Update dependency https://repo1.dso.mil/big-bang/bigbang.git to v2.43.0

This MR contains the following updates:

Package	Update	Change
https://repo1.dso.mil/big-bang/bigbang.git	minor	2.42.0 -> 2.43.0

Complete MR checklist

Assignee

• Followed upgrade instructions outlined in docs/DEVELOPMENT_MAINTENANCE.md
• Update Docs with new/updated steps as needed
• Tested and Validated Changes made with supporting info like logs or screenshots from test pipelines

Add supporting info below

Reviewer only

• Tested and Validated changes

---

Release Notes

big-bang/bigbang (https://repo1.dso.mil/big-bang/bigbang.git)

v2.43.0: Big Bang 2.43.0

Compare Source

Release Notes - 2.43.0

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.30.3 (RKE2).

Registry1 Notice

Upcoming Certificate Update

Attention Platform One Customers,

We’re updating the certificates used by our services in the next three weeks. You may have noticed minor interruptions when this occurred on https://login.dso.mil. The next updates will affect https://registry1.dso.mil and https://repo1.dso.mil, and many other Platform One services.

For Hosts Running Debian (Any Release Prior to Unreleased 13):

Debian integrates updated CA bundles only at the start of a new release. Because the updated certificate will be included in the upcoming Debian 13 (Trixie), hosts running the current Debian and older versions will not trust it by default. If you want to maintain smooth interaction with Platform One Services, we recommend manually installing the root certificate. You can find it here.

Recommended Steps for Hosts:

Download the [CSV with PEM of Raw Certificate data] (https://ccadb.my.salesforce-sites.com/mozilla/IncludedCACertificateReportPEMCSV) file from the link above Search for the certificate named SSL.com TLS RSA Root CA 2022, copy the content of the PEM info column for that certificate. Add it to your system’s trusted certificate store by: echo "" | sudo tee /usr/local/share/ca-certificates/new-sslcom-root-ca.crt sudo update-ca-certificates For Distroless and Debian-Based Containers: We have updated the Debian and Distroless container images in registry1 to include the trusted certificate. If you rely on these containers, please pull fresh images as soon as possible. For Big Bang customers, please see the latest Big Bang release notes as well.

For other hosts

Other operating systems will automatically get this new certificate through their built-in system update.

If you have any questions or need assistance, please contact the support team at help@dsop.io.

Big Bang Upgrade Notices

• Mattermost - MR:
  • The builtin bitnami postgresql database is no longer enabled by default in the test values or the examples. We do not recommend this configuration. For local development usage where the builtin bitnami postgresql database is desired, set postgresql.install: true and postgresql.auth.sslmode: disable in your values.

Upgrades from previous releases

If coming from a version pre-2.42.0, note the additional upgrade notices in any release in between. The BB team doesn't test/guarantee upgrades from anything pre-2.42.0.

