Skip to content

Release Notes - 3.3.1📜

Please see our documentation page for more information on how to consume and deploy BigBang.\ This release was primarily tested on Kubernetes 1.32.5 (EKS).

Patch-Specific Changes📜

gitlab📜

  • !6599: gitlab update to 9.2.1-bb.0

bbctl📜

  • !6608: bbctl update to 2.1.0-bb.1

Upgrade Notices📜

GitLab - MR📜

GitLab version 9.1.2-bb.0 (Big Bang 3.3.0) resolves a critical issue in 9.1.0-bb.0 (Big Bang 3.2.0) that broke air-gapped deployments due to outdated Helm 2 dependency files. The fix removes legacy requirements.yaml and requirements.lock, ensuring modern Helm 3 dependency resolution and proper use of bundled charts like cert-manager-v1.12.17.tgz. Air-gapped environments must upgrade immediately to avoid deployment failures, while connected environments are recommended to upgrade for improved reliability and cleaner dependency handling.

BigBang - MR📜

This release include a flux update, please complete this upgrade prior to upgrading Big Bang

Package Update Change
registry1.dso.mil/ironbank/fluxcd/kustomize-controller (source) patch v1.6.0 -> v1.6.1
registry1.dso.mil/ironbank/fluxcd/source-controller (source) patch v1.6.1 -> v1.6.2

BigBang - MR📜

Kubernetes version 1.29 reached End of Life June 28, 2025. We now require a version 1.30 or greater.

Anchore Enterprise - MR📜

This update will trigger the underlying helm release to be recreated which will delete all the underlying resources, with the exception of external databases or databases backed by PVCs set to retain.

  • If your installation is using the auto-generated passwords and generated secret, the secret anchore/anchore-enterprise-anchore-enterprise contains the initial, auto-generated passwords for ANCHORE_ADMIN_PASSWORD and ANCHORE_SAML_SECRET along with some other password. Because the helm release is renamed in this version, helm will re-create this secret with new, auto-generated values for ANCHORE_ADMIN_PASSWORD and ANCHORE_SAML_SECRET.

If you haven’t changed the default admin password, make sure to retrieve the current values prior to performing the Big Bang upgrade by using the following command. Please note, the returned values will be base64 encoded.

kubectl get secrets -n anchore anchore-enterprise-anchore-enterprise -o yaml
  • This upgrade requires upgradeJob to be enabled, as shown below.
values:
  upgradeJob:
    enabled: true
    force: true

Argocd - MR📜

  • This package has been refactored to adopt the passthrough pattern. Passing values to the argoCD upstream chart will require an additional layer of overlay: addons.argocd.values.upstream An example for update would look like the following:

Current Values

configs:
cm: 
  oidc.config: |
    name: keycloak
    ...

Updated Values

upstream:
configs:
  cm: 
    oidc.config: |
      name: keycloak
      ...

This change does not apply to bigbang specific values in the chart, i.e. awsCredentials, istio, monitoring, networkPolicies, upgradeJob, bbtests, openshift, and redis-bb. Note that global is also preserved due to an upstream requirement.

  • SSO is now propagated through the proper values.yaml channels in upstream argocd chart. Users should refer to upstream chart for any additional SSO configuration, specifically argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml and argo-cd/templates/argocd-configs/argocd-cm.yaml found in Argo Configs.

Eck Operator - MR📜

All upstream chart value overrides in ./chart/values.yaml will need to be shifted under the upstream key.

For example:

Previous Values:

image:
  repository: registry1.dso.mil/ironbank/elastic/eck-operator/eck-operator
  pullPolicy: Always
  tag: 3.0.0

config:
  logVerbosity: "3"

Current Values:

upstream:
  image:
    repository: registry1.dso.mil/ironbank/elastic/eck-operator/eck-operator
    pullPolicy: Always
    tag: 3.0.0

  config:
    logVerbosity: "3"

Please note, this change does not apply to Big Bang-added top-level keys, including: istio, networkPolicies, serviceMonitor, monitoring, openshift, license, upgradeCrds.

