Release Notes - 3.22.0📜

Please see our documentation page for more information on how to consume and deploy BigBang.\ This release was primarily tested on Kubernetes 1.35.2 (EKS).

Upgrade Notices📜

BigBang - MR 📜

Gateway API CRDs Package Added📜

The gatewayAPI package has been added to Big Bang (disabled by default) to support Istio ambient mesh functionality.

Important: This package is not recommended for general use at this time. It is disabled by default and is being included strictly for internal development and testing of ambient mesh support.

Users should not enable this package unless they are specifically working on ambient mesh testing and development.

Fixes an issue where custom packages using kustomize: true could fail Secret creation when passBigBangValues was enabled by default. If you previously set passBigBangValues: false as a workaround, you can remove that override after upgrading.

BigBang - MR 📜

Fixed package template rendering to consistently support mixed-case custom package keys (for example clusterAuditor) while continuing to normalize generated Kubernetes resource names.

Package names will be converted to Kebab case. e.g.:

thisIsACamelCasePackageName ⮕ this-is-a-camel-case-package-name
MyPackageNameIsCamelCase ⮕ my-package-name-is-camel-case
MyPackageNameIsCamelCase-with-some-hyphens ⮕ my-package-name-is-camel-case-with-some-hyphens

Harbor - MR 📜

Known upstream bug (goharbor/harbor#22996): The IronBank v2.15.0 image was built before upstream fix PR #22998 was cherry-picked to the release branch. The ca_certificate column addition was incorrectly placed in migration 0171 (a v2.14.1 file) instead of a new 0180 file. When upgrading from v2.14.x, golang-migrate skips the modified 0171 since the schema is already at version 171, causing the Registries page to return internal server error (column t0.ca_certificate does not exist).

Workaround: After upgrade, run against the Harbor database:

ALTER TABLE registry ADD COLUMN IF NOT EXISTS ca_certificate TEXT;

Then restart harbor-core pods. This will self-resolve when IB rebuilds from the final v2.15.0 tag which includes migration 0180_2.15.0_schema.up.sql.

Mattermost - MR 📜

Mattermost license secret can now be provided as an existing secret rather than provided via helm values. Remove license value and provide the mattermost package values with addons.mattermost.enterprise.existingSecret. Existing method of creating license secret via helm values will continue to work without interruption.

```

addons:
 mattermost:
 enterprise:
 enabled: true
 existingSecret: <insertExistingSecretName>

```

Metrics Server - MR 📜

Metrics-server package has been moved out of metrics-server namespace and into the kube-system namespace to better align with Kubernetes best practices and standards. No manual intervention should be necessary, this notice is for informational purposes only.

Known Issues📜

bbctl Dashboards
CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
bbctl-violations-dashboard / bbctl-all-logs-dashboard(Violations Logs)
- These items will not populate if you have too large of a kubernetes cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the bbctl violations command to obtain the data.
Headlamp
Attempting to login using OIDC will create a login ‘loop’. See upstream issue for further information.
Loki/Elasticsearch-kibana
If loki and EK are both enabled, drift detection will continually trigger as they share a peer authentication: default-peer-auth in the logging namespace. Issue
Prometheus
Target scraping for Fluentbit targets may encounter 503 Service Unavailable errors even though the pods are functioning as expected
Target scraping for Kube Operator may encounter errors. Issue

Upgrades from previous releases📜

If coming from a version pre-3.21.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-3.21.0.

Packages📜

Click to show Packages Version Updates

| Package | Type | Package Version | BB Version | | ------- | ---- | --------------- | ---------- | | [Alloy](https://repo1.dso.mil/big-bang/product/packages/alloy) | Core | `v1.14.0` | `3.8.4-bb.1` | | [Anchore Enterprise](https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise) | Addon | `5.25.1` | `3.21.3-bb.1` | |

[Argocd](https://repo1.dso.mil/big-bang/product/packages/argocd) | Addon | `v3.3.6` | `9.4.17-bb.0` [🔗](#argocd) | | [Authservice](https://repo1.dso.mil/big-bang/product/packages/authservice) | Addon | `1.1.5` | `1.1.5-bb.1` | | [Backstage](https://repo1.dso.mil/big-bang/product/packages/backstage) | Addon | `1.1.0` | `2.6.3-bb.2` | | [Bbctl](https://repo1.dso.mil/big-bang/product/packages/bbctl) | Core | `2.3.1` | `3.0.1-bb.3` | | [Eck Operator](https://repo1.dso.mil/big-bang/product/packages/eck-operator) | Core | `3.3.1` | `3.3.1-bb.0` | |

