Skip to content

Release Notes - 3.0.0📜

Please see our documentation page for more information on how to consume and deploy BigBang.\ This release was primarily tested on Kubernetes 1.32.3 (EKS).

‼️ Breaking Changes📜

BigBang - MR📜

The Istio Operator has been removed from the umbrella helm chart. Be sure to migrate to Operatorless Istio prior to upgrading clusters to BB 3.0

BigBang - MR📜

The anchore package has been renamed to anchoreEnterprise to better align with the upstream chart. This is a breaking change.

Teams will need to update their anchore package declaration in the big bang umbrella values to anchoreEnterprise. The Anchore helmRelease will be recreated and all resources created by that release will be redeployed. The anchore namespace may also recreated.

Teams utilizing a statefulset postgres database should review their cluster data retention policy before upgrading. Those using external cluster storage like RDS should be unaffected.

Users may need to force reconcile the Big Bang helmRelease to force Anchore Enterprise to redeploy.

This updates the values.yaml to be

addons:
   anchoreEnterprise:

instead of

addons:
   anchore:

BigBang - MR📜

Jaeger is moving to maintained status. Big Bang team will continue to maintain the package but it will no longer be distributed with the umbrella helm chart.

Users can still deploy Jaeger by defining it in the packages section in the umbrella values.yaml. However, we strongly encourage the adoption of Tempo as an alternative.

BigBang - MR📜

Cluster Auditor is moving to maintained status. Big Bang team will continue to maintain the package but it will no longer be distributed with the umbrella helm chart.

Users can still deploy cluster auditor by defining it in the packages section in the umbrella values.yaml.

Harbor - MR📜

This release has a major Postgresql database upgrade that requires a manual backup and restore. See the following Harbor docs for data migration instructions: https://goharbor.io/docs/2.7.0/administration/upgrade/. The Harbor chart will default to usage of an external Posgresql database in a future release in order to comply with production runtime database best practices.

Upgrade Notices📜

BigBang - MR📜

Flux HelmRelease driftDetection has been enabled by default for all packages. See https://fluxcd.io/flux/components/helm/helmreleases/#drift-detection for details

This is set globally with flux.driftDetection.mode=enabled in Big Bang’s values.yaml file.

Please note this also effects user defined packages in the .Values.packages section. Individual packages can turn off driftDetection or add additional field inside values.yaml or using overrides. e.g.

monitoring:
  flux:
    driftDetection:
      mode: disabled

addons:
  mattermost:
    flux:
      driftDetection:
        ignore:
          - paths: ["/spec/size"]
            target:
            kind: Mattermost

This a new feature and may not work with every custom configuration. If you encounter issues, please report them in the Big Bang Slack, Mattermost, or by opening an issue

BigBang - MR📜

Stateful Sets are currently ignored entirely by drift detection due to unexpected behavior. This will be refined in future releases.

BigBang - MR📜

This release includes a Flux upgrade. Be sure to update your local Flux binary to v2.6.1 and update your flux controllers before proceeding with the upgrade.

BigBang - MR📜

This feature adds support for backwards compatible updates to the passthrough pattern. It does this by copying all values defined for a package to the upstream value. This allows end users to temporarily leave their values where they are when a chart is migrated to passthrough. This is intended to be a temporary workaround and will be removed in an upcoming release, details forthcoming.

This functionality can be disabled globally in the values by adding:

disableAutomaticPassthroughValues: true

It can also be disabled per package by adding the same under the package, e.g.:

istiod:
  disableAutomaticPassthroughValues: true

Bbctl - MR📜

Version 2.0.0-bb.0 of the bbctl helm chart has been modified to work with Alloy. Promtail is now considered deprecated and is only supported by the 1.0.0-bb.x bbctl chart versions.

Elasticsearch Kibana - MR📜

History was rewritten for elasticsearch kibana for tags 1.29.0-bb.0 <= x <= 1.30.0-bb.0

Elasticsearch Kibana - MR📜

Elasticsearch/Kibana Major Upgrade 9.0: Elasticsearch and Kibana have been upgraded to 9.0, please review the upstream release notes for breaking changes that may affect custom configurations.