Fluentbit - MR📜

Passthrough Pattern Refactor

All upstream chart value overrides in ./chart/values.yaml will need to be shifted under the upstream key.

For example:

Previous Values:

image:
 repository: registry1.dso.mil/ironbank/opensource/fluent/fluent-bit
 pullPolicy: Always
 tag: 4.0.3

testFramework:
 enabled: false

Current Values:

upstream:
 image:
 repository: registry1.dso.mil/ironbank/opensource/fluent/fluent-bit
 pullPolicy: Always
 tag: 4.0.3

 testFramework:
 enabled: false

Please note, this change does not apply to Big Bang-added top-level keys, including: istio, networkPolicies, elasticsearch, loki, elasticsearchKibana, openshift, and additionalOuputs.

Keycloak - MR📜

This release of Keycloak completely migrates the chart to the passthrough pattern. With that migration come considerations for Big Bang users that rely on the Keycloak chart.

Shifting values

Values that traditionally have been used to configure the keycloak components of the chart are now available under the upstream key:

-  resources:
-    requests:
-      cpu: "1"
-      memory: "1Gi"
-    limits:
-      memory: "1Gi"
+ upstream:   
+   resources:
+     requests:
+       cpu: "1"
+       memory: "1Gi"
+     limits:
+       memory: "1Gi"

Removal of the *BigBang values

The old chart had big-bang-specific values fields (like extraVolumeMountsBigBang and extraVolumesBigBang) that were created to smooth over a limitation of the upstream chart’s extraVolumeMounts and extraVolumes.

Those two fields are expected to be strings and are templated in the upstream chart and converted to yaml. This allows things like:

  extraVolumes: |-
    - name: tlscert
      secret:
        secretName: {{ include "keycloak.fullname" . }}-tlscert
    - name: tlskey
      secret:
        secretName: {{ include "keycloak.fullname" . }}-tlskey

to be created in the actual pod spec as:

  - name: tlscert
    secret:
      defaultMode: 420
      secretName: keycloak-upstream-tlscert
  - name: tlskey
    secret:
      defaultMode: 420
      secretName: keycloak-upstream-tlskey

The problem that was being solved is these strings don’t overlay correctly. The final overlay that set extraVolumes was always the “winner” and only its configuration would make it into the final templates.

Since the passthrough pattern no longer affords us the ability to affect the final templates for the keycloak StatefulSet, consumers of this package must take care to ensure the final of any of these “yaml string literal” values include all the desired contents.

Major Version Change for Bundled Postgres

The bundled postgres chart has been upgraded to the latest bitnami chart. For consumers using the bundled postgres chart, be advised this is not a supported configuration in production. If you are using the bundled chart, take steps to migrate to an external database implementation prior to attempting this upgrade.

Sonarqube - MR📜

❗This update includes several breaking changes. Please read these notices carefully.

Upgrade Steps to Prevent Data Loss

This release includes a major refactor of the upstream SonarQube Helm chart, which changes how the PostgreSQL dependency and StatefulSets are managed. Due to these changes, a conflict can occur with the PostgreSQL secret and StatefulSets created by previous versions of this chart, which can cause the upgrade to fail. The serviceName of the PostgreSQL StatefulSet has changed from sonarqube-postgresql to sonarqube-postgresql-headless, which is an immutable field. To perform a successful upgrade while preserving your existing SonarQube data, you must extract your current database password, delete the old secret and StatefulSets, and then perform the upgrade.

