Release Notes - 3.6.0π
Please see our documentation page for more information on how to consume and deploy BigBang.\ This release was primarily tested on Kubernetes 1.33.3 (EKS).
Upgrade Noticesπ
BigBang - MRπ
Flux components have been upgraded. Please ensure you update your flux installation.
BigBang - MRπ
If you are enabling the istio-cni in an existing environment all workloads will need to be restarted to ensure they are using it. The following command can be used to accomplish this:
for ns in $(kubectl get ns -o jsonpath='{.items[*].metadata.name}'); do
for kind in deploy daemonset statefulset; do
kubectl get "${kind}" -n "${ns}" -o name | xargs -I {} kubectl rollout restart {} -n "${ns}"
done
done
Authservice - MRπ
Authserviceβs Redis dependency has been converted to the passthrough pattern. If you are using custom Redis overrides with autherservice, you will need to update your configuration paths:
Previous path: addons.authservice.values.redis-bb.<custom-values>
New Path: addons.authservice.values.redis-bb.upstream.<custom-values>
Kyverno Policies - MRπ
The disallow-deprecated-apis Kyverno Policy is now enabled and set to Audit mode. Please, monitor your logs for any policy violations and work to address them. Using deprecated apis poses a security risk to your cluster. The policy will be changed to Enforce after the next two Big Bang releases. For more information on deprecated apis, you can visit this page: https://kubernetes.io/docs/reference/using-api/deprecation-guide/
Upgrades from previous releasesπ
If coming from a version pre-3.5.2, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-3.5.2.
Packagesπ
| Package | Type | Package Version | BB Version |
|---|---|---|---|
| Alloy | Core | v1.10.0 |
3.2.1-bb.1 |
| Anchore Enterprise | Addon | 5.20.1 |
3.13.0-bb.0 |
 Argocd |
Addon | v3.0.12 |
8.2.5-bb.1 π |
| Authservice |
Addon | 1.0.4 |
1.0.4-bb.4 π |
Backstage  |
Addon | 1.0.10 |
2.5.3-bb.1 |
| Bbctl | Core | 1.5.0 |
2.1.0-bb.1 |
| Eck Operator | Core | 3.0.0 |
3.0.0-bb.2 |
| Elasticsearch Kibana |
Core | Kibana: 9.1.0 Elasticsearch: 9.1.1 |
1.30.0-bb.7 π |
| External Secrets Operator |
Addon | 0.19.2 |
0.19.2-bb.0 π |
| Fluentbit |
Core | 4.0.8 |
0.52.0-bb.0 π |
| Fortify | Addon | 25.2.1.0010 |
1.1.2320154-bb.33 |
| Gatekeeper | Core | v3.19.1 |
3.19.1-bb.0 |
| Gitlab |
Addon | 18.3.0 |
9.3.0-bb.0 π |
| Gitlab Runner |
Addon | v18.2.0 |
0.79.1-bb.1 π |
| Grafana | Core | 12.1.0 |
9.3.1-bb.1 |
| Haproxy | Addon | v2.2.33 |
1.19.3-bb.10 |
| Harbor |
Addon | 2.13.2 |
1.17.2-bb.2 π |
| Headlamp |
Addon | 0.34.0 |
0.34.0-bb.1 π |
| Istio Cni | Core | 1.27.0 |
1.27.0-bb.0 |
| Istio Crds |
Core | 1.27.0 |
1.27.0-bb.0 π |
| Istio Gateway |
Core | 1.27.0 |
1.27.0-bb.0 π |
| Istiod |
Core | 1.27.0 |
1.27.0-bb.0 π |
| Keycloak | Addon | 26.1.4 |
7.0.1-bb.6 |
| Kiali |
Core | 2.14.0 |
2.14.0-bb.0 π |
| Kyverno |
Core | v1.14.4 |
3.4.4-bb.3 π |
| Kyverno Policies |
Core | 3.3.4 |
3.3.4-bb.12 π |
| Kyverno Reporter |
Core | 3.4.0 |
3.4.0-bb.0 π |
| Loki | Core | 3.5.1 |
6.30.1-bb.4 |
| Mattermost |
Addon | 10.11.2 |
10.11.2-bb.0 π |
| Mattermost Operator | Addon | 1.25.0 |
1.25.0-bb.0 |
