Skip to content

Release Notes - 3.5.0πŸ“œ

Please see our documentation page for more information on how to consume and deploy BigBang.\ This release was primarily tested on Kubernetes 1.32.6 (EKS).

Upgrade NoticesπŸ“œ

BigBang - MRπŸ“œ

Promtail has been officially removed as a log aggregator in Big Bang pursuant to its deprecation by Grafana Labs. The Promtail project has been merged into the Grafana Alloy project upstream and integrated into Big Bang as the alloy package. Alloy is the default log aggregation tool since Big Bang 3.0. Promtail will move to community supported packages. Promtail is scheduled upstream for end of life date of March 2, 2026. If the community does not maintain the Promtail package it will be archived from Repo1 sooner. Users can still deploy the Promtail using the packages section of the umbrella values by modifying Big Bang values.yaml under the packages: key.

Harbor - MRπŸ“œ

A postRender kustomize patch is configured in the umbrella branch for Harbor template to update the harbor-registry service, addressing a docker cli authentication error as shown below. 

Error response from daemon: login attempt to https://harbor.dev.bigbang.mil/v2/ failed with status: 503 Service Unavailable
The patch changes the port name β€œhttp-registry” to β€œregistry” in the harbor-service. see the Customize patch below: 
{{- define "harbor.fixRegistryPostRender" }}
- kustomize:
    patches:
      - patch: |
          - op: replace
            path: /spec/ports/0
            value:
              name: registry
              port: 5000
        target:
          kind: Service
          name: harbor-registry
{{- end }}

Harbor - MRπŸ“œ

Breaking Changes

  • This passthrough upgrade for Harbor tries to make changes to an immutable field in Harbor-Trivy StatefulSets, which are changes in the containerSecurityContext field introduced by the passthrough chart. This can cause the helm upgrade command to fail.

With the change to pass-through pattern there is an additional layer required to pass values to the child package, pass values with the following pattern:

harbor:
 values:
  upstream:
    key: value

The keys that won’t need to move are those under domain, global, networkPolicies, istio, and bbtests.

Additionally, To perform a successful upgrade to the passthrough version of harbor, you must delete the Harbor-Trivy StatefulSets before Performing the upgrade.

Follow these steps to upgrade your Harbor instance:

  1. Suspend Harbor helmrelease Using flux to suspend harbor hr to prevent reconcile until after the upgrade 
     flux suspend hr harbor -n bigbang
  2. Delete the existing Harbor-Trivy StatefulSets. This will prevent the upgrade from failing due to immutable field errors. bash kubectl delete statefulset harbor-trivy -n harbor
  3. Upgrade Big Bang. Run your standard upgrade procedure for your Big Bang cluster. bash Upgrade Big Bang
  4. Resume Harbor helmrelease Using flux to resume harbor hr to reconcile after the upgrade 
     flux resume hr harbor -n bigbang --timeout 10m

Kiali - MRπŸ“œ

This release of kiali incorporates the bb-common network policy implementation. This should require no configuration changes for Big Bang users, but does expose the ability to configure network policies by way of a shorthand implementation. The documentation for this is available here.

Neuvector - MRπŸ“œ

With the change to pass-through pattern there is an additional layer required to pass values to the child package, pass values with the following pattern:

neuvector:
 values:
  upstream:
    key: value

The keys that won’t need to move are those under domain, global, networkPolicies, istio, and bbtests.

Velero - MRπŸ“œ

This release of velero migrates the chart to the passthrough pattern.

Shifting values

Values that traditionally have been used to configure the Velero chart are now available under the upstream key. The following values are now under said key: - image - nameOverride - fullnameOverride - resources - upgradeJobResources - initContainers - podSecurityContext - containerSecurityContext - metrics - kubectl - configuration - nodeAgent

These are only the values from upstream that are configured differently by Big Bang. All other Velero values are removed since they are defaults.

Plugins

Previously, the plugins value was used to initialize the which plugins to install. However, converting to the passthrough pattern makes it so the deployment configuration cannot be edited therefore making the plugins value unusable. Instead, users should use Velero’s initContainers value and define a plugin as shown below.

initContainers:
  - name: velero-plugin-for-aws
    image: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.12.1
    imagePullPolicy: IfNotPresent
    volumeMounts:
      - mountPath: /target
        name: plugins
        resources:
          requests:
            memory: 512Mi
            cpu: 100m
          limits:
            memory: 512Mi
            cpu: 100m
        securityContext:
         capabilities:
          drop:
            - ALL

Upgrades from previous releasesπŸ“œ

If coming from a version pre-3.4.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-3.4.0.