Follow these steps to upgrade your SonarQube instance:

  1. Backup your database prior to performing any upgrades

  2. Retrieve and store the current password in case you need it later

    kubectl -n sonarqube get secrets sonarqube-postgresql  -o go-template='{{.data.password | base64decode}}' ; echo

  3. Suspend the helm release

    flux -n bigbang suspend helmrelease sonarqube

  4. Delete the old PostgreSQL secret to prevent the upgrade from failing due to a secret conflict.

    kubectl delete secret sonarqube-postgresql -n sonarqube

  5. Delete the existing StatefulSets to prevent the upgrade from failing due to immutable field errors.

    kubectl delete statefulset sonarqube-postgresql sonarqube-sonarqube -n sonarqube

  6. Upgrade Big Bang: Perform your Big Bang upgrade

  7. Resume the helm release: This may not complete until all the next steps are done.

    flux -n bigbang resume helmrelease sonarqube

  8. Verify Pod and HelmRelease: The sonarqube-sonarqube-0 pod should go to Running, the helmrelease will remain READY state of Unknown

    kubectl -n sonarqube get pods; kubectl -n bigbang get helmrelease sonarqube

  9. Navigate to your SonarQube site. It will probably display SonarQube is under maintenance

  10. Follow the SonarQube Upgrade Roadmap: https://docs.sonarsource.com/sonarqube-community-build/server-upgrade-and-maintenance/upgrade/roadmap/. You will likely need to navigate to http://yourSonarQubeURL/setup and follow the instructions.

  11. Verify HelmRelease: The sonarqube helmrelease should show Ready: True

    kubectl -n bigbang get helmrelease sonarqube

Enabling Keycloak Integration

Keycloak integration has been updated in this version. Please utilize the sso block, as shown below.

sso:
  enabled: true
values:
   upstream:
      sonarProperties:
         sonar.core.serverBaseURL: "https://your.sonarqube.url/" 
         #sonar.auth.saml.enabled: ""
         #sonar.auth.saml.applicationId: ""
         #sonar.auth.saml.providerName: ""
         #sonar.auth.saml.providerId: ""
         #sonar.auth.saml.loginUrl: ""
         #sonar.auth.saml.certificate.secured: ""
         #sonar.auth.saml.user.login: ""
         #sonar.auth.saml.user.name: ""
         #sonar.auth.saml.user.email: ""
         #sonar.auth.saml.group.name: ""

Values Changes

The account, account.newPassword, and account.currentPassword values for defining admin passwords have been deprecated. Please utilize setAdminPassword, as shown below

 setAdminPassword:
 # The values can be set to define the current and the (new) custom admin passwords at the startup (the username will remain "admin")
   newPassword: <new_admin_password>
   currentPassword: admin

Passthrough Pattern Adoption

This package has been refactored to adopt the passthrough pattern. Passing values to the Sonarqube upstream chart will require an additional layer of overlay: addons.sonarqube.values.upstream, such as in the keycloak values above. This change does not apply to bigbang specific values in the chart.

Upgrades from previous releases📜

If coming from a version pre-3.2.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-3.2.0.

