Skip to content

Release Notes - 3.19.0📜

Please see our documentation page for more information on how to consume and deploy BigBang.\ This release was primarily tested on Kubernetes 1.34.3 (EKS).

Deprecations📜

Nexus Repository Manager📜

Big Bang will remove support for Nexus Repository Manager in a future release (upstream chart was deprecated October 24, 2023). Big Bang version 3.14 contained the final Nexus Repository Manager update. - Update (3.19.0): Deprecation has been delayed to release 3.20.0. - Migration path: Use NXRM3-HA, the official high availability chart by Sonatype. Install via the BYO packages: section.

Upgrade Notices📜

BigBang - MR📜

Big Bang does not support Vault and SSO out of the box. If you have enabled SSO by following some of the options documented in https://repo1.dso.mil/big-bang/product/packages/vault/-/blob/main/docs/keycloak.md , you may need to add a route for bb-common to allow the sso.

This can be done with: 

addons:
  vault:
    values:
      networkPolicies:
        egress:
          from:
            vault:
              to:
                definition:
                  sso: true

Anchore Enterprise - MR📜

The internal PostgreSQL has been updated to release 18 which requires a dump/restore using pg_dumpall or using pg_upgrade for migrating data to this new, major release. Platform One does not support an internal postgres database for production deployments. This option should only be used for development or CI pipelines. Documentation and other changes can be found here: https://www.postgresql.org/docs/18/release-18.html#RELEASE-18-MIGRATION

External database tables will be automatically upgraded by Helm as documented here: https://docs.anchore.com/current/docs/upgrade .

Regular database backups and best practices should be followed.

Authservice - MR📜

Authservice is now leveraging our bb-common integration for network policies and all istio-related resources. Please refer to this blog post for additional information on the integration.

Keycloak - MR📜

Keycloak is now leveraging our bb-common integration for network policies and all istio-related resources. Please refer to this blog post for additional information on the integration.

As part of the integration two new package level definitions have been created with their defaults shown below:

      smtp-subnets:
        to:
          - ipBlock:
              cidr: 192.168.0.0/16
          - ipBlock:
              cidr: 172.16.0.0/12
          - ipBlock:
              cidr: 10.0.0.0/8
        ports:
        - port: 587
          protocol: TCP
      ldap-subnets:
        to:
          - ipBlock:
              cidr: 192.168.0.0/16
          - ipBlock:
              cidr: 172.16.0.0/12
          - ipBlock:
              cidr: 10.0.0.0/8
        ports:
        - port: 636
          protocol: TCP

These definitions allow all traffic to any private IP address using the secure version of each protocol, but can be modified to suit a given environments needs. They are disabled by default, but can easily be enabled by using the following in your values file:

networkPolicies:
  egress:
    from:
      keycloak:
        to:
          definition:
            ldap-subnets: true
            smtp-subnets: true

Mattermost - MR📜

Mattermost is now leveraging our bb-common integration for network policies and istio-related resources. Please refer to this blog post for additional information on the integration.

Sonarqube - MR📜

Embedded postgres support has been dropped in the latest release, favoring the H2 internal database for testing. Please review the following document for details https://github.com/SonarSource/helm-chart-sonarqube/blob/master/charts/sonarqube-dce/README.md#upgrade-from-versions-prior-to-202610

Linked Issues📜

https://repo1.dso.mil/big-bang/product/packages/sonarqube/-/issues/197 https://repo1.dso.mil/big-bang/product/packages/sonarqube/-/issues/200

Known Issues📜

  • bbctl Dashboards
  • CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
  • bbctl-violations-dashboard / bbctl-all-logs-dashboard(Violations Logs)
    • These items will not populate if you have too large of a kubernetes cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the bbctl violations command to obtain the data.
  • Headlamp
  • Attempting to login using OIDC will create a login ‘loop’. See upstream issue for further information.
  • Loki/Elasticsearch-kibana
  • If loki and EK are both enabled, drift detection will continually trigger as they share a peer authentication: default-peer-auth in the logging namespace. Issue
  • Prometheus
  • Target scraping for Fluentbit targets may encounter 503 Service Unavailable errors even though the pods are functioning as expected
  • Mattermost in-cluster database
  • The database wasn’t properly updated in the values and will need an override if used, in-cluster databases are not recommended for production

Upgrades from previous releases📜

If coming from a version pre-3.18.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-3.18.0.

