Release Notes - 2.54.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.32.3 (EKS).

Big Bang 3.0 is scheduled for release on June 13, 2025📜

Check out some of the epics and issues making it into this release. Register to attend our next briefing, scheduled for Thursday 5 June 2025 at 1300 CT! Please e-mail aflcmc.hncx.platformonebigbang@us.af.mil if you would like to be added to our Big Bang Distro List for the latest Big Bang BBTOC, Immersion Series, and e-mail updates

Operatorless Istio is now generally available!📜

Users are strongly encouraged to begin their Istio migration away from operator to helm with this release. Istio operator will not be available in Big Bang 3.0.

Read in greater depth about the Operatorless Istio Migration on our blog.

Version 2.54, will be the last update in the 2.x series and will reach end-of-life (EOL) upon the release of Big Bang 3.0

Upgrade Notices📜

Gitlab - MR:
- This is a major version change for Gitlab and as such there are some breaking changes that users may need to be aware of. Gitlab lists all of the changes on their blog:
- https://about.gitlab.com/blog/2025/04/18/a-guide-to-the-breaking-changes-in-gitlab-18-0/
- We have upgraded the built in postgres to version 17.4.0 that is hosted in Iron Bank. if you are not going by recommended route of using an external database for Gitlab, you will need to manually migrate your data from Postgres 16 to 17 before/during the upgrade. Otherwise, you will run into an error.
Kyverno - MR:
- Refactoring package with passthrough pattern. Passing values will require an additional layer of overlay: Values.kyverno.values
Metrics-server - MR:
- All package specific values will now need to be shifted under the upstream key.
- Example:
Previous Values
```
image:
  repository: registry1.dso.mil/ironbank/opensource/kubernetessigs/metricsserver
  # Overrides the image tag whose default is v{{ .Chart.AppVersion }}
  tag: "v0.7.2"
  pullPolicy: IfNotPresent
imagePullSecrets:
  name: privateregistry
```
Updated Values
```
upstream:
  image:
    repository: registry1.dso.mil/ironbank/opensource/kubernetessigs/metricsserver
    # Overrides the image tag whose default is v{{ .Chart.AppVersion }}
    tag: "v0.7.2"
    pullPolicy: IfNotPresent
  imagePullSecrets:
    name: privateregistry
```
- Please note this does not apply to Big Bang specific top level keys including domain, sso, istio, networkPolicies, bbtests, and waitJob. - Monitoring - MR: - This version adds an enabled flag to the prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget settings. Users who want this chart to deploy a podDisruptionBudget must now set the flag podDisruptionBudget.enabled to true for each podDisruptionBudget resource to be created.

Upgrades from previous releases📜

If coming from a version pre-2.53.1, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.53.1.

