Release Notes - 3.7.0📜
Please see our documentation page for more information on how to consume and deploy BigBang.\ This release was primarily tested on Kubernetes 1.33.3 (EKS).
Upgrade Notices📜
BigBang - MR📜
The new property passBigBangValues has been added to package configuration, providing explicit control over whether Big Bang values are included for sub-charts. Previously, Big Bang values were only added when using Helm, with no option to disable this behavior. Now, Big Bang values are included by default for both Helm and Kustomize workflows, and you can disable their inclusion by setting passBigBangValues: false. The kustomize property continues to control the formatting of values for either Kustomize or Helm.
Loki - MR📜
Loki Distributed Mode Support: By popular demand, we have added limited support for the microservice deployment strategy for Grafana Loki. Note that this strategy mode has limited, experimental support from Big Bang, and this mode is not currently part of our regular testing model.
To enable this experimental feature, set .Values.loki.values.experimentalMode.enabled=true.
Minio must also be enabled, or some cloud-supported storage configured.
For example:
loki:
strategy: distributed
values:
minio:
enabled: true
experimentalMode:
enabled: true
Upgrades from previous releases📜
If coming from a version pre-3.6.1, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-3.6.1.
Packages📜
| Package | Type | Package Version | BB Version |
|---|---|---|---|
| Alloy | Core | v1.10.0 |
3.2.1-bb.1 |
 Anchore Enterprise |
Addon | 5.20.2 |
3.14.2-bb.0 🔗 |
| Argocd | Addon | v3.1.3 |
8.3.4-bb.1 |
| Authservice | Addon | 1.0.4 |
1.0.4-bb.4 |
Backstage  |
Addon | 1.0.10 |
2.5.3-bb.1 |
| Bbctl | Core | 1.5.0 |
2.1.0-bb.1 |
| Eck Operator |
Core | 3.1.0 |
3.1.0-bb.0 🔗 |
| Elasticsearch Kibana |
Core | Kibana: 9.1.0 Elasticsearch: 9.1.1 |
1.30.0-bb.8 🔗 |
| External Secrets Operator | Addon | 0.19.2 |
0.19.2-bb.0 |
| Fluentbit | Core | 4.0.8 |
0.52.0-bb.0 |
| Fortify | Addon | 25.2.1.0010 |
1.1.2320154-bb.33 |
| Gatekeeper | Core | v3.19.1 |
3.19.1-bb.0 |
| Gitlab | Addon | 18.3.0 |
9.3.0-bb.0 |
| Gitlab Runner |
Addon | v18.2.0 |
0.79.1-bb.2 🔗 |
| Grafana | Core | 12.1.0 |
9.3.1-bb.1 |
| Haproxy | Addon | v2.2.33 |
1.19.3-bb.10 |
| Harbor | Addon | 2.13.2 |
1.17.2-bb.2 |
| Headlamp |
Addon | 0.34.0 |
0.34.0-bb.3 🔗 |
| Istio Cni | Core | 1.27.0 |
1.27.0-bb.0 |
| Istio Crds | Core | 1.27.0 |
1.27.0-bb.0 |
| Istio Gateway | Core | 1.27.0 |
1.27.0-bb.0 |
| Istiod | Core | 1.27.0 |
1.27.0-bb.0 |
| Keycloak | Addon | 26.1.4 |
7.0.1-bb.6 |
| Kiali |
Core | 2.15.0 |
2.15.0-bb.0 🔗 |
| Kyverno |
Core | v1.15.1 |
3.5.1-bb.0 🔗 |
| Kyverno Policies |
Core | 3.3.4 |
3.3.4-bb.13 🔗 |
| Kyverno Reporter |
Core | 3.4.2 |
3.4.2-bb.0 🔗 |
| Loki |
Core | 3.5.1 |
6.30.1-bb.5 🔗 |
| Mattermost | Addon | 10.11.2 |
10.11.2-bb.0 |
| Mattermost Operator | Addon | 1.25.0 |
1.25.0-bb.0 |
| Metrics Server | Addon | v0.8.0 |
3.13.0-bb.0 |
| Mimir | Addon | 2.17.0 |
5.7.0-bb.4 |
| Minio | Addon | RELEASE.2025-07-23T15-54-02Z |
7.1.1-bb.8 |
| Minio Operator | Addon | v7.1.1 |
7.1.1-bb.0 |
| Monitoring | Core | Prometheus: 3.4.2 Grafana: 12.0.2 Alertmanager: 0.28.1 |
75.6.1-bb.5 |
| Neuvector |
Core | 5.4.6 |
2.8.8-bb.0 🔗 |
| Nexus Repository Manager |
Addon | 3.83.1-03 |
83.0.0-bb.0 🔗 |
