UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Select Git revision
  • all-packages-test
  • master default protected
  • update-kyverno-reporter-tag-3.0.3-bb.0
  • test-only-kyverno-reporter-303
  • fortify-dynamic-network-policy-148
  • fluentbit-renovate-testing-20250321
  • alloy-istio-servicemonitor
  • vault-test
  • update-kyverno-policies-tag-3.3.4-bb.6
  • update-alloy-tag-2.0.16-bb.1
  • alloy-log-kyverno-exceptions
  • release-2.49.x protected
  • 2566-gateway-api-exploration
  • update-policy-tag-3.18.2-bb.3
  • update-neuvector-tag-2.8.5-bb.0
  • ioc
  • update-mimir-tag-5.5.1-bb.9
  • update_velero_egress_to_be_dynamic
  • update-policy-tag-3.18.2-bb.2
  • update-kyverno-policies-tag-3.3.4-bb.5
  • 2.49.0-rc.1 protected
  • 2.49.0-rc.0 protected
  • 2.48.0 protected
  • 2.48.0-rc.4 protected
  • 2.48.0-rc.3 protected
  • 2.48.0-rc.2 protected
  • 2.48.0-rc.1 protected
  • 2.47.0 protected
  • 2.47.0-rc.2 protected
  • 2.47.0-rc.1 protected
  • 2.47.0-rc.0 protected
  • 2.46.0 protected
  • 2.46.0-rc.0 protected
  • 2.45.1 protected
  • 2.45.1-rc.0 protected
  • 2.45.0 protected
  • 2.45.0-rc.0 protected
  • 2.44.0 protected
  • 2.44.0-rc.0 protected
  • 2.43.0 protected
40 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
To find the state of this project's repository at the time of any of these versions, check out the tags.
CHANGELOG.md 13.52 KiB

Big Bang Release Notes

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.5.0]

Upgrade Notice

This update includes several additions to fluent-bit which are recommended for production environments to increase reliability of log ingestion to the ECK stack.

This is mainly accomplished within fluent-bit by introducing a filesystem storage buffer interacting with a new hostPath volume in fluent-bit containers. By default, this is mounted to nodes at /var/log/flb-storage/, however it can be updated in the package's values in 3 places:

storage_buffer:
  path: /var/log/flb-storage/

extraVolumes:
  - hostPath:
      path: /var/log/flb-storage/
      type: DirectoryOrCreate
    name: flb-storage

extraVolumeMounts:
  - mountPath: /var/log/flb-storage/
    name: flb-storage
  • !386: Updated Fluentbit to 1.7.2 which fixes #335 (closed).
  • !356: Enabled flux monitoring via Prometheus/Grafana in Monitoring package.
  • !380: Fixed eckoperator.enabled conditional.
  • Added and Documented Affinity support.

[1.4.0]

Upgrade Notice

This update includes updated EnvoyFilters for authservice to fix #65 (closed) and is a component of a future upgrade to istio 1.8 (#191 (closed)).

After upgrading BigBang to this version, you must follow the steps below to ensure apps protected by authservice are still protected.

In order to ensure sso for all services protected by authservice remain functional (kiali, jaeger, prometheus, and alertmanager), the istio-proxy sidecar attached to the haproxy infront of the services must be updated to 1.7.7.

The easiest way to do this is to cycle the pod:

kubectl delete po -n authservice -l app.kubernetes.io/instance=authservice-haproxy-sso

Note: these 4 services (kiali, jaeger, prometheus, and alertmanager) will be unavailable for ~10s while the pod cycles. In the future we aim to provide an HA implementation of authservice's haproxy so the above operations can happen without downtime.

  • !300: Velero Addon Addition
  • !308: BigBang values migrated to Secret objects parsed by HelmRelease objects within chart. (also fixes #221 (closed))
  • !357: Updated Anchore (Engine 0.9.3, Enterprise 3.0.2).
  • !333: Updated Mattermost (Operator: 1.13.0, Instance: 5.32.1).
  • !346: Redis Integration with Anchore Enterprise Package.
  • !318: Redis Integration with ArgoCD Package.

[1.3.0]

  • !322: Updated anchore to 0.9.2, enterprise 3.0.1, this also fixes #135 (closed)
  • !309: Add support for Gitlab CAC signed commits and custom CAs
  • !311: Update minio to RELEASE.2020-11-19T23-48-16Z and expose more user configuration options
  • !220: Added consolidatedflux installation (without flux cli)
  • !319: Updated gitlab-runner to 13.9.0 IronBank image (note this uses a different chart schema than previous versions, see here for more information)
  • !340: Package bigbang repo in repositories.tar.gz release artifact

In addition, Big Bang Pre-requisites has been added as a location to store all (known) pre-requisites for running BigBang on various distributions. Over time, more distributions will be added as they are tested, community (and vendor) contributions are welcomed!