Packages📜

Package	Type	Package Version	BB Version
Alloy	Core	`1.7.1`	`2.0.27-bb.0`
Anchore Enterprise	Addon	`5.17.0`	`3.7.0-bb.0`
Argocd	Addon	`2.14.11`	`7.9.0-bb.0`
Authservice	Addon	`1.0.4`	`1.0.4-bb.3`
Backstage	Addon	`1.0.7`	`2.5.2-bb.1` 🔗
Bbctl	Core	`1.2.0`	`1.0.0-bb.9` 🔗
Cluster Auditor	Core	`0.0.7`	`1.5.0-bb.25`
Eck Operator	Core	`3.0.0`	`3.0.0-bb.0`
Elasticsearch Kibana	Core	Kibana `8.18.1` Elasticsearch `8.18.1`	`1.28.0-bb.6` 🔗
External Secrets	Addon	`0.16.1`	`0.16.2-bb.1`
Fluentbit	Core	`4.0.1`	`0.48.10-bb.0`
Fortify	Addon	`24.4.3.0003`	`1.1.2320154-bb.26` 🔗
Gatekeeper	Core	`3.19.1`	`3.19.1-bb.0` 🔗
Gitlab	Addon	`18.0.0`	`9.0.1-bb.0` 🔗
Gitlab Runner	Addon	`17.10.0`	`0.75.1-bb.2` 🔗
Grafana	Core	`11.6.1`	`8.14.0-bb.0`
Haproxy	Addon	`2.2.33`	`1.19.3-bb.10`
Harbor	Addon	`2.11.0`	`1.16.2-bb.4`
Headlamp	Addon	`0.30.0`	`0.30.1-bb.8` 🔗
Istio Controlplane	Core	Istio `1.23.6` Tetrate Istio Distro `1.23.6`	`1.23.6-bb.1`
Istio Crds	Core	`1.25.2`	`1.25.2-bb.0`
Istio Gateway	Core	`1.25.2`	`1.25.2-bb.1`
Istio Operator	Core	Istio Operator `1.23.6` Tetrate Istio Distro Operator `1.23.6`	`1.23.6-bb.0`
Istiod	Core	`1.25.2`	`1.25.2-bb.4`
Jaeger	Core	`1.62.0`	`2.57.0-bb.8`
Keycloak	Addon	`26.1.4`	`7.0.1-bb.0`
Kiali	Core	`2.9.0`	`2.9.0-bb.2` 🔗
Kyverno	Core	`1.13.4`	`3.3.6-bb.2` 🔗
Kyverno Policies	Core	`3.3.4`	`3.3.4-bb.9` 🔗
Kyverno Reporter	Core	`3.0.3`	`3.0.3-bb.1`
Loki	Core	`3.5.0`	`6.29.0-bb.1`
Mattermost	Addon	`10.8.1`	`10.8.1-bb.0` 🔗
Mattermost Operator	Addon	`1.23.0`	`1.23.0-bb.0`
Metrics Server	Addon	`0.7.2`	`3.12.2-bb.4` 🔗
Mimir	Addon	`'2.16.0'`	`5.7.0-bb.1`
Minio	Addon	`RELEASE.2025-04-22T22-12-26Z`	`7.1.1-bb.0` 🔗
Minio Operator	Addon	`7.1.1`	`7.1.1-bb.0`
Monitoring	Core	Prometheus `3.3.1` Grafana `12.0.0` Alertmanager `0.28.1`	`72.2.0-bb.0` 🔗
Neuvector	Core	`5.4.4`	`2.8.6-bb.0` 🔗
Nexus	Addon	`3.79.0-09`	`79.0.0-bb.0`
Promtail	Core	`3.5.0`	`6.16.6-bb.4`
Sonarqube	Addon	`10.7.0-community`	`10.7.0-bb.4` 🔗
Tempo	Core	Tempo `2.7.2` Tempo Query `2.7.2`	`1.21.1-bb.0` 🔗
Thanos	Addon	`0.38.0`	`16.0.2-bb.0`
Twistlock	Core	`34.00.141`	`0.20.1-bb.0`
Vault	Addon	`1.19.3`	`0.30.0-bb.3`
Velero	Addon	`1.15.2`	`8.7.1-bb.1` 🔗
Wrapper	Core	`0.4.15`	`0.4.15`

Changes in 2.54.0📜

Big Bang MRs📜

!6319: fail gracefully if gateway does not exist
!6316: fix(k3d-dev): handled the case where apt doesn’t create the docker group
!6283: update flux dashboards for community user
!6285: remove root package json
!6269: remove right chomp on istioEnabled variable
!6265: add in gitlab registry exception
!6314: SKIP UPGRADE pass kyverno test values through new pass-through struct.
!6322: add kyverno and gatekpeer exceptions for bbctl cypress test pod
!6268: Resolve “Add missing Istio Operatorless templating function for Gitlab-runner”
!6260: Fix Kiali Tempo Traces
!6318: deprecated istio

Backstage📜

!6297: backstage update to 2.5.2-bb.1
!6273: backstage update to 2.5.2-bb.0

# Changelog Updates

## [2.5.2-bb.1] - 2025-05-22
### Changed
- update backstage image from 1.0.5 -> 1.0.7
- update gluon 0.5.19 -> 0.5.21

## [2.5.2-bb.0] - 2025-05-14
### Changed
- update gluon 0.5.15 -> 0.5.19
- update backstage chart 2.5.1 -> 2.5.2

Bbctl📜

!6294: bbctl update to 1.0.0-bb.9
!6267: bbctl update to 1.0.0-bb.8
!6256: bbctl update to 1.0.0-bb.7

# Changelog Updates

## [1.0.0-bb.9] - 2025-05-22
### Changed
- cypress tests to account for Grafana v12 UI updates

## [1.0.0-bb.8] - 2025-05-15
### Changed
- gluon updated from 0.5.15 to 0.5.19
- updated registry1.dso.mil/ironbank/opensource/yq/yq (source) 4.45.1 -> 4.45.4
- updated registry1.dso.mil/ironbank/redhat/ubi/ubi8-minimal (source) 8.4 -> 8.10

## [1.0.0-bb.7] - 2025-05-13
### Changed
- Added helm images annotation to Chart.yaml
- Updated resource limits to reduce OOM issues

## [1.0.0-bb.6] - 2025-05-07
### Changed
- Upgraded bbctl to application version 1.2.0
- Added bbctl base configuration values for formatting output
- Added bbctl base configuration values for skipping automatic big bang repository checkout updates
- Added bbctl base configuration values for skipping automatic bbctl update checks