Important Elasticsearch/Jaeger Compatibility Notice: Jaeger tracing is not compatible with new major version Elasticsearch 9.X. To continue using Jaeger with Elasticsearch, configure your values.yaml to use the latest 8.X Big Bang ElasticsearchKibana chart (1.28.0-bb.6). Big Bang recommends planning to migrate to Grafana Tempo, and attaching Grafana as a frontend UI.

NOTE: Please refer to the Jaeger Upgrade Notice for other important changes related to Jaeger.

elasticsearchKibana:
  enabled: true
  # FOR JAEGER USERS: Set Elasticsearch/Kibana version to 8.18.1 (1.28.0-bb.6) for Jaeger Compatibility 
  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git
    path: "./chart"
    tag: "1.28.0-bb.6"
  helmRepo:
    repoName: "registry1"
    chartName: "elasticsearch-kibana"
    tag: "1.28.0-bb.6"

Kyverno Reporter - MR📜

With the change to pass-through pattern there is an additional layer required to pass values to the child package, pass values with the following pattern:

kyvernoReporter:
  values:
     upstream:
       key: value

The keys that won’t need to move are those under domain, global, networkPolicies, extraVolumes, openshift, istio, and bbtests.

Upgrades from previous releases📜

If coming from a version pre-2.54.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.54.0.

Packages📜

Package Type Package Version BB Version
Alloy Core v1.7.1 2.0.27-bb.0
Anchore Enterprise Addon 5.17.0 3.7.0-bb.0
Argocd Addon v2.14.11 7.9.0-bb.0
Authservice Addon 1.0.4 1.0.4-bb.3
updated Backstage beta Addon 1.0.7 2.5.2-bb.3 🔗
updated Bbctl Core 1.2.0 2.0.0-bb.1 🔗
Eck Operator Core 3.0.0 3.0.0-bb.0
updated Elasticsearch Kibana Core Kibana: 9.0.1 Elasticsearch: 9.0.1 1.30.0-bb.0 🔗
External Secrets Operator Addon 0.16.1 0.16.2-bb.1
updated Fluentbit Core 4.0.3 0.49.0-bb.1 🔗
Fortify Addon 24.4.3.0003 1.1.2320154-bb.26
Gatekeeper Core v3.19.1 3.19.1-bb.0
updated Gitlab Addon 18.0.1 9.0.1-bb.1 🔗
Gitlab Runner Addon v17.10.0 0.75.1-bb.2
updated Grafana Core 12.0.1 9.2.2-bb.0 🔗
Haproxy Addon v2.2.33 1.19.3-bb.10
updated Harbor Addon 2.13.1 1.17.1-bb.0 🔗
Headlamp beta Addon 0.30.0 0.30.1-bb.8
updated Istio Crds Core 1.25.3 1.25.3-bb.0 🔗
updated Istio Gateway Core 1.25.3 1.25.3-bb.4 🔗
updated Istiod Core 1.25.3 1.25.3-bb.3 🔗
Keycloak Addon 26.1.4 7.0.1-bb.0
Kiali Core 2.9.0 2.9.0-bb.2
updated Kyverno Core v1.13.4 3.3.6-bb.3 🔗
updated Kyverno Policies Core 3.3.4 3.3.4-bb.10 🔗
updated Kyverno Reporter Core 3.1.1 3.1.1-bb.2 🔗
updated Loki Core 3.5.1 6.30.1-bb.1 🔗
updated Mattermost Addon 10.8.1 10.8.1-bb.1 🔗
Mattermost Operator Addon 1.23.0 1.23.0-bb.0
Metrics Server Addon v0.7.2 3.12.2-bb.4
Mimir Addon 2.16.0 5.7.0-bb.1
updated Minio Addon RELEASE.2025-04-22T22-12-26Z 7.1.1-bb.2 🔗
Minio Operator Addon v7.1.1 7.1.1-bb.0
updated Monitoring Core Prometheus: 3.3.1 Grafana: 12.0.0 Alertmanager: 0.28.1 72.2.0-bb.3 🔗
Neuvector Core 5.4.4 2.8.6-bb.0
updated Nexus Repository Manager Addon 3.79.0-09 79.0.0-bb.2 🔗
Promtail Core v3.5.0 6.16.6-bb.4
Sonarqube Addon 10.7.0-community 10.7.0-bb.4
Tempo Core Tempo: 2.7.2 Tempo Query: 2.7.2 1.21.1-bb.0
Thanos Addon v0.38.0 16.0.2-bb.0
updated Twistlock Core 34.00.141 0.20.1-bb.2 🔗
updated Vault Addon 1.19.3 0.30.0-bb.4 🔗
Velero Addon 1.15.2 8.7.1-bb.1
Wrapper Core 0.4.15 0.4.15