Packages📜

Package Type Package Version BB Version
updated Alloy Core v1.8.3 3.0.2-bb.0 🔗
updated Anchore Enterprise Addon 5.18.0 3.10.0-bb.0 🔗
updated Argocd Addon v3.0.6 8.0.10-bb.2 🔗
Authservice Addon 1.0.4 1.0.4-bb.3
updated Backstage beta Addon 1.0.10 2.5.3-bb.1 🔗
updated Bbctl Core 1.5.0 2.1.0-bb.1
updated Eck Operator Core 3.0.0 3.0.0-bb.2 🔗
Elasticsearch Kibana Core Kibana: 9.0.3 Elasticsearch: 9.0.1 1.30.0-bb.2
updated External Secrets Operator Addon 0.18.2 0.18.2-bb.0 🔗
updated Fluentbit Core 4.0.3 0.49.1-bb.0 🔗
updated Fortify Addon 25.2.1.0010 1.1.2320154-bb.31 🔗
Gatekeeper Core v3.19.1 3.19.1-bb.0
updated Gitlab Addon 18.2.1 9.2.1-bb.0 🔗
updated Gitlab Runner Addon v18.0.2 0.77.2-bb.3 🔗
updated Grafana Core 12.0.2 9.2.10-bb.0 🔗
Haproxy Addon v2.2.33 1.19.3-bb.10
updated Harbor Addon 2.13.1 1.17.1-bb.2 🔗
updated Headlamp beta Addon 0.32.0 0.32.1-bb.2 🔗
updated Istio Crds Core 1.26.2 1.26.2-bb.0 🔗
updated Istio Gateway Core 1.26.2 1.26.2-bb.0 🔗
updated Istiod Core 1.26.2 1.26.2-bb.0 🔗
updated Keycloak Addon 26.1.4 7.0.1-bb.3 🔗
updated Kiali Core 2.10.0 2.10.0-bb.3 🔗
updated Kyverno Core v1.14.4 3.4.4-bb.0 🔗
Kyverno Policies Core 3.3.4 3.3.4-bb.10
Kyverno Reporter Core 3.1.1 3.1.4-bb.0
updated Loki Core 3.5.1 6.30.1-bb.3 🔗
updated Mattermost Addon 10.10.1 10.10.1-bb.0 🔗
Mattermost Operator Addon 1.23.0 1.23.0-bb.0
updated Metrics Server Addon v0.8.0 3.12.2-bb.5 🔗
updated Mimir Addon 2.16.0 5.7.0-bb.3 🔗
updated Minio Addon RELEASE.2025-06-13T11-33-47Z 7.1.1-bb.5 🔗
Minio Operator Addon v7.1.1 7.1.1-bb.0
updated Monitoring Core Prometheus: 3.4.2 Grafana: 12.0.2 Alertmanager: 0.28.1 75.6.1-bb.1 🔗
Neuvector Core 5.4.4 2.8.6-bb.0
Nexus Repository Manager Addon 3.81.1-01 81.1.0-bb.0
Promtail Core v3.5.1 6.16.6-bb.5
updated Sonarqube Addon 25.1.0.102122-community 2025.1.0-bb.0 🔗
updated Tempo Core Tempo: 2.7.2 Tempo Query: 2.7.2 1.21.1-bb.2 🔗
Thanos Addon v0.38.0 16.0.2-bb.0
updated Twistlock Core 34.01.126 0.21.0-bb.1 🔗
updated Vault Addon 1.20.0 0.30.0-bb.9 🔗
updated Velero Addon 1.16.1 10.0.7-bb.0 🔗
Wrapper Core 0.4.15 0.4.15

Changes in 3.3.1📜

Big Bang MRs📜

  • !6583 updating dev tls cert
  • !6545 Resolve “Update test-values.yaml to work with gitlab-runner passthrough”
  • !6530 add daniel P to codeowners for big bang umbrella and docs
  • !6515 docs(adr): added default development config ADR
  • !6503 Update Flux
  • !6500 requiring 1.30 because 1.29 is now EOL
  • !6497 Big Bang Deployment Uninstall & Cleanup Guide

Alloy📜

  • !6553: alloy update to 3.0.2-bb.0
# Changelog Updates

## [3.0.2-bb.0] (2025-06-23)
### Changed
- k8s-monitoring updated from 2.0.27 to 3.0.2
- gluon updated from 0.5.18 to 0.6.2
- prometheus-config-reloader updated from v0.82.1 to v0.82.2

Anchore Enterprise📜

  • !6543: anchoreEnterprise update to 3.10.0-bb.0
  • !6494: anchoreEnterprise update to 3.7.0-bb.2
# Changelog Updates

## [3.10.0-bb.0] - 2025-07-09
### Changed
- Updated Anchore Enterprise chart to `3.10.0`
- Updated Anchore Enterprise tag to `5.18.0`
- Updated Anchore Enterprise UI tag to `5.18.0`
- Updated Redis to `21.1.3-bb.0`
- Updated Gluon to 0.6.2

## [3.7.0-bb.2] - 2025-06-26
### Changed
- Renamed chart from enterprise to anchore-enterprise to align with preferred naming conventions