## [1.0.0-bb.5] - 2025-04-22
### Changed
- Added "bigbang.dev/applicationVersions" annotation to the chart

Elasticsearch Kibana📜

!6296: elasticsearchKibana update to 1.28.0-bb.6

# Changelog Updates

## [1.28.0-bb.6] - 2025-05-22
### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.17.4 to 8.18.1
- ironbank/elastic/kibana/kibana updated from 8.17.4 to 8.18.1

Fortify📜

!6287: fortify update to 1.1.2320154-bb.26
!6263: fortify update to 1.1.2320154-bb.25

# Changelog Updates

## [1.1.2320154-bb.26] - 2025-05-20
### Changed
- Update gluon 0.5.0 -> 0.5.20
- Updated google/golang/golang-1.24.1 -> google/golang/ubi9/golang-1.24.3
- Updated fortify to version 24.4.3.0003

## [1.1.2320154-bb.25] - 2025-05-14
### Changed
- Updated spec.selector.matchLabels for AuthorizationPolicies consistent to other resources

Gatekeeper📜

!6261: gatekeeper update to 3.19.1-bb.0

# Changelog Updates

## [3.19.1-bb.0] - 2025-05-14
### Changed
- gluon 0.5.15 -> 0.5.19
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.32.3 -> v1.32.4
- registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.18.2 -> v3.19.1

Gitlab📜

!6325: SKIP UPGRADE CHECK: gitlab update to 9.0.1-bb.0
!6274: gitlab update to 8.11.2-bb.3

# Changelog Updates

## [9.0.1-bb.0] - 2025-05-29
### Changed
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.71.0 -> v1.72.1
- registry1.dso.mil/ironbank/bitnami/redis 7.4.3 -> 8.0.1
- registry1.dso.mil/ironbank/bitnami/redis 7.4.2 -> 8.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.11.2 -> 18.0.1
- registry1.dso.mil/ironbank/opensource/postgres/postgresql 14.17 -> 17.5
- registry1.dso.mil/ironbank/redhat/ubi/ubi9 9.5 -> 9.6

## [8.11.2-bb.3] - 2025-05-15
### Fixed
- Fixed helm test hooks to properly manage the lifecycle of test resources

Gitlab Runner📜

!6242: gitlabRunner update to 0.75.1-bb.2

# Changelog Updates

## [0.75.1-bb.2] - 2025-05-09
### Changed
- gluon 0.5.17 -> 0.5.19

Headlamp📜

!6335: headlamp update to 0.30.1-bb.8
!6313: headlamp update to 0.30.1-bb.7

# Changelog Updates

## [0.30.1-bb.8] - 2025-05-29
### Added
- Istio Operator-less network policy support

## [0.30.1-bb.7] - 2025-05-09
### Changed
- Updated gluon 0.5.17 -> 0.5.21
- Updated prometheus-blackbox-exporter chart 9.4.0 -> 9.5.0

## [0.30.1-bb.6] - 2025-05-06
### Changed
- Updated gluon 0.5.16 -> 0.5.17

## [0.30.1-bb.5] - 2025-04-29
### Changed
- Updated gluon 0.5.15 -> 0.5.16
- Updated registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.81.0 -> v0.82.0
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) v1.32.3 -> v1.32.4
- cypress (source) dependencies minor 14.3.0 -> 14.3.2

## [0.30.1-bb.4] - 2025-04-28
### Changed
- Fixed kiali auth policy filename

## [0.30.1-bb.3] - 2025-04-23
### Changed
- Integrated with service monitoring
- Added prometheus-blackbox-exporter subchart dependency

## [0.30.1-bb.2] - 2025-04-15
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.30.11 -> v1.32.3
- Added cypress 14.2.0 -> 14.3.0

Kiali📜

!6223: kiali update to 2.9.0-bb.2

# Changelog Updates

## [2.9.0-bb.2] - 2025-05-09
### Updated
- Updated Gluon to v0.5.19

Kyverno📜

!6298: kyverno update to 3.3.6-bb.2

# Changelog Updates

## [3.3.6-bb.2] - 2025-04-21
### Changed
- Refactor kyverno BB package with pass-through pattern.
- Enabled bbtests for kyverno-policies for better integration testing.
- Added upstream notes to chart.yaml and readme.

