Release Notes - 3.4.0📜
Please see our documentation page for more information on how to consume and deploy BigBang.\ This release was primarily tested on Kubernetes 1.32.5 (EKS).
Upgrade Notices📜
BigBang - MR📜
Requiring Kubernetes version >= 1.31. Kubernetes 1.30 reached end-of-life June 28,2025. See Kubernetes Releases for more information.
BigBang - MR📜
Monitoring Notice: To allow packages to install ServiceMonitors prior to the installation of the monitoring chart, we have added a separate prometheus-operator-crds chart. Monitoring will have the crds creation disabled by default, and will be dependent on the prometheus-operator-crds chart going forward.
Kyverno Notice: To allow packages to install ServiceMonitors prior to the installation of the kyverno chart, we have added a separate prometheus-operator-crds chart. Kyverno will no longer install the ServiceMonitor CRD itself, and will be dependent on the prometheus-operator-crds chart going forward.
GitLab📜
In the Gitlab 18 release Event data collection was turned on by default. See their documentation for steps to disable.
Keycloak - MR📜
Keycloak NetworkPolicies for istio-ingress and ingress-allow-https both have been updated to align with the statically defined port in the upstream Helm chart and will no longer change to match the configured Service port.
Minio - MR📜
The MinIO Admin UI was removed from Community Edition. All cypress tests for console were removed because of this. For more information, read this article.
Vault - MR📜
This release of vault completely migrates the chart to the passthrough pattern.
Shifting Values
Values that traditionally have been used to configure the vault chart are now available under the upstream key
New Format
upstream:
global:
injector:
server:
ui:
csi:
serverTelemetry:
monitoring, networkPolicies, autoInit, istio, minio, customAppIngressSelector, bbtest
Upgrades from previous releases📜
If coming from a version pre-3.3.1, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-3.3.1.
Packages📜
| Package | Type | Package Version | BB Version |
|---|---|---|---|
 Alloy |
Core | v1.10.0 |
3.2.1-bb.1 🔗 |
| Anchore Enterprise |
Addon | 5.18.0 |
3.10.0-bb.1 🔗 |
| Argocd |
Addon | v3.0.12 |
8.2.5-bb.0 🔗 |
| Authservice | Addon | 1.0.4 |
1.0.4-bb.3 |
Backstage  |
Addon | 1.0.10 |
2.5.3-bb.1 |
| Bbctl | Core | 1.5.0 |
2.1.0-bb.1 |
| Eck Operator | Core | 3.0.0 |
3.0.0-bb.2 |
| Elasticsearch Kibana |
Core | Kibana: 9.0.3 Elasticsearch: 9.0.1 |
1.30.0-bb.3 🔗 |
| External Secrets Operator |
Addon | 0.18.2 |
0.18.2-bb.1 🔗 |
| Fluentbit |
Core | 4.0.5 |
0.50.0-bb.1 🔗 |
| Fortify |
Addon | 25.2.1.0010 |
1.1.2320154-bb.32 🔗 |
| Gatekeeper | Core | v3.19.1 |
3.19.1-bb.0 |