Argocd📜

  • !6561: argocd update to 8.0.10-bb.2
# Changelog Updates

## [8.0.10-bb.2] (2025-07-12)
### Changed
- fix redis implementation to use redis-bb
- refactor SSO from upstream to bake into configs properly

## [8.0.10-bb.1] (2025-07-03)
### Changed
- Update chart for passthrough pattern

Backstage📜

  • !6579: backstage update to 2.5.3-bb.1
  • !6568: backstage update to 2.5.3-bb.0
# Changelog Updates

## [2.5.3-bb.1] - 2025-07-21
### Changed
- Updated backstage 1.0.8 -> 1.0.10
- Updated common 2.10.0 -> 2.31.3
- Updated gluon 0.6.3 -> 0.7.0
- 

## [2.5.3-bb.0] - 2025-07-02
### Changed
- Updated backstage 1.0.8 -> 1.0.10
- Updated backstage chart 2.5.2 -> 2.5.3
- Updated gluon 0.6.2 -> 0.6.3

bbctl📜

  • !6608: bbctl update to 2.1.0-bb.1
# Changelog Updates

## [2.1.0-bb.1] (2025-07-24)
### Changed
- gluon updated from 0.6.3 to 0.7.0
- updated registry1.dso.mil/ironbank/opensource/yq/yq (source) 4.45.4 -> 4.47.1
- updated bbctl to application version 1.5.0
- updated ubi-minimal image major version from 8 to 9
   - registry1.dso.mil/ironbank/redhat/ubi/ubi8-minimal:8.10 -> registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal:9.6

## [2.1.0-bb.0] (2025-07-09)
### Changed
- Modified chart to use a secret for credentials instead of a configmap.

Eck Operator📜

  • !6531: eckOperator update to 3.0.0-bb.2
# Changelog Updates

## [3.0.0-bb.2] (2025-07-11)
### Added
- Added default value for imagePullSecrets

## [3.0.0-bb.1] (2025-06-26)
### Added
- Added Metrics Service and ServiceMonitor templates for Big Bang compatibility scraping
### Changed
- Refactor chart to Big Bang passthrough chart pattern

External Secrets Operator📜

  • !6537: externalSecrets update to 0.18.2-bb.0
# Changelog Updates

## [0.18.2-bb.0] - 2025-07-08
### Changed
- updated gluon 0.6.2 -> 0.6.3
- updated registry1.dso.mil/ironbank/opensource/external-secrets/external-secrets (source) v0.18.0 -> v0.18.2
- updated helm chart to 0.18.2

Fluentbit📜

  • !6537: fluentbit update to 0.49.1-bb.0
# Changelog Updates

## [0.49.1-bb.0] (2025-06-20)
### Changed
- fluent-bit updated from 0.49.0 to 0.49.1
- Refactor chart to Big Bang passthrough chart pattern

Fortify📜

  • !6556: fortify update to 1.1.2320154-bb.30
# Changelog Updates

## [1.1.2320154-bb.31] - 2025-07-17
### Fixed
- Updated renovate matcher to properly update golang-1.24
- Updated renovate matcher to catch all version tags of Fortify

## [1.1.2320154-bb.30] - 2025-07-15
### Changed
- registry1.dso.mil/ironbank/google/golang/ubi9/golang-1.24.4 (source) -> 1.24.5
- registry1.dso.mil/ironbank/microfocus/fortify/ssc (source) version 25.2.0.0157 -> 25.2.1.0010

## [1.1.2320154-bb.29] - 2025-06-25
### Fixed
- Increased the minimum memory for Fortify to `4Gi`

Gitlab📜

  • !6599: gitlab update to 9.2.1-bb.0
  • !6559: gitlab update to 9.1.2-bb.0
  • !6506: gitlab update to 9.1.0-bb.1
# Changelog Updates

## [9.2.1-bb.0] (2025-07-24)
### Changed
- update gluon 0.6.2 -> 0.6.3
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 18.1.2 -> 18.2.1
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 18.1.2 -> 18.2.1

