2.9`	`0.48.9-bb.0` 🔗
Fortify	Addon	`24.4.2.0009`	`1.1.2320154-bb.24` 🔗
Gatekeeper	Core	`3.18.2`	`3.18.2-bb.4` 🔗
Gitlab	Addon	`17.10.1`	`8.10.1-bb.0` 🔗
Gitlab Runner	Addon	`17.8.0`	`0.73.0-bb.2` 🔗
Grafana	Core	`11.5.2`	`8.10.4-bb.0` 🔗
Haproxy	Addon	`2.2.33`	`1.19.3-bb.10`
Harbor	Addon	`2.11.0`	`1.16.1-bb.0`
Istio Controlplane	Core	Istio `1.23.5` Tetrate Istio Distro `1.23.5`	`1.23.5-bb.1` 🔗
Istio Operator	Core	Istio Operator `1.23.5` Tetrate Istio Distro Operator `1.23.5`	`1.23.5-bb.0`
Jaeger	Core	`1.62.0`	`2.57.0-bb.6` 🔗
Keycloak	Addon	`25.0.6`	`2.5.1-bb.6`
Kiali	Core	`2.6.0`	`2.6.0-bb.0`
Kyverno	Core	`1.13.4`	`3.3.6-bb.0`
Kyverno Policies	Core	`3.3.4`	`3.3.4-bb.6` 🔗
Kyverno Reporter	Core	`3.0.3`	`3.0.3-bb.1` 🔗
Loki	Core	`3.4.2`	`6.27.0-bb.1` 🔗
Mattermost	Addon	`10.6.1`	`10.6.1-bb.4` 🔗
Mattermost Operator	Addon	`1.22.1`	`1.22.1-bb.1`
Metrics Server	Addon	`0.7.2`	`3.12.2-bb.3` 🔗
Mimir	Addon	`'2.14.2'`	`5.5.1-bb.11` 🔗
Minio	Addon	`RELEASE.2025-01-20T14-49-07Z`	`7.0.0-bb.4` 🔗
Minio Operator	Addon	`7.0.1`	`7.0.1-bb.2` 🔗
Monitoring	Core	Prometheus `3.2.1` Grafana `11.5.2` Alertmanager `0.28.0`	`69.7.3-bb.1` 🔗
Neuvector	Core	`5.4.1`	`2.8.3-bb.1`
Nexus	Addon	`3.75.0-06`	`75.0.0-bb.2`
Promtail	Core	`3.4.2`	`6.16.6-bb.2`
Sonarqube	Addon	`10.7.0-community`	`10.7.0-bb.1` 🔗
Tempo	Core	Tempo `2.7.1` Tempo Query `2.7.1`	`1.18.3-bb.0` 🔗
Thanos	Addon	`0.37.2`	`15.9.1-bb.3` 🔗
Twistlock	Core	`33.03.138`	`0.19.0-bb.5` 🔗
Vault	Addon	`1.18.5`	`0.29.1-bb.10` 🔗
Velero	Addon	`1.15.2`	`8.4.0-bb.1` 🔗
Wrapper	Core	N / A	`0.4.12`

Changes in 2.50.0📜

Big Bang MRs📜

!5985: Resolve “Remove Holocron from BB Packages”
!5963: Resolve “Update Umbrella Template for Kyverno Reporter”
!5949: update istio package repo urls
!5918: change big-bang base container to latest 2.1.0 in test_values.yaml

Alloy📜

!5925: alloy update to 2.0.16-bb.1
!5941: Add service monitor to Alloy/values.yaml
!5939: alloy update to 2.0.16-bb.2
!5924: monitoring update to 69.7.3-bb.1

# Changelog Updates

## [2.0.16-bb.2] - 2025-03-21
### Added
- Added `alloy-logs` and `podLogs` configurations to send logs to Loki

### Changed
- Disabled alloyReceiver and applicationObservability features by default.

## [2.0.16-bb.1] - 2025-03-18
### Added
- Upgrade job that removes any lingering resources in the monitoring namespace after migrating to its own namespace
- Modified netpol/authpol labels from `app.kubernetes.io/name: alloy-metrics` to `app.kubernetes.io/instance: alloy`