| Metrics Server |
Addon | v0.8.0 |
3.13.0-bb.0 π |
| Mimir |
Addon | 2.17.0 |
5.7.0-bb.4 π |
| Minio | Addon | RELEASE.2025-07-23T15-54-02Z |
7.1.1-bb.8 |
| Minio Operator | Addon | v7.1.1 |
7.1.1-bb.0 |
| Monitoring |
Core | Prometheus: 3.4.2 Grafana: 12.0.2 Alertmanager: 0.28.1 |
75.6.1-bb.4 π |
| Neuvector |
Core | 5.4.5 |
2.8.7-bb.1 π |
| Nexus Repository Manager | Addon | 3.82.0-08 |
82.0.0-bb.0 |
| Prometheus Operator Crds | Core | 21.0.0 |
22.0.1-bb.0 |
| Sonarqube | Addon | 25.1.0.102122-community |
2025.1.0-bb.1 |
| Tempo | Core | Tempo: 2.7.2 Tempo Query: 2.7.2 |
1.21.1-bb.2 |
| Thanos | Addon | v0.39.2 |
17.2.2-bb.0 |
| Twistlock |
Core | 34.01.132 |
0.22.0-bb.1 π |
| Vault | Addon | 1.20.1 |
0.30.0-bb.12 |
| Velero | Addon | 1.16.1 |
10.0.7-bb.1 |
| Wrapper | Core | 0.4.15 |
0.4.15 |
Changes in 3.6.0π
Big Bang MRsπ
- !6752 forgot to update the components on last upgrade
- !6744 Docs Update for Istio CNI
- !6741 Refactor neuvector logic to use existing password if it exists
- !6736 Resolve “Create Templates for Istio-CNI”
- !6729 Resolve “Leverage (or delete) the common key in values secrets”
- !6718 Fix secret private-registry already exists
- !6711 fix indentation on keycloak user defined postrenderers
Argocdπ
- 6745: argocd update to 8.2.5-bb.1
# Changelog Updates
## [8.2.5-bb.1] (2025-08-29)
### Changed
- Updated default values to match subchart setup
Authserviceπ
- !6732: authservice update to 1.0.4-bb.4
# Changelog Updates ## [1.0.4-bb.4] (2025-08-25) ### Changed - Redis updated from 20.13.2 to 22.0.4 - Redis values updated to align with passthrough pattern.
Elasticsearch Kibanaπ
- !6730: elasticsearchKibana update to 1.30.0-bb.7
- !6723: elasticsearchKibana update to 1.30.0-bb.6
# Changelog Updates ## [1.30.0-bb.7] (2025-08-22) ### Added - Ability to add in config values for the Elasticsearch nodes (ingest,ml,data,master,coordinating) ## [1.30.0-bb.6] (2025-08-21) ### Changed - registry1.dso.mil/ironbank/elastic/kibana/kibana updated from 9.0.3 to 9.1.0 - registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch updated from 9.0.1 to 9.1.1
External Secrets Operatorπ
- !6706: externalSecrets update to 0.19.2-bb.0
# Changelog Updates ## [0.19.2-bb.0] - 2025-08-19 ### Changed - Updated chart to 0.19.2 - registry1.dso.mil/ironbank/opensource/external-secrets/external-secrets (source) 0.19.0 -> 0.19.2 - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) v1.32.7 -> v1.32.8
Fluentbitπ
- !6722: fluentbit update to 0.52.0-bb.0
# Changelog Updates ## [0.52.0-bb.0] (2025-08-19) ### Changed - fluent-bit updated from 0.50.0 to 0.52.0 - gluon updated from 0.7.0 to 0.8.0 - registry1.dso.mil/ironbank/opensource/fluent/fluent-bit updated from 4.0.5 to 4.0.8
Gitlabπ
- !6743: gitlab update to 9.3.0-bb.0
# Changelog Updates ## [9.3.0-bb.0] (2025-08-24) ### Changed - registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.75.0 -> v1.76.0 - registry1.dso.mil/ironbank/gitlab/gitlab/certificates 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 18.2.2 -> 18.3.0 - registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 18.2.2 -> 18.3.0
Gitlab Runnerπ
- !6710: gitlabRunner update to 0.79.1-bb.1
