Release Notes - 2.54.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.32.3 (EKS).
Big Bang 3.0 is scheduled for release on June 13, 2025📜
Check out some of the epics and issues making it into this release. Register to attend our next briefing, scheduled for Thursday 5 June 2025 at 1300 CT! Please e-mail aflcmc.hncx.platformonebigbang@us.af.mil
if you would like to be added to our Big Bang Distro List for the latest Big Bang BBTOC, Immersion Series, and e-mail updates
Operatorless Istio is now generally available!📜
Users are strongly encouraged to begin their Istio migration away from operator to helm with this release. Istio operator will not be available in Big Bang 3.0.
Read in greater depth about the Operatorless Istio Migration on our blog.
Version 2.54, will be the last update in the 2.x series and will reach end-of-life (EOL) upon the release of Big Bang 3.0
Upgrade Notices📜
- Gitlab - MR:
- This is a major version change for Gitlab and as such there are some breaking changes that users may need to be aware of. Gitlab lists all of the changes on their blog:
- https://about.gitlab.com/blog/2025/04/18/a-guide-to-the-breaking-changes-in-gitlab-18-0/
- We have upgraded the built in postgres to version 17.4.0 that is hosted in Iron Bank. if you are not going by recommended route of using an external database for Gitlab, you will need to manually migrate your data from Postgres 16 to 17 before/during the upgrade. Otherwise, you will run into an error.
- Kyverno - MR:
- Refactoring package with passthrough pattern. Passing values will require an additional layer of overlay: Values.kyverno.values
-
Metrics-server - MR:
- All package specific values will now need to be shifted under the
upstream
key. - Example:
Previous Values
Updated Valuesimage: repository: registry1.dso.mil/ironbank/opensource/kubernetessigs/metricsserver # Overrides the image tag whose default is v{{ .Chart.AppVersion }} tag: "v0.7.2" pullPolicy: IfNotPresent imagePullSecrets: name: privateregistry
- Please note this does not apply to Big Bang specific top level keys includingupstream: image: repository: registry1.dso.mil/ironbank/opensource/kubernetessigs/metricsserver # Overrides the image tag whose default is v{{ .Chart.AppVersion }} tag: "v0.7.2" pullPolicy: IfNotPresent imagePullSecrets: name: privateregistry
domain
,sso
,istio
,networkPolicies
,bbtests
, andwaitJob
. - Monitoring - MR: - This version adds anenabled
flag to theprometheusOperator.admissionWebhooks.deployment.podDisruptionBudget
settings. Users who want this chart to deploy apodDisruptionBudget
must now set the flagpodDisruptionBudget.enabled
totrue
for eachpodDisruptionBudget
resource to be created. - All package specific values will now need to be shifted under the
Upgrades from previous releases📜
If coming from a version pre-2.53.1
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.53.1
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Alloy | Core | 1.7.1 |
2.0.27-bb.0 |
Anchore Enterprise | Addon | 5.17.0 |
3.7.0-bb.0 |
Argocd | Addon | 2.14.11 |
7.9.0-bb.0 |
Authservice | Addon | 1.0.4 |
1.0.4-bb.3 |
Addon | 1.0.7 |
2.5.2-bb.1 🔗 |
|
Core | 1.2.0 |
1.0.0-bb.9 🔗 |
|
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.25 |
Eck Operator | Core | 3.0.0 |
3.0.0-bb.0 |
Core | Kibana 8.18.1 Elasticsearch 8.18.1 |