Changes in 3.0.0📜

Big Bang MRs📜

  • !6429 adding domain into the values
  • !6428 fix repository paths that have been moved into product from sandbox
  • !6424 add domain to headlamp values
  • !6416 fixing stateful sets drift detection
  • !6413 release fix: sso configuration
  • !6401 ignore Jobs by default for driftDetection
  • !6400 ignore PrometheusRule for driftDetection
  • !6399 Fix case-sensitive value for driftDetection ignore
  • !6396 fix(values): added ignores for istiod-managed validating webhook fields
  • !6386 SKIP UPGRADE include the following
  • !6377 remove superfluous vault labels
  • !6376 Resolve “Set bbctl helmrelease to deploy only if monitoring is also enabled”
  • !6372 add necessary test values for alloy to umbrella test values
  • !6371 Remove .Values.istio from pipelines SKIP UPGRADE DEBUG
  • !6370 Rename anchore to anchoreEnterprise
  • !6369 Moves bbctl dependency conditionals to helm release dependsOn section
  • !6365 updating the docs because of known issues
  • !6361 Update K3d script to fix login
  • !6359 test out istiocrds, istiod, istiogateway
  • !6344 Check for existence of SSH folder and create it if it does not exist before writing the keys to it
  • !6334 BB 3.0 - Set default logger to Alloy instead of promtail
  • !6331 Move Jaeger to maintained
  • !6329 bbctl kyverno exceptions 2: electric boogaloo
  • !6327 Tempo backend for operatorless Istio
  • !6324 Add BB3.0 Blog Post
  • !6320 Update Flux
  • !6308 Passthrough temporary workarounnd
  • !6307 Update package architechture diagram to reflect 3.0 changes
  • !6305 Resolve “Create an ADR for drift detection”
  • !6301 Resolve “Operatorless Istio migration leaves orphaned LoadBalancer services”
  • !6292 Istio Operator Removal SKIP UPGRADE DEBUG
  • !6290 Remove Promtail Documentation
  • !6117 remove cluster auditor files
  • !6056 BB pass through pattern / kpt removal ADR

Backstage📜

  • !6358 Enable flux.driftDetection / backstage update to 2.5.2-bb.3
  • !6352: backstage update to 2.5.2-bb.2
# Changelog Updates

## [2.5.2-bb.3] - 2025-06-04
### Changed
- Removed un-declared field from istio Sidecar

## [2.5.2-bb.2] - 2025-06-02
### Changed
- Added Istio Operator-less network policy support

Bbctl📜

  • !6364: bbctl update to 2.0.0-bb.1
  • !6362: Updates bbctl chart to version 2.0.0-bb.0 and replaces Promtail references with Alloy
  • !6346: bbctl update to 1.0.0-bb.11
  • !6317: bbctl update to 1.0.0-bb.10
# Changelog Updates

## [2.0.0-bb.1] (2025-06-04)
### Changed
- adjusted cypress test to use gluon grafana logon built in command

## [2.0.0-bb.0] (2025-06-02)
### Changed
- updated all dashboard queries label selector from "app" to "app_kubernetes_io_name" to work with Alloy
### Deprecated
- Promtail is now deprecated and is only supported by the 1.0.0-bb.x chart versions

## [1.0.0-bb.11] (2025-06-02)
### Changed
- gluon updated from 0.5.19 to 0.6.2

## [1.0.0-bb.10] (2025-05-28)
### Changed
- fix typo error in cypress test

Elasticsearch Kibana📜

  • !6266: elasticsearchKibana update to 1.30.0-bb.0
  • !6300: elasticsearchKibana update to 1.29.0-bb.1
  • !6299: elasticsearchKibana update to 1.29.0-bb.0
# Changelog Updates