Packages📜

Click to show Packages Version Updates | Package | Type | Package Version | BB Version | | ------- | ---- | --------------- | ---------- | | updated [Alloy](https://repo1.dso.mil/big-bang/product/packages/alloy) | Core | `v1.10.0` | `3.7.2-bb.4` [🔗](#alloy) | | updated [Anchore Enterprise](https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise) | Addon | `5.24.2` | `3.21.0-bb.0` [🔗](#anchore-enterprise) | | updated [Argocd](https://repo1.dso.mil/big-bang/product/packages/argocd) | Addon | `v3.3.0` | `9.4.2-bb.0` [🔗](#argocd) | | updated [Authservice](https://repo1.dso.mil/big-bang/product/packages/authservice) | Addon | `1.1.5` | `1.1.5-bb.1` [🔗](#authservice) | | [Backstage](https://repo1.dso.mil/big-bang/product/packages/backstage) | Addon | `1.1.0` | `2.6.3-bb.2` | | [Bbctl](https://repo1.dso.mil/big-bang/product/packages/bbctl) | Core | `2.3.1` | `3.0.1-bb.3` | | [Eck Operator](https://repo1.dso.mil/big-bang/product/packages/eck-operator) | Core | `3.2.0` | `3.2.0-bb.1` | | updated [Elasticsearch Kibana](https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana) | Core | Kibana: `9.2.4` Elasticsearch: `9.2.4` | `1.35.0-bb.1` [🔗](#elasticsearch-kibana) | | updated [External Secrets Operator](https://repo1.dso.mil/big-bang/product/packages/external-secrets) | Addon | `1.3.1` | `1.3.1-bb.1` [🔗](#external-secrets-operator) | | [Fluentbit](https://repo1.dso.mil/big-bang/product/packages/fluentbit) | Core | `4.2.2` | `0.55.0-bb.0` | | [Fortify](https://repo1.dso.mil/big-bang/product/packages/fortify) | Addon | `25.4.0.0137` | `25.4.0-bb.0` | | [Gatekeeper](https://repo1.dso.mil/big-bang/product/packages/policy) | Core | `v3.21.1` | `3.21.1-bb.0` | | [Gitlab](https://repo1.dso.mil/big-bang/product/packages/gitlab) | Addon | `18.8.4` | `9.8.2-bb.2` | | [Gitlab Runner](https://repo1.dso.mil/big-bang/product/packages/gitlab-runner) | Addon | `v18.8.0` | `0.85.0-bb.2` | | [Grafana](https://repo1.dso.mil/big-bang/product/packages/grafana) | Core | `12.3.1` | `10.5.5-bb.1` | | [Harbor](https://repo1.dso.mil/big-bang/product/packages/harbor) | Addon | `2.14.2` | `1.18.2-bb.0` | | updated [Headlamp](https://repo1.dso.mil/big-bang/product/packages/headlamp) | Addon | `0.40.0` | `0.40.0-bb.0` [🔗](#headlamp) | | updated [Istio Cni](https://repo1.dso.mil/big-bang/product/packages/istio-cni) | Core | `1.29.0` | `1.29.0-bb.0` [🔗](#istio-cni) | | updated [Istio Crds](https://repo1.dso.mil/big-bang/product/packages/istio-crds) | Core | `1.29.0` | `1.29.0-bb.0` [🔗](#istio-crds) | | updated [Istio Gateway](https://repo1.dso.mil/big-bang/product/packages/istio-gateway) | Core | `1.29.0` | `1.29.0-bb.0` [🔗](#istio-gateway) | | updated [Istiod](https://repo1.dso.mil/big-bang/product/packages/istiod) | Core | `1.29.0` | `1.29.0-bb.1` [🔗](#istiod) | | updated [Keycloak](https://repo1.dso.mil/big-bang/product/packages/keycloak) | Addon | `26.5.4` | `7.1.8-bb.0` [🔗](#keycloak) | | updated [Kiali](https://repo1.dso.mil/big-bang/product/packages/kiali) | Core | `2.22.0` | `2.22.0-bb.0` [🔗](#kiali) | | [Kyverno](https://repo1.dso.mil/big-bang/product/packages/kyverno) | Core | `v1.17.0` | `3.7.0-bb.1` | | [Kyverno Policies](https://repo1.dso.mil/big-bang/product/packages/kyverno-policies) | Core | `3.3.4` | `3.3.4-bb.19` | | updated [Kyverno Reporter](https://repo1.dso.mil/big-bang/product/packages/kyverno-reporter) | Core | `3.7.2` | `3.7.2-bb.0` [🔗](#kyverno-reporter) | | [Loki](https://repo1.dso.mil/big-bang/product/packages/loki) | Core | `3.5.5` | `6.46.0-bb.5` | | updated [Mattermost](https://repo1.dso.mil/big-bang/product/packages/mattermost) | Addon | `11.4.2` | `11.4.2-bb.0` [🔗](#mattermost) | | updated [Mattermost Operator](https://repo1.dso.mil/big-bang/product/packages/mattermost-operator) | Addon | `1.25.4` | `1.25.4-bb.0` [🔗](#mattermost-operator) | | updated [Metrics Server](https://repo1.dso.mil/big-bang/product/packages/metrics-server) | Addon | `v0.8.1` | `3.13.0-bb.5` [🔗](#metrics-server) | | [Mimir](https://repo1.dso.mil/big-bang/product/packages/mimir) | Addon | `2.17.1` | `5.8.0-bb.5` | | [Minio](https://repo1.dso.mil/big-bang/product/packages/minio) | Addon | `RELEASE.2025-10-15T17-29-55Z` | `7.1.1-bb.16` | | [Minio Operator](https://repo1.dso.mil/big-bang/product/packages/minio-operator) | Addon | `v7.1.1` | `7.1.1-bb.4` | | [Monitoring](https://repo1.dso.mil/big-bang/product/packages/monitoring) | Core | Prometheus: `3.9.1` Grafana: `12.3.1` Alertmanager: `0.30.0` | `80.13.3-bb.0` | | [Neuvector](https://repo1.dso.mil/big-bang/product/packages/neuvector) | Core | `5.4.9` | `2.8.11-bb.0` | | [Nexus Repository Manager](https://repo1.dso.mil/big-bang/product/packages/nexus) | Addon | `3.88.0-08-4909530` | `88.0.0-bb.0` | | updated [Prometheus Operator Crds](https://repo1.dso.mil/big-bang/product/packages/prometheus-operator-crds) | Core | `v0.88.0` | `27.0.0-bb.0` [🔗](#prometheus-operator-crds) | | updated [Sonarqube](https://repo1.dso.mil/big-bang/product/packages/sonarqube) | Addon | `26.2.0.119303-community` | `2025.6.1-bb.4` [🔗](#sonarqube) | | [Tempo](https://repo1.dso.mil/big-bang/product/packages/tempo) | Core | Tempo: `2.10.0` Tempo Query: `2.10.0` | `1.24.4-bb.1` | | [Thanos](https://repo1.dso.mil/big-bang/product/packages/thanos) | Addon | `v0.40.1` | `17.3.3-bb.3` | | [Twistlock](https://repo1.dso.mil/big-bang/product/packages/twistlock) | Core | `34.03.138` | `0.24.0-bb.5` | | [Vault](https://repo1.dso.mil/big-bang/product/packages/vault) | Addon | `1.21.2` | `0.32.0-bb.0` | | [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | Addon | `1.17.2` | `11.3.2-bb.2` | | [Wrapper](https://repo1.dso.mil/big-bang/product/packages/wrapper) | Core | `0.4.15` | `0.4.15` |