1.28.0-bb.6 🔗 |
|
External Secrets | Addon | 0.16.1 |
0.16.2-bb.1 |
Fluentbit | Core | 4.0.1 |
0.48.10-bb.0 |
Addon | 24.4.3.0003 |
1.1.2320154-bb.26 🔗 |
|
Core | 3.19.1 |
3.19.1-bb.0 🔗 |
|
Addon | 18.0.0 |
9.0.1-bb.0 🔗 |
|
Addon | 17.10.0 |
0.75.1-bb.2 🔗 |
|
Grafana | Core | 11.6.1 |
8.14.0-bb.0 |
Haproxy | Addon | 2.2.33 |
1.19.3-bb.10 |
Harbor | Addon | 2.11.0 |
1.16.2-bb.4 |
Addon | 0.30.0 |
0.30.1-bb.8 🔗 |
|
Istio Controlplane | Core | Istio 1.23.6 Tetrate Istio Distro 1.23.6 |
1.23.6-bb.1 |
Istio Crds |
Core | 1.25.2 |
1.25.2-bb.0 |
Istio Gateway |
Core | 1.25.2 |
1.25.2-bb.1 |
Istio Operator | Core | Istio Operator 1.23.6 Tetrate Istio Distro Operator 1.23.6 |
1.23.6-bb.0 |
Istiod |
Core | 1.25.2 |
1.25.2-bb.4 |
Jaeger | Core | 1.62.0 |
2.57.0-bb.8 |
Keycloak | Addon | 26.1.4 |
7.0.1-bb.0 |
Core | 2.9.0 |
2.9.0-bb.2 🔗 |
|
Core | 1.13.4 |
3.3.6-bb.2 🔗 |
|
Core | 3.3.4 |
3.3.4-bb.9 🔗 |
|
Kyverno Reporter | Core | 3.0.3 |
3.0.3-bb.1 |
Loki | Core | 3.5.0 |
6.29.0-bb.1 |
Addon | 10.8.1 |
10.8.1-bb.0 🔗 |
|
Mattermost Operator | Addon | 1.23.0 |
1.23.0-bb.0 |
Addon | 0.7.2 |
3.12.2-bb.4 🔗 |
|
Mimir | Addon | '2.16.0' |
5.7.0-bb.1 |
Addon | RELEASE.2025-04-22T22-12-26Z |
7.1.1-bb.0 🔗 |
|
Minio Operator | Addon | 7.1.1 |
7.1.1-bb.0 |
Core | Prometheus 3.3.1 Grafana 12.0.0 Alertmanager 0.28.1 |
72.2.0-bb.0 🔗 |
|
Core | 5.4.4 |
2.8.6-bb.0 🔗 |
|
Nexus | Addon | 3.79.0-09 |
79.0.0-bb.0 |
Promtail | Core | 3.5.0 |
6.16.6-bb.4 |
Addon | 10.7.0-community |
10.7.0-bb.4 🔗 |
|
Core | Tempo 2.7.2 Tempo Query 2.7.2 |
1.21.1-bb.0 🔗 |
|
Thanos | Addon | 0.38.0 |
16.0.2-bb.0 |
Twistlock | Core | 34.00.141 |
0.20.1-bb.0 |
Vault | Addon | 1.19.3 |
0.30.0-bb.3 |
Addon | 1.15.2 |
8.7.1-bb.1 🔗 |
|
Wrapper | Core | 0.4.15 |
0.4.15 |
Changes in 2.54.0📜
Big Bang MRs📜
- !6319: fail gracefully if gateway does not exist
- !6316: fix(k3d-dev): handled the case where apt doesn’t create the docker group
- !6283: update flux dashboards for community user
- !6285: remove root package json
- !6269: remove right chomp on istioEnabled variable
- !6265: add in gitlab registry exception
- !6314: SKIP UPGRADE pass kyverno test values through new pass-through struct.
- !6322: add kyverno and gatekpeer exceptions for bbctl cypress test pod
- !6268: Resolve “Add missing Istio Operatorless templating function for Gitlab-runner”
- !6260: Fix Kiali Tempo Traces
- !6318: deprecated istio
Backstage📜
# Changelog Updates
## [2.5.2-bb.1] - 2025-05-22
### Changed
- update backstage image from 1.0.5 -> 1.0.7
- update gluon 0.5.19 -> 0.5.21
## [2.5.2-bb.0] - 2025-05-14
### Changed
- update gluon 0.5.15 -> 0.5.19
- update backstage chart 2.5.1 -> 2.5.2
Bbctl📜
- !6294: bbctl update to 1.0.0-bb.9
- !6267: bbctl update to 1.0.0-bb.8
- !6256: bbctl update to 1.0.0-bb.7
# Changelog Updates
## [1.0.0-bb.9] - 2025-05-22
### Changed
- cypress tests to account for Grafana v12 UI updates
## [1.0.0-bb.8] - 2025-05-15
### Changed
- gluon updated from 0.5.15 to 0.5.19
- updated registry1.dso.mil/ironbank/opensource/yq/yq (source) 4.45.1 -> 4.45.4
- updated registry1.dso.mil/ironbank/redhat/ubi/ubi8-minimal (source) 8.4 -> 8.10
## [1.0.0-bb.7] - 2025-05-13
### Changed
- Added helm images annotation to Chart.yaml
- Updated resource limits to reduce OOM issues
## [1.0.0-bb.6] - 2025-05-07
### Changed
- Upgraded bbctl to application version 1.2.0
