Update dependency https://repo1.dso.mil/big-bang/bigbang.git to v2.33.0
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| https://repo1.dso.mil/big-bang/bigbang.git | minor |
2.31.0 -> 2.33.0
|
Complete MR checklist
Assignee
-
Followed upgrade instructions outlined in docs/DEVELOPMENT_MAINTENANCE.md -
Update Docs with new/updated steps as needed -
Tested and Validated Changes made with supporting info like logs or screenshots from test pipelines
Add supporting info below
Reviewer only
-
Tested and Validated changes
Release Notes
big-bang/bigbang (https://repo1.dso.mil/big-bang/bigbang.git)
v2.33.0: Big Bang 2.33.0
Release Notes - 2.33.0
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.29.3 (RKE2).
Upgrade Notices
-
Mattermost - MR:
- If Istio native sidecars are disabled, you'll need to set
.values.addons.mattermost.values.database.readinessCheck.disableDefaulttotruein yourvalues.yamlfile
- If Istio native sidecars are disabled, you'll need to set
-
GitLab - MR)
- This update requires Istio Native Sidecars to be enabled
Upgrades from previous releases
If coming from a version pre-2.32.0, note the additional upgrade notices in any release in between. The BB team doesn't test/guarantee upgrades from anything pre-2.32.0.
Packages
| Package | Type | Package Version | BB Version |
|---|---|---|---|
| Istio Controlplane | Core | Istio 1.22.3 Tetrate Istio Distro 1.22.3
|
1.22.3-bb.1 |
| Istio Operator | Core | Istio Operator 1.22.3 Tetrate Istio Distro Operator 1.22.3
|
1.22.3-bb.0 |
| Jaeger | Core | 1.57.0 |
2.54.0-bb.2 |
| Kiali | Core | 1.87.0 |
1.87.0-bb.0 |
 Cluster Auditor
|
Core | 0.0.7 |
1.5.0-bb.21 |
|
Gatekeeper
|
Core | 3.16.3 |
3.16.3-bb.1 |
|
Kyverno
|
Core | 1.12.5 |
3.2.6-bb.0 |
|
Kyverno Policies
|
Core | 3.2.5 |
3.2.5-bb.2 |
|
Kyverno Reporter
|
Core | 2.20.1 |
2.24.0-bb.2 |
|
Elasticsearch Kibana
|
Core | Kibana 8.14.1 Elasticsearch 8.14.1
|
1.17.0-bb.4 |
| Eck Operator | Core | 2.13.0 |
2.13.0-bb.2 |
|
Fluentbit
|
Core | 3.1.4 |
0.47.5-bb.1 |
| Promtail | Core | 3.0.0 |
6.16.2-bb.1 |
| Loki | Core | 3.1.0 |
6.7.1-bb.0 |
|
Neuvector
|
Core | 5.3.3 |
2.7.7-bb.3 |
|
Tempo
|
Core | Tempo 2.5.0 Tempo Query 2.5.0
|
1.10.1-bb.0 |
|
Monitoring
|
Core | Prometheus 2.53.0 Grafana 11.1.0 Alertmanager 0.27.0
|
61.2.0-bb.4 |
|
Grafana
|
Core | 11.1.0 |
8.3.6-bb.1 |
|
Twistlock
|
Core | 32.03.125 |
0.16.0-bb.0 |
| Wrapper | Core | N / A | 0.4.10 |
|
Argocd
|
Addon | 2.11.7 |
7.3.11-bb.0 |
| Authservice | Addon | 1.0.1 |
1.0.1-bb.4 |
|
Minio Operator
|
Addon | 5.0.16 |
5.0.16-bb.3 |
| Minio | Addon | RELEASE.2024-06-04T19-20-08Z |
5.0.16-bb.0 |
|
Gitlab
|
Addon | 17.2.1 |
8.2.1-bb.0 |
| Gitlab Runner | Addon | 17.1.0 |
0.66.0-bb.0 |
|
Nexus
|
Addon | 3.70.1-02 |
70.1.0-bb.0 |
| Sonarqube | Addon | 9.9.6-community |
8.0.6-bb.2 |
| Fortify | Addon | 24.2.0.0186 |
1.1.2320154-bb.15 |
| Haproxy | Addon | 2.2.33 |
1.19.3-bb.7 |
|
Anchore Enterprise
|
Addon | 5.8.0 |
2.9.0-bb.0 |
|
Mattermost Operator
|
Addon | 1.22.0 |
1.22.0-bb.2 |
|
Mattermost
|
Addon | 9.10.1 |
9.10.1-bb.0 |
|
Velero
|
Addon | 1.14.0 |
6.7.0-bb.7 |
|
Keycloak
|
Addon | 25.0.2 |
2.4.3-bb.3 |
| Vault | Addon | 1.14.10 |
0.25.0-bb.38 |
| Metrics Server | Addon | 0.7.1 |
3.12.1-bb.3 |
| Harbor | Addon | 2.11.0 |
1.15.0-bb.0 |
| Holocron | Addon | 3.3.2 |
1.0.11 |
|
Thanos
|
Addon | 0.35.1 |
15.7.9-bb.6 |
External Secrets 
|
Addon | 0.9.18 |
0.9.18-bb.7 |
Changes in 2.33.0
Big Bang MRs
- !4884: update to 1.30