Changes in 3.19.0📜

Big Bang MRs📜

  • !7428 add legacy hardened mapping for istiod
  • !7420 Fix mattermost operator values secret conditional to include mattermost
  • !7385 optimizes flux helmReleases with a helper. Fixes bugs detected and adds unit tests for validation
  • !7384 Resolve “remove sso route for vault”

Alloy📜

  • !7409: alloy update to 3.7.2-bb.4
Click to show Changelog 
# Changelog Updates

## [3.7.2-bb.4] (2026-02-11)
### Added
- Added Zipkin port (9411) to alloy-receiver extraPorts for trace collection
- Added network policy ingress rules for alloy-receiver on ports 4317 (OTLP), 9411 (Zipkin), and 12345 (metrics)
- Added network policy egress rule for alloy-receiver to forward traces to Tempo on port 4317

Anchore Enterprise📜

  • !7426: anchoreEnterprise update to 3.21.0-bb.0
  • !7383: anchoreEnterprise update to 3.20.2-bb.0
Click to show Changelog 
# Changelog Updates

## [3.21.0-bb.0] (2026-02-24)
### Changed
- enterprise 3.20.2 -> 3.21.0
- redis 24.1.0 -> 25.3.0
- registry1.dso.mil/ironbank/anchore/enterprise/enterprise 5.24.0 -> 5.24.2
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.80.1 -> v1.81.0
- registry1.dso.mil/ironbank/opensource/postgres/postgresql 18.1 -> 18.2
- registry1.dso.mil/ironbank/opensource/redis/redis8-slim 8.4.0 -> 8.6.1