| Gitlab |
Addon | 18.2.1 |
9.2.1-bb.1 🔗 |
| Gitlab Runner |
Addon | v18.2.0 |
0.79.1-bb.0 🔗 |
| Grafana | Core | 12.0.2 |
9.2.10-bb.0 |
| Haproxy | Addon | v2.2.33 |
1.19.3-bb.10 |
| Harbor |
Addon | 2.13.1 |
1.17.1-bb.3 🔗 |
| Headlamp |
Addon | 0.33.0 |
0.33.0-bb.0 🔗 |
| Istio Crds |
Core | 1.26.3 |
1.26.3-bb.0 🔗 |
| Istio Gateway |
Core | 1.26.3 |
1.26.3-bb.0 🔗 |
| Istiod |
Core | 1.26.3 |
1.26.3-bb.0 🔗 |
| Keycloak |
Addon | 26.1.4 |
7.0.1-bb.5 🔗 |
| Kiali |
Core | 2.12.0 |
2.12.0-bb.1 🔗 |
| Kyverno |
Core | v1.14.4 |
3.4.4-bb.2 🔗 |
| Kyverno Policies | Core | 3.3.4 |
3.3.4-bb.10 |
| Kyverno Reporter |
Core | 3.3.3 |
3.3.2-bb.1 🔗 |
| Loki | Core | 3.5.1 |
6.30.1-bb.3 |
| Mattermost |
Addon | 10.10.1 |
10.10.1-bb.1 🔗 |
| Mattermost Operator |
Addon | 1.24.0 |
1.24.0-bb.0 🔗 |
| Metrics Server | Addon | v0.8.0 |
3.12.2-bb.5 |
| Mimir | Addon | 2.16.0 |
5.7.0-bb.3 |
| Minio |
Addon | RELEASE.2025-07-18T21-56-31Z |
7.1.1-bb.6 🔗 |
| Minio Operator | Addon | v7.1.1 |
7.1.1-bb.0 |
| Monitoring |
Core | Prometheus: 3.4.2 Grafana: 12.0.2 Alertmanager: 0.28.1 |
75.6.1-bb.2 🔗 |
| Neuvector |
Core | 5.4.4 |
2.8.6-bb.1 🔗 |
| Nexus Repository Manager |
Addon | 3.82.0-08 |
82.0.0-bb.0 🔗 |
 Prometheus Operator Crds |
Core | 21.0.0 |
22.0.1-bb.0 |
| Promtail | Core | v3.5.1 |
6.16.6-bb.5 |
| Sonarqube |
Addon | 25.1.0.102122-community |
2025.1.0-bb.1 🔗 |
| Tempo | Core | Tempo: 2.7.2 Tempo Query: 2.7.2 |
1.21.1-bb.2 |
| Thanos |
Addon | v0.39.2 |
17.2.2-bb.0 🔗 |
| Twistlock |
Core | 34.01.126 |
0.21.0-bb.2 🔗 |
| Vault |
Addon | 1.20.1 |
0.30.0-bb.12 🔗 |
| Velero | Addon | 1.16.1 |
10.0.7-bb.0 |
| Wrapper | Core | 0.4.15 |
0.4.15 |
Changes in 3.4.0📜
Big Bang MRs📜
- !6660 Remove chart/templates/kyverno/kustomization.yaml
- !6652 Resolve “Update Develop Package”
- !6647 Resolve “Add p1-keycloak-plugin:3.6.7 image reference to tests/images.txt”
- !6629 Edit Chart.yaml
- !6612 Kiali - remove legacy istio operatorful component status pod labels
- !6611 Remove prometheus-operator-crds dependencies & Add dependsOn for Kyverno
Alloy📜
- !6639: alloy update to 3.2.1-bb.1
- !6637: alloy update to 3.2.1-bb.0
# Changelog Updates ## [3.2.1-bb.1] (2025-07-31) ### Changed - Modified netpol allow-kube-apiserver-egress logic to prevent Endpoint updates from breaking connectivity to the kube API. This can be Configured with `Values.networkPolicies.controlPlaneCidr` (0.0.0.0/0 default). ## [3.2.1-bb.0] (2025-07-31) ### Changed - k8s-monitoring updated from 3.0.2 to 3.2.1 - gluon updated from 0.6.2 to 0.7.0 - registry1.dso.mil/ironbank/opensource/grafana/alloy updated from v1.8.3 to v1.10.0 - registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader updated from v0.82.2 to v0.84.0