Argocd📜

!6000: argocd update to 7.8.11-bb.0

# Changelog Updates

## [7.8.10-bb.0] - 2025-03-31
### Changed
- redis 20.6.2 -> 20.11.4
- registry1.dso.mil/ironbank/big-bang/argocd v2.14.3 -> v2.14.5
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.67.0 -> v1.69.0

## [7.8.7-bb.1] - 2025-03-05
### Changed
- Adding dynamic namespace support in network policy for operatorless Istio compability

Eck Operator📜

!5998: eckOperator update to 2.16.1-bb.1

# Changelog Updates

## [2.16.1-bb.1] - 2025-3-21
### Added
- Added dnymaic network policy support for operatorless istio

Elasticsearch Kibana📜

!5991: elasticsearchKibana update to 1.28.0-bb.2
!5990: elasticsearchKibana update to 1.28.0-bb.1

# Changelog Updates

## [1.28.0-bb.2] - 2025-03-28
### Changed
- registry1.dso.mil/ironbank/stedolan/jq updated from 1.7.0 to 1.7.1

## [1.28.0-bb.1] - 2025-03-28
### Added
- Added dynamic NetworkPolicy support for Istio Operatorless

## [1.28.0-bb.0] - 2025-03-26
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.17.3 to 8.17.4
- ironbank/elastic/kibana/kibana updated from 8.17.3 to 8.17.4
- ironbank/opensource/bitnami/elasticsearch-exporter updated from 1.8.0 to 1.9.0
- ironbank/opensource/kubernetes/kubectl updated from v1.30.10 to v1.30.11

External Secrets📜

!5901: externalSecrets update to 0.14.4-bb.0

# Changelog Updates

## [0.14.4-bb.0] - 2025-03-12
### Changed
- registry1.dso.mil/ironbank/opensource/external-secrets/external-secrets v0.14.3 -> v0.14.4

Fluentbit📜

!5962: fluentbit update to 0.48.9-bb.0
!5958: fluentbit update to 0.48.6-bb.1

# Changelog Updates

## [0.48.9-bb.0] - 2025-03-27
### Updated
- ironbank/opensource/fluent/fluent-bit updated from 3.2.7 to 3.2.9

## [0.48.6-bb.1] - 2025-03-14
### Added
- Added dynamic network policy support for istio egress

Fortify📜

!5989: fortify update to 1.1.2320154-bb.24
!5944: fortify update to 1.1.2320154-bb.23

# Changelog Updates

## [1.1.2320154-bb.24] - 2025-03-28
### Changed
- Updated google/golang/golang-1.20 -> google/golang/ubi9/golang-1.24

## [1.1.2320154-bb.23] - 2025-03-21
### Changed
- Enabled dynamic network policy for istio

Gatekeeper📜

!5926: gatekeeper update to 3.18.2-bb.4

# Changelog Updates

## [3.18.2-bb.4] - 2025-03-20
### Changed
- updating chart/README.md

## [3.18.2-bb.3] - 2025-03-20
### Changed
- update chart/README.md to sync with upstream

Gitlab📜

!5992: gitlab update to 8.10.1-bb.0
!5937: gitlab update to 8.10.0-bb.0
!5910: Dynamic network support for Gitlab

# Changelog Updates

## [8.10.1-bb.0] - 2025-03-27
### Changed
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.10.0 -> 17.10.1
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.10.0 -> 17.10.1

## [8.10.0-bb.0] - 2025-03-22
### Changed
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.68.0 -> v1.69.0
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.9.2 -> 17.10.0
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.9.2 -> 17.10.0

Gitlab Runner📜

!5947: gitlabRunner update to 0.73.0-bb.2

# Changelog Updates

## [0.73.0-bb.2] - 2025-03-25
### Changed
- Changed NetworkPolicy resources to match the deployed gitlab runner pods using their full name.