[Harbor](https://repo1.dso.mil/big-bang/product/packages/harbor) | Addon | `2.15.0` | `1.18.3-bb.0` [🔗](#harbor) | | [Headlamp](https://repo1.dso.mil/big-bang/product/packages/headlamp) | Addon | `0.40.0` | `0.40.0-bb.0` | | [Istio Cni](https://repo1.dso.mil/big-bang/product/packages/istio-cni) | Core | `1.29.1` | `1.29.1-bb.0` | | [Istio Crds](https://repo1.dso.mil/big-bang/product/packages/istio-crds) | Core | `1.29.1` | `1.29.1-bb.0` | | [Istio Gateway](https://repo1.dso.mil/big-bang/product/packages/istio-gateway) | Core | `1.29.1` | `1.29.1-bb.0` | | [Istiod](https://repo1.dso.mil/big-bang/product/packages/istiod) | Core | `1.29.1` | `1.29.1-bb.0` | |

[Kyverno](https://repo1.dso.mil/big-bang/product/packages/kyverno) | Core | `v1.17.1` | `3.7.1-bb.0` [🔗](#kyverno) | | [Kyverno Policies](https://repo1.dso.mil/big-bang/product/packages/kyverno-policies) | Core | `3.3.4` | `3.3.4-bb.24` | | [Kyverno Reporter](https://repo1.dso.mil/big-bang/product/packages/kyverno-reporter) | Core | `3.7.3` | `3.7.3-bb.1` | | [Loki](https://repo1.dso.mil/big-bang/product/packages/loki) | Core | `3.5.5` | `6.46.0-bb.5` | |

[Tempo](https://repo1.dso.mil/big-bang/product/packages/tempo) | Core | Tempo: `2.10.1` Tempo Query: `2.10.1` | `1.26.5-bb.1` [🔗](#tempo) | | [Thanos](https://repo1.dso.mil/big-bang/product/packages/thanos) | Addon | `v0.41.0` | `17.3.3-bb.4` | | [Twistlock](https://repo1.dso.mil/big-bang/product/packages/twistlock) | Core | `34.04.145` | `0.25.0-bb.0` | | [Vault](https://repo1.dso.mil/big-bang/product/packages/vault) | Addon | `1.21.2` | `0.32.0-bb.0` | | [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | Addon | `1.18.0` | `12.0.0-bb.0` | | [Wrapper](https://repo1.dso.mil/big-bang/product/packages/wrapper) | Core | `0.4.15` | `0.4.15` | |

[Ztunnel](https://repo1.dso.mil/big-bang/product/packages/ztunnel) | Core | `1.29.1` | `1.29.1-bb.2` [🔗](#ztunnel) |

Changes in 3.22.0📜

Big Bang MRs📜

!7591 Doc update - remove dead email address link
!7583 Docs: Remove mailto links from documentation
!7580 update to k3d 1.35.3
!7576 Add toggle to enable ambient packages (ztunnel, gateway-api, istio-cni)
!7565: Adds gatewayAPI package
!7564 Add Missing Exclusion for Ztunnel to Gatekeeper Template
!7560 Resolve “Follow-up from “Update headlamp tag 0.39.0 bb.2”“
!7557 fix: prevent null names in disallow-nodeport-services kyverno policy
!7547 Resolve “Install/upgrade error on Secret when adding a kustomization package”
!7544 feat: made the doc review script add the grooming label if there is no status label
!7539 Resolve “Packages doesn’t support capital letters in package names”
!7536 Add valuesKey to Secret definitions and set default valuesKey in template-all.sh
!7534 Mattermost updates to support providing license via existing secret outside of helm values
!7526 Refactor docs for package lifecycle

Argocd📜

!7588: argocd update to 9.4.17-bb.0
!7542: argocd update to 9.4.16-bb.0

Click to show Changelog

# Changelog Updates

## [9.4.17-bb.0] (2026-04-08)
### Changed
- Upgraded argo-cd 9.4.16 -> 9.4.17
- Upgraded bb-common 0.14.1 -> 0.14.2
- Upgraded registry1.dso.mil/ironbank/big-bang/argocd v3.3.4 -> v3.3.6

## [9.4.16-bb.0] (2026-03-27)
### Changed
- Upgraded argo-cd 9.4.2 -> 9.4.16
- Upgraded bb-common 0.14.0 -> 0.14.1
- Upgraded redis 24.1.2-bb.0 -> 25.3.2-bb.0
- Upgraded registry1.dso.mil/ironbank/big-bang/argocd v3.3.0 -> v3.3.4
- Upgraded registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.81.0 -> v1.82.0
- Upgraded registry1.dso.mil/ironbank/opensource/dexidp/dex v2.44.0 -> v2.45.1

