The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
## [1.6.0]
### Upgrade Notice
This update includes several major changes to istio. Kiali and Jaeger are now separated into their own repos, helmreleases, and namespaces.
A manual cleanup task is required to delete the previous Kiali and Jaeger deployments post upgrade:
This update includes an update to the Anchore chart. There is a [known issue](https://github.com/anchore/anchore-engine/issues/882) with running this version (and some previous versions) on FIPS enabled nodes. All Anchore services continue to function properly on non-FIPS nodes. Once an upstream fix is pushed, we will update the BB version accordingly.
Anchore's default resource requests/limits (specifically for memory for the RBAC Manager) may be problematic depending on the customer and usage. Currently Big Bang consumes the defaults from the upstream chart, but Anchore also provides a list of [requirements](https://docs.anchore.com/current/docs/overview/requirements/) that address best practices for configuration for production workloads. These recommendations can be used as BB value overrides to specify resource limits and requests (example: [RBAC Manager](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/chart/values.yaml#L868)).
*[!436](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/436): Resolve "fluentbit requires modification to work when selinux: Enforcing"
*[!416](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/416): Fix Minio SecurityContext for Mattermost
*[!385](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/385): update anchore to 1.12.7-bb.2
*[!330](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/330): upgrade to istio 1.8.4, split jaeger and kiali into separate deployments
*[!427](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/427): IronBank image for Cluster Auditor
*[!428](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/428): feat: Bumping eck-operator to 1.4.0-bb.1
*[!421](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/421): Resolve "Upgrade eck-operator to 1.4.0"
*[!443](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/443): Resolve "Fluentbit upgrade to application version 1.7.4"
*[!442](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/442): Resolve "feat: Update authservice to use latest IB image and templating"
*[!432](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/432): feat: ek package to 0.1.8-bb.0 for pod lifecycle support
*[!418](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/418): Minio VS update
There are additional minor changes and documentation updates that are included with this release. Full changes can always be seen by viewing the commit logs and completed MRs.
| istio.ingress | object | `{"cert":"","key":""}` | Certificate/Key pair to use as the default certificate for exposing BigBang created applications. If nothing is provided, applications will expect a valid tls secret to exist in the `istio-system` namespace called `wildcard-cert`. |
| istio.sso.enabled | bool | `false` | Toggle SSO for kiali and jaeger on and off |
| istio.sso.kiali.client_id | string | `""` | OIDC Client ID use for kiali |
| istio.sso.kiali.client_secret | string | `""` | OIDC Client Secret to use for kiali |
| istio.sso.jaeger.client_id | string | `""` | OIDC Client ID to use for jaeger |
| istio.sso.jaeger.client_secret | string | `""` | OIDC Client Secret to use for jaeger |
| istio.values | object | `{}` | Values to passthrough to the istio-controlplane chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git |
| logging.sso.enabled | bool | `false` | Toggle OIDC SSO for Kibana/Elasticsearch on and off. Enabling this option will auto-create any required secrets. |
@@ -133,18 +144,18 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.authservice.enabled | bool | `false` | Toggle deployment of Authservice. if enabling authservice, a filter needs to be provided by either enabling sso for monitoring or istio, or manually adding a filter chain in the values here: values: chain: minimal: callback_uri: "https://somecallback" |
| addons.anchore.enterprise.enabled | bool | `false` | Toggle the installation of Anchore Enterprise. This must be accompanied by a valid license. |
| addons.anchore.enterprise.licenseYaml | string | `"FULL LICENSE\n"` | License for Anchore Enterprise. For formatting examples see https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#enabling-enterprise-services |
| addons.anchore.sso.enabled | bool | `false` | Toggle OIDC SSO for Anchore on and off. Enabling this option will auto-create any required secrets. |
| addons.anchore.sso.enabled | bool | `false` | Toggle OIDC SSO for Anchore on and off. Enabling this option will auto-create any required secrets (Note: SSO requires an Enterprise license). |
| addons.anchore.database.host | string | `""` | Hostname of a pre-existing PostgreSQL database to use for Anchore. Entering connection info will disable the deployment of an internal database and will auto-create any required secrets. |
| addons.anchore.database.port | string | `""` | Port of a pre-existing PostgreSQL database to use for Anchore. |
| addons.anchore.database.username | string | `""` | Username to connect as to external database, the user must have all privileges on the database. |
| addons.anchore.database.password | string | `""` | Database password for the username used to connect to the existing database. |
| addons.anchore.database.database | string | `""` | Database name to connect to on host. |
| addons.anchore.database.feeds_database | string | `""` | Feeds database name to connect to on host. Only required for enterprise edition of anchore. |
| addons.anchore.database.database | string | `""` | Database name to connect to on host (Note: database name CANNOT contain hyphens). |
| addons.anchore.database.feeds_database | string | `""` | Feeds database name to connect to on host (Note: feeds database name CANNOT contain hyphens). Only required for enterprise edition of anchore. By default, feeds database will be configured with the same username and password as the main database. For formatting examples on how to use a separate username and password for the feeds database see https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#handling-dependencies |
| addons.anchore.redis.host | string | `""` | Hostname of a pre-existing Redis to use for Anchore Enterprise. Entering connection info will enable external redis and will auto-create any required secrets. Anchore only requires redis for enterprise deployments and will not provision an instance if using external |
| addons.anchore.redis.port | string | `""` | Port of a pre-existing Redis to use for Anchore Enterprise. |
| addons.anchore.redis.password | string | `""` | Password to connect to pre-existing Redis. |
...
...
@@ -227,7 +238,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.mattermost.enterprise.enabled | bool | `false` | Toggle the Mattermost Enterprise. This must be accompanied by a valid license unless you plan to start a trial post-install. |
| addons.mattermost.enterprise.license | string | `""` | License for Mattermost. This should be the entire contents of the license file from Mattermost (should be one line), example below license: "eyJpZCI6InIxM205bjR3eTdkYjludG95Z3RiOD---REST---IS---HIDDEN |