Grafana📜

!5932: grafana update to 8.10.4-bb.0

# Changelog Updates

## [8.10.4-bb.0] - 2025-03-20
### Changed
- grafana chart updated from 8.10.1 to 8.10.4
- ironbank/kiwigrid/k8s-sidecar updated from 1.30.0 to 1.30.2

Istio Controlplane📜

!5951: istio update to 1.23.5-bb.1

# Changelog Updates

## [1.23.5-bb.1] - 2025-03-25
### Changed
- Added an `EnvoyFilter` to simplify classification banner creation

Jaeger📜

!5980: jaeger update to 2.57.0-bb.6
!5904: jaeger update to 2.57.0-bb.5

# Changelog Updates

## [2.57.0-bb.6] - 2025-03-26
### Updated
- ingress-nginx/kube-webhook-certgen v1.5.1 -> v1.5.2
- jaegertracing/jaeger-collector 1.66.0 -> 1.67.0
- jaegertracing/jaeger-ingester 1.66.0 -> 1.67.0
- jaegertracing/jaeger-query 1.66.0 -> 1.67.0
- kubernetes/kubectl v1.30.10 -> v1.30.11

## [2.57.0-bb.5] - 2025-03-12
### Updated
- Added authorization policy to allow communication from Kiali
- Added service entry to white list domains when bbtests is enabled
- Updated network policy for helm tests as it had an unnecessary check to make sure artifacts were enabled

Kyverno Policies📜

!5899: kyverno-policies update to 3.3.4-bb.6

# Changelog Updates

## [3.3.4-bb.6] - 2025-03-17
### Changed
- ironbank/opensource/kubernetes/kubectl updated from v1.30.6 to v1.30.11
- ironbank/redhat/ubi/ubi9-minimal updated from 9.4 to 9.5

## [3.3.4-bb.5] - 2025-02-12
### Changed
- Fixed the default registry url to prevent subdomains from being used
- update gluon dependency chart -> v0.5.14

Kyverno Reporter📜

!5986: kyvernoReporter update to 3.0.3-bb.1
!5931: kyvernoReporter update to 3.0.3-bb.0
!5927: kyvernoReporter update to 3.0.1-bb.4

# Changelog Updates

## [3.0.3-bb.1] - 2025-03-28
### Changed
- Updated Kyverno Reporter Plugin subchart 1.5.2 -> 1.6.4

## [3.0.3-bb.0] - 2025-03-21
### Updated
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.30.6 -> v1.30.11
- registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter 3.0.0 -> 3.0.3

## [3.0.1-bb.4] - 2025-03-19
### Updated
- Change Prometheus Service Entry Not Configured For Certs And TLS

## [3.0.1-bb.3] - 2025-02-20
### Updated
- Change cypress E2E tests for prometheus to CLI driven tests

Loki📜

!5940: loki update to 6.27.0-bb.1

# Changelog Updates

## [6.27.0-bb.1] - 2025-03-21
### Changed
- Modified networkPolicies to reflect Alloy namespace change

Mattermost📜

!5995: mattermost update to 10.6.1-bb.4
!5974: mattermost update to 10.6.1-bb.3
!5961: Resolve “Resolve errors from enabling drift detection for Mattermost (not operator)”
!5956: Added dynamic network policy

# Changelog Updates

## [10.6.1-bb.4] - 2025-03-28
### Changed
- Removed postgres12 image

## [10.6.1-bb.3] - 2025-03-28
### Changed
- Removed postgres11 image

## [10.6.1-bb.2] - 2025-03-27
### Changed
- fix drift detection errors by setting required values to a non-null default

## [10.6.1-bb.1] - 2025-03-24
### Changed
- Added dynamic Network policy

## [10.6.1-bb.0] - 2025-03-18
### Changed
- Updated registry1.dso.mil/ironbank/opensource/mattermost/mattermost (source) 10.5.1 -> 10.6.1

Metrics Server📜

!5996: metricsServer update to 3.12.2-bb.3

# Changelog Updates

## [3.12.2-bb.3] - 2025-03-26
### Added
- Istio Operator-less network policy support

Mimir📜

!5987: mimir update to 5.5.1-bb.11
!5938: mimir update to 5.5.1-bb.10
!5919: mimir update to 5.5.1-bb.9

