Release Notes - 3.26.0📜
Please see our documentation page for more information on how to consume and deploy Big Bang. This release was primarily tested on Kubernetes 1.35.4 (EKS).
Upgrade Notices📜
BigBang - MR📜
Update your Flux CLI to the latest version possible based on available IB images. Note, if installing with homebrew on mac, use command brew upgrade fluxcd/tap/flux. This specific tap is needed to grab the latest version.
| Package | Update | Change |
|---|---|---|
| registry1.dso.mil/ironbank/fluxcd/kustomize-controller (source) | patch | v1.8.4 -> v1.8.5 |
| registry1.dso.mil/ironbank/fluxcd/source-controller (source) | patch | v1.8.3 -> v1.8.4 |
BigBang - MR📜
If you are using user defined gateways, Big Bang now defaults to overriding the default service account name to use a name that is consistent with the built-in gateways (public and passthrough).
For example a custom gateway deployed with the following values would end up with a service account named custom-ingressgateway-ingressgateway-service-account where as previously the service account would have been named custom-ingressgateway
istioGateway:
values:
gateways:
custom:
upstream:
labels:
istio: ingressgateway
Note: No action is required unless you have a policy that utilizes the service principal based on the service account name.
BigBang - MR📜
The default values passed to Packages that are deployed using the packages key have changed to assume packages have been integrated with bb-common. We do not recommend using bb-common to deploy network policies into the kube-system namespace. Packages that deploy into kube-system should use the configuration below.
If your package is not integrated with bb-common you can revert to the previous behavior by specifying these values for your package:
packages:
mypackage:
passBigBangValues: true
bbCommonValues: false
Keycloak - MR📜
-
BREAKING DATABASE CHANGE: The bundled internal PostgreSQL database has been updated from PG17 to PG18 and moved from the deprecated Bitnami image/layout to the Iron Bank
opensource/postgres/postgresqlimage/layout. Platform One does not support the bundled internal PostgreSQL database for production deployments; this option should only be used for development or CI pipelines. -
DO NOT UPGRADE WITHOUT A DATABASE BACKUP if you need to preserve data from the bundled database. Existing bundled database data is not automatically migrated or reused by the new image layout. To preserve data, export from the old bundled PG17 database with
pg_dump/pg_dumpall, upgrade to this release, then restore into the new PG18 database withpg_restore/psql. -
If you already upgraded without exporting, do not delete the PVC. The old Bitnami-layout PG17 data remains on the PVC, but the new PG18 image uses a different data directory. Roll back to the previous chart/image to access the old data and export it manually.
Regular database backups and best practices should be followed.
Mattermost - MR📜
PostgreSQL has been updated from 18.3 to 18.4.
Platform One does not support the bundled in-cluster PostgreSQL database for production deployments. The bundled database should only be used for development, testing, or CI environments.
Although this is a minor PostgreSQL version update, users should follow standard database maintenance practices and ensure appropriate backups are taken before upgrading. Users relying on the bundled in-cluster database are responsible for backing up and validating their data prior to performing the upgrade.
Thanos - MR📜
Thanos was converted to the Big Bang passthrough pattern. Any values intended for the upstream Bitnami Thanos chart must now live under thanos.values.upstream instead of directly under thanos.values.📜
e.g.
addons:
thanos:
enabled: true
values:
upstream:
query:
enabled: true
compactor:
enabled: true
Thanos upstream chart dependency is now vendored locally📜
This MR updates the aliased upstream Bitnami Thanos chart from 17.3.1 to 17.4.0, but the more important maintenance change is that the upstream chart is no longer pulled
from Bitnamis OCI registry.
Bitnami no longer publishes the Thanos chart to the OCI source previously referenced by this package, so the package now uses a vendored local chart tarball instead:
- Previous dependency source:
oci://registry-1.docker.io/bitnamicharts - New dependency source:
file://./charts - Vendored artifact:
chart/charts/thanos-17.4.0.tgz
Impact📜
This change should not require any deployment-time values changes for Big Bang consumers.