## [9.1.2-bb.0] (2025-07-15)
### Changed
- update gluon 0.6.2 -> 0.6.3
- registry1.dso.mil/ironbank/bitnami/redis 8.0.2 -> 8.0.3
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 18.1.0 -> 18.1.2
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 18.1.0 -> 18.1.2

## [9.1.0-bb.1] (2025-07-01)
### Changed
- Added registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom:18.1.0 to the Chart.yaml

Gitlab Runner📜

  • !6552: gitlabRunner update to 0.77.2-bb.3
# Changelog Updates

## [0.77.2-bb.3] (2025-07-08)
### Changed
- gluon 0.5.19 -> 0.6.3
- registry1.dso.mil/ironbank/redhat/ubi/ubi9 (source) 9.5 -> 9.6

## [0.77.2-bb.2] (2025-07-10)
### Changed
- fix netpols to reflect proper app label selector

## [0.77.2-bb.1] (2025-06-17)
### Changed
- refactor chart to passthrough pattern

Grafana📜

  • !6532: grafana update to 9.2.10-bb.0
  • !6519: grafana update to 9.2.7-bb.1
# Changelog Updates

## [9.2.10-bb.0] (2025-07-08)
### Changed
- gluon updated from 0.6.2 to 0.6.3
- grafana updated from 9.2.7 to 9.2.10
- registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar updated from 1.30.3 to 1.30.6
- registry1.dso.mil/ironbank/opensource/grafana/grafana-image-renderer updated from 3.12.7 to 3.12.9

## [9.2.7-bb.1] (2025-07-07)
### Added
- Added ability to enable Grafana Enterprise and optional enterprise license secret template.

Harbor📜

  • !6558: harbor update to 1.17.1-bb.2
# Changelog Updates

## [1.17.1-bb.2] (2025-07-16)
### Changed
- gluon 0.6.2 -> 0.6.3
- registry1.dso.mil/ironbank/bitnami/redis 8.0.2 -> 8.0.3
- postgresql 16.7.13 -> 16.7.15
- registry1.dso.mil/ironbank/opensource/nginx/nginx 1.28.0 -> 1.29.0

Headlamp📜

  • !6573: headlamp update to 0.32.1-bb.2
  • !6570: headlamp update to 0.32.1-bb.1
  • !6541: headlamp update to 0.32.1-bb.0
# Changelog Updates

## [0.32.1-bb.2] (2025-07-18)
### Updated
- Updated registry1.dso.mil//ironbank/opensource/prometheus-operator/prometheus-config-reloader `v0.83.0` -> `v0.84.0`
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl `v1.32.6` -> `v1.32.7`
- Updated cypress `14.5.1` -> `14.5.2`

## [0.32.1-bb.1] (2025-07-17)
### Updated
- Updated istio virtual service config to support baseURL configuration

## [0.32.1-bb.0] (2025-07-07)
### Updated
- Updated headlamp `0.31.1` -> `0.32.1`
- Updated gluon `0.6.2` -> `0.6.3`
- Updated ironbank/opensource/prometheus/blackbox_exporter `v0.26.0` -> `v0.27.0`
- Updated registry1.dso.mil/ironbank/opensource/headlamp-k8s/headlamp `v0.31.1` -> `v0.32.0`
- Updated registry1.dso.mil/ironbank/opensource/headlamp-k8s/headlamp `0.31.1` -> `0.32.0`
- Updated registry1.dso.mil/ironbank/opensource/prometheus/blackbox_exporter`v0.26.0` -> `v0.27.0`
- Updated cypress `14.5.0` -> `14.5.1`

Istio Crds📜

  • !6546: istioCRDs update to 1.26.2-bb.0
# Changelog Updates

## [1.26.2-bb.0] (2025-07-11)
### Changed
- base updated from 1.26.1 to 1.26.2

Istio Gateway📜

  • !6548: istioGateway update to 1.26.2-bb.0
  • !6521: istioGateway update to 1.26.1-bb.3
# Changelog Updates

