Skip to content

Release Notes - 3.2.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.32.3 (EKS).

Upgrade Notices📜

  • Nexus - MR: ⚠️ Breaking Change in Nexus Repository Manager 3.81.1-01📜

  • CRITICAL: Nexus Repository Manager version 3.81.1-01 contains a breaking change that affects data persistence and will cause authentication failures after pod restarts.

  • Sonatype modified the internal directory structure where /opt/sonatype/sonatype-work/nexus3 changed from a symlink to the persistent volume to a real directory in ephemeral storage.

    • This causes the admin password file and other working data to be stored in ephemeral storage instead of the persistent volume.

  • Required Fix

  • Note: The -Dkaraf.data=/nexus-data JVM parameter is already included in the package’s default values, but when upgrading to 3.81.1-01, you MUST append this parameter to your override values to ensure it takes effect if your installation overrides INSTALL4J_ADD_VM_PARAMS
  • For example: 
    nexus:
  env:
    - name: INSTALL4J_ADD_VM_PARAMS
      value: "-Dcom.redhat.fips=false -Xms2703M -Xmx2703M -XX:MaxDirectMemorySize=2703M -XX:+UnlockExperimentalVMOptions -XX:+UseContainerSupport -Djava.util.prefs.userRoot=/nexus-data/javaprefs -Dkaraf.data=/nexus-data"
  • Impact Without Fix
  • accept-eula jobs will fail with 401 Unauthorized errors
  • Admin password will be regenerated on every pod restart
  • Authentication will fail after any pod restart or scaling event

  • Data persistence will be broken

  • This configuration ensures all Nexus working data remains in the persistent volume as expected, with the critical -Dkaraf.data=/nexus-data parameter included in your override values.

  • Kiali - MR📜

  • Added values.yaml schema enforcement
  • If you did not already migrate your Kiali values as described in the 2.53 release notes, you may see a schema validation error on the helm upgrade that looks like:
    • (root): Additional property cr is not allowed.

Track Change Notice📜

  • Jaeger📜

  • On Aug 01, 2025 Jaeger will be transitioning from the Big Bang Maintained Track to the Big Bang Community Track.
  • Note: this means the Big Bang team will no longer be maintaining the hardened version of the jaeger-operator helm chart.
  • Due to issues arising with reliable maintenence from the upstream creator’s repository, we have made the decision to longer maintain the helm chart for Big Bang integration.
  • Functionality is completely replaced by Grafana’s Alloy and Tempo products.
  • A migration document will be provided to help users move from the Big Bang Integrated Track to the Big Bang Community Track in the project repository.

Upgrades from previous releases📜

If coming from a version pre-3.1.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-3.1.0.