Action required📜
No action required for end users beyond normal validation for the Thanos chart update and upstream value nesting.
Known Issues📜
- bbctl Dashboards
- CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
- bbctl-violations-dashboard / bbctl-all-logs-dashboard(Violations Logs)
- These items will not populate if you have too large of a kubernetes cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the
bbctl violationscommand to obtain the data.
- These items will not populate if you have too large of a kubernetes cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the
- Headlamp
- Attempting to login using OIDC will create a login ‘loop’. (Upstream Issue)
- Loki/Elasticsearch-kibana
- If loki and EK are both enabled, drift detection will continually trigger as they share a peer authentication:
default-peer-authin the logging namespace. (Issue) - Prometheus
- Target scraping for Fluentbit may encounter errors even though the pods are functioning as expected. This is expected to resolve in a future release
- Target scraping for Kube Operator may encounter errors. (Issue)
- Target scraping for Mimir service gateway fails because the endpoint does not exist. This target will be removed in a future release. (Upstream Issue)
Upgrades from previous releases📜
If coming from a version pre-3.25.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-3.25.0.
Packages📜
Click to show Packages Version Updates
| Package | Type | Package Version | BB Version | | ------- | ---- | --------------- | ---------- | | [Alloy](https://repo1.dso.mil/big-bang/product/packages/alloy) | Core | `v1.15.0` | `4.0.1-bb.0` | |
[Anchore Enterprise](https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise) | Addon | `5.27.0` | `3.25.0-bb.0` [🔗](#anchore-enterprise) |
| [Argocd](https://repo1.dso.mil/big-bang/product/packages/argocd) | Addon | `v3.4.2` | `9.5.15-bb.0` [🔗](#argocd) |
| [Authservice](https://repo1.dso.mil/big-bang/product/packages/authservice) | Addon | `1.1.5` | `1.1.5-bb.3` |
| [Backstage](https://repo1.dso.mil/big-bang/product/packages/backstage) | Addon | `1.1.0` | `2.6.3-bb.3` |
| [Bbctl](https://repo1.dso.mil/big-bang/product/packages/bbctl) | Core | `2.3.1` | `3.0.1-bb.3` |
| [Eck Operator](https://repo1.dso.mil/big-bang/product/packages/eck-operator) | Core | `3.4.0` | `3.4.0-bb.1` |
| [Elasticsearch Kibana](https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana) | Core | Kibana: `9.3.4` Elasticsearch: `9.3.4` | `1.37.0-bb.0` [🔗](#elasticsearch-kibana) |
| [External Secrets Operator](https://repo1.dso.mil/big-bang/product/packages/external-secrets) | Addon | `1.3.1` | `1.3.1-bb.1` |
| [Fluentbit](https://repo1.dso.mil/big-bang/product/packages/fluentbit) | Core | `v5.0.3` | `0.57.3-bb.0` |
| [Fortify](https://repo1.dso.mil/big-bang/product/packages/fortify) | Addon | `25.4.1.0006` | `25.4.1-bb.0` |
| [Gatekeeper](https://repo1.dso.mil/big-bang/product/packages/policy) | Core | `v3.22.2` | `3.22.2-bb.1` |
| [Gateway Api](https://repo1.dso.mil/big-bang/product/packages/gateway-api) | Core | `N/A` | `1.5.1-bb.1` |
| [Gitlab](https://repo1.dso.mil/big-bang/product/packages/gitlab) | Addon | `18.11.3` | `9.11.1-bb.2` [🔗](#gitlab) |