- !4874: update helmRepo api version to v1 from v1beta2
- !4667: Resolve "Fixing Monitoring NS hardening consistency"
- !4849: Adds Fortify information to the default credentials user guide
- !4809: Add grafanaAlloy to values.schema.json
- !4775: Resolve "Fix Kustomize for the Package"
- !4754: Resolve "Enable driftDetection in flux"
Cluster Auditor
##### Changelog Updates
##### [1.5.0-bb.21] - 2024-07-30
##### Changed
- Add pod labels required by Kiali
##### [1.5.0-bb.20] - 2024-07-24
##### Changed
- Removed redundant entries in package test-values.yaml already in package values.yamlGatekeeper
- !4795: gatekeeper update to 3.16.3-bb.1
##### Changelog Updates
##### [3.16.3-bb.1] - 2024-07-11
##### Changed
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.29.5 -> v1.29.6Kyverno
##### Changelog Updates
##### [3.2.6-bb.0] - 2024-07-30
##### Changed
- Updated kyverno chart from `3.2.5` to `3.2.6` and app version from `v1.12.5` to `v1.12.5`
- Updated `kubectl` from `1.29.6` to `1.29.7`
- Updated `kyverno`, `background-controller`, `cleanup-controller`, `reports-controller`, `kyvernopre` from `v1.12.4` to `v1.12.5`
- Added reference to `kyvernocli` with version `v1.12.5`
##### [3.2.5-bb.4] - 2024-07-30
##### Changed
- Update secret sync test script to check for kyverno-bbtest-secret already existing.
- Update secret sync test script to check for secret sync policy before creating namespace.
- Update gluon to latest v0.5.2Kyverno Policies
- !4868: kyvernoPolicies update to 3.2.5-bb.2
- !4846: kyvernoPolicies update to 3.2.5-bb.1
- !4784: kyvernoPolicies update to 3.2.5-bb.0
##### Changelog Updates
##### [3.2.5-bb.2] - 2024-07-31
##### Changed
- Updated chart/templates/exception-require-non-root-group.yaml:apiVersion: from `kyverno.io/v2beta1` to the latest version `kyverno.io/v2`
- chart/templates/exception-require-non-root-user.yaml:apiVersion: from `kyverno.io/v2beta1` to `kyverno.io/v2`
- chart/templates/update-automountserviceaccounttokens.yaml apiVersion:
##### [3.2.5-bb.1] - 2024-07-27
##### Changed
- Gluon updated from `0.5.0` to `0.5.2`
- `ironbank/opensource/kubernetes/kubectl` updated from `v1.29.4` to `v1.29.7`
##### [3.2.5-bb.0] - 2024-07-23
##### Changed
- Updated versions in version and annotations under Chart.yaml to match Kyverno chart that we are currently using - 3.2.5
Kyverno Reporter
##### Changelog Updates
##### [2.24.0-bb.2] - 2024-08-05
##### Changed
- Updated image from `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.20.0` to `registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.20.1`
- Updated `gluon` package dependency version from `0.5.0` to `0.5.2`
##### [2.24.0-bb.1] - 2024-07-26
##### Changed
- Added `bigbang.labels` to `chart/templates/deployment.yaml`, `chart/templates/cronjob-summary-report.yaml` and `chart/templates/cronjob-violations-report.yaml` to conform to Kiali requirements
- Updated `docs/DEVELOPMENT_MAINTENANCE.md`Elasticsearch Kibana
- !4863: elasticsearchKibana update to 1.17.0-bb.4
##### Changelog Updates
##### [1.17.0-bb.4] - 2024-07-26
##### Changed
- Add `elasticsearch.podDisruptionBudget` to `values.yaml`Fluentbit
##### Changelog Updates
##### [0.47.5-bb.1] - 2024-08-01
##### Changed
- Remove redundant items from test/test-values.yaml
##### [0.47.5-bb.0] - 2024-07-26
##### Changed
- Updated fluent-bit: 3.1.3 -> 3.1.4
- Updated gluon: 0.5.0 -> 0.5.2Neuvector
- !4794: neuvector update to 2.7.7-bb.3