## [1.30.0-bb.0] (2025-05-12)
### Changed
- gluon updated from 0.5.18 to 0.5.19
- registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch updated from 9.0.0 to 9.0.1

## [1.29.0-bb.1] (2025-05-08)
### Changed
- gluon updated from 0.5.16 to 0.5.18
- registry1.dso.mil/ironbank/elastic/kibana/kibana updated from 9.0.0 to 9.0.1

## [1.29.0-bb.0] (2025-04-26)
### Changed
- gluon updated from 0.5.15 to 0.5.16
- registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch updated from 8.17.4 to 9.0.0
- registry1.dso.mil/ironbank/elastic/kibana/kibana updated from 8.17.4 to 9.0.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl updated from v1.32.3 to v1.32.4

Fluentbit📜

  • !6379: fluentbit update to 0.49.0-bb.1
  • !6339: fluentbit update to 0.49.0-bb.0
# Changelog Updates

## [0.49.0-bb.1] (2025-06-03)
### Changed
- ironbank/opensource/fluent/fluent-bit updated from 4.0.2 to 4.0.3

## [0.49.0-bb.0] (2025-05-27)
### Changed
- fluent-bit updated from 0.48.10 to 0.49.0
- gluon updated from 0.5.16 to 0.6.2
- ironbank/opensource/fluent/fluent-bit updated from 4.0.1 to 4.0.2

Gitlab📜

  • !6342: gitlab update to 9.0.1-bb.1
# Changelog Updates

## [9.0.1-bb.1] (2025-05-30)
### Fixed
- Added AuthorizationPolicy to allow gitlab-ci-pipelines-exporter to reach the Gitlab API

Grafana📜

  • !6360: grafana update to 9.2.2-bb.0
# Changelog Updates

## [9.2.2-bb.0] (2025-06-03)
### Changed
- gluon updated from 0.5.19 to 0.6.2
- grafana updated from 9.0.0 to 9.2.2

## [9.0.0-bb.0] (2025-05-13)
### Changed
- gluon updated from 0.5.16 to 0.5.19
- grafana updated from 8.14.0 to 9.0.0
- ironbank/big-bang/grafana/grafana-plugins updated from 11.6.1 to 12.0.0

## [8.14.0-bb.0] (2025-04-26)
### Changed
- gluon chart updated from 0.5.15 to 0.5.16
- grafana chart updated from 8.12.1 to 8.14.0

Harbor📜

  • !6367: SKIP UPGRADE harbor update to 1.17.1-bb.0
# Changelog Updates

## [1.17.1-bb.0] (2025-05-31)
### Changed
- gluon 0.5.17 -> 0.6.2
- postgresql 16.6.6 -> 16.7.8
- registry1.dso.mil/ironbank/bitnami/redis 7.4.3 -> 8.0.2
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-core v2.12.2 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-core v2.13.0 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-core v2.11.0 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter v2.12.2 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter v2.13.0 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice v2.12.2 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice v2.13.0 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal v2.12.2 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal v2.13.0 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl v2.12.2 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl v2.13.0 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/registry v2.12.2 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter v2.13.0 -> v2.13.1
- registry1.dso.mil/ironbank/opensource/nginx/nginx 1.27.4 -> 1.27.5
- registry1.dso.mil/ironbank/opensource/postgres/postgresql 17.4 -> 17.5

## [1.17.0-bb.0] (2025-05-02)
### Changed
- gluon 0.5.14 -> 0.5.17
- postgresql 16.6.0 -> 16.6.6
- registry1.dso.mil/ironbank/bitnami/redis 7.4.2 -> 7.4.3
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-core v2.12.2 -> v2.13.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter v2.12.2 -> v2.13.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice v2.12.2 -> v2.13.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal v2.12.2 -> v2.13.0
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl v2.12.2 -> v2.13.0
- registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter v2.12.2 -> v2.13.0
- registry1.dso.mil/ironbank/opensource/nginx/nginx 1.27.4 -> 1.27.5
- registry1.dso.mil/ironbank/opensource/postgres/postgresql 16.6 -> 17.4