# Changelog Updates ## [0.79.1-bb.1] (2025-08-19) ### Changed - Removing default upstream values from values.yaml file
Harborπ
- !6731: harbor update to 1.17.2-bb.2
# Changelog Updates ## [1.17.2-bb.2] (2025-08-21) ### Changed - gluon 0.7.0 -> 0.8.2 - registry1.dso.mil/ironbank/opensource/postgres/postgresql 17.5 -> 17.6
Headlampπ
- !6717: headlamp update to 0.34.0-bb.1
# Changelog Updates ## [0.34.0-bb.1] (2025-08-06) ### Updated - Converted chart to passthrough pattern
Istio Crdsπ
- !6714: istio-CRDs, Istiod, and Istio-gateway update to 1.27.0-bb.0
# Changelog Updates ## [1.27.0-bb.0] (2025-08-15) ### Changed - base updated from 1.26.3 to 1.27.0
Istio Gatewayπ
- !6714: istio-CRDs, Istiod, and Istio-gateway update to 1.27.0-bb.0
# Changelog Updates ## [1.27.0-bb.0] (2025-08-15) ### Changed - gateway updated from 1.26.3 to 1.27.0 - ironbank/opensource/istio/proxyv2 updated from 1.26.3 to 1.27.0
Istiodπ
- !6714: istio-CRDs, Istiod, and Istio-gateway update to 1.27.0-bb.0
# Changelog Updates ## [1.27.0-bb.0] (2025-08-15) ### Changed - istiod updated from 1.26.3 to 1.27.0 - ironbank/opensource/istio/pilot updated from 1.26.3 to 1.27.0 - ironbank/opensource/istio/proxyv2 updated from 1.26.3 to 1.27.0
Kialiπ
- !6720: kiali update to 2.14.0-bb.0
- !6698: kiali update to 2.13.0-bb.2
# Changelog Updates ## [2.14.0-bb.0] - 2025-08-18 ### Updated - Updated Kiali and Kiali-Operator from 2.13.0 to 2.14.0 ## [2.13.0-bb.2] - 2025-08-14 ### Changed - Updated bb-common to 0.5.1 to fix istio sidecar metrics
Kyvernoπ
- !6703: kyverno update to 3.4.4-bb.3
# Changelog Updates ## [3.4.4-bb.3] - 2025-08-19 ### Removed - Removed promtail from test/test-values.yaml
Kyverno Policiesπ
- !6735: kyvernoPolicies update to 3.3.4-bb.12
- !6719: kyvernoPolicies update to 3.3.4-bb.11
# Changelog Updates ## [3.3.4-bb.12] (2025-08-20) ### Changed - gluon updated from 0.6.2 to 0.7.0 - kubectl updated from v1.32.5 to v1.32.8 - updated sha256 for ubi9-minimal image ## [3.3.4-bb.11] (2025-08-14) ### Changed - adding disallow-deprecated-apis policy
Kyverno Reporterπ
- !6725: kyvernoReporter update to 3.4.0-bb.0
- !6704: kyvernoReporter update to 3.3.2-bb.3
- !6701: kyvernoReporter update to 3.3.2-bb.2
# Changelog Updates ## [3.4.0-bb.0] (2025-08-20) ### Changed - registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter v3.3.3 -> v3.4.0 - registry1.dso.mil/ironbank/nirmata/policy-reporter/policy-reporter-ui v2.4.1 -> v2.4.2 - Updated policy-reporter subchart 3.3.2 -> 3.4.0 - Update gluon v0.6.2 -> v0.7.0 ## [3.3.2-bb.3] (2025-08-18) ### Changed - Changed Istio hardened enabled from true to false ## [3.3.2-bb.2] (2025-08-18) ### Changed - Update allow-ui-to-policy-reporter-port authpolicy to include upstream.ui.enabled - Changed Istio hardened enabled from true to false
Mattermostπ
- !6737: mattermost update to 10.11.2-bb.0
# Changelog Updates ## [10.11.2-bb.0] (2025-08-26) ### Changed - gluon updated from 0.8.0 to 0.8.4 - Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) `v1.32.8` -> `v1.33.4` - Updated registry1.dso.mil/ironbank/opensource/mattermost/mattermost (source) `10.11.1` -> `10.11.2`
Metrics Serverπ