| Prometheus Operator Crds |
Core | 21.0.0 |
23.0.0-bb.0 🔗 |
| Sonarqube | Addon | 25.1.0.102122-community |
2025.1.0-bb.1 |
| Tempo | Core | Tempo: 2.7.2 Tempo Query: 2.7.2 |
1.21.1-bb.2 |
| Thanos | Addon | v0.39.2 |
17.2.2-bb.0 |
| Twistlock |
Core | 34.02.133 |
0.23.0-bb.0 🔗 |
| Vault | Addon | 1.20.1 |
0.30.0-bb.12 |
| Velero | Addon | 1.16.1 |
10.0.7-bb.1 |
| Wrapper | Core | 0.4.15 |
0.4.15 |
Changes in 3.7.0📜
Big Bang MRs📜
- !6824 fix(monitoring): enable correct netpols for alertmanager SSO
- !6821 Updated definition for kubeapi
- !6800 Revert “Merge branch ‘2858-update-kyverno-policies-to-allow-minio-wait-jobs’ into ‘master’“
- !6796 Resolve “Additional data present in wrapper namespace pkg-value secrets”
- !6779 Resolve “Add updated twistlock exception for gluon upgrade”
- !6777 adding the Feedback section to the readme
- !6774 update flux renovate issue description
- !6765 Remove logic for operatorless Istio migration
- !6763 Resolve “Update kyverno policies to allow minio wait jobs”
- !6753 Fix Kiali Status Error for Istiod
Anchore Enterprise📜
- !6805: anchoreEnterprise update to 3.14.2-bb.0
# Changelog Updates ## [3.14.2-bb.0] - 2025-09-10 ### Changed - Updated Anchore Enterprise chart to `3.14.2` - registry1.dso.mil/ironbank/anchore/enterprise/enterprise 5.20.1 -> 5.20.2 - Updated Gluon from '0.7.0' to `0.9.0`
Eck Operator📜
- !6771: eckOperator update to 3.1.0-bb.0
# Changelog Updates ## [3.1.0-bb.0] (2025-08-27) ### Changed - eck-operator updated from 3.0.0 to 3.1.0
Elasticsearch Kibana📜
- !6786: elasticsearchKibana update to 1.30.0-bb.8
# Changelog Updates ## [1.30.0-bb.8] (2025-09-03) ### Added - Ability to add in config values to replace default config values for the Kibana resource from values.yaml
Gitlab Runner📜
- !6724: gitlabRunner update to 0.79.1-bb.2
# Changelog Updates ## [0.79.1-bb.2] (2025-08-22) ### Changed - gluon 0.7.0 -> 0.8.2 -
Headlamp📜
- !6776: headlamp update to 0.34.0-bb.3
# Changelog Updates ## [0.34.0-BB.3] (2025-09-03) ### Added - Added config-reloader image to chart ## [0.34.0-bb.2] (2025-08-27) ### Changed - Updated gluon 0.7.0 -> 0.8.4 - Updated ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.84.0 -> v0.85.0 - Updated ironbank/opensource/kubernetes/kubectl (source) v1.32.7 -> v1.33.4
Kiali📜
- !6783: kiali update to 2.15.0-bb.0
# Changelog Updates ## [2.15.0-bb.0] - 2025-09-03 ### Updated - Updated Kiali and Kiali-Operator from 2.14.0 to 2.15.0
Kyverno📜
- !6773: kyverno update to 3.5.1-bb.0
# Changelog Updates ## [3.5.1-bb.0] - 2025-09-01 ### Removed - Updated app version from `3.4.4-bb.3` to `3.5.1-bb.0` - Updated `background-controller`, `cleanup-controller`, `reports-controller`, `kyverno`, `kyvernocli`, `kyvernopre` from `v1.14.4` to `v1.15.1` - Removed value key under automountservicetoken value to be just a boolean - Shifted values so that bigbang values are on top to match with pass-through ADR
Kyverno Policies📜
- !6810: kyvernoPolicies update to 3.3.4-bb.13
# Changelog Updates ## [3.3.4-bb.13] (2025-09-10) ### Changed - gluon updated from 0.8.4 to 0.9.0 - kubectl updated from v1.32.8 to v1.33.4
Kyverno Reporter📜
- !6802: kyvernoReporter update to 3.4.2-bb.0