## [3.20.2-bb.0] - 2026-02-18
### Changed
- Updated redis 23.1.1-bb.1 -> 24.1.0-bb.1
- Updated anchore Enterprise chart 3.19.2 -> 3.20.2
- ironbank/anchore/enterprise/enterprise 5.23.0 -> 5.24.0
- ironbank/anchore/enterpriseui/enterpriseui 5.23.0 -> 5.24.0
- registry1.dso.mil/ironbank/anchore/enterprise/enterprise 5.23.0 -> 5.24.0
- registry1.dso.mil/ironbank/anchore/enterpriseui/enterpriseui 5.23.0 -> 5.24.0
- registry1.dso.mil/ironbank/opensource/postgres/postgresql 16.2 -> 18.1

Argocd📜

  • !7398: argocd update to 9.4.2-bb.0
Click to show Changelog 
# Changelog Updates

## [9.4.2-bb.0] (2026-02-18)
### Changed
- Upgraded argo-cd 9.3.4 -> 9.4.2
- Upgraded gluon 0.9.7 -> 0.9.8
- Upgraded redis (source) 24.1.0-bb.0 -> 24.1.2-bb.0
- Upgraded registry1.dso.mil/ironbank/big-bang/argocd (source) v3.2.5 -> v3.3.0
- Upgraded registry1.dso.mil/ironbank/big-bang/devops-tester 1.0 -> 1.1
- Upgraded registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter (source) v1.80.1 -> v1.81.0

Authservice📜

  • !7402: authservice update to 1.1.5-bb.1
Click to show Changelog 
# Changelog Updates

## [1.1.5-bb.1] (2026-02-18)
### Changed
- bb-common updated from 0.12.2 to 0.14.0
- gluon updated from 0.9.7 to 0.9.8
- completed integration with bb-common

Elasticsearch Kibana📜

  • !7421: elasticsearchKibana update to 1.35.0-bb.1
Click to show Changelog 
# Changelog Updates

## [1.35.0-bb.1] (2026-02-13)
### Added
- Istio sidecar metrics ServiceMonitors and headless Services for Elasticsearch and Kibana pods (port 15020)
- `prometheus.istio.io/merge-metrics: "false"` annotation on Kibana pods to match Elasticsearch behavior

External Secrets Operator📜

  • !7413: externalSecrets update to 1.3.1-bb.1
Click to show Changelog 
# Changelog Updates

## [1.3.1-bb.1] - 2026-02-20
### Added
- Added Vault provider support for ClusterSecretStore (token and kubernetes auth)
- Added network policy for Vault egress

Headlamp📜

  • !7410: headlamp update to 0.40.0-bb.0
Click to show Changelog 
# Changelog Updates

## [0.40.0-bb.0] (2026-01-01)
### Updated
- Updated headlamp dependency chart 0.39.0 -> 0.40.0
- Updated registry1.dso.mil/ironbank/opensource/headlamp-k8s/headlamp (source) v0.39.0 -> v0.40.0
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) v1.33.6 -> v1.34.6
- Updated cypress (source) 15.8.1 -> 15.10.0
- Updated bb-common 0.12.0 -> 0.14.0
- Updated gluon 0.9.7 -> 0.9.8

Istio Cni📜

  • !7404: istioCNI update to 1.29.0-bb.0
Click to show Changelog 
# Changelog Updates

## [1.29.0-bb.0] (2026-02-20)
### Changed
- cni 1.28.3 -> 1.29.0
- registry1.dso.mil/ironbank/opensource/istio/install-cni 1.28.3 -> 1.29.0

Istio Crds📜

  • !7403: istioCRDs update to 1.29.0-bb.0
Click to show Changelog 
# Changelog Updates

## [1.29.0-bb.0] (2026-02-17)
### Changed
- base updated from 1.28.3 to 1.29.0

Istio Gateway📜

  • !7407: istioGateway update to 1.29.0-bb.0
Click to show Changelog 
# Changelog Updates

## [1.29.0-bb.0] (2026-02-18)
### Changed
- bb-common 0.13.0 -> 0.14.0
- gateway 1.28.3 -> 1.29.0
- gluon 0.9.7 -> 0.9.8
- registry1.dso.mil/ironbank/opensource/istio/proxyv2 1.28.3 -> 1.29.0

Istiod📜

  • !7422: istiod update to 1.29.0-bb.1
  • !7406: istiod update to 1.29.0-bb.0
Click to show Changelog 
# Changelog Updates

## [1.29.0-bb.1] (2026-02-20)
### Changed
- Migrated Istio resources (PeerAuthentication, AuthorizationPolicies) to bb-common