Anchore Enterprise📜
- !6600: anchoreEnterprise update to 3.10.0-bb.1
# Changelog Updates ## [3.10.0-bb.1] - 2025-07-23 ### Changed - Allow `configure-sso` job to use `existingSecretName`.
Argocd📜
- !6651: argocd update to 8.2.5-bb.0
- !6595: argocd update to 8.2.0-bb.1
- !6590: argocd update to 8.2.0-bb.0
# Changelog Updates ## [8.2.5-bb.0] (2025-08-04) ### Changed - Upgrade argo-cd helm chart 8.2.4 -> 8.2.5 ## [8.2.4-bb.0] (2025-07-31) ### Changed - Upgrade argo-cd helm chart 8.2.0 -> 8.2.4 ## [8.2.0-bb.2] (2025-07-30) ### Changed - ironbank/big-bang/argocd (source) v3.0.11 -> v3.0.12 - registry1.dso.mil/ironbank/big-bang/argocd v3.0.11 -> v3.0.12 ## [8.2.0-bb.1] (2025-07-23) ### Changed - gluon 0.6.2 -> 0.7.0 - ironbank/big-bang/argocd (source) v3.0.6 -> v3.0.11 - ironbank/bitnami/redis (source) 8.0.2 -> 8.0.3 - redis 21.1.11-bb.0 -> 21.2.9-bb.0 - registry1.dso.mil/ironbank/big-bang/argocd v3.0.6 -> v3.0.11 - registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.73.0 -> v1.74.0 - registry1.dso.mil/ironbank/bitnami/redis 8.0.2 -> 8.0.3 ## [8.2.0-bb.0] (2025-07-23) ### Changed - Upgrade argo-cd helm chart 8.0.10 -> 8.2.0
Bbctl📜
- !6608: bbctl update to 2.1.0-bb.1
# Changelog Updates ## [2.1.0-bb.1] (2025-07-24) ### Changed - gluon updated from 0.6.3 to 0.7.0 - updated registry1.dso.mil/ironbank/opensource/yq/yq (source) 4.45.4 -> 4.47.1 - updated bbctl to application version 1.5.0 - updated ubi-minimal image major version from 8 to 9 - registry1.dso.mil/ironbank/redhat/ubi/ubi8-minimal:8.10 -> registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal:9.6
Elasticsearch Kibana📜
- !6605: elasticsearchKibana update to 1.30.0-bb.3
# Changelog Updates ## [1.30.0-bb.3] (2025-07-22) ### Changed - gluon updated from 0.6.3 to 0.7.0 - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl updated from v1.32.6 to v1.32.7
External Secrets Operator📜
- !6596: externalSecrets update to 0.18.2-bb.1
# Changelog Updates ## [0.18.2-bb.1] - 2025-07-21 ### Changed - Updated gluon 0.6.3 -> 0.7.0 - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) v1.32.6 -> v1.32.7
Fluentbit📜
- !6642: fluentbit update to 0.50.0-bb.1
- !6604: fluentbit update to 0.50.0-bb.0
# Changelog Updates ## [0.50.0-bb.1] (2025-08-01) ### Changed - gluon updated from 0.6.3 to 0.7.0 - registry1.dso.mil/ironbank/opensource/fluent/fluent-bit updated from 4.0.4 to 4.0.5 ## [0.50.0-bb.0] (2025-07-16) ### Changed - fluent-bit updated from 0.49.1 to 0.50.0 - gluon updated from 0.6.2 to 0.6.3
Fortify📜
- !6589: fortify update to 1.1.2320154-bb.32
# Changelog Updates ## [1.1.2320154-bb.32] - 2025-07-22 ### Fixed - Updated istio configuration to default the namespaceSelector to `istio-gateway` instead of `istio-controlplane`
Gitlab📜
- !6649: gitlab update to 9.2.1-bb.1
# Changelog Updates ## [9.2.1-bb.1] (2025-08-04) ### Changed - update postgres image reference in Chart.yaml to align with default Bitnami image in values.yaml
Gitlab Runner📜
- !6623: gitlabRunner update to 0.79.1-bb.0
- !6601: gitlabRunner update to 0.79.0-bb.0
- !6598: gitlabRunner update to 0.77.2-bb.5
- !6580: gitlabRunner update to 0.77.2-bb.4
# Changelog Updates ## [0.79.1-bb.0] (2025-08-05) ### Changed - Update gitlab-runner chart version minor v0.79.0 -> v0.79.1 ## [0.79.0-bb.0] (2025-07-24) ### Changed - Update gitlab-runner chart version minor v0.77.2 -> v0.79.0 ## [0.77.2-bb.5] (2025-07-24) ### Changed - ironbank/gitlab/gitlab-runner/gitlab-runner (source) v18.0.2 -> v18.2.0 - ironbank/gitlab/gitlab-runner/gitlab-runner-helper (source) v18.0.2 -> v18.2.0 - registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner v18.0.2 -> v18.2.0 - registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper v18.0.2 -> v18.2.0 ## [0.77.2-bb.4] (2025-07-18) ### Changed - gluon 0.6.3 -> 0.7.0
Harbor📜
- !6594: harbor update to 1.17.1-bb.3
# Changelog Updates ## [1.17.1-bb.3] (2025-07-24) ### Changed - gluon 0.6.3 -> 0.7.0 - postgresql 16.7.19 -> 16.7.21
Headlamp📜
- !6645: headlamp update to 0.33.0-bb.0
- !6624: headlamp update to 0.32.1-bb.3
# Changelog Updates ## [0.33.0-bb.0] (2025-08-01) ### Updated - gluon `0.6.3` -> `0.7.0` - registry1.dso.mil/ironbank/opensource/headlamp-k8s/headlamp (source) `v0.32.0` -> `v0.33.0` - Updated cypress `14.5.2` -> `14.5.3` ## [0.32.1-bb.3] (2025-07-29) ### Added - Flux plugin cypress test
Istio Crds📜