- !6738: metricsServer update to 3.13.0-bb.0
# Changelog Updates ## [3.13.0-bb.0] (2025-07-22) ### Changed - metrics-server updated from 3.12.2 to 3.13.0 - gluon 0.6.3 -> 0.7.0 - metrics-server 3.12.2 -> 3.13.0
Mimirπ
- !6726: mimir update to 5.7.0-bb.4
# Changelog Updates ## [5.7.0-bb.4] (2025-07-10) ### Changed - gluon updated from 0.6.2 to 0.8.0 - minio updated from 7.0.0-bb.4 to 7.1.1-bb.8 - registry1.dso.mil/ironbank/opensource/grafana/rollout-operator updated from v0.27.0 to v0.28.0 - registry1.dso.mil/ironbank/opensource/nginx/nginx updated from 1.28.0 to 1.29.1 - registry1.dso.mil/ironbank/opensource/memcached/memcached updated from v1.6.38 to v1.6.39 - registry1.dso.mil/ironbank/opensource/grafana/mimir updated from 2.16.0 to 2.17.0 - registry1.dso.mil/ironbank/opensource/grafana/enterprise-metrics updated from 2.16.0 to 2.17.0
Monitoringπ
- !6727: monitoring update to 75.6.1-bb.4
# Changelog Updates ## [75.6.1-bb.4] (2025-08-18) ### Changed - Refactored monitoring to use bb-common netpol implementation
Neuvectorπ
- !6740: neuvector update to 2.8.7-bb.1
# Changelog Updates ## [2.8.7-bb.1] (2025-08-27) ### Changed - Cleaned up README.md ## [2.8.7-bb.0] (2025-08-01) ### Changed - registry1.dso.mil/ironbank/neuvector/neuvector/controller 5.4.4 -> 5.4.5 - registry1.dso.mil/ironbank/neuvector/neuvector/enforcer 5.4.4 -> 5.4.5 - registry1.dso.mil/ironbank/neuvector/neuvector/manager 5.4.4 -> 5.4.5
Twistlockπ
- !6709: twistlock update to 0.22.0-bb.1
# Changelog Updates ## [0.22.0-bb.1] (2025-08-19) ### Changed - gluon updated from 0.7.0 to 0.8.0 ## [0.22.0-bb.0] (2025-07-29) ### Changed - gluon updated from 0.6.2 to 0.7.0 - ironbank/opensource/kubernetes/kubectl updated from v1.32.5 to v1.32.7 - ironbank/twistlock/console/console updated from 34.01.126 to 34.01.132 - ironbank/twistlock/defender/defender updated from 34.01.126 to 34.01.132
Known Issuesπ
- bbctl Dashboards
- CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
- bbctl-violations-dashboard / bbctl-all-logs-dashboard(Violations Logs)
- These items will not populate if you have too large of a kubernets cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the
bbctl violationscommand to obtain the data.
- These items will not populate if you have too large of a kubernets cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the
- kiali
- There is status error displayed for Istiod under the Kiali dashboard status dropdown.
- Issue is open here
- Headlamp
- An issue with the flux plugin being able to load certain menu items has been identified. This appears to be an issue with the javascript code used to create the plugin.
- Menu items having an issue:
- Kustomizations
- HelmReleases
- ImageAutomations
- Notifications
- Attempting to login using OIDC will create a login ‘loop’. See upstream issue for further information.
- Prometheus Target Scraping
| Package | Target | Issue |
|---|---|---|
| Vault | N/A | ISSUE |
Helpful Linksπ
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Mattermost channel
- Join our Slack
- Check out the documentation for guidance on how to get started
Futureπ
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.