## [1.29.0-bb.0] (2026-02-20)
### Changed
- bb-common 0.13.0 -> 0.14.0
- istiod 1.28.3 -> 1.29.0
- registry1.dso.mil/ironbank/opensource/istio/pilot 1.28.3 -> 1.29.0
- registry1.dso.mil/ironbank/opensource/istio/proxyv2 1.28.3 -> 1.29.0

Keycloak📜

  • !7419: keycloak update to 7.1.8-bb.0
  • !7399: keycloak update to 7.1.7-bb.1
Click to show Changelog 
# Changelog Updates

## [7.1.8-bb.0] - 2026-02-24
### Updated
- Updated  Keycloakx to 7.1.8
- Updated  Keycloak to 26.5.4
- Updated  bb-common to 0.14.1
- Updated  postgresql to 18.4.0

## [7.1.7-bb.1] - 2026-02-18
### Updated
- Removed remaining static resources files and replaced them with bb-common dynamically generated resources

Kiali📜

  • !7380: kiali update to 2.22.0-bb.0
Click to show Changelog 
# Changelog Updates

## [2.22.0-bb.0] (2026-02-17)
### Changed
- kiali-operator 2.21.0 -> 2.22.0
- registry1.dso.mil/ironbank/opensource/kiali/kiali v2.21.0 -> v2.22.0
- registry1.dso.mil/ironbank/opensource/kiali/kiali-operator v2.21.0 -> v2.22.0

Kyverno Reporter📜

  • !7381: kyvernoReporter update to 3.7.2-bb.0
Click to show Changelog 
# Changelog Updates

## [3.7.2-bb.0] (2026-02-17)
### Changed
- Updated policy-reporter subchart  v3.7.1 -> v3.7.2
- registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter 3.7.0 -> 3.7.2

Mattermost📜

  • !7427: mattermost update to 11.4.2-bb.0
  • !7416: mattermost update to 11.4.1-bb.0
  • !7414: mattermost update to 11.4.0-bb.2
  • !7397: mattermost update to 11.4.0-bb.1
Click to show Changelog 
# Changelog Updates

## [11.4.2-bb.0] (2026-02-28)
### Changed
- registry1.dso.mil/ironbank/opensource/mattermost/mattermost (source) 11.4.1 -> 11.4.2
- registry1.dso.mil/ironbank/opensource/postgres/postgresql (source) 18.2 -> 18.3

## [11.4.1-bb.0] (2026-02-24)
### Changed
- registry1.dso.mil/ironbank/opensource/mattermost/mattermost updated from 11.4.0 to 11.4.1

## [11.4.0-bb.2] (2026-02-24)
### Changed
- bb-common updated from 0.14.0 to 0.14.1

## [11.4.0-bb.1] (2026-02-17)
### Changed
- Migrated to bb-common version 0.14.0 to generate network policies and istio resources

Mattermost Operator📜

  • !7417: mattermostOperator update to 1.25.4-bb.0
Click to show Changelog 
# Changelog Updates

## [1.25.4-bb.0] (2026-02-24)
### Changed
- Updated registry1.dso.mil/ironbank/opensource/mattermost/mattermost-operator v1.25.3 -> v1.25.4
- bb-common updated from 0.14.0 to 0.14.1

Metrics Server📜

  • !7405: metricsServer update to 3.13.0-bb.5
Click to show Changelog 
# Changelog Updates

## [3.13.0-bb.5] (2026-2-13)
### Changed
- gluon 0.9.7 -> 0.9.8
- metrics-server v0.8.0 -> 0.8.1

Prometheus Operator Crds📜

  • !7424: prometheusOperatorCRDs update to 27.0.0-bb.0
Click to show Changelog 
# Changelog Updates

## [27.0.0-bb.0] (2026-02-07)
### Changed
- prometheus-operator-crds updated from 26.0.0 to 27.0.0

Sonarqube📜

  • !7390: sonarqube update to 2025.6.1-bb.4
Click to show Changelog 
# Changelog Updates

## [2025.6.1-bb.4] - 2026-02-17
### Updated
- update bb-common 0.12.3 -> 0.14.0
- update gluon 0.9.7 -> 0.9.8
- update ironbank/sonarsource/sonarqube/sonarqube-community-build 25.12.0.117093-community -> 26.2.0.119303-community
- update ironbank/opensource/postgres/postgresql  18.1 -> 18.2
- update sonarqube 2025.6.1 -> 2026.1.0
- Removed embedded postgresql configurations

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.