- Added bbctl base configuration values for formatting output
- Added bbctl base configuration values for skipping automatic big bang repository checkout updates
- Added bbctl base configuration values for skipping automatic bbctl update checks
## [1.0.0-bb.5] - 2025-04-22
### Changed
- Added "bigbang.dev/applicationVersions" annotation to the chart
Elasticsearch Kibana📜
- !6296: elasticsearchKibana update to 1.28.0-bb.6
# Changelog Updates
## [1.28.0-bb.6] - 2025-05-22
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.17.4 to 8.18.1
- ironbank/elastic/kibana/kibana updated from 8.17.4 to 8.18.1
Fortify📜
# Changelog Updates
## [1.1.2320154-bb.26] - 2025-05-20
### Changed
- Update gluon 0.5.0 -> 0.5.20
- Updated google/golang/golang-1.24.1 -> google/golang/ubi9/golang-1.24.3
- Updated fortify to version 24.4.3.0003
## [1.1.2320154-bb.25] - 2025-05-14
### Changed
- Updated spec.selector.matchLabels for AuthorizationPolicies consistent to other resources
Gatekeeper📜
- !6261: gatekeeper update to 3.19.1-bb.0
# Changelog Updates
## [3.19.1-bb.0] - 2025-05-14
### Changed
- gluon 0.5.15 -> 0.5.19
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.32.3 -> v1.32.4
- registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.18.2 -> v3.19.1
Gitlab📜
# Changelog Updates
## [9.0.1-bb.0] - 2025-05-29
### Changed
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.71.0 -> v1.72.1
- registry1.dso.mil/ironbank/bitnami/redis 7.4.3 -> 8.0.1
- registry1.dso.mil/ironbank/bitnami/redis 7.4.2 -> 8.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/opensource/postgres/postgresql 14.17 -> 17.5
- registry1.dso.mil/ironbank/redhat/ubi/ubi9 9.5 -> 9.6
## [8.11.2-bb.3] - 2025-05-15
### Fixed
- Fixed helm test hooks to properly manage the lifecycle of test resources
Gitlab Runner📜
- !6242: gitlabRunner update to 0.75.1-bb.2
# Changelog Updates
## [0.75.1-bb.2] - 2025-05-09
### Changed
- gluon 0.5.17 -> 0.5.19
Headlamp📜
# Changelog Updates
## [0.30.1-bb.8] - 2025-05-29
### Added
- Istio Operator-less network policy support
## [0.30.1-bb.7] - 2025-05-09
### Changed
- Updated gluon 0.5.17 -> 0.5.21
- Updated prometheus-blackbox-exporter chart 9.4.0 -> 9.5.0
## [0.30.1-bb.6] - 2025-05-06
### Changed
- Updated gluon 0.5.16 -> 0.5.17
## [0.30.1-bb.5] - 2025-04-29
### Changed
- Updated gluon 0.5.15 -> 0.5.16
- Updated registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.81.0 -> v0.82.0
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) v1.32.3 -> v1.32.4
- cypress (source) dependencies minor 14.3.0 -> 14.3.2
## [0.30.1-bb.4] - 2025-04-28
### Changed
- Fixed kiali auth policy filename
## [0.30.1-bb.3] - 2025-04-23
### Changed
- Integrated with service monitoring
- Added prometheus-blackbox-exporter subchart dependency
## [0.30.1-bb.2] - 2025-04-15
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.30.11 -> v1.32.3
- Added cypress 14.2.0 -> 14.3.0
Kiali📜
- !6223: kiali update to 2.9.0-bb.2
# Changelog Updates
## [2.9.0-bb.2] - 2025-05-09
### Updated
- Updated Gluon to v0.5.19
Kyverno📜
- !6298: kyverno update to 3.3.6-bb.2
# Changelog Updates
## [3.3.6-bb.2] - 2025-04-21
### Changed
- Refactor kyverno BB package with pass-through pattern.
- Enabled bbtests for kyverno-policies for better integration testing.
- Added upstream notes to chart.yaml and readme.
