Release 1.17.0

1. Release Prep

Verify that the previous release branch commit hash matches the last release tag. Investigate with previous RE if they do not match
Create release branch with name. Ex: release-1.16.x
Build draft release notes, see release_notes_template.md
Release specific code changes. Make the following changes in a single commit so it can be cherry picked into master later.
- Bump self-reference version in base/gitrepository.yaml
- Update chart release version chart/Chart.yaml
- Bump badge at the top of README.md
- Update /Packages.md with any new Packages
- Update CHANGELOG.md with links to MRs and any upgrade notices/known issues. release-diff update link for release
- Update README.md using helm-docs. Overwrite the existing readme file.
```
# from root dir of your release branch
docker run -v "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:v1.5.0 -s file -t .gitlab-ci/README.md.gotmpl --dry-run > README.md
```

2. Test and Validate Release Candidate

Deploy release branch on Dogfood cluster

Connect to Cluster
Update bigbang/base/kustomization.yaml & bigbang/prod/kustomization.yaml with release branch.

Verify cluster has updated to the new release

Packages have fetched the new revision and match the new release

Packages have reconciled

# check release
watch kubectl get gitrepositories,kustomizations,hr,po -A
# if flux has not updated after 10 minutes.
flux reconcile hr -n bigbang bigbang --with-source
# if it is still not updating, delete the flux source controller 
kubectl get all -n flux-system 
kubectl delete pod/source-controller-xxxxxxxx-xxxxx -n flux-system

Confirm app UIs are loading

Logging

Login to kibana with SSO
Kibana is actively indexing/logging.

Cluster Auditor

Login to kibana with SSO
violations index is present and contains images that aren't from registry1

Monitoring

Login to grafana with SSO
Contains Kubernetes Dashboards and metrics
contains istio dashboards
Login to prometheus
All apps are being scraped, no errors

Kiali

Sonarqube

GitLab & Runners

Login to gitlab with SSO
Create new public group with release name. Example release-1-17-0
Create new public project with release name. Example release-1-17-0
git clone and git push to new project

docker push and docker pull image to registry

docker pull alpine
docker tag alpine registry.dogfood.bigbang.dev/GROUPNAMEHERE/PROJECTNAMEHERE/alpine:latest
docker login registry.dogfood.bigbang.dev
docker push registry.dogfood.bigbang.dev/GROUPNAMEHERE/PROJECTNAMEHERE/alpine:latest

Edit profile and change user avatar
Test simple CI pipeline. sample_ci.yaml

Anchore

Login to anchore with SSO
Scan image in dogfood registry, registry.dogfood.bigbang.dev/GROUPNAMEHERE/PROJECTNAMEHERE/alpine:latest

Argocd

Login to argocd with SSO
Logout and login with admin. password reset

Create application

*click* create application
application name: argocd-test
Project: default
Sync Policy: Automatic
Sync Policy: check both boxes
Sync Options: check both boxes 
Repository URL: https://github.com/argoproj/argocd-example-apps
Revision: HEAD
Path: helm-guestbook
Cluster URL: https://kubernetes.default.svc
Namespace: argocd-test
*click* Create (top of page)

Delete application

Minio

Log into the minio UI as minio with password minio123
Create bucket
Store file to bucket
Download file from bucket
Delete bucket and files

Mattermost

Login to mattermost with SSO
Elastic integration

Twistlock

Login to twistlock/prisma cloud with the credentials encrypted in bigbang/prod/environment-bb-secret.enc.yaml
Navigate to Manage -> Defenders -> Deploy
- Turn off "Use the official Twistlock registry" and in "Enter the full Defender image name" paste the latest IB image for defenders
- Toggle on "Monitor Istio"
- TBD other settings?
- From 17b, download the yaml files
Apply the yaml to the dogfood cluster and validate that defender pods come online and register in the console (Manage -> Defenders -> Manage should show them)

Velero

Backup PVCs velero_test.yaml

kubectl apply -f ./velero_test.yaml
# exec into velero_test container
cat /mnt/velero-test/test.log
# take note of log entries and exit exec

velero backup create velero-test-backup-1-8-0 -l app=velero-test
velero backup get
kubectl delete -f ./velero_test.yaml
kubectl get pv | grep velero-test
kubectl delete pv INSERT-PV-ID

Restore PVCs

velero restore create velero-test-restore-1-8-0 --from-backup velero-test-backup-1-8-0
# exec into velero_test container
cat /mnt/velero-test/test.log
# old log entires and new should be in log if backup was done correctly

Cleanup test

kubectl delete -f ./velero_test.yaml
kubectl get pv | grep velero-test
kubectl delete pv INSERT-PV-ID

Keycloak

3. Create Release

Create release candidate tag based on release branch. Tag EX: 1.16.0-rc.0.
```
Message: release candidate
Release Notes: **Leave Blank**
```
Passed tag pipeline.
Create release tag based on release branch. Tag EX: 1.16.0.
```
Message: release 1.x.x
Release Notes: **Leave Blank**
```
Passed release pipeline.
Add release notes to release.
Cherry-pick release commit(s) as needed with merge request back to master branch
Celebrate and announce release

RELEASE NOTES

Release 1.17.0 Release Notes

Please see our documentation page for more information on how to consume and deploy BigBang.

Upgrade Notices

Hostname Changed to Domain

Value hostname has