Elasticsearch Kibana📜

!7458: elasticsearchKibana update to 1.35.0-bb.3

Click to show Changelog

# Changelog Updates

## [1.35.0-bb.3] (2026-03-09)
### Added
- Added `elasticsearch.secureSettings` list to inject one or more Kubernetes secrets into the Elasticsearch keystore via ECK `spec.secureSettings` (S3, Azure, GCS credentials, etc.); SSO secret is automatically prepended when `sso.enabled` is true
- Added `elasticsearch.common.initContainers` to prepend shared init containers to every Elasticsearch nodeSet (master, data, ingest, ml, coord), eliminating per-node duplication
- Added `elasticsearch.common.config` to provide a baseline Elasticsearch config merged into every nodeSet, with per-nodeSet config taking precedence
- Removed upgrade job that handled breaking change in version `1.20.0-bb.0`, released with Big Bang `2.40.0`
- Prepended release name to the istio resources generated by bb-common to avoid naming conflicts with loki in the same `logging` namespace

Gateway API📜

!7605: gatewayAPI update to 1.5.1-bb.1

Click to show Changelog

# Changelog Updates

## [1.5.1-bb.1] (2026-04-15)
### Added
- Add bigbang.dev/maintenanceTrack annotation

Gitlab Runner📜

!7546: gitlabRunner update to 0.87.0-bb.0

Click to show Changelog

# Changelog Updates

## [0.87.0-bb.0] (2026-03-31)
### Changed
- Updated bb-common `0.14.1` -> `0.14.2`
- Updated [gitlab-runner](https://gitlab.com/gitlab-org/charts/gitlab-runner) `0.86.0` -> `0.87.0`
- Updated [ironbank/gitlab/gitlab-runner/gitlab-runner](https://about.gitlab.com/) ([source](https://repo1.dso.mil/dsop/gitlab/gitlab-runner/gitlab-runner)) `v18.9.0` -> `v18.10.0`
- Updated [ironbank/gitlab/gitlab-runner/gitlab-runner-helper](https://about.gitlab.com/) ([source](https://repo1.dso.mil/dsop/gitlab/gitlab-runner/gitlab-runner-helper)) `v18.9.0` -> `v18.10.0`
- Updated [registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner](https://about.gitlab.com/) ([source](https://repo1.dso.mil/dsop/gitlab/gitlab-runner/gitlab-runner)) `v18.9.0` -> `v18.10.0`
- Updated [registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper](https://about.gitlab.com/) ([source](https://repo1.dso.mil/dsop/gitlab/gitlab-runner/gitlab-runner-helper)) `v18.9.0` -> `v18.10.0`

Grafana📜

!7569: grafana update to 10.5.15-bb.3

Click to show Changelog

# Changelog Updates

## [10.5.15-bb.3] (2026-04-06)
### Changed
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins updated from 12.4.1 -> 12.4.2
- registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar updated from 2.5.0 -> 2.5.4
- registry1.dso.mil/ironbank/opensource/grafana/grafana-image-renderer updated from v5.7.2 -> v5.7.3

Harbor📜

!7531: harbor update to 1.18.3-bb.0

Click to show Changelog

# Changelog Updates

## [1.18.3-bb.0] (2026-3-25)
### Changed
- Updated harbor upstream chart 1.18.2 -> 1.18.3
- Updated bb-common 0.14.0 -> 0.14.1
- Updated gluon 0.9.7 -> 0.9.8
- Updated postgresql subchart 18.2.3 -> 18.5.14
- Updated redis subchart 24.1.0-bb.0 -> 25.3.2-bb.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-core v2.14.2 -> v2.15.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter v2.14.2 -> v2.15.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice v2.14.2 -> v2.15.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal v2.14.2 -> v2.15.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl v2.14.2 -> v2.15.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/registry v2.14.2 -> v2.15.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter v2.14.2 -> v2.15.0
- Updated registry1.dso.mil/ironbank/opensource/nginx/nginx 1.29.4 -> 1.29.6
- Updated registry1.dso.mil/ironbank/opensource/postgres/postgresql 18.1 -> 18.3
- Updated registry1.dso.mil/ironbank/opensource/redis/redis8-slim 8.4.0 -> 8.6.1

Kiali📜

!7551: kiali update to 2.24.0-bb.0

Click to show Changelog

# Changelog Updates

## [2.24.0-bb.0] (2026-03-31)
### Changed
- kiali-operator 2.23.0 -> 2.24.0
- registry1.dso.mil/ironbank/opensource/kiali/kiali v2.23.0 -> v2.24.0
- registry1.dso.mil/ironbank/opensource/kiali/kiali-operator v2.23.0 -> v2.24.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.34.5 -> v1.34.6

