Release 1.8.0
Checklist for things to validate for release 1.8.0
TODO:
- Verify that the previous release branch commit hash matches the last release tag. Investigate with previous RE if they do not match
- Create release branch
-
release specific code changes with a single MR/commit
- Bump self-reference version in base/gitrepository.yaml
- update chart release version char/Chart.yaml
- update /Packages.md with any new Packages
- update CHANGELOG.md with links to MRs and any upgrade notices/known issues
-
Update README.md using
helm-docs. Overwrite the existing readme file.
docker run -v "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:v1.5.0 -s file -t .gitlab-ci/README.md.gotmpl --dry-run > README.md
- Deploy release branch on Dogfood cluster
- Build draft release notes
- Create a release candidate tag X.X.X-rc.0 from the release branch and verify that tag pipeline completes successfully.
- create create official release tag X.X.X from the release branch
- Cherry-pick release commit(s) as needed with merge request back to master branch
https://repo1.dso.mil/platform-one/big-bang/customers/bigbang
TESTING:
- Stand up RKE2 cluster
- Deploy all the apps with SSO
-
Apps stand up and are healthy
- Virtual Services and cert are correct
- image pull secret
- Confirm SSO works correctly
-
Logging
- Get logs from all apps.
-
Cluster Auditor
- violations index is present and contains images that aren't from registry1
-
Monitoring
- Contains Kubernetes Dashboards and metrics
- contains istio dashboards
- Kiali shows no errors
- Sonarqube - Deploys, can get tokens
-
GitLab + Runners
- git clone and git push repos
- docker push and docker pull image to registry
- Change icon is user settings
- Test simple CI pipeline
-
Anchore
- One-Time Scan against image from registry.bigbang.dev or registry1.
-
Argocd
- Create application
- connect to our Gitlab
-
Minio deploys.
- Create volume
- Store file to volume
- Download file from volume
-
Test Mattermost
- Elastic integration
-
Test Velero
- Backup PVCs
- Restore PVCs
- Test Keycolak. Coordinate with CNAP team for Keycloak testing. They have P1 SSO dev environment. Keycloak should not be enabled in the dogfood cluster. The alternative is to spin up a separate temporary infra for only Keycloak.
Candidate Release Notes
Please see our documentation page for more information on how to consume and deploy BigBang.
Upgrade Notices
- Release 1.8.0 upgrades Elasticsearch and Kibana to their respective 7.10 versions and contains a helm hook to run a job which performs steps to perform a Rolling Upgrade. If the autoRollingUpgrade job does not complete successfully or is interfered with it could cause ECK data loss. No intervention is immediately required and it is recommended to leave the
autoRollingUpgradevalue enabled and read the documentation.- If you encounter issues with the ECK stack with this autoRollingUpgrade review this troubleshooting doc to easily resolve some of the most common issues.
- If your ECK cluster has more than 8 nodes you should bump up the flux timeout for the logging package to 30 minutes (each node takes around 2-2.5 minutes to restart) via updating the
logging.flux.timeout: 20mvalue.
