Release 1.4.0

Checklist for things to validate for release 1.4.0

TODO:

• Create release branch
• release specific code changes with a single MR/commit
  • Bump self-reference version in base/gitrepository.yaml
  • update chart release version char/Chart.yaml
  • update /Packages.md with any new Packages
• Deploy release branch on Dogfood cluster
• Build draft release notes
• After validating release candidate create official release tag
• Cherry-pick release commit(s) as needed with merge request back to master branch

https://repo1.dso.mil/platform-one/big-bang/customers/bigbang

TESTING:

• Stand up RKE cluster
• Deploy all the apps with SSO
• Apps stand up and are healthy
  • Virtual Services and cert are correct
  • image pull secret
• Confirm SSO works correctly
• Logging
  • Get logs from all apps.
• Cluster Auditor
  • violations index is present and contains images that aren't from registry1
• Monitoring
  • Contains Kubernetes Dashboards and metrics
  • contains instio dashboards (no data coming in #65 (closed) )
• Kiali shows no errors
• Sonarqube - Deploys, can get tokens
• GitLab + Runners
  • git clone and git push repos
  • docker push and docker pull image to registry
  • Change icon is user settings
  • Test simple CI pipeline
• Anchore
  • One-Time Scan against image from registry.bigbang.dev or registry1.
• Argocd
  • Create application
  • connect to our Gitlab
• Minio deploys.
• Test Mattermost
• Test Velero
  • Backup PVCs
  • Restore PVCs

Candidate Release Notes

Please see our documentation page for more information on how to consume and deploy BigBang.

Upgrade Notice

This update includes updated EnvoyFilters for authservice to fix #65 (closed) and is a component of a future upgrade to istio 1.8 (#191 (closed)).

After upgrading BigBang to this version, you must follow the steps below to ensure apps protected by authservice are still protected.

In order to ensure sso for all services protected by authservice remain functional (kiali, jaeger, prometheus, and alertmanager), the istio-proxy sidecar attached to the haproxy infront of the services must be updated to 1.7.7.

The easiest way to do this is to cycle the pod:

kubectl delete po -n authservice -l app.kubernetes.io/instance=authservice-haproxy-sso

Note: these 4 services (kiali, jaeger, prometheus, and alertmanager) will be unavailable for ~10s while the pod cycles. In the future we aim to provide an HA implementation of authservice's haproxy so the above operations can happen without downtime.

Packages

Package	Type	Version
Istio Operator	Core	1.7.3
Istio Controlplane	Core	1.7.3
OPA Gatekeeper	Core	3.1.2
Monitoring	Core	G: 7.1.3, P: 2.22.0, A: 0.21.0
ECK Operator	Core	1.3.0
Elasticsearch Kibana	Core	7.9.2
Fluentbit	Core	1.6.6
Cluster Auditor	Core	0.1.8
Twistlock	Core	20.12.531
Gitlab	Addon	13.8.0
Gitlab Runners	Addon	13.9.0
Mattermost Operator	Addon	1.13.0
Mattermost	Addon	5.32.1
MinIO Operator	Addon	2.0.9
MinIO	Addon	RELEASE.2020-11-19T23-48-16Z
Authservice	Addon	0.3.1
Anchore	Addon	ENG: 0.9.3, ENT: 3.0.2
SonarQube	Addon	8.6
Argocd	Addon	1.8.4 (w/ p1 plugins)
Velero	Addon	1.5.3

Changes in 1.4.0

• !300 (merged): Velero Addon Addition
• !308 (merged): BigBang values migrated to Secret objects parsed by HelmRelease objects within chart. (also fixes #221 (closed))
• !357 (merged): Updated Anchore (Engine 0.9.3, Enterprise 3.0.2).
• !333 (merged): Updated Mattermost (Operator: 1.13.0, Instance: 5.32.1).
• !346 (merged): Redis Integration with Anchore Enterprise Package.
• !318 (merged): Redis Integration with ArgoCD Package.

In addition, Big Bang Pre-requisites has been added as a location to store all (known) pre-requisites for running BigBang on various distributions. Over time, more distributions will be added as they are tested, community (and vendor) contributions are welcomed!

Known Issues

The following issues are known issues that are currently being addressed that will be fixed in future releases.

• #335 (closed): Fluent-bit Transmission Reliability

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our chat
• Check out the documentation for guidance on how to get started

Future

Don't see your feature and/or bug fix? Check out our roadmap for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.

changed milestone to %1.4.0

changed the description

marked the checklist item Create release branch as completed

marked the checklist item release specific code changes with a single MR/commit as completed

marked the checklist item Bump self-reference version in base/gitrepository.yaml as completed

marked the checklist item update chart release version char/Chart.yaml as completed

marked the checklist item update /Packages.md with any new Packages as completed

marked the checklist item Stand up RKE cluster as completed

marked the checklist item Deploy release branch on Dogfood cluster as completed

marked the checklist item Monitoring as completed

marked the checklist item Contains Kubernetes Dashboards and metrics as completed

marked the checklist item contains instio dashboards (no data coming in #65 (closed) ) as completed

marked the checklist item Argocd as completed

marked the checklist item Argocd as incomplete

changed the description

changed the description

marked the checklist item Test Mattermost as completed

marked the checklist item Minio deploys. as completed

marked the checklist item Cluster Auditor as completed

marked the checklist item violations index is present and contains images that aren't from registry1 as completed

marked the checklist item Kiali shows no errors as completed

marked the checklist item Anchore as completed

marked the checklist item GitLab + Runners as completed

marked the checklist item GitLab + Runners as incomplete

marked the checklist item Sonarqube - Deploys, can get tokens as completed

marked the checklist item git clone and git push repos as completed

marked the checklist item Change icon is user settings as completed

marked the checklist item Test simple CI pipeline as completed

marked the checklist item Apps stand up and are healthy as completed

marked the checklist item Virtual Services and cert are correct as completed

marked the checklist item image pull secret as completed

marked the checklist item Build draft release notes as completed

marked the checklist item Argocd as completed

marked the checklist item Create application as completed

marked the checklist item connect to our Gitlab as completed

added priority4 ~2836 labels

marked the checklist item Deploy all the apps with SSO as completed

marked the checklist item Confirm SSO works correctly as completed

marked the checklist item Test Velero as completed

marked the checklist item Backup PVCs as completed

marked the checklist item Test Velero as incomplete

marked the checklist item GitLab + Runners as completed

marked the checklist item docker push and docker pull image to registry as completed

marked the checklist item Logging as completed

marked the checklist item Get logs from all apps. as completed

changed the description

TODO: write up upgrade strategy for authservice due to new EnvoyFilters

Velero backup and restore works.

marked the checklist item Restore PVCs as completed

marked the checklist item Test Velero as completed

changed the description

changed the description

marked the checklist item After validating release candidate create official release tag as completed

marked the checklist item Cherry-pick release commit(s) as needed with merge request back to master branch as completed

closed

added to epic &64 (closed)

changed title from release 1.4.0 to Release 1.4.0