[1.2.0]

  • !270: upgrade to flux 0.7.x, this requires updating flux and fixes #13 (closed)
  • !250: Filename spelling correction in scripts directory
  • !259, !265, !274: documentation updates
  • !263, !271: Update codeowners
  • !263: add missing enterprise Anchore images to airgap bundle
  • !237: add gitlab-runner to test values
  • !266: update fluentbit package version
  • !269: Update charter/PackageOwner.md
  • !256: update developer documentation
  • !272: Remove CI jobs that check for things no longer required as part of the developer workflow
  • !264, !238: Update BigBang repo url references from "umbrella" to "bigbang"
  • !249: image for gatekeeper is set in the chart and should not be hardcoded in the HelmRelease
  • !202: add initial support for openshift (ocp)
  • !272: upgrade argocd helm chart to 2.14.7-bb.0
  • !232: Twistlock IB image and VirtualServcie customization
  • !210: only run cluster tests when chart contents have changed
  • !279: remove hardcoded ArgoCD server url config, allow users to set their own sso url
  • !215: add sample sso values
  • !286: add Ironbank defender image to synker config
  • !287: add gitlab runner images to synker config
  • !288: split minio into minio operator and minio and move to addons
  • !255: Integrate Mattermost Operator as an addon
  • !273: Integrate Mattermost as an addon
  • !291: enable MinIO in CI tests
  • !290: upgrade Mattermost chart version. Uses latest IronBank image

[1.1.0]

  • &2: Add support for Gitlab (with sso) 13.8.0
  • &3: Add support for Gitlab Runners 13.2.2
  • &7: Add support for SonarQube (with sso) 8.6
  • &15: Add support for Anchore (with sso) 0.8.1
  • #129: Updated FluentBit to 1.6.3
  • #63: Fix bug with elasticsearch failing to start due to invalid file permissions
  • #49: Add consistent labels to authservice deployment
  • #32: Add support for PodAntiAffinity and NodeAffinity for elasticsearch deployments
  • #6: Add support for new elasticsearch cluster node types
  • #16: Fix bug with incorrect git credentials being created when specifying a private repository
  • #66: Fix bug with EnvoyFilter being applied in the wrong non-global namespace
  • #99: Fix bug that allowed for incorrect ImagePullSecrets to be created when providing incomplete credentials

[1.0.8]

  • Added support for deployment of Minio operator and instance deployment of minio.

[1.0.7]

  • Added Kubernetes labels to all objects created by umbrella
  • Add OIDC integration for Grafana
  • Allow creation of wildcard cert for istio ingress to be passed to BigBang chart

[1.0.6]

  • Added HAProxy Addon
  • Added support for automatically populating configs and settings for the following placing SSO in front of apps without support:
istio:
  sso:
    enabled: true
    prometheus:
      client_id:
      client_secret:
    alertmanager:
      client_id:
      client_secret:

monitoring:
  sso:
    enabled: true
    kiali:
      client_id:
      client_secret:
    jaeger:
      client_id:
      client_secret:
  • Added authservice namespace where authservice addon and haproxy deployment will be created.
  • Added global sso options for umbrella which will be applied to all configured authservice chains:
sso:
  oidc:
    host: login.dso.mil
    realm: baby-yoda
  certificate_authority: ''
  jwks: ""
  client_id: ""
  client_secret: ""
  • Updated syntax for authservice chains definition.

[1.0.5]

  • Bumped monitoring chart to consume kiwigrid/sidecar from IronBank

[1.0.4]

  • Bug fix where argocd's VirtualService wouldn't recieve the top level hostname value.

[1.0.3]

  • Added Gitlab
  • Added ability to provide multiple registry credentials while maintaining current capabilities:
registryCredentials:
  username: registry1user
  password: somesecretpassword

or

registryCredentials:
- registry: registry1.dso.mil
  username: registry1user
  password: somesecretpassword
- registry: registry.dsop.io
  username: registry1user
  password: somesecretpassword
- registry: somewhere.else.io
  username: someuser
  password: someothersecret

will correctly create the ImagePullSecrets for all those registries

[1.0.2]

Changed

  • Updated istio-controlplane to 1.7.3-bb.5 to allow for setting ingressgateway to use nodeports

[1.0.1]

Changed

  • Updated Istio Control plane to support Node Ports for ingressGateway
  • Update Istio Control plane to support SSO for Kiali and Jaeger
  • Update Authservice to refact definitions of filter chains
  • Updated documentation

[0.0.4] - 2020-12-16

Changed

[0.0.3] - 2020-12-15

Added

  • Documentation in docs

Changed

[0.0.2] - 2020-12-11

Added

  • Initial release of Big Bang

UNCLASSIFIED - NO CUI