PackagesπŸ“œ

Package Type Package Version BB Version
Alloy Core v1.10.0 3.2.1-bb.1
updated Anchore Enterprise Addon 5.20.1 3.13.0-bb.0 πŸ”—
Argocd Addon v3.0.12 8.2.5-bb.0
Authservice Addon 1.0.4 1.0.4-bb.3
Backstage beta Addon 1.0.10 2.5.3-bb.1
Bbctl Core 1.5.0 2.1.0-bb.1
Eck Operator Core 3.0.0 3.0.0-bb.2
updated Elasticsearch Kibana Core Kibana: 9.0.3 Elasticsearch: 9.0.1 1.30.0-bb.5 πŸ”—
updated External Secrets Operator Addon 0.19.0 0.19.0-bb.0 πŸ”—
Fluentbit Core 4.0.5 0.50.0-bb.1
updated Fortify Addon 25.2.1.0010 1.1.2320154-bb.33 πŸ”—
Gatekeeper Core v3.19.1 3.19.1-bb.0
updated Gitlab Addon 18.2.2 9.2.2-bb.0 πŸ”—
Gitlab Runner Addon v18.2.0 0.79.1-bb.0
updated Grafana Core 12.1.0 9.3.1-bb.1 πŸ”—
Haproxy Addon v2.2.33 1.19.3-bb.10
updated Harbor Addon 2.13.2 1.17.2-bb.1 πŸ”—
updated Headlamp beta Addon 0.34.0 0.34.0-bb.0 πŸ”—
Istio Crds Core 1.26.3 1.26.3-bb.0
Istio Gateway Core 1.26.3 1.26.3-bb.0
updated Istiod Core 1.26.3 1.26.3-bb.1 πŸ”—
updated Keycloak Addon 26.1.4 7.0.1-bb.6 πŸ”—
updated Kiali Core 2.13.0 2.13.0-bb.1 πŸ”—
Kyverno Core v1.14.4 3.4.4-bb.2
Kyverno Policies Core 3.3.4 3.3.4-bb.10
Kyverno Reporter Core 3.3.3 3.3.2-bb.1
updated Loki Core 3.5.1 6.30.1-bb.4 πŸ”—
updated Mattermost Addon 10.11.1 10.11.1-bb.0 πŸ”—
updated Mattermost Operator Addon 1.25.0 1.25.0-bb.0 πŸ”—
Metrics Server Addon v0.8.0 3.12.2-bb.5
Mimir Addon 2.16.0 5.7.0-bb.3
updated Minio Addon RELEASE.2025-07-23T15-54-02Z 7.1.1-bb.8 πŸ”—
Minio Operator Addon v7.1.1 7.1.1-bb.0
updated Monitoring Core Prometheus: 3.4.2 Grafana: 12.0.2 Alertmanager: 0.28.1 75.6.1-bb.3 πŸ”—
updated Neuvector Core 5.4.4 2.8.6-bb.2 πŸ”—
Nexus Repository Manager Addon 3.82.0-08 82.0.0-bb.0
Prometheus Operator Crds Core 21.0.0 22.0.1-bb.0
Sonarqube Addon 25.1.0.102122-community 2025.1.0-bb.1
Tempo Core Tempo: 2.7.2 Tempo Query: 2.7.2 1.21.1-bb.2
Thanos Addon v0.39.2 17.2.2-bb.0
Twistlock Core 34.01.126 0.21.0-bb.2
Vault Addon 1.20.1 0.30.0-bb.12
updated Velero Addon 1.16.1 10.0.7-bb.1 πŸ”—
Wrapper Core 0.4.15 0.4.15

Changes in 3.5.0πŸ“œ

Big Bang MRsπŸ“œ

  • !6677 Remove Promtail
  • !6667 Update CA cert to Digicert in test-values.yaml

Anchore EnterpriseπŸ“œ

  • !6693: anchoreEnterprise update to 3.13.0-bb.0
  • !6669: anchoreEnterprise update to 3.10.0-bb.2 
    # Changelog Updates

## [3.13.0-bb.0] - 2025-08-13
### Changed
- Updated Anchore Enterprise chart to `3.13.0`
- Updated Anchore Enterprise tag to `5.20.1`
- Updated Anchore Enterprise UI tag to `5.20.0`
- Updated Gluon to `0.7.0`

## [3.10.0-bb.2] - 2025-08-07
### Changed
- Added additional cpu/mem resources for postgresql database (fixed Feed Update)
- Added serviceentry for Anchore Data Service
- removed virtual service & destinationrule entry for datasyncer
- removed datasyncerHosts