- !6650: istiod update to 1.26.3-bb.0
# Changelog Updates ## [1.26.3-bb.0] (2025-07-30) ### Changed - base updated from 1.26.2 to 1.26.3
Istio Gateway📜
- !6650: istiod update to 1.26.3-bb.0
- !6630: istioGateway update to 1.26.2-bb.1
# Changelog Updates ## [1.26.3-bb.0] (2025-07-31) ### Changed - gateway updated from 1.26.2 to 1.26.3 - added wait script to ensure image gets updated properly - added new network policy for wait job ## [1.26.2-bb.1] (2025-07-30) ### Changed - Updated schema to allow for networkPolicies.istioNamespaceSelector.ingress values
Istiod📜
- !6650: istiod update to 1.26.3-bb.0
- !6635: istiod update to 1.26.2-bb.1
# Changelog Updates ## [1.26.3-bb.0] (2025-08-01) ### Changed - istiod updated from 1.26.2 to 1.26.3 ## [1.26.2-bb.1] (2025-07-30) ### Added - Added istio grafana dashboards
Keycloak📜
- !6643: keycloak update to 7.0.1-bb.5
- !6618: keycloak update to 7.0.1-bb.4
# Changelog Updates ## [7.0.1-bb.5] - 2025-07-29 ### Added - Added fullnameOverride and nameOverride values to keep upstream chart names keycloak* ## [7.0.1-bb.4] - 2025-07-28 ### Changed - Correct netpols referencing service port as opposed to pod port - Fixed templating scope issue for allow-keycloak-egress-to netpol
Kiali📜
- !6616: kiali update to 2.12.0-bb.1
- !6588: kiali update to 2.12.0-bb.0
# Changelog Updates ## [2.12.0-bb.1] - 2025-07-24 ### Updated - Updated cpu and memory requests for Kiali resource - Updated wait script permissions and file structure to use gluon - Updated gluon from 0.6.3 to 0.7.0 ## [2.12.0-bb.0] - 2025-07-22 ### Updated - Updated Kiali and Kiali-Operator from 2.10.0 to 2.12.0 - Updated gluon from 0.6.2 to 0.6.3
Kyverno Reporter📜
- !6646: kyvernoReporter update to 3.3.2-bb.1
- !6628: kyvernoReporter update to 3.3.2-bb.0
# Changelog Updates ## [3.3.2-bb.1] (2025-08-01) ### Changed - Added listing of images to chart.yaml ## [3.3.2-bb.0] (2025-07-30) ### Changed - registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter v3.1.4 -> v3.3.3 - registry1.dso.mil/ironbank/nirmata/policy-reporter/policy-reporter-ui v2.3.10 -> v2.4.1 - registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter/kyverno-plugin v0.4.4 -> v0.5.0 - Updated policy-reporter subchart 3.1.4 -> 3.3.2 - Updated cypress v13.0.0 -> v14.0.0
Mattermost📜
- !6597: mattermost update to 10.10.1-bb.1
# Changelog Updates ## [10.10.1-bb.1] (2025-07-19) ### Changed - gluon updated from 0.6.3 to 0.7.0
Mattermost Operator📜
- !6632: mattermostOperator update to 1.24.0-bb.0
# Changelog Updates ## [1.24.0-bb.0] (2025-07-25) ### Changed - registry1.dso.mil/ironbank/opensource/mattermost/mattermost-operator (source) v1.23.0 -> v1.24.0 - registry1.dso.mil/ironbank/opensource/mattermost/mattermost-operator (source) 1.23.0 -> 1.24.0
Minio📜
- !6606: minio update to 7.1.1-bb.6
# Changelog Updates ## [7.1.1-bb.6] - 2025-07-23 ### Updated - Updated registry1.dso.mil/ironbank/opensource/minio/minio (source) RELEASE.2025-06-13T11-33-47Z -> RELEASE.2025-07-18T21-56-31Z - Updated gluon from 0.6.3 -> 0.7.0 - Cypress console login test removed due to Admin UI fully removed
Neuvector📜
- !6610: neuvector update to 2.8.6-bb.1
# Changelog Updates ## [2.8.6-bb.1] (2025-07-18) ### Changed - registry1.dso.mil/ironbank/opensource/neuvector/registry-adapter 0.1.7 -> 0.1.8
Nexus Repository Manager📜
- !6592: nexusRepositoryManager update to 82.0.0-bb.0
# Changelog Updates ## [82.0.0-bb.0] - 2025-07-23 ### Changed - Updated Gluon 0.6.2 -> 0.7.0 - ironbank/sonatype/nexus/nexus (source) 3.81.1-01 -> 3.82.0-08 - registry1.dso.mil/ironbank/sonatype/nexus/nexus (source) 3.81.1-01 -> 3.82.0-08 ## [81.1.0-bb.3] - 2025-07-22 ### Changed - Correct issue with INSTALL4J_ADD_VM_PARAMS value defaults ## [81.1.0-bb.2] - 2025-07-09 ### Changed - Correct issue with license_key ## [81.1.0-bb.1] - 2025-07-08 ### Changed - Correct issue with failure in blob storage update job ### Breaking Changes - OrientDB migration required before upgrading if the internal DB is used. Steps can be found [in the Sonatype documentation](https://help.sonatype.com/en/migrating-to-a-new-database.html).