##### Changelog Updates
##### [2.7.7-bb.3] - 2024-07-24
##### Changed
- Added `version` pod label to deployments and daemonset to conform to Kiali requirements
- Updated `docs/DEVELOPMENT_MAINTENANCE.md` [Modifications made to upstream chart](https://repo1.dso.mil/big-bang/product/packages/neuvector/-/blob/main/docs/DEVELOPMENT_MAINTENANCE.md?ref_type=heads#modifications-made-to-upstream-chart) section to reflect changesTempo
- !4823: tempo update to 1.10.1-bb.0
##### Changelog Updates
##### [1.10.1-bb.0] - 2024-07-26
##### Updated
- Synchronized with upstream chart version 1.10.1
- Update gluon: 0.5.0 > 0.5.1Monitoring
- !4824: Update Docs on changing the Grafana credentials
##### Changelog Updates
##### [61.2.0-bb.4] - 2024-08-05
##### Fixed
- Use global imagePullSecret Only
##### [61.2.0-bb.3] - 2024-08-01
##### Changed
- Remove redundant items from test/test-values.yamlGrafana
- !4864: grafana update to 8.3.6-bb.1
- !4822: grafana update to 8.3.6-bb.0
- !4811: grafana update to 8.3.4-bb.2
- !4796: grafana update to 8.3.4-bb.1
##### Changelog Updates
##### [8.3.6-bb.1] - 2024-08-01
##### Changed
- Remove redundant items from `test/test-values.yaml`
##### [8.3.6-bb.0] - 2024-07-25
##### Changed
- gluon updated from 0.5.0 to 0.5.2
##### [8.3.4-bb.2] - 2024-07-24
##### Changed
- Updated `templates/deployment.yaml` and `templates/statefulset.yaml` to use `tpl` for `.Values.podLabels` to allow setting Kiali required `app` and `version` labels
- Set `app` and `version` label defaults via `.Values.podLabels`
##### [8.3.4-bb.1] - 2024-07-24
##### Changed
- Added update helm dep step to DEVELOPMENT_MAINTENANCE
- Updated gluon helm dependency from 0.4.10 to 0.5.0Twistlock
##### Changelog Updates
##### [0.16.0-bb.0] - 2024-07-27
##### Changed
- gluon updated from 0.5.0 to 0.5.2
- ironbank/twistlock/console/console updated from 32.01.128 to 32.03.125
##### [0.15.0-bb.17] - 2024-07-25
##### Changed
- Added `app` and `version` labels to defender pods to conform to Kiali requirements
- Updated `docs/DEVELOPMENT_MAINTENANCE.md` [Modifications made to upstream](https://repo1.dso.mil/big-bang/product/packages/twistlock/-/blob/main/docs/DEVELOPMENT_MAINTENANCE.md?ref_type=heads#modifications-made-to-upstream) section to reflect changesArgocd
##### Changelog Updates
##### [7.3.11-bb.0] - 2024-07-29
##### Changed
- Update ironbank/big-bang/argocd v2.11.5 -> v2.11.7
- Updated registry1.dso.mil/ironbank/big-bang/argocd v2.11.5 -> v2.11.7
- Updated gluon from 0.5.0 -> 0.5.2
##### [7.3.9-bb.0] - 2024-07-19
##### Changed
- Update ironbank/big-bang/argocd v2.11.3 -> v2.11.4
- Updated registry1.dso.mil/ironbank/big-bang/argocd v2.11.4 -> v2.11.5
- Updated registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.61.0 -> v1.62.0
- Updated redis-bb /registry1.dso.mil/bigbang 19.5.5-bb.0 -> 19.6.2-bb.0Minio Operator
##### Changelog Updates
##### [5.0.16-bb.3] - 2024-07-31
##### Added
- Added `bigbang.labels` helper function to authservice under `templates/bigbang`
- Added call to `bigbang.labels` function in pod template section of `chart/templates/console-deployment.yaml` and `chart/templates/operator-deployment.yaml`
##### [5.0.16-bb.2] - 2024-07-24
##### Changed
- Removed duplicate test values located in Big Bang repoGitlab
- !4875: gitlab update to 8.2.1-bb.0
##### Changelog Updates
##### [8.2.1-bb.0] - 2024-08-02
##### Added
- Introduces `registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base:17.2.1` as `gitlabBase` image where we previously used `ubi9` for some `initContainers`.