Packages📜

Package Type Package Version BB Version
Alloy Core 1.7.1 2.0.27-bb.3
Anchore Enterprise Addon 5.17.0 3.7.0-bb.0
Argocd Addon 3.0.6 8.0.10-bb.0
Authservice Addon 1.0.4 1.0.4-bb.3
Backstage beta Addon 1.0.8 2.5.2-bb.4
Updated Bbctl Core 1.4.0 2.0.0-bb.3 🔗
Eck Operator Core 3.0.0 3.0.0-bb.0
Updated Elasticsearch Kibana Core Kibana 9.0.3 Elasticsearch 9.0.1 1.30.0-bb.2 🔗
Updated External Secrets Addon 0.18.0 0.18.0-bb.0 🔗
Fluentbit Core 4.0.3 0.49.0-bb.1
Fortify Addon 25.2.0.0157 1.1.2320154-bb.28
Gatekeeper Core 3.19.1 3.19.1-bb.0
Updated Gitlab Addon 18.1.0 9.1.0-bb.0 🔗
Gitlab Runner Addon 18.0.2 0.77.2-bb.0
Updated Grafana Core 12.0.2 9.2.7-bb.0 🔗
Haproxy Addon 2.2.33 1.19.3-bb.10
Updated Harbor Addon 2.13.1 1.17.1-bb.1 🔗
Updated Headlamp beta Addon 0.31.1 0.31.1-bb.1 🔗
Istio Crds Core 1.26.1 1.26.1-bb.0
Updated Istio Gateway Core 1.26.1 1.26.1-bb.2 🔗
Istiod Core 1.26.1 1.26.1-bb.0
Keycloak Addon 26.1.4 7.0.1-bb.0
Updated Kiali Core 2.10.0 2.10.0-bb.2 🔗
Kyverno Core 1.13.4 3.3.6-bb.5
Kyverno Policies Core 3.3.4 3.3.4-bb.10
Updated Kyverno Reporter Core 3.1.1 3.1.4-bb.0 🔗
Updated Loki Core 3.5.1 6.30.1-bb.2 🔗
Updated Mattermost Addon 10.9.1 10.9.1-bb.2 🔗
Mattermost Operator Addon 1.23.0 1.23.0-bb.0
Metrics Server Addon 0.7.2 3.12.2-bb.4
Mimir Addon '2.16.0' 5.7.0-bb.2
Minio Addon RELEASE.2025-05-24T17-08-30Z 7.1.1-bb.3
Minio Operator Addon 7.1.1 7.1.1-bb.0
Monitoring Core Prometheus 3.4.1 Grafana 12.0.1 Alertmanager 0.28.1 73.2.0-bb.0
Neuvector Core 5.4.4 2.8.6-bb.0
Updated Nexus Addon 3.81.1-01 81.1.0-bb.0 🔗
Promtail Core 3.5.1 6.16.6-bb.5
Updated Sonarqube Addon 10.7.0-community 10.7.0-bb.6 🔗
Tempo Core Tempo 2.7.2 Tempo Query 2.7.2 1.21.1-bb.0
Thanos Addon 0.38.0 16.0.2-bb.0
Twistlock Core 34.01.126 0.21.0-bb.0
Updated Vault Addon 1.19.5 0.30.0-bb.7 🔗
Velero Addon 1.16.1 10.0.1-bb.0
Wrapper Core 0.4.15 0.4.15

Changes in 3.2.0📜

Big Bang MRs📜

  • !6491: 3.1 cherrypick
  • !6467: core disablement
  • !6469: update-adr-passthrough-chart

Bbctl📜

  • !6509: bbctl update to 2.0.0-bb.3
# Changelog Updates

## [2.0.0-bb.3] - 2025-06-27
### Changed
- gluon updated from 0.6.2 to 0.6.3
- Upgraded bbctl to application version 1.4.0

Elasticsearch Kibana📜

  • !6502: elasticsearchKibana update to 1.30.0-bb.2
# Changelog Updates

## [1.30.0-bb.2] - 2025-06-30
### Changed
- gluon updated from 0.5.19 to 0.6.3
- registry1.dso.mil/ironbank/elastic/kibana/kibana updated from 9.0.1 to 9.0.3
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl updated from v1.32.4 to v1.32.6

External Secrets📜

  • !6513: externalSecrets update to 0.18.0-bb.0
# Changelog Updates

## [0.18.0-bb.0] - 2025-06-20
### Changed
- Updated helm-chart to 0.18.0
- updated the external secrets image to v0.18.0
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) v1.32.5 -> v1.32.6

Gitlab📜

  • !6420: Resolve “Gitlab object storage regionendpoint should be independent of endpoint”
  • !6484: gitlab update to 9.1.0-bb.0
# Changelog Updates

## [9.1.0-bb.0] - 2025-06-20
### Changed
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 18.0.2 -> 18.1.0
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 18.0.2 -> 18.1.0

Grafana📜

  • !6487: grafana update to 9.2.7-bb.0
# Changelog Updates

## [9.2.7-bb.0] - 2025-06-21
### Changed
- grafana updated from 9.2.2 to 9.2.7
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins updated from 12.0.1 to 12.0.2
- registry1.dso.mil/ironbank/opensource/grafana/grafana-image-renderer updated from 3.12.6 to 3.12.7

Harbor📜

  • !6482: harbor update to 1.17.1-bb.1
# Changelog Updates

## [1.17.1-bb.1] - 2025-06-20
### Changed
- postgresql 16.7.8 -> 16.7.13
- registry1.dso.mil/ironbank/opensource/nginx/nginx 1.27.5 -> 1.28.0