Packages

Package	Type	Package Version	BB Version
Alloy	Addon	1.4.2	1.6.13-bb.0
Anchore Enterprise	Addon	5.12.0	3.2.0-bb.1 🔗
Argocd	Addon	2.13.1	7.7.5-bb.1 🔗
Authservice	Addon	1.0.3	1.0.3-bb.0
Cluster Auditor	Core	0.0.7	1.5.0-bb.22
Eck Operator	Core	2.15.0	2.15.0-bb.0
Elasticsearch Kibana	Core	Kibana 8.17.0 Elasticsearch 8.17.0	1.24.0-bb.1 🔗
External Secrets	Addon	0.11.0	0.11.0-bb.2 🔗
Fluentbit	Core	3.2.2	0.48.3-bb.1
Fortify	Addon	24.4.1.0005	1.1.2320154-bb.21
Gatekeeper	Core	3.18.1	3.18.1-bb.0 🔗
Gitlab	Addon	17.6.2	8.6.2-bb.0 🔗
Gitlab Runner	Addon	17.5.4	0.70.4-bb.0 🔗
Grafana	Core	11.3.1	8.6.2-bb.0
Haproxy	Addon	2.2.33	1.19.3-bb.8
Harbor	Addon	2.11.0	1.16.0-bb.2
Holocron	Addon	3.3.2	1.0.12
Istio Controlplane	Core	Istio 1.23.3 Tetrate Istio Distro 1.23.3	1.23.3-bb.2
Istio Operator	Core	Istio Operator 1.23.3 Tetrate Istio Distro Operator 1.23.3	1.23.3-bb.0
Jaeger	Core	1.61.0	2.57.0-bb.0
Keycloak	Addon	25.0.6	2.5.1-bb.3
Kiali	Core	2.1.0	2.1.0-bb.0
Kyverno	Core	1.13.2	3.3.4-bb.0
Kyverno Policies	Core	3.3.4	3.3.4-bb.0
Kyverno Reporter	Core	2.20.2	2.24.2-bb.1
Loki	Core	3.3.1	6.23.0-bb.1 🔗
Mattermost	Addon	10.2.0	10.2.0-bb.1 🔗
Mattermost Operator	Addon	1.22.1	1.22.1-bb.1
Metrics Server	Addon	0.7.2	3.12.2-bb.1
Minio	Addon	RELEASE.2024-12-13T22-19-12Z	6.0.4-bb.5 🔗
Minio Operator	Addon	6.0.4	6.0.4-bb.0
Monitoring	Core	Prometheus 2.54.1 Grafana 11.1.0 Alertmanager 0.27.0	62.4.0-bb.1
Neuvector	Core	5.4.1	2.8.3-bb.0
Nexus	Addon	3.75.0-06	75.0.0-bb.1 🔗
Promtail	Core	3.0.0	6.16.2-bb.4
Sonarqube	Addon	10.6.0-community	10.6.1-bb.3 🔗
Tempo	Core	Tempo 2.5.0 Tempo Query 2.5.0	1.11.0-bb.0
Thanos	Addon	0.36.1	15.8.1-bb.0
Twistlock	Core	33.01.137	0.18.0-bb.0
Vault	Addon	1.18.3	0.29.1-bb.2 🔗
Velero	Addon	1.15.0	7.2.2-bb.4
Wrapper	Core	N / A	0.4.10

Changes in 2.43.0

Big Bang MRs

• !5550: update dev-sso-values with latest login.dso.mil CA chain
• !5535: Resolve "Minio gitrepo available without default tenant"
• !5543: Gateway tls bug
• !5520: allow istio gateway tls mode OPTIONAL_MUTUAL
• !5508: Resolve "realm should be realms in nexus chart"

Gatekeeper

• !5549: gatekeeper update to 3.18.1-bb.0

##### Changelog Updates
##### [3.18.1-bb.0] - 2024-12-17

##### Changed
- Synced upstream chart changes to address missing labels
- Updated registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper v3.17.1 -> 3.18.1
- Updated gluon from 0.5.4 to 0.5.12

Elasticsearch Kibana

• !5545: elasticsearchKibana update to 1.24.0-bb.1
• !5537: elasticsearchKibana update to 1.24.0-bb.0

##### Changelog Updates
##### [1.24.0-bb.1] - 2024-12-16

##### Changed
- added the ability to add custom authorizationPolicies
- added helm unittest tests

##### [1.24.0-bb.0] - 2024-12-13
##### Changed
- ironbank/elastic/elasticsearch/elasticsearch updated from 8.16.1 to 8.17.0
- ironbank/elastic/kibana/kibana updated from 8.16.1 to 8.17.0
- ironbank/opensource/kubernetes/kubectl updated from v1.30.7 to v1.30.8

Loki

• !5514: loki update to 6.23.0-bb.1

##### Changelog Updates
##### [6.23.0-bb.1] - 2024-12-11

##### Updated
- Updated `grafana-enterprise-logs` from `v1.7.0` -> `v3.3.0`

Argocd

• !5521: argocd update to 7.7.5-bb.1

##### Changelog Updates
##### [7.7.5-bb.1] - 2024-12-05

##### Changed
- Updated timeouts for  readiness and liveness probes

Minio

• !5563: minio update to 6.0.4-bb.5

##### Changelog Updates
##### [6.0.4-bb.5] - 2024-12-19

##### Changed
- Updated registry1.dso.mil/ironbank/opensource/minio/mc RELEASE.2024-11-17T19-35-25Z -> RELEASE.2024-11-21T17-21-54Z
- Updated ironbank/opensource/minio/minio RELEASE.2024-06-04T19-20-08Z -> RELEASE.2024-12-13T22-19-12Z