# Changelog Updates

## [5.5.1-bb.11] - 2025-03-26
### Changed
- gluon 0.5.12 -> 0.5.14
- registry1.dso.mil/ironbank/opensource/grafana/rollout-operator v0.22.0 -> v0.24.0
- registry1.dso.mil/ironbank/opensource/memcached/memcached 1.6.34 -> 1.6.38
- registry1.dso.mil/ironbank/opensource/nginx/nginx 1.27.3 -> 1.27.4

## [5.5.1-bb.10] - 2025-03-24
### Changed
- Enable exemplar storage

## [5.5.1-bb.9] - 2025-03-20
### Changed
- Add default config to disable usage reporting to Grafana Labs

Minio📜

!5975: minio update to 7.0.0-bb.4
!5911: minio update to 7.0.0-bb.3

# Changelog Updates

## [7.0.0-bb.4] - 2025-03-28
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.29.6 -> 1.30.11

## [7.0.0-bb.3] - 2025-03-17
### Changed
- remove pools.securityContext.capabilites is not supported and cause error when enabling drift detection

Minio Operator📜

!5994: minioOperator update to 7.0.1-bb.2
!5978: minioOperator update to 7.0.1-bb.1
!5960: minioOperator update to 7.0.1-bb.0

# Changelog Updates

## [7.0.1-bb.2] - 2025-03-28
### Changed
- Update mc image source from quay.io/minio to registry1.dso.mil/ironbank/opensource/minio

## [7.0.1-bb.1] - 2025-03-28
### Upgrade
- Upgrade image from mc:RELEASE.2024-10-02T08-27-28Z to mc:RELEASE.2025-01-17T23-25-50Z

## [7.0.1-bb.0] - 2025-03-22
### Changed
- registry1.dso.mil/ironbank/opensource/minio/operator v7.0.0 -> v7.0.1

Monitoring📜

!5924: monitoring update to 69.7.3-bb.1

# Changelog Updates

## [69.7.3-bb.1] - 2025-03-19
### Added
- Added Network Policies & Authorization Policy to support Alloy integration with Prometheus.

Sonarqube📜

!5948: sonarqube update to 10.7.0-bb.1

# Changelog Updates

## [10.7.0-bb.1] - 2025-03-25
### Updated
- Updated istio related network policies to be more dynamic

Tempo📜

!5913: tempo update to 1.18.3-bb.0

# Changelog Updates

## [1.18.3-bb.0] - 2025-03-18
### Updated
- Updated chart/templates/statefulset.yaml

Thanos📜

!5988: thanos update to 15.9.1-bb.3

# Changelog Updates

## [15.9.1-bb.2] - 2025-03-28

### Added

- Added dynamic NetworkPolicy support for Istio operatorless

Twistlock📜

!5984: twistlock update to 0.19.0-bb.5

# Changelog Updates

## [0.19.0-bb.5] - 2025-03-28
### Changed
- Updated bbtests image to jq 1.7.1

## [0.19.0-bb.4] - 2025-03-28
### Changed
- ironbank/stedolan/jq updated from 1.7 to 1.7.1

Vault📜

!5953: vault update to 0.29.1-bb.10

# Changelog Updates

## [0.29.1-bb.10] - 2025-03-19
### Changed
- Added Dynamic Network Policy support

Velero📜

!5982: velero update to 8.4.0-bb.1
!5969: velero update to 8.4.0-bb.0

# Changelog Updates

## [8.4.0-bb.1] - 2025-03-28
### Changed
- Updated nginx image in test script to 1.27.4

## [8.4.0-bb.0] - 2025-02-20
### Changed
- Updated velero to 8.4.0

Known Issues📜

Kyverno-Reporter - ISSUE
- there is currently a bug within the prometheus Kyverno Reporter (serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0) target Workaround Steps
  - set both the default-istio-system and policy-reporter-default peerauthentication’s to PERMISSIVE
```
    kubectl edit peerauthentication default-istio-system -n istio-system
    kubectl edit peerauthentication policy-reporter-default -n kyverno-reporter
```

Helpful Links📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Open issues here
Join our chat
Check out the documentation for guidance on how to get started

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.