Headlamp📜

  • !6490: headlamp update to 0.31.1-bb.1
# Changelog Updates

## [0.31.1-bb.1] - 2025-06-23
### Updated
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.32.5 -> v1.32.6
- Updated cypress 14.4.1 -> 14.5.0

Istio Gateway📜

  • !6481: istioGateway update to 1.26.1-bb.2
# Changelog Updates

## [1.26.1-bb.2] - 2025-06-17
### Added
- Added Helm values schema

Kiali📜

  • !6499: kiali update to 2.10.0-bb.2
  • !6476: Updated kiali git tag
# Changelog Updates

## [2.10.0-bb.2] - 2025-06-27
### Updated
- Integrated bb-common package and deleted package network policies
- Updated values schema to comply with bb-common

## [2.10.0-bb.1] - 2025-06-16
### Updated
- Added Helm values schema

Kyverno Reporter📜

  • !6486: kyvernoReporter update to 3.1.4-bb.0
# Changelog Updates

## [3.1.4-bb.0] - 2025-06-24
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.32.5 -> v1.32.6
- Updated policy-reporter subchart 3.1.1 -> 3.1.4

Loki📜

  • !6501: loki update to 6.30.1-bb.2
# Changelog Updates

## [6.30.1-bb.2] - 2025-06-20
### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl from v1.32.5 -> v1.32.6
- Updated registry1.dso.mil/ironbank/opensource/nginx/nginx from 1.27.5 -> 1.28.0
- Updated registry1.dso.mil/ironbank/opensource/prometheus/memcached-exporter from v0.15.2 -> v0.15.3
- Updated rollout-operator from 0.28.0 -> 0.30.0

Mattermost📜

  • !6493: mattermost update to 10.9.1-bb.2
# Changelog Updates

## [10.9.1-bb.2] - 2025-06-27
### Changed
- gluon updated from 0.6.2 to 0.6.3

Nexus📜

  • !6516: nexusRepositoryManager update to 81.1.0-bb.0
  • !6535: nexusRepositoryManager update to 81.1.0-bb.1
# Changelog Updates

## [81.1.0-bb.0] - 2025-07-02
### Changed
- ironbank/sonatype/nexus/nexus (source) 3.79.0-09 -> 3.81.1-01
- registry1.dso.mil/ironbank/sonatype/nexus/nexus (source) 3.79.0-09 -> 3.81.1-01
- Updated cypress tests for 3.81.1-01

Sonarqube📜

  • !6514: sonarqube update to 10.7.0-bb.6
  • !6483: sonarqube update to 10.7.0-bb.5
  • !6478: Update Sonarqube admin password for testing
# Changelog Updates

## [10.7.0-bb.6] - 2025-07-03
### Fixed
- Configuration changes needed to allow for prometheus to scrap metrics properly

## [10.7.0-bb.5] - 2025-06-24
### Updated
- Changed cypress test password

Vault📜

  • !6492: vault update to 0.30.0-bb.7
# Changelog Updates

## [0.30.0-bb.7] - 2025-06-27
### Changed
- gluon 0.6.2 -> 0.6.3
- registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s (source) v1.6.2 -> v1.7.0

Known Issues📜

  • Grafana - ISSUE
  • Istio Dashboards have not yet been migrated to the new deployment pattern and are planned to be included with release 3.3.0
  • Kyverno-Reporter - ISSUE

  • There is currently a bug within the prometheus Kyverno Reporter (serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0) target

    Workaround Steps

    set both the default-istio-system and policy-reporter-default peerauthentication’s to PERMISSIVE

    kubectl edit peerauthentication default-istio-system -n istio-system
kubectl edit peerauthentication policy-reporter-default -n kyverno-reporter

  • Neuvector - ISSUE

  • There is a bug preventing prometheus metrics scraping in neuvector
  • Prometheus - ISSUE
  • Error when scraping Prometheus endpoint ‘serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0’: Error scraping target: server returned HTTP status 403 Forbidden
  • bbctl
  • Dashboards
    • CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
    • bbctl-violations-dashboard / bbctl-all-logs-dashboard(Violations Logs)
    • These items will not populate if you have too large of a kubernets cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the bbctl violations command to obtain the data.

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.