## [1.26.2-bb.0] (2025-07-11)
### Changed
- ironbank/opensource/istio/proxyv2 updated from 1.26.1 to 1.26.2

## [1.26.1-bb.3] (2025-07-08)
### Updated
- Updated all `namespace` keys to use `.Release.Namespace` instead of hardcoding `istio-gateway`
### Removed
- Removed extraneous flux labels from the `Gateway` manifest

Istiod📜

  • !6547: istiod update to 1.26.2-bb.0
# Changelog Updates

## [1.26.2-bb.0] (2025-07-11)
### Changed
- ironbank/opensource/istio/pilot updated from 1.26.1 to 1.26.2
- ironbank/opensource/istio/proxyv2 updated from 1.26.1 to 1.26.2

Keycloak📜

  • !6575: keycloak update to 7.0.1-bb.3
  • !6534: keycloak update to 7.0.1-bb.2
  • !6534: keycloak update to 7.0.1-bb.1
# Changelog Updates

## [7.0.1-bb.3] - 2025-07-18
### Changed
- Configured default virtual service host to use templated `.domain` value

## [7.0.1-bb.2] - 2025-07-01
### Added
- Added Helm values schema

## [7.0.1-bb.1] - 2025-06-10
### Changed
- Migrated Keycloak chart to passthrough pattern
### Updated
- Updated gluon to 0.6.2
- Updated bitnami/postgresql to 16.7.11

Kiali📜

  • !6576: kiali update to 2.10.0-bb.3
# Changelog Updates

## [2.10.0-bb.3] - 2025-07-17
### Updated
- Updated bb-common to 0.3.1
- fixed schema and values to work with bb-common 0.3.1 update

Kyverno📜

  • !6569: kyverno update to 3.4.4-bb.0
  • !6485: kyverno update to 3.4.1-bb.0
# Changelog Updates

## [3.4.1-bb.0] - 2025-07-10
### Changed
- Updated app version from `3.4.1-bb.0` to `3.4.4-bb.0`
- Updated `background-controller`, `cleanup-controller`, `reports-controller`, `kyverno`, `kyvernocli`, `kyvernopre` from `v1.14.2` to `v1.14.4`
- Updated `kubectl` from `v1.32.5` to `v1.32.6`

## [3.4.1-bb.0] - 2025-06-24
### Changed
- Updated app version from `3.3.6-bb.2` to `3.4.1-bb.0`
- Updated `background-controller`, `cleanup-controller`, `reports-controller`, `kyverno`, `kyvernocli`, `kyvernopre` from `v1.13.4` to `v1.14.2`
- Updated `kubectl` from `v1.30.10` to `v1.32.5`
- Updated `ubi9-minimal` from `9.5` to `9.6`

Loki📜

  • !6527: loki update to 6.30.1-bb.3
# Changelog Updates

## [6.30.1-bb.3] (2025-07-08)
### Changed
- Updated Alloy network policy pod selector

Mattermost📜

  • !6572: mattermost update to 10.10.1-bb.0
# Changelog Updates

## [10.10.1-bb.0] (2025-07-17)
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl `v1.32.6` -> `v1.32.7`
- registry1.dso.mil/ironbank/opensource/mattermost/mattermost `10.9.1` -> `10.10.1`

Metrics Server📜

  • !6574: metricsServer update to 3.12.2-bb.5
# Changelog Updates

## [3.12.2-bb.5] - 2025-07-17
### Updated
- gluon 0.5.14 -> 0.6.3
- metrics-server v0.7.2 -> v0.8.0
- kubectl v1.30.10 -> v1.32.7

Mimir📜

  • !6525: mimir update to 5.7.0-bb.3
# Changelog Updates

## [5.7.0-bb.3] (2025-07-08)
### Changed
- Updated Alloy network policy pod selector

Minio📜

  • !6529: minio update to 7.1.1-bb.5
# Changelog Updates

## [7.1.1-bb.5] - 2025-07-08
### Updated
- Updated gluon from 0.6.2 -> 0.6.3

## [7.1.1-bb.4] - 2025-06-25
### Changed
- ironbank/opensource/minio/minio (source) RELEASE.2025-05-24T17-08-30Z -> RELEASE.2025-06-13T11-33-47Z
- Updated registry1.dso.mil/ironbank/opensource/minio/minio (source) RELEASE.2025-05-24T17-08-30Z -> RELEASE.2025-06-13T11-33-47Z