##### Changed
- Update appVersion 17.1.2 -> 17.2.1
- Update helm chart 8.1.2 -> 8.2.1
- Update registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.61.0 -> v1.62.0
- Update registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.1.2 -> 17.2.1
- Update registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.1.2 -> 17.2.1Nexus
- !4777: nexusRepositoryManager update to 70.1.0-bb.0
##### Changelog Updates
##### [70.1.0-bb.0] - 2024-07-19
##### Changed
- Updated chart to version: 70.1.0-bb.0 | appVersion: 3.70.1-02
- Updated devops-tester 1.0.0 -> 1.1.1Anchore Enterprise
##### Changelog Updates
##### [2.9.0-bb.0] - 2024-08-01
##### Changed
- Updated Anchore Enterprise chart to `2.9.0`
- Updated Anchore Enterprise tag to `5.8.0`
- Updated Anchore Enterprise UI tag to `5.8.0`
- Updated Anchore Feeds chart to `2.8.0`
- Updated Cypress dependency to `v13.13.2`
##### [2.7.0-bb.8] - 2024-07-31
##### Changed
- Updated Gluon subchart dependency to `0.5.2`
- Updated Redis chart dependency to `19.6.2-bb.0`
##### [2.7.0-bb.7] - 2024-07-30
##### Changed
- Updated charts to be able to exclude imagePullSecretsMattermost Operator
##### Changelog Updates
##### [1.22.0-bb.2] - 2024-07-29
##### Changed
- Updated ironbank image to latest v1.22.0
- Updated CRD references to v1.22.0; the KPTfile and actual content were already pulled from v1.22.0 upstream but the chart references lagged at 1.20.1.
##### [1.22.0-bb.1] - 2024-07-23
##### Changed
- Added integration testing instructions for External Secrets OperatorMattermost
- !4853: mattermost update to 9.10.1-bb.0
- !4801: mattermost update to 9.10.0-bb.3
- !4792: mattermost update to 9.10.0-bb.2
- !4790: mattermost update to 9.10.0-bb.1
##### Changelog Updates
##### [9.10.1-bb.0] - 2024-07-30
##### Changed
- gluon updated from 0.5.0 to 0.5.2
- ironbank/opensource/mattermost/mattermost updated from 9.10.0 to 9.10.1
##### [9.10.0-bb.3] - 2024-07-25
##### Changed
- Documentation updates to move release notes from a README item to a chart annotation
##### [9.10.0-bb.2] - 2024-07-24
##### Changed
- Adding the init container back
##### [9.10.0-bb.1] - 2024-07-23
##### Changed
- Added integration testing instructions for External Secrets OperatorVelero
##### Changelog Updates
##### [6.7.0-bb.7] - 2024-08-02
##### Changed
- Updated kubectl to v1.29.7
- URL fixes in DEVELOPMENT_MAINTENANCE.md
##### [6.7.0-bb.6] - 2024-08-02
##### Changed
- Updated test-values.yaml file to remove duplicate values that are already set in the chart defaults
##### [6.7.0-bb.5] - 2024-08-01
##### Added
- Added `bigbang.labels` helper function to authservice under `templates/bigbang`
- Added call to `bigbang.labels` function in pod template section of `chart/templates/deployment.yaml`Keycloak
- !4857: keycloak update to 2.4.3-bb.3
##### Changelog Updates
##### [2.4.3-bb.3] - 2024-08-01
##### Added
- Added "start" argument to the chart/values.yaml.Thanos
##### Changelog Updates
##### [15.7.9-bb.6] - 2024-07-29
##### Fixed
- Remove unnecessary `match` rule in VirtualService
##### [15.7.9-bb.5] - 2024-07-19
##### Changed
- Set retention to forever with values to set to 0sKnown Issues
-
- On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the
flowcontrol.apiserver.k8s.io/v1beta2api version (no longer served as of v1.29).
In this case, removing the invalid api version should resolve the issue and allow the kiali operator to run successfully.
$ kubectl delete apiservices.apiregistration.k8s.io v1beta2.flowcontrol.apiserver.k8s.io - On Kubernetes 1.29+, the kiali operator may fail with a 404 while running the kiali-deploy playbook if the cluster returns the
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future
Don't see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.
v2.32.0
- !2.32.0; List of merge requests in this release.
Configuration
-
If you want to rebase/retry this MR, check this box
This MR was automatically generated by Renovate Bot.
Upgrade Notices
(Include any relevant notes about upgrades here or write "N/A" if there are none)
Edited by RENOVATE_BOT