| [Gitlab Runner](https://repo1.dso.mil/big-bang/product/packages/gitlab-runner) | Addon | `v18.11.1` | `0.88.1-bb.0` |
| [Grafana](https://repo1.dso.mil/big-bang/product/packages/grafana) | Core | `12.4.2` | `10.5.15-bb.3` |
| [Harbor](https://repo1.dso.mil/big-bang/product/packages/harbor) | Addon | `2.15.1` | `1.19.0-bb.0` [🔗](#harbor) |
| [Headlamp](https://repo1.dso.mil/big-bang/product/packages/headlamp) | Addon | `0.40.0` | `0.40.0-bb.1` |
| [Istio Cni](https://repo1.dso.mil/big-bang/product/packages/istio-cni) | Core | `1.29.2` | `1.29.2-bb.0` |
| [Istio Crds](https://repo1.dso.mil/big-bang/product/packages/istio-crds) | Core | `1.29.2` | `1.29.2-bb.0` |
| [Istio Gateway](https://repo1.dso.mil/big-bang/product/packages/istio-gateway) | Core | `1.29.2` | `1.29.2-bb.0` |
| [Istiod](https://repo1.dso.mil/big-bang/product/packages/istiod) | Core | `1.29.2` | `1.29.2-bb.0` |
| [Keycloak](https://repo1.dso.mil/big-bang/product/packages/keycloak) | Addon | `26.6.2` | `7.2.0-bb.1` [🔗](#keycloak) |
| [Kiali](https://repo1.dso.mil/big-bang/product/packages/kiali) | Core | `2.27.0` | `2.27.0-bb.0` [🔗](#kiali) |
| [Kyverno](https://repo1.dso.mil/big-bang/product/packages/kyverno) | Core | `v1.18.1` | `3.8.1-bb.2` [🔗](#kyverno) |
| [Kyverno Policies](https://repo1.dso.mil/big-bang/product/packages/kyverno-policies) | Core | `3.3.4` | `3.3.4-bb.65` |
| [Kyverno Reporter](https://repo1.dso.mil/big-bang/product/packages/kyverno-reporter) | Core | `3.7.4` | `3.7.4-bb.1` [🔗](#kyverno-reporter) |
| [Loki](https://repo1.dso.mil/big-bang/product/packages/loki) | Core | `3.7.1` | `6.55.0-bb.2` [🔗](#loki) |
| [Mattermost](https://repo1.dso.mil/big-bang/product/packages/mattermost) | Addon | `11.7.2` | `11.7.2-bb.0` [🔗](#mattermost) |
| [Mattermost Operator](https://repo1.dso.mil/big-bang/product/packages/mattermost-operator) | Addon | `1.25.6` | `1.25.6-bb.0` |
| [Metrics Server](https://repo1.dso.mil/big-bang/product/packages/metrics-server) | Addon | `v0.8.1` | `3.13.0-bb.6` |
| [Mimir](https://repo1.dso.mil/big-bang/product/packages/mimir) | Addon | `3.0.6` | `6.0.6-bb.0` |
| [Minio](https://repo1.dso.mil/big-bang/product/packages/minio) | Addon | `RELEASE.2025-10-15T17-29-55Z` | `7.1.1-bb.18` |
| [Minio Operator](https://repo1.dso.mil/big-bang/product/packages/minio-operator) | Addon | `v7.1.1` | `7.1.1-bb.6` |
| [Monitoring](https://repo1.dso.mil/big-bang/product/packages/monitoring) | Core | Prometheus: `3.11.3` Grafana: `13.0.1` Alertmanager: `0.32.1` | `85.3.3-bb.0` [🔗](#monitoring) |
| [Neuvector](https://repo1.dso.mil/big-bang/product/packages/neuvector) | Core | `5.5.2` | `2.10.2-bb.0` [🔗](#neuvector) |
| [Prometheus Operator Crds](https://repo1.dso.mil/big-bang/product/packages/prometheus-operator-crds) | Core | `v0.88.0` | `28.0.1-bb.0` |
| [Renovate](https://repo1.dso.mil/big-bang/product/packages/renovate) 
| Core | `43.31.7` | `46.31.6-bb.5` |
| [Sonarqube](https://repo1.dso.mil/big-bang/product/packages/sonarqube) | Addon | `26.3.0.120487-community` | `2026.2.1-bb.0` |
| [Tempo](https://repo1.dso.mil/big-bang/product/packages/tempo) | Core | Tempo: `2.10.5` Tempo Query: `2.10.5` | `2.1.0-bb.1` |
| [Thanos](https://repo1.dso.mil/big-bang/product/packages/thanos) | Addon | `v0.41.0` | `17.4.0-bb.2` [🔗](#thanos) |