Istio Crds📜

  • !6312: istioCRDs update to 1.25.3-bb.0
# Changelog Updates

## [1.25.3-bb.0] - 2025-05-28
### Changed
- Updated base from 1.25.2 to 1.25.3

Istio Gateway📜

  • !6422: istioGateway update to 1.25.3-bb.4
  • !6417: istioGateway update to 1.25.3-bb.3
  • !6397: istioGateway update to 1.25.3-bb.2
  • !6363: istioGateway update to 1.25.3-bb.1
  • !6311: istioGateway update to 1.25.3-bb.0
# Changelog Updates

## [1.25.3-bb.4] - 2025-06-12
### Changed
- Changed the chart name back to `gateway` from `istio-gateway` due to an issue with service recreation on 3.0 upgrade

## [1.25.3-bb.3] - 2025-06-11
### Updated
- Updated all conditional resource creations to be per-release

## [1.25.3-bb.2] - 2025-06-09
### Updated
- Fixed an issue where duplicate default `AuthorizationPolicy` resources were being created

## [1.25.3-bb.0] - 2025-06-04
### Updated
- Updated chart name to `istio-gateway` from `gateway` to avoid collisions in registry1

## [1.25.3-bb.0] - 2025-05-28
### Changed
- ironbank/opensource/istio/proxyv2 updated from 1.25.2 to 1.25.3

Istiod📜

  • !6411: istiod update to 1.25.3-bb.3
  • !6310: istiod update to 1.25.3-bb.0
# Changelog Updates

## [1.25.3-bb.3] - 2025-06-06
### Added
- Fix helm rendering when when adding additional envoy filters

## [1.25.3-bb.2] - 2025-06-05
### Added
- Added hardened configuration to support hardened service mesh deployment

## [1.25.3-bb.1] - 2025-06-04
### Added
- Added JSON schema for values.yaml

## [1.25.3-bb.0] - 2025-05-28
### Changed
- ironbank/opensource/istio/pilot updated from 1.25.2 to 1.25.3
- ironbank/opensource/istio/proxyv2 updated from 1.25.2 to 1.25.3

Kyverno📜

  • !6341: kyverno update to 3.3.6-bb.3
# Changelog Updates

## [3.3.6-bb.3] - 2025-05-30
### Changed
- Updated servicemonitors.monitoring.coreos.com with latest version

Kyverno Policies📜

  • !6328: kyvernoPolicies update to 3.3.4-bb.10
# Changelog Updates

## [3.3.4-bb.10] (2025-05-22)
### Changed
- kubectl updated from 1.32.3 to 1.32.5
- ubi9-minimal from 9.5 to 9.6
- updated gluon from 0.5.19 to 0.6.2

Kyverno Reporter📜

  • !6375: kyvernoReporter update to 3.1.1-bb.0
  • !6355: kyvernoReporter update to 3.0.3-bb.3
# Changelog Updates

## [3.1.1-bb.2] (2025-06-13)
### Changed
- Fixing selectors for network policies
- Turning the virtual service on by default

## [3.1.1-bb.1] (2025-06-13)
### Changed
- fix Istio VirtualService and AuthzPol

## [3.1.1-bb.0] (2025-06-04)
### Changed
- gluon 0.5.14 -> 0.6.2
- registry1.dso.mil/ironbank/nirmata/policy-reporter/policy-reporter-ui 2.3.7 -> 2.3.10
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.30.11 -> v1.32.5
- registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter 3.0.3 -> 3.1.1
- registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter/kyverno-plugin 0.4.2 -> 0.4.4

## [3.0.3-bb.3] - 2025-05-31
### Changed
- Added authorization policy for istio hardened

## [3.0.3-bb.2] - 2025-05-01
### Changed
- Refactored to pass-through pattern

Loki📜

  • !6357: loki update to 6.30.1-bb.1
  • !6340: loki update to 6.30.1-bb.0
# Changelog Updates