Gitlab

• !5553: gitlabRunner update to 0.70.4-bb.0
• !5540: gitlab update to 8.6.2-bb.0

##### Changelog Updates
##### [8.6.2-bb.0] - 2024-12-16

##### Changed
- ironbank/gitlab/gitlab/gitlab-webservice (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse (source) 17.6.1 -> 17.6.2
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl (source) 17.6.1 -> 17.6.2

Gitlab Runner

• !5553: gitlabRunner update to 0.70.4-bb.0

##### Changelog Updates
##### [0.70.4-bb.0] - 2024-12-17

##### Changed
- Update GitLab Runner version to v17.5.4
- Update Gluon version to 0.5.12
- Update Gitlab Runner helm chart to v0.70.4
- Update Ubi9 to 9.5

Nexus

• !5551: nexusRepositoryManager update to 75.0.0-bb.1
• !5531: nexusRepositoryManager update to 75.0.0-bb.0

##### Changelog Updates
##### [75.0.0-bb.1] - 2024-12-18

##### Changed
- Updated pod labels to use same as deployment labels

##### [75.0.0-bb.0] - 2024-12-10
##### Changed
- Updated chart to version: 75.0.0-bb.0 | appVersion: 3.75.0-06
- Updated Gluon 0.5.10 -> 0.5.12
- Updated ironbank/sonatype/nexus/nexus (source) 3.74.0-05 -> 3.75.0-06
- Updated registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal (source) 9.4 -> 9.5
- Updated registry1.dso.mil/ironbank/sonatype/nexus/nexus (source) 3.74.0-05 -> 3.75.0-06

Sonarqube

• !5558: sonarqube update to 10.6.1-bb.3

##### Changelog Updates
##### [10.6.1-bb.3] - 2024-12-18

##### Changed
- Update configure-sso job to run on helm upgrades alongside installs
- Update admin password hook job container image

Anchore Enterprise

• !5530: anchore update to 3.2.0-bb.1

##### Changelog Updates
##### [3.2.0-bb.1] - 2024-12-12

##### Changed
- Updated renovate.json for redis update check

##### [3.2.0-bb.0] - 2024-12-02
##### Changed
- Updated Anchore Enterprise chart to `3.2.0`
- Updated Anchore Enterprise tag to `5.12.0`
- Updated Anchore Enterprise UI tag to `5.12.0`
- Bumped resources for anchore-catalog

Mattermost

• !5482: SKIP UPGRADE CHECK mattermost update to 10.2.0-bb.1

##### Changelog Updates
##### [10.2.0-bb.1] - 2024-11-27

##### Changed
- removed builtin bitnami postgresql module from default test values and documentation instructions
- enabled usage of RDS instances inside of Big Bang CI package pipelines

Vault

• !5557: vault update to 0.29.1-bb.2
• !5513: vault update to 0.29.1-bb.1

##### Changelog Updates
##### [0.29.1-bb.2] - 2024-12-19

##### Changed
- Updated registry1.dso.mil/ironbank/hashicorp/vault (source) 1.18.2 -> 1.18.3

##### [0.29.1-bb.1] - 2024-12-10
##### Changed
- registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s (source) v1.5.0 -> v1.6.0

External Secrets

• !5552: externalSecrets update to 0.11.0-bb.2
• !5532: externalSecrets update to 0.11.0-bb.1

##### Changelog Updates
##### [0.11.0-bb.2] - 2024-12-12

##### Changed
- Updated kubectl v1.30.7 -> v1.30.8

##### [0.11.0-bb-1] - 2024-12-11
##### Changed
- Added data block in ES for secret versioning

Known Issues

• Kiali - ISSUE

  • On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the flowcontrol.apiserver.k8s.io/v1beta2 api version (no longer served as of v1.29).

  In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.

  $ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our chat
• Check out the documentation for guidance on how to get started

Future

Don't see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR was automatically generated by Renovate Bot.

Upgrade Notices

(Include any relevant notes about upgrades here or write "N/A" if there are none)