Monitoring📜

  • !6524: monitoring update to 75.6.1-bb.1
  • !6522: monitoring update to 75.6.1-bb.0
# Changelog Updates

## [75.6.1-bb.1] (2025-07-08)
### Updated
- Updated Alloy network policy pod selector

## [75.6.1-bb.0] (2025-06-28)
### Changed
- gluon 0.6.2 -> 0.6.3
- grafana 9.2.2 -> 9.2.9
- kube-prometheus-stack 73.2.0 -> 75.6.1
- kube-state-metrics 5.36.0 -> 6.1.0
- prometheus-blackbox-exporter 10.1.0 -> 11.0.0
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins 12.0.1 -> 12.0.2
- registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar 1.30.3 -> 1.30.5
- registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics v2.15.0 -> v2.16.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.32.5 -> v1.32.6
- registry1.dso.mil/ironbank/opensource/prometheus/prometheus v3.4.1 -> v3.4.2
- registry1.dso.mil/ironbank/opensource/thanos/thanos v0.38.0 -> v0.39.0

Sonarqube📜

  • !6508 SKIP UPGRADE updating sonarqube for passthrough and admin password reset
# Changelog Updates

## [2025.2.0-bb.0] - 2025-07-10
### Updated
- Use new LTA chart versions going forward
- Updated cypress test to run with new UI
- Updated Renovate config to scan for new LTA version

Tempo📜

  • !6526: tempo update to 1.21.1-bb.2
  • !6518: tempo update to 1.21.1-bb.1
# Changelog Updates

## [1.21.1-bb.2] (2025-07-08)
### Updated
- Updated Alloy network policy pod selector

## [1.21.1-bb.1] (2025-07-07)
### Added
- Added [tempo-mixin dashboards](https://github.com/grafana/tempo/tree/main/operations/tempo-mixin-compiled/dashboards)

Twistlock📜

  • !6560: twistlock update to 0.21.0-bb.1
# Changelog Updates

## [0.21.0-bb.1] (2025-07-10)
### Changed
- add tolerations for volume-upgrade-job

Vault📜

  • !6523: vault update to 0.30.0-bb.9
# Changelog Updates

## [0.30.0-bb.9] - 2025-07-07
### Changed
- ironbank/hashicorp/vault (source) 1.19.5 -> 1.20.0

## [0.30.0-bb.8] - 2025-07-02
### Changed
- Enabled vauth script test

Velero📜

  • !6511: velero update to 10.0.7-bb.0
# Changelog Updates

## [10.0.7-bb.0] - 2025-06-24
### Changed
- Updated chart to 10.0.7
- ironbank/opensource/nginx/nginx 1.27.4 -> 1.28.0
- velero/velero-plugin-for-aws v1.12.0 -> v1.12.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws v1.12.0 -> v1.12.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure v1.12.0 -> v1.12.1
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.32.3 -> v1.32.6

Known Issues📜

  • Grafana - ISSUE Istio Dashboards have not yet been migrated to the new deployment pattern and are planned to be included in a future release
  • bbctl Dashboards
  • CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
  • bbctl-violations-dashboard / bbctl-all-logs-dashboard(Violations Logs)
    • These items will not populate if you have too large of a kubernets cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the bbctl violations command to obtain the data.
  • Prometheus Target Scraping
Package Target Issue
Kyverno-Reporter serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0 ISSUE
Neuvector serviceMonitor/neuvector/neuvector-prometheus-exporter/0 ISSUE
Keycloak serviceMonitor/keycloak/keycloak-upstream-keycloak/0

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.