Kyverno📜

!7425: kyverno update to 3.7.1-bb.0

Click to show Changelog

# Changelog Updates

## [3.7.1-bb.0] (2026-02-25)
### Changed
- bb-common 0.14.0 -> 0.14.1
- gluon 0.9.7 -> 0.9.8
- kyverno 3.7.0 -> 3.7.1
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.34.3 -> v1.34.4
- registry1.dso.mil/ironbank/opensource/kyverno v1.17.0 -> v1.17.1
- registry1.dso.mil/ironbank/opensource/kyverno/kyverno/background-controller v1.17.0 -> v1.17.1
- registry1.dso.mil/ironbank/opensource/kyverno/kyverno/cleanup-controller v1.17.0 -> v1.17.1
- registry1.dso.mil/ironbank/opensource/kyverno/kyverno/reports-controller v1.17.0 -> v1.17.1
- registry1.dso.mil/ironbank/opensource/kyverno/kyvernocli v1.17.0 -> v1.17.1
- registry1.dso.mil/ironbank/opensource/kyverno/kyvernopre v1.17.0 -> v1.17.1

Mattermost📜

!7587: mattermost update to 11.5.1-bb.3
!7572: mattermost update to 11.5.1-bb.2
!7553: mattermost update to 11.5.1-bb.1

Click to show Changelog

# Changelog Updates

## [11.5.1-bb.3] (2026-04-09)
### Changed
- gluon updated from 0.9.8 to 1.0.0

## [11.5.1-bb.2] (2026-04-06)
### Changed
- Update license secret template to optionally create secret if provided via helm values.
- License secret template also now accepts an existing secret name.

## [11.5.1-bb.1] (2026-04-01)
### Changed
- bb-common updated from 0.14.1 to 0.14.2

Mattermost Operator📜

!7563: mattermostOperator update to 1.25.5-bb.1

Click to show Changelog

# Changelog Updates

## [1.25.5-bb.1] (2026-04-01)
### Changed
- bb-common updated from 0.14.1 to 0.14.2

Metrics Server📜

!7554: metricsServer update to 3.13.0-bb.6

Click to show Changelog

# Changelog Updates

## [3.13.0-bb.6] (2026-3-31)
### Changed
- Removed network policies and istio-related resources as this should not be in the mesh

Monitoring📜

!7593: monitoring update to 83.4.0-bb.0
!7568: monitoring update to 82.18.0-bb.0

Click to show Changelog

# Changelog Updates

## [83.4.0-bb.0] (2026-04-10)
### Changed
- gluon 0.9.8 -> 1.0.0
- kube-prometheus-stack 82.18.0 -> 83.4.0
- registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar 2.5.4 -> 2.6.0
- registry1.dso.mil/ironbank/opensource/prometheus/alertmanager v0.31.1 -> v0.32.0
- registry1.dso.mil/ironbank/opensource/prometheus/node-exporter v1.10.2 -> v1.11.1
- registry1.dso.mil/ironbank/opensource/prometheus/prometheus v3.11.0 -> v3.11.1

## [82.18.0-bb.0] (2026-04-05)
### Changed
- bb-common 0.14.1 -> 0.14.2
- kube-prometheus-stack 82.14.1 -> 82.18.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 12.4.1 -> 12.4.2
- registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar 2.5.0 -> 2.5.4
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.90.0 -> v0.90.1
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.90.0 -> v0.90.1
- registry1.dso.mil/ironbank/opensource/prometheus/prometheus v3.10.0 -> v3.11.0

Tempo📜

!7592: tempo update to 1.26.5-bb.1

Click to show Changelog

# Changelog Updates

## [1.26.5-bb.1] (2026-04-03)
### Removed
- Removed promtail "bad words" panel from tempo-operational dashboard

Ztunnel📜

!7586: ztunnel update to 1.29.1-bb.2

Click to show Changelog

# Changelog Updates

## [1.29.1-bb.2] (2026-04-08)
### Changed
- Enabled upstream ztunnel network policy
- Switched test values to account for ztunnel being included in Big Bang

Helpful Links📜

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Open issues here
Join our Mattermost channel
Join our Slack
Check out the documentation for guidance on how to get started

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.

Release Notes - 3.22.0📜

Upgrade Notices📜

BigBang - MR📜

Gateway API CRDs Package Added📜

BigBang - MR📜

BigBang - MR📜

Harbor - MR📜

Mattermost - MR📜

Metrics Server - MR📜

Known Issues📜

Upgrades from previous releases📜

Packages📜

Changes in 3.22.0📜

Big Bang MRs📜

Argocd📜

Elasticsearch Kibana📜

Gateway API📜

Gitlab Runner📜

Grafana📜

Harbor📜

Kiali📜

Kyverno📜

Mattermost📜

Mattermost Operator📜

Metrics Server📜

Monitoring📜

Tempo📜

Ztunnel📜

Helpful Links📜

Future📜

BigBang - MR 📜

BigBang - MR 📜

BigBang - MR 📜

Harbor - MR 📜

Mattermost - MR 📜

Metrics Server - MR 📜