Packages
Packages
| Package | Type | Package Version | BB Version |
|---|---|---|---|
| Istio Operator | Core | 1.8.4 |
1.8.4-bb.1 |
| Istio Controlplane | Core | 1.8.4 |
1.8.4-bb.1 |
| Jaeger | Core | 1.22.0 |
2.19.1-bb.4 |
| Kiali | Core | 1.32.0 |
1.32.0-bb.1 |
| OPA Gatekeeper | Core | 3.3.0 |
3.3.0-bb.0 |
| Monitoring | Core | G: 7.1.3-1, P: 2.22.0, A: 0.21.0
|
11.0.0-bb.17 |
| ECK Operator | Core | 1.4.0 |
1.4.0-bb.1 |
 Elasticsearch Kibana
|
Core | E: 7.10.0 K: 7.10.2
|
0.1.11-bb.0 |
| Fluentbit | Core | 1.7.4 |
0.15.8-bb.1 |
| Cluster Auditor | Core | 0.3.2 |
0.1.9-bb.0 |
|
Twistlock
|
Core | 21.04.412 |
0.0.4-bb.0 |
|
Gitlab
|
Addon | 13.10.3 |
4.10.3-bb.1 |
| Gitlab Runners | Addon | 13.9.0 |
0.26.0-bb.1 |
| Mattermost Operator | Addon | 1.13.0 |
1.13.0-bb.2 |
|
Mattermost
|
Addon | 5.34.2 |
0.1.5-bb.0 |
| MinIO Operator | Addon | 2.0.9 |
2.0.9-bb.3 |
| MinIO | Addon | RELEASE.2020-11-19T23-48-16Z |
2.0.9-bb.9 |
| Authservice | Addon | 0.4.0 |
0.4.0-bb.2 |
|
Anchore
|
Addon | ENG: 0.9.3, ENT: 3.0.2
|
1.12.13-bb.0 |
|
SonarQube
|
Addon |
8.7.1 (w/ p1 plugins) |
9.2.6-bb.8 |
|
Argocd
|
Addon |
1.8.4 (w/ p1 plugins) |
2.14.7-bb.5 |
| Velero | Addon | 1.5.3 |
2.14.8-bb.0 |
 Keycloak
|
Addon | 13.0.0 |
11.0.0-bb.0 |
Changes in 1.8.0
- !447: Sonarqube upgrade app version 8.7.1 chart version 9.2.6-bb.8
- !406: Authservice Support For Non Keycloak OIDC Endpoints
- !459: Gitlab update to fix monitoring
- !463,!480: update codeowners
- !462: Document GitLab package architecture in charter
- !453: Set Global Timeout for Flux & Allow for HelmRelease Flux Settings to be Populated via Values File
- !466: Updating name for kiali oidc secret secret
- !465: Mattermost update app version 5.34.2 chart version 0.1.5-bb.0
- !467: update changelog for release 1.7.0
- !468: Modify continuous integration (CI) pipeline script execution
- !474: Update twistlock app version 21.04.412 chart version 0.0.4-bb.0
- !464: Documentation updates
- !475: Anchore upgrade app version 0.9.3 chart version 1.12.13-bb.0
- !430: Charter update for istio architecture
- !451,!481,!482: Breakout secrets into individual files in Package templates
- !417: update Kibana
- !350: Authservice Redirect URLs dont respect virtual service name overrides
- !485: ArgoCD upgrade app version 1.8.4 chart version 2.14.7-bb.5
- !476: Charter documentation updates
- !134,!489: BETA release of Keycloak app version 13.0.0 helm chart version 11.0.0
- !342: Upgrade elasticsearch-kibana package app version 7.10.x chart version 0.1.11-bb.0
- !457: Add labels to authservice namespace in compliance with charter
Known Issues
- If the following error is seen on any helm releases
scheme "" not supportedtry updating flux to latest ib images. A simple way to do this is by adding registry credentials to the flux-system namespace and applying the flux.yaml:
kubectl create secret docker-registry private-registry --docker-server=registry1.dso.mil --docker-username=<Your IronBank Username> --docker-password=<Your IronBank Personal Access Token> --docker-email=<Your E-mail Address> -n flux-system
curl https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/scripts/deploy/flux.yaml | kubectl apply -f -- There is a known issue with Velero ability to restore PersistentVolumes.
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future
Don't see your feature and/or bug fix? Check out our roadmap for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.
Activity
changed milestone to %1.9.0
changed iteration to Big Bang Iterations May 5, 2021 - May 18, 2021
changed iteration to Big Bang Iterations May 19, 2021 - Jun 1, 2021
changed milestone to %1.8.0
created merge request !491 (closed) to address this issue
mentioned in merge request !491 (closed)
compare current release branch with previous release branch
https://repo1.dso.mil/platform-one/big-bang/bigbang/-/compare/release-1.7.x...release-1.8.xadded statusdoing label
@kenna81
added priority4 label
removed statusdoing label
added statusreview label
added to epic &64 (closed)
removed statusreview label
Please register or sign in to reply