Elasticsearch KibanaπŸ“œ

  • !6687: elasticsearchKibana update to 1.30.0-bb.5 
    # Changelog Updates

## [1.30.0-bb.5] (2025-08-13)
### Changed
- Updated post_logout_redirect_uri value in helpers.tpl from logged_out to login

## [1.30.0-bb.4] (2025-08-12)
### Changed
- Enable an option to enable/disable the Elasticsearch Grafana dashboard configmap

External Secrets OperatorπŸ“œ

  • !6676: externalSecrets update to 0.19.0-bb.0 
    # Changelog Updates

## [0.19.0-bb.0] - 2025-08-11
### Changed
- Updated chart to 0.19.0
- registry1.dso.mil/ironbank/opensource/external-secrets/external-secrets (source) 0.18.2 -> 0.19.0

## [0.18.2-bb.2] - 2025-07-22
### Changed
- Implement pass-through pattern and added external-secrets as dependency

GitlabπŸ“œ

  • !6702: gitlab update to 9.2.2-bb.0
  • !6694: gitlab update to 9.2.1-bb.3
  • !6672: gitlab update to 9.2.1-bb.2 
    # Changelog Updates

## [9.2.2-bb.0] (2025-08-15)
### Changed
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 18.2.1 -> 18.2.2
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 18.2.1 -> 18.2.2

## [9.2.1-bb.3] (2025-08-14)
### Changed
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.74.0 -> v1.75.0
- registry1.dso.mil/ironbank/bitnami/redis 8.0.3 -> 8.2.0

## [9.2.1-bb.2] (2025-08-07)
### Changed
- add istio auth policy for redis metrics
- change gitlab exporter to explictly listen on 0.0.0.0 in values.yaml

GrafanaπŸ“œ

  • !6716: grafana update to 9.3.1-bb.1
  • !6670: grafana update to 9.3.1-bb.0 
    # Changelog Updates

## [9.3.1-bb.1] (2025-08-20)
### Changed
- Fixed issue with Prometheus / Remote-Write dashboard not populating in Grafana.

## [9.3.1-bb.0] (2025-08-04)
### Added
- Added `templates/bigbang/_helpers.tpl` to ensure backwards compatibility with the values in the `kube-prometheus-stack` dashboards.
### Changed
- Updated to latest [kube-prometheus stack dashboards](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14)
- Moved `.Values` related to kube-prometheus-stack dashboards under .Values.grafana for backwards compatibility, and moved them into their own section within `values.yaml` for transparency
- gluon updated from 0.6.3 to 0.7.0
- grafana updated from 9.2.10 to 9.3.1
- registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins updated from 12.0.2 to 12.1.0
- registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar updated from 1.30.6 to 1.30.7
- registry1.dso.mil/ironbank/opensource/grafana/grafana-image-renderer updated from 3.12.9 to v4.0.10

HarborπŸ“œ

  • !6696: harbor update to 1.17.2-bb.1
  • !6688: harbor update to 1.17.2-bb.0
  • !6683: PostRender patch for Harbor registry service
  • !6654: SKIP UPGRADE harbor update to 1.17.1-bb.4 
    # Changelog Updates

## [1.17.2-bb.1] (2025-08-15)
### Changed
- postgresql 16.7.21 -> 16.7.26
- registry1.dso.mil/ironbank/opensource/nginx/nginx 1.29.0 -> 1.29.1
- registry1.dso.mil/ironbank/bitnami/redis 8.0.3 -> 8.2.0
- ironbank/bitnami/redis 8.0.3 -> 8.2.0

## [1.17.2-bb.0] (2025-08-13)
### Changed
- Updated Harbor chart version 1.17.1 -> 1.17.2

## [1.17.1-bb.5] (2025-08-06)
### Changed
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-core v2.13.1 -> v2.13.2
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-exporter v2.13.1 -> v2.13.2
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-jobservice v2.13.1 -> v2.13.2
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-portal v2.13.1 -> v2.13.2
- registry1.dso.mil/ironbank/opensource/goharbor/harbor-registryctl v2.13.1 -> v2.13.2
- registry1.dso.mil/ironbank/opensource/goharbor/registry v2.13.1 -> v2.13.2
- registry1.dso.mil/ironbank/opensource/goharbor/trivy-adapter v2.13.1 -> v2.13.2

## [1.17.1-bb.4] (2025-07-24)
### Changed
- Harbor chart conversion to passthrough

HeadlampπŸ“œ

  • !6661: headlamp update to 0.34.0-bb.0 
    # Changelog Updates

## [0.34.0-bb.0] (2025-08-04)
### Updated
- registry1.dso.mil/ironbank/opensource/headlamp-k8s/headlamp (source) v0.33.0 -> v0.34.0