Kyverno Policies📜

!6271: kyvernoPolicies update to 3.3.4-bb.9

# Changelog Updates

## [3.3.4-bb.9] - 2025-05-14
### Changed
- Removed waitforready job
- Updated gluon from 0.5.15 -> 0.5.19

Mattermost📜

!6315: mattermost update to 10.8.1-bb.0

# Changelog Updates

## [10.8.1-bb.0] - 2025-05-16
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) v1.32.4 -> v1.32.5
- registry1.dso.mil/ironbank/opensource/mattermost/mattermost (source) 10.7.2 -> 10.8.1

Metrics Server📜

!6291: metricsServer update to 3.12.2-bb.4

# Changelog Updates

## [3.12.2-bb.4] - 2025-04-23
### Changed
- Refactor chart to Big Bang passthrough chart pattern

Minio📜

!6232: minio update to 7.1.1-bb.0

# Changelog Updates

## [7.1.1-bb.0] - 2025-05-09
### Changed
- Updated minio-instance to 7.1.1
- Updated gluon from 0.5.16 -> 0.5.17
- Updated ironbank/opensource/minio/minio (source) RELEASE.2025-04-03T14-56-28Z -> RELEASE.2025-04-22T22-12-26Z
- Updated registry1.dso.mil/ironbank/opensource/minio/mc (source) RELEASE.2025-01-17T23-25-50Z -> RELEASE.2025-04-16T18-13-26Z
- Updated registry1.dso.mil/ironbank/opensource/minio/minio (source) RELEASE.2025-04-03T14-56-28Z -> RELEASE.2025-04-22T22-12-26Z

## [7.0.1-bb.1] - 2025-04-29
### Changed
- Updated gluon from 0.5.15 -> 0.5.16

Monitoring📜

!6243: monitoring update to 72.2.0-bb.0

# Changelog Updates

## [72.2.0-bb.0] - 2025-05-08
### Changed
- gluon 0.5.17 -> 0.5.18
- grafana 8.14.2 -> 9.0.0
- kube-prometheus-stack 71.2.0 -> 72.2.0
- quay.io/prometheus-operator/prometheus-config-reloader v0.82.0 -> v0.82.1
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 11.6.1 -> 12.0.0
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.82.0 -> v0.82.1
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.82.0 -> v0.82.1

## [71.2.0-bb.1] - 2025-05-08
### Changed
- kube-state-metrics 5.33.0 -> 5.33.1

### Added
- prometheus-blackbox-exporter 9.0.0

### Fixed
- typo bug in flux-podmonitor

Neuvector📜

!6277: neuvector update to 2.8.6-bb.0

# Changelog Updates

## [2.8.6-bb.0] - 2025-05-15
### Changed
- registry1.dso.mil/ironbank/neuvector/neuvector/controller 5.4.3 -> 5.4.4
- registry1.dso.mil/ironbank/neuvector/neuvector/enforcer 5.4.3 -> 5.4.4
- registry1.dso.mil/ironbank/neuvector/neuvector/manager 5.4.3 -> 5.4.4
- update gluon subchart to v0.5.19
- update monitor subchart to v2.8.6

## [2.8.5-bb.1] - 2025-05-12
### Changed
- update renovate.json for migrate renovate config

Sonarqube📜

!6281: sonarqube update to 10.7.0-bb.4

# Changelog Updates

## [10.7.0-bb.4] - 2025-05-20
### Updated
- Add assertion to add delay to cypress test to workaround plugin risk page

## [10.7.0-bb.3] - 2025-05-19
### Updated
- Updated cypress test to run with larger viewport and no waits
- Updated cypress test to run with larger viewport and no waits

Tempo📜

!6289: tempo update to 1.21.1-bb.0
!6258: tempo update to 1.21.0-bb.1

# Changelog Updates

## [1.21.1-bb.0] - 2025-05-19
### Changed
- gluon 0.5.15 -> 0.5.19
- tempo 1.21.0 -> 1.21.1

## [1.21.0-bb.1] - 2025-05-14
### Added
- Added Network Policy for Kiali ingress

Velero📜

!6275: velero update to 8.7.1-bb.1

# Changelog Updates

## [8.7.1-bb.1] - 2025-05-13
### Changed
- Fix networkpolicy minio egress bug

Known Issues📜

Kyverno-Reporter - ISSUE
there is currently a bug within the prometheus Kyverno Reporter (serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0) target

Workaround Steps

set both the default-istio-system and policy-reporter-default peerauthentication’s to PERMISSIVE
```
kubectl edit peerauthentication default-istio-system -n istio-system
kubectl edit peerauthentication policy-reporter-default -n kyverno-reporter
```
Neuvector - ISSUE
there is a bug preventing prometheus metrics scraping in neuvector
ElasticSearch Kibana - ISSUE
there is an upstream bug causing Kibana to occasionally force logouts while using Firefox
keycloak
keycloak may fail the upgrade. to resolve this, reconcile the helm release and then delete the pods within the keycloak namespace.
```
flux reconcile hr -n bigbang keycloak --with-source --force
kubectl delete pods -n keycloak
```
bbctl
Dashboards
- CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly

Helpful Links📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Open issues here
Join our chat
Check out the documentation for guidance on how to get started

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.