# Changelog Updates ## [3.4.2-bb.0] (2025-09-09) ### Changed - registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter v3.4.0 -> v3.4.2 - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.32.8 -> v1.33.4 - Updated policy-reporter subchart 3.4.0 -> 3.4.2 - Update gluon v0.7.0 -> v0.9.0
Loki📜
- !6791: loki update to 6.30.1-bb.5
# Changelog Updates ## [6.30.1-bb.5] (2025-08-29) ### Added - Added support minimums for loki distributed deployment mode. Review `docs/overview.md` for additional information. - Added option to disable helm validation checks that prevent deployment configurations using `.Values.experimentalMode.enabled=true` - NOTE: Disabling validations may result in unsupported configurations that could cause deployment issues
Neuvector📜
- !6807: neuvector update to 2.8.8-bb.0
# Changelog Updates ## [2.8.8-bb.0] (2025-09-05) ### Changed - registry1.dso.mil/ironbank/neuvector/neuvector/controller 5.4.5 -> 5.4.6 - registry1.dso.mil/ironbank/neuvector/neuvector/enforcer 5.4.5 -> 5.4.6 - registry1.dso.mil/ironbank/neuvector/neuvector/manager 5.4.5 -> 5.4.6 - registry1.dso.mil/ironbank/opensource/neuvector/registry-adapter 0.1.8 -> 0.1.9 - Updated gluon subchart v0.6.2 -> v0.9.0
Nexus Repository Manager📜
- !6756: nexusRepositoryManager update to 83.0.0-bb.0
# Changelog Updates ## [83.0.0-bb.0] - 2025-08-25 ### Changed - Changed chart version to 83.0.0-bb.0 which is taken from the minor version of the app version 3.83.1-03 ## [82.0.0-bb.1] - 2025-08-25 ### Changed - Updated Gluon 0.7.0 -> 0.8.2 - ironbank/sonatype/nexus/nexus (source) 3.82.0-08 -> 3.83.1-03 - registry1.dso.mil/ironbank/sonatype/nexus/nexus (source) 3.82.0-08 -> 3.83.1-03
Prometheus Operator Crds📜
- !6792: prometheusOperatorCRDs update to 23.0.0-bb.0
# Changelog Updates ## [23.0.0-bb.0] (2025-08-23) ### Changed - prometheus-operator-crds updated from 22.0.1 to 23.0.0
Twistlock📜
- !6785: twistlock update to 0.23.0-bb.0
# Changelog Updates ## [0.23.0-bb.0] (2025-08-26) ### Changed - gluon updated from 0.8.0 to 0.8.4 - Updated ironbank/opensource/kubernetes/kubectl v1.32.8 -> v1.33.4 - Updated ironbank/twistlock/console/console 34.01.132 -> 34.02.133 - Updated ironbank/twistlock/defender/defender 34.01.132 -> 34.02.133 - Added collect_pod_labels and set it to true values the yaml - Added collect_pod_resource_labels and set it to true values the yaml
Known Issues📜
- bbctl Dashboards
- CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
- bbctl-violations-dashboard / bbctl-all-logs-dashboard(Violations Logs)
- These items will not populate if you have too large of a kubernets cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the
bbctl violationscommand to obtain the data.
- These items will not populate if you have too large of a kubernets cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the
- Headlamp
- An issue with the flux plugin being able to load certain menu items has been identified. This appears to be an issue with the javascript code used to create the plugin.
- Menu items having an issue:
- Kustomizations
- HelmReleases
- ImageAutomations
- Notifications
- Attempting to login using OIDC will create a login ‘loop’. See upstream issue for further information.
- Prometheus Target Scraping
| Package | Target | Issue |
|---|---|---|
| Vault | N/A | ISSUE |
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Mattermost channel
- Join our Slack
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.