IstiodπŸ“œ

  • !6689: istiod update to 1.26.3-bb.1 
    # Changelog Updates

## [1.26.3-bb.1] (2025-08-13)
### Changed
- Integrated bb-common and updated network policies accordingly
- Added helm unittests for additional templates we add

KeycloakπŸ“œ

  • !6678: keycloak update to 7.0.1-bb.6 
    # Changelog Updates

## [7.0.1-bb.6] - 2025-08-11
### Changed
- Add inbound port exclusion for Keycloak metrics scraping

KialiπŸ“œ

  • !6679: kiali update to 2.13.0-bb.1
  • !6671: kiali update to 2.12.0-bb.2 
    # Changelog Updates

## [2.13.0-bb.1] - 2025-08-13
### Changed
- Corrected image tag in values.yaml

## [2.13.0-bb.0] - 2025-08-11
### Updated
- Updated Kiali and Kiali-Operator from 2.12.0 to 2.13.0

## [2.12.0-bb.2] - 2025-08-04
### Updated
- Updated bb-common to 0.4.0
- Updated values schema to match bb-common 0.4.0
- Updated wait.sh condition

LokiπŸ“œ

  • !6682: loki update to 6.30.1-bb.4 
    # Changelog Updates

## [6.30.1-bb.4] (2025-08-12)
### Changed
- Removed Promtail Authorization and Network Policies, and YAML key to enable them.

MattermostπŸ“œ

  • !6705: mattermost update to 10.11.1-bb.0
  • !6697: mattermost update to 10.10.1-bb.2 
    # Changelog Updates

## [10.11.1-bb.0] (2025-08-19)
### Changed
- gluon updated from 0.7.0 to 0.8.0
- Updated registry1.dso.mil/ironbank/opensource/mattermost/mattermost `10.10.1` -> `10.11.1`
- Updated registry1.dso.mil/ironbank/opensource/postgres/postgresql `17.5` -> `17.6`

## [10.10.1-bb.2] (2025-08-15)
### Changed
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl `v1.32.7` -> `v1.32.8`

Mattermost OperatorπŸ“œ

  • !6674: mattermostOperator update to 1.25.0-bb.0 
    # Changelog Updates

## [1.25.0-bb.0] (2025-08-06)
### Changed
- registry1.dso.mil/ironbank/opensource/mattermost/mattermost-operator (source) v1.24.0 -> v1.25.0
- registry1.dso.mil/ironbank/opensource/mattermost/mattermost-operator (source) 1.24.0 -> 1.25.0

MinioπŸ“œ

  • !6699: minio update to 7.1.1-bb.8
  • !6681: minio update to 7.1.1-bb.7 
    # Changelog Updates

## [7.1.1-bb.8] - 2025-08-15
### Updated
- update the test-write.sh script to fail fast and a few other re-factorings

## [7.1.1-bb.7] - 2025-07-31
### Updated
- ironbank/opensource/minio/minio (source) RELEASE.2025-07-18T21-56-31Z -> RELEASE.2025-07-23T15-54-02Z

MonitoringπŸ“œ

  • !6700: monitoring update to 75.6.1-bb.3 
    # Changelog Updates

## [75.6.1-bb.3] (2025-08-18)
### Changed
- Only deploy VirtualService if component(Prometheus/Alertmanager) is enabled

NeuvectorπŸ“œ

  • !6658: neuvector update to 2.8.6-bb.2 
    # Changelog Updates

## [2.8.6-bb.2] (2025-06-11)
### Changed
- Refactored chart to follow pass-through pattern.
- Updated gluon subchart v0.5.19 -> v0.6.2

VeleroπŸ“œ

  • !6663: Velero passthrough 
    # Changelog Updates

## [10.0.7-bb.1] - 2025-07-31
### Changed
- Converted chart to use pass-through method

Known IssuesπŸ“œ

  • bbctl Dashboards
  • CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
  • bbctl-violations-dashboard / bbctl-all-logs-dashboard(Violations Logs)
    • These items will not populate if you have too large of a kubernets cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the bbctl violations command to obtain the data.
  • Headlamp
  • An issue with the flux plugin being able to load certain menu items has been identified. This appears to be an issue with the javascript code used to create the plugin.
    • Menu items having an issue:
    • Kustomizations
    • HelmReleases
    • ImageAutomations
    • Notifications
  • Attempting to login using OIDC will create a login ‘loop’. See upstream issue for further information.
  • Prometheus Target Scraping
Package Target Issue
Vault N/A ISSUE

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

FutureπŸ“œ

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.