Kyverno Policies📜
- !6271: kyvernoPolicies update to 3.3.4-bb.9
# Changelog Updates
## [3.3.4-bb.9] - 2025-05-14
### Changed
- Removed waitforready job
- Updated gluon from 0.5.15 -> 0.5.19
Mattermost📜
- !6315: mattermost update to 10.8.1-bb.0
# Changelog Updates
## [10.8.1-bb.0] - 2025-05-16
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) v1.32.4 -> v1.32.5
- registry1.dso.mil/ironbank/opensource/mattermost/mattermost (source) 10.7.2 -> 10.8.1
Metrics Server📜
- !6291: metricsServer update to 3.12.2-bb.4
# Changelog Updates
## [3.12.2-bb.4] - 2025-04-23
### Changed
- Refactor chart to Big Bang passthrough chart pattern
Minio📜
- !6232: minio update to 7.1.1-bb.0
# Changelog Updates
## [7.1.1-bb.0] - 2025-05-09
### Changed
- Updated minio-instance to 7.1.1
- Updated gluon from 0.5.16 -> 0.5.17
- Updated ironbank/opensource/minio/minio (source) RELEASE.2025-04-03T14-56-28Z -> RELEASE.2025-04-22T22-12-26Z
- Updated registry1.dso.mil/ironbank/opensource/minio/mc (source) RELEASE.2025-01-17T23-25-50Z -> RELEASE.2025-04-16T18-13-26Z
- Updated registry1.dso.mil/ironbank/opensource/minio/minio (source) RELEASE.2025-04-03T14-56-28Z -> RELEASE.2025-04-22T22-12-26Z
## [7.0.1-bb.1] - 2025-04-29
### Changed
- Updated gluon from 0.5.15 -> 0.5.16
Monitoring📜
- !6243: monitoring update to 72.2.0-bb.0
# Changelog Updates
## [72.2.0-bb.0] - 2025-05-08
### Changed
- gluon 0.5.17 -> 0.5.18
- grafana 8.14.2 -> 9.0.0
- kube-prometheus-stack 71.2.0 -> 72.2.0
- quay.io/prometheus-operator/prometheus-config-reloader v0.82.0 -> v0.82.1
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 11.6.1 -> 12.0.0
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.82.0 -> v0.82.1
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.82.0 -> v0.82.1
## [71.2.0-bb.1] - 2025-05-08
### Changed
- kube-state-metrics 5.33.0 -> 5.33.1
### Added
- prometheus-blackbox-exporter 9.0.0
### Fixed
- typo bug in flux-podmonitor
Neuvector📜
- !6277: neuvector update to 2.8.6-bb.0
# Changelog Updates
## [2.8.6-bb.0] - 2025-05-15
### Changed
- registry1.dso.mil/ironbank/neuvector/neuvector/controller 5.4.3 -> 5.4.4
- registry1.dso.mil/ironbank/neuvector/neuvector/enforcer 5.4.3 -> 5.4.4
- registry1.dso.mil/ironbank/neuvector/neuvector/manager 5.4.3 -> 5.4.4
- update gluon subchart to v0.5.19
- update monitor subchart to v2.8.6
## [2.8.5-bb.1] - 2025-05-12
### Changed
- update renovate.json for migrate renovate config
Sonarqube📜
- !6281: sonarqube update to 10.7.0-bb.4
# Changelog Updates
## [10.7.0-bb.4] - 2025-05-20
### Updated
- Add assertion to add delay to cypress test to workaround plugin risk page
## [10.7.0-bb.3] - 2025-05-19
### Updated
- Updated cypress test to run with larger viewport and no waits
- Updated cypress test to run with larger viewport and no waits
Tempo📜
# Changelog Updates
## [1.21.1-bb.0] - 2025-05-19
### Changed
- gluon 0.5.15 -> 0.5.19
- tempo 1.21.0 -> 1.21.1
## [1.21.0-bb.1] - 2025-05-14
### Added
- Added Network Policy for Kiali ingress
Velero📜
- !6275: velero update to 8.7.1-bb.1
# Changelog Updates
## [8.7.1-bb.1] - 2025-05-13
### Changed
- Fix networkpolicy minio egress bug
Known Issues📜
- Kyverno-Reporter - ISSUE
-
there is currently a bug within the prometheus Kyverno Reporter (serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0) target
Workaround Steps
set both the default-istio-system and policy-reporter-default peerauthentication’s to PERMISSIVE
kubectl edit peerauthentication default-istio-system -n istio-system kubectl edit peerauthentication policy-reporter-default -n kyverno-reporter
- there is a bug preventing prometheus metrics scraping in neuvector
- ElasticSearch Kibana - ISSUE
- there is an upstream bug causing Kibana to occasionally force logouts while using Firefox
- keycloak
-
keycloak may fail the upgrade. to resolve this, reconcile the helm release and then delete the pods within the keycloak namespace.
flux reconcile hr -n bigbang keycloak --with-source --force kubectl delete pods -n keycloak
- Dashboards
- CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.