Prometheus Operator Crds📜
- !6648: prometheusOperatorCRDs update to 22.0.1-bb.0
- !6554: Prometheus-operator-crds chart integration
# Changelog Updates ## [22.0.1-bb.0] (2025-07-25) ### Changed - prometheus-operator-crds updated from 21.0.0 to 22.0.1 ## [21.0.0-bb.0] - 2025-07-17 ### Added - Initial prometheus-operator-crds chart build out - Set upstream chart dependency and alias
Sonarqube📜
- !6586: sonarqube update to 2025.1.0-bb.1
# Changelog Updates ## [2025.2.0-bb.1] - 2025-07-22 ### Updated - Updated hardcoded namespaceselector value in allow-istio netpols
Thanos📜
- !6644: thanos update to 17.2.2-bb.0
- !6577: thanos update to 16.0.2-bb.1
# Changelog Updates ## [17.2.2-bb.0] (2025-07-30) ### Changed - gluon 0.6.3 -> 0.7.0 - minio-instance 7.0.0-bb.1 -> 7.2.2-bb.0 - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.32.3 -> v1.32.7 - registry1.dso.mil/ironbank/opensource/thanos/thanos v0.38.0 -> v0.39.2 - thanos chart updated from 16.0.2 -> 17.2.2 ## [16.0.2-bb.1] - 2025-07-02 ### Added - Store gateway networkpolicy egress CIDR to values.yaml - Updated gluon to 0.6.3 - Kyverno Policy for cypress test
Twistlock📜
- !6609: twistlock update to 0.21.0-bb.2
# Changelog Updates ## [0.21.0-bb.2] (2025-07-22) ### Changed - added Collection and host limit support to get-all-vuln-reports.sh contrib script
Vault📜
- !6614: vault update to 0.30.0-bb.12
- !6603: vault update to 0.30.0-bb.11
- !6567: Vault Passthrough – Upgrade to 0.30.0-bb.10
# Changelog Updates ## [0.30.0-bb.12] - 2025-07-28 ### Changed - gluon 0.6.3 -> 0.7.0 - ironbank/hashicorp/vault (source) 1.20.0 -> 1.20.1 - registry1.dso.mil/ironbank/hashicorp/vault (source) 1.20.0 -> 1.20.1 ## [0.30.0-bb.11] - 2025-07-24 ### Changed - registry1.dso.mil/ironbank/hashicorp/vault-csi-provider (source) v1.5.0 -> v1.5.1 ## [0.30.0-bb.10] - 2024-07-17 ### Changed - Implemented pass-through pattern
Known Issues📜
- bbctl Dashboards
- CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
- bbctl-violations-dashboard / bbctl-all-logs-dashboard(Violations Logs)
- These items will not populate if you have too large of a kubernets cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the
bbctl violationscommand to obtain the data.
- These items will not populate if you have too large of a kubernets cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the
- Headlamp
- An issue with the flux plugin being able to load certain menu items has been identified. This appears to be an issue with the javascript code used to create the plugin.
- Menu items having an issue:
- Kustomizations
- HelmReleases
- ImageAutomations
- Notifications
- Attempting to login using OIDC will create a login ‘loop’. See upstream issue for further information.
- Prometheus Target Scraping
| Package | Target | Issue |
|---|---|---|
| GitLab | serviceMonitor/gitlab/gitlab-gitlab-exporter/0 |
ISSUE |
| Keycloak | serviceMonitor/keycloak/keycloak-upstream-keycloak/0 |
ISSUE |
| Kyverno-Reporter | serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0 |
ISSUE |
| Neuvector | serviceMonitor/neuvector/neuvector-prometheus-exporter/0 |
ISSUE |
| Vault | N/A |
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Mattermost channel
- Join our Slack
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.