## [6.30.1-bb.1] (2025-06-03)
### Fixed
- Removed misspelled duplicate PodDisruptionBudget template from query-frontend

## [6.30.1-bb.0] (2025-05-28)
### Changed
- Updated `loki` from 3.5.0 -> 3.5.1
- Updated `loki-canary` from 3.5.0 -> 3.5.1
- Updated `kubectl` from v1.32.4 -> v1.32.5
- Updated `gluon` from 0.5.16 -> 0.6.2
- Updated `minio-instance` from 7.0.1-bb.0 -> 7.1.1-bb.0
- Updated `grafana-enterprise-logs` from v3.4.2 -> v3.5.1
- Updated `enterprise-logs-provisioner` from 3.4.2 -> 3.5.1

Mattermost📜

  • !6349: mattermost update to 10.8.1-bb.1
# Changelog Updates

## [10.8.1-bb.1] (2025-05-29)
### Changed
- gluon updated from 0.5.19 to 0.6.2

Minio📜

  • !6414: minio update to 7.1.1-bb.2
  • !6304: minio update to 7.1.1-bb.1
# Changelog Updates

## [7.1.1-bb.2] - 2025-06-11
### Changed
- Updated gluon from 0.5.21 -> 0.6.2

## [7.1.1-bb.1] - 2025-05-23
### Changed
- Updated gluon from 0.5.17 -> 0.5.21

Monitoring📜

  • !6354: monitoring update to 72.2.0-bb.3
  • !6279: monitoring update to 72.2.0-bb.2
# Changelog Updates

## [72.2.0-bb.3] (2025-06-02)
### Changed
- Increase kube-state-metrics resource limits/requests to 256Mi

## [72.2.0-bb.2] (2025-05-19)
### Changed
- Moved `blackboxExporter.image.imagePullSecrets` to `blackboxExporter.image.pullSecrets`

## [72.2.0-bb.1] (2025-05-13)
### Changed
- set `blackboxExporter.enabled` to `false` by default

Nexus Repository Manager📜

  • !6337: nexusRepositoryManager update to 79.0.0-bb.2
  • !6323: nexusRepositoryManager update to 79.0.0-bb.1
# Changelog Updates

## [79.0.0-bb.2] - 2025-05-29
### Changed
- Correct issue with failure in blob storage creation job

## [79.0.0-bb.1] - 2025-05-28
### Changed
- Correct issue with Accept Eula Job Pod Logs

## [79.0.0-bb.0] - 2025-04-23

Twistlock📜

  • !6321: twistlock update to 0.20.1-bb.2
# Changelog Updates

## [0.20.1-bb.2] (2025-05-30)
### Changed
- added scripts/get-all-vuln-reports.sh to collect ATO BoE

## [0.20.1-bb.1] - 2025-05-28
### Changed
- Update init container images in volume-upgrade-job.yaml to use values from configuration

Vault📜

  • !6338: vault update to 0.30.0-bb.4
# Changelog Updates

## [0.30.0-bb.4] - 2024-05-15
### Changed
- updated gluon 0.5.17 -> 0.6.0

Known Issues📜

  • Grafana
  • Istio Dashboards have not yet been migrated to the new deployment pattern and are planned to be included with release 3.1.0
  • Kyverno-Reporter - ISSUE

  • There is currently a bug within the prometheus Kyverno Reporter (serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0) target

    Workaround Steps

    set both the default-istio-system and policy-reporter-default peerauthentication’s to PERMISSIVE

    kubectl edit peerauthentication default-istio-system -n istio-system
kubectl edit peerauthentication policy-reporter-default -n kyverno-reporter

  • Neuvector - ISSUE

  • There is a bug preventing prometheus metrics scraping in neuvector
  • Prometheus - ISSUE
  • Error when scraping Prometheus endpoint ‘serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0’: Error scraping target: server returned HTTP status 403 Forbidden
  • Keycloak

  • keycloak may fail the upgrade. to resolve this, reconcile the helm release and then delete the pods within the keycloak namespace.

    flux reconcile hr -n bigbang keycloak --with-source --force
kubectl delete pods -n keycloak

  • bbctl

  • Dashboards
    • CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
    • bbctl-violations-dashboard / bbctl-all-logs-dashboard(Violations Logs)
    • These items will not populate if you have too large of a kubernets cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the bbctl violations command to obtain the data.

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.