| [Twistlock](https://repo1.dso.mil/big-bang/product/packages/twistlock) | Core | `34.04.156` | `0.26.0-bb.0` [🔗](#twistlock) |
| [Vault](https://repo1.dso.mil/big-bang/product/packages/vault) | Addon | `1.21.4` | `0.32.0-bb.1` |
| [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | Addon | `1.18.0` | `12.0.1-bb.0` [🔗](#velero) |
| [Wrapper](https://repo1.dso.mil/big-bang/product/packages/wrapper) | Core | `0.4.15` | `0.4.15` |
| [Ztunnel](https://repo1.dso.mil/big-bang/product/packages/ztunnel) | Core | `1.29.1` | `1.29.1-bb.2` |
Changes in 3.26.0📜
Big Bang MRs📜
- !7800 allow monitoring ingress to all thanos pods
- !7790 Resolve “bug: broken links Job Failed #58684020”
- !7788 update user gateways to include default sa name
- !7787 add ADR for helm values/readme generation decision
- !7785 added a shared authserviceEnabled helper then wired authservices resources to use it
- !7782 Add on-demand option to k3d dev script
- !7781 update comments in values
- !7775 switch default package values to assume bb-common
- !7774 Update tlsConfig for remaining packages in ambient mode
- !7756 fix policy exception for ztunnel
- !7754 Fix duplicate Grafana env Secret when GitLab Redis password is set
- !7750 unique names for outbound service entries for testing
- !7742 Disable Istio with Kyverno explicitly
- !7729 Support mtls scraping with ambient
- !7713 chore(deps): update flux
Anchore Enterprise📜
- !7762: anchoreEnterprise update to 3.25.0-bb.0
Click to show Changelog
# Changelog Updates
## [3.25.0-bb.0] (2026-05-19)
### Changed
- bb-common 0.14.2 -> 0.15.0
- enterprise 3.23.0 -> 3.25.0
- gluon 1.0.0 -> 1.1.0
- postgresql 18.5.17 -> 18.6.7
- redis 25.3.2-bb.0 -> 25.3.12-bb.1
- registry1.dso.mil/ironbank/anchore/enterprise/enterprise 5.26.0 -> 5.27.0
- registry1.dso.mil/ironbank/anchore/enterpriseui/enterpriseui 5.26.0 -> 5.27.0
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.82.0 -> v1.83.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.34 -> v1.35
- registry1.dso.mil/ironbank/opensource/postgres/postgresql 18.3 -> 18.4
- registry1.dso.mil/ironbank/opensource/redis/redis8-slim 8.6.2 -> 8.6.3
Argocd📜
- !7795: argocd update to 9.5.15-bb.0
Click to show Changelog
# Changelog Updates
## [9.5.15-bb.0] (2026-05-22)
### Changed
- argo-cd 9.5.11 -> 9.5.15
- argocd-apps 2.0.4 -> 2.0.5
- gluon 1.0.1 -> 1.1.0
- registry1.dso.mil/ironbank/big-bang/argocd v3.3.9 -> v3.4.2
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.83.0 -> v1.84.0
- Updated Cypress login selector to target username input field after ArgoCD UI changes
Elasticsearch Kibana📜
- !7699: elasticsearchKibana update to 1.37.0-bb.0
Click to show Changelog
# Changelog Updates
## [1.37.0-bb.0] (2026-05-01)
### Changed
- registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch updated from 9.3.1 -> 9.3.4
- registry1.dso.mil/ironbank/elastic/kibana/kibana updated from 9.3.1 -> 9.3.4
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl updated from v1.34.4 -> v1.34.7
- gluon updated from 0.9.8 to 1.0.1
Gitlab📜
- !7747: gitlab update to 9.11.1-bb.2
Click to show Changelog
# Changelog Updates
## [9.11.1-bb.2] (2026-05-20)
### Removed
- Removed the toolbox backup cron sidecar shutdown value.
Harbor📜
- !7783: harbor update to 1.19.0-bb.0
Click to show Changelog
# Changelog Updates
## [1.19.0-bb.0] (2026-5-26)
### Changed
- Updated harbor upstream chart 1.18.2 -> 1.19.0
- Updated bb-common 0.14.1 -> 0.15.0
- Updated gluon 0.9.8 -> 1.1.0
- Updated postgresql subchart 18.5.14 -> 18.6.7
- Updated redis subchart 25.3.2-bb.0 -> 25.3.12-bb.0
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-core v2.15.0 -> v2.15.1
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter v2.15.0 -> v2.15.1
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice v2.15.0 -> v2.15.1
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal v2.15.0 -> v2.15.1
- Updated registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl v2.15.0 -> v2.15.1
- Updated registry1.dso.mil/ironbank/opensource/goharbor/registry v2.15.0 -> v2.15.1
- Updated registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter v2.15.0 -> v2.15.1
- Updated registry1.dso.mil/ironbank/opensource/nginx/nginx 1.29.6 -> 1.30.1
- Updated registry1.dso.mil/ironbank/opensource/postgres/postgresql 18.3 -> 18.4
- Updated registry1.dso.mil/ironbank/opensource/redis/redis8-slim 8.6.1 -> 8.6.3
Keycloak📜
- !7779: keycloak update to 7.2.0-bb.1
Click to show Changelog
# Changelog Updates
## [7.2.0-bb.1] (2026-06-01)
### Changed
- Updated bundled Postgres image from `ironbank/bitnami/postgres:17.4.0` to `ironbank/opensource/postgres/postgresql:18.4` to match the bundled `postgresql` chart app version.
### Upgrade Notices
- BREAKING DATABASE CHANGE: The bundled internal PostgreSQL database has been updated from PG17 to PG18 and moved from the deprecated Bitnami image/layout to the Iron Bank `opensource/postgres/postgresql` image/layout. Platform One does not support the bundled internal PostgreSQL database for production deployments; this option should only be used for development or CI pipelines.
- DO NOT UPGRADE WITHOUT A DATABASE BACKUP if you need to preserve data from the bundled database. Existing bundled database data is not automatically migrated or reused by the new image layout. To preserve data, export from the old bundled PG17 database with `pg_dump`/`pg_dumpall`, upgrade to this release, then restore into the new PG18 database with `pg_restore`/`psql`.
- If you already upgraded without exporting, do not delete the PVC. The old Bitnami-layout PG17 data remains on the PVC, but the new PG18 image uses a different data directory. Roll back to the previous chart/image to access the old data and export it manually.
Regular database backups and best practices should be followed.
## [7.2.0-bb.0] (2026-05-27)
### Changed
- bb-common 0.14.2 -> 0.15.0
- gluon 1.0.1 -> 1.1.0
- keycloakx 7.1.9 -> 7.2.0
- postgresql 18.5.24 -> 18.6.7
- registry1.dso.mil/ironbank/opensource/keycloak/keycloak 26.6.1 -> 26.6.2
Kiali📜
- !7794: kiali update to 2.27.0-bb.0
- !7780: kiali update to 2.26.1-bb.1
- !7766: kiali update to 2.26.1-bb.0
Click to show Changelog
# Changelog Updates
## [2.27.0-bb.0] (2026-06-04)
### Changed
- bb-common 0.15.0 -> 1.0.1
- kiali-operator 2.26.1 -> 2.27.0
- kiali-operator 2.26.0 -> 2.27.0
- registry1.dso.mil/ironbank/opensource/kiali/kiali v2.26.1 -> v2.27.0
- registry1.dso.mil/ironbank/opensource/kiali/kiali-operator v2.26.0 -> v2.27.0
## [2.26.1-bb.1] (2026-06-04)
### Changed
- Moved templated service entries to bb-common's outbound routes
- Updated Kiali's values schema file to include outbound routes
- Removed helper as it is no longer needed
## [2.26.1-bb.0] (2026-05-29)
### Changed
- registry1.dso.mil/ironbank/opensource/kiali/kiali v2.26.0 -> v2.26.1
Kyverno📜
Click to show Changelog
# Changelog Updates
## [3.8.1-bb.2] (2026-06-01)
### Changed
- Fix values and helmdocs to display more configurations.
- Remove stale configurations that no longer exist in upstream kyverno repository
## [3.8.1-bb.1] (2026-05-20)
### Changed
- bb-common 0.15.0 -> 0.14.2 to work around a bug that generates unwanted AuthorizationPolicies.
## [3.8.1-bb.0] (2026-05-19)
### Changed
- gluon 1.0.1 -> 1.1.0
- kyverno 3.8.0 -> 3.8.1
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.35.4 -> v1.35.5
- registry1.dso.mil/ironbank/opensource/kyverno v1.18.0 -> v1.18.1
- registry1.dso.mil/ironbank/opensource/kyverno/kyverno/background-controller v1.18.0 -> v1.18.1
- registry1.dso.mil/ironbank/opensource/kyverno/kyverno/cleanup-controller v1.18.0 -> v1.18.1
- registry1.dso.mil/ironbank/opensource/kyverno/kyverno/readiness-checker v1.18.0 -> v1.18.1
- registry1.dso.mil/ironbank/opensource/kyverno/kyverno/reports-controller v1.18.0 -> v1.18.1
- registry1.dso.mil/ironbank/opensource/kyverno/kyvernocli v1.18.0 -> v1.18.1
- registry1.dso.mil/ironbank/opensource/kyverno/kyvernopre v1.18.0 -> v1.18.1
## [3.8.0-bb.0] (2026-05-08)
### Changed
- bb-common 0.14.2 -> 0.15.0
- kyverno 3.7.2 -> 3.8.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.34.7 -> v1.35.4
- registry1.dso.mil/ironbank/opensource/kyverno v1.17.2 -> v1.18.0
- registry1.dso.mil/ironbank/opensource/kyverno/kyverno/background-controller v1.17.2 -> v1.18.0
- registry1.dso.mil/ironbank/opensource/kyverno/kyverno/cleanup-controller v1.17.2 -> v1.18.0
- registry1.dso.mil/ironbank/opensource/kyverno/kyverno/readiness-checker v1.17.2 -> v1.18.0
- registry1.dso.mil/ironbank/opensource/kyverno/kyverno/reports-controller v1.17.2 -> v1.18.0
- registry1.dso.mil/ironbank/opensource/kyverno/kyvernocli v1.17.2 -> v1.18.0
- registry1.dso.mil/ironbank/opensource/kyverno/kyvernopre v1.17.2 -> v1.18.0
Kyverno Reporter📜
- !7792: kyvernoReporter update to 3.7.4-bb.1
Click to show Changelog
# Changelog Updates
## [3.7.4-bb.1] (2026-06-05)
### Changed
- bb-common 0.14.2 -> 1.0.1
- gluon 1.0.1 -> 1.1.0
- registry1.dso.mil/ironbank/nirmata/policy-reporter/policy-reporter-ui 2.5.2 -> 2.5.3
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.34.7 -> v1.35.5
- registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter/kyverno-plugin 0.6.0 -> 0.6.1
Loki📜
- !7770: loki update to 6.55.0-bb.2
Click to show Changelog
# Changelog Updates
## [6.55.0-bb.2] (2026-05-21)
### Fixed
- Fixed `sidecar.image.registry` incorrectly set to `docker.io`; corrected to `registry1.dso.mil` and split full registry path out of `repository` field
- Added `# renovate: docker=...` comments above all IronBank `tag:` fields in `values.yaml` and added a matching custom regex manager in `renovate.json` targeting `chart/values.yaml` to prevent future drift between `Chart.yaml` annotations and `values.yaml` image tags
### Updated
- registry1.dso.mil/ironbank/opensource/grafana/loki 3.6.7 -> 3.7.1
Mattermost📜
- !7784: mattermost update to 11.7.2-bb.0
Click to show Changelog
# Changelog Updates
## [11.7.2-bb.0] (2026-05-28)
### Changed
- Updated registry1.dso.mil/ironbank/opensource/mattermost/mattermost (source) 11.6.2 -> 11.7.2
- registry1.dso.mil/ironbank/opensource/postgres/postgresql (source) 18.3 -> 18.4
Monitoring📜
- !7761: monitoring update to 85.3.3-bb.0
Click to show Changelog
# Changelog Updates
## [85.3.3-bb.0] (2026-05-25)
### Changed
- bb-common 0.14.2 -> 0.15.0
- gluon 1.0.0 -> 1.1.0
- kube-prometheus-stack 83.4.0 -> 85.3.3
- prometheus-blackbox-exporter 11.9.1 -> 11.10.0
- prometheus-snmp-exporter 9.13.1 -> 9.14.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 12.4.2 -> 13.0.1
- registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar 2.6.0 -> 2.7.3
- registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics v2.18.0 -> v2.19.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.34.6 -> v1.35.5
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.90.1 -> v0.91.0
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator v0.90.1 -> v0.91.0
- registry1.dso.mil/ironbank/opensource/prometheus/alertmanager v0.32.0 -> v0.32.1
- registry1.dso.mil/ironbank/opensource/prometheus/prometheus v3.11.1 -> v3.11.3
- registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal 9.7 -> 9.8
Neuvector📜
- !7786: neuvector update to 2.10.2-bb.0
Click to show Changelog
# Changelog Updates
## [2.10.2-bb.0] (2026-06-02)
### Changed
- bb-common 0.14.2 -> 0.15.0
- core 2.8.13 -> 2.10.2
- crd 2.8.13 -> 2.10.2
- gluon 1.0.1 -> 1.1.0
- monitor 2.8.13 -> 2.10.2
- registry1.dso.mil/ironbank/neuvector/neuvector/controller 5.5.1 -> 5.5.2
- registry1.dso.mil/ironbank/neuvector/neuvector/enforcer 5.5.1 -> 5.5.2
- registry1.dso.mil/ironbank/neuvector/neuvector/manager 5.5.1 -> 5.5.2
- registry1.dso.mil/ironbank/opensource/neuvector/registry-adapter v0.2.6 -> v0.2.7
Thanos📜
- !7649: SKIP UPGRADE CHECK thanos update to 17.4.0-bb.0
Click to show Changelog
# Changelog Updates
## [17.4.0-bb.2] - 2026-05-26
### Fixed
- Removed leftover values; ensure image.pullSecrets and objstore/http secret keys are restored if required
## [17.4.0-bb.1] - 2026-05-15
### Fixed
- Added missing `matchLabels` to storegateway egress network policy podSelector
## [17.4.0-bb.0] - 2026-04-02
### Updated
- Updated vendored Bitnami Thanos chart from 17.3.1 to 17.4.0
- Switched the aliased `upstream` dependency from the removed Bitnami OCI source to the vendored local chart tarball at `file://./charts`
- Updated maintenance documentation to reflect the manual vendored tarball workflow for future Thanos chart upgrades
Twistlock📜
- !7714: twistlock update to 0.26.0-bb.0
Click to show Changelog
# Changelog Updates
## [0.26.0-bb.0] (2026-05-09)
### Changed
- bb-common 0.14.1 -> 0.15.0
- gluon 0.9.8 -> 1.1.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.34 -> v1.35
- registry1.dso.mil/ironbank/twistlock/console/console 34.04.145 -> 34.04.156
- registry1.dso.mil/ironbank/twistlock/defender/defender 34.04.145 -> 34.04.156
Velero📜
- !7777: velero update to 12.0.1-bb.0
Click to show Changelog
# Changelog Updates
## [12.0.1-bb.0] - 2026-05-19
### Updated
- bb-common 0.14.1 -> 0.15.0
- Updated gluon 0.9.8 -> 1.1.0
- registry1.dso.mil/ironbank/opensource/nginx/nginx (source) 1.29.6 -> 1.30.1
- registry1.dso.mil/ironbank/opensource/velero/velero (source) 12.0.0 -> 12.0.1
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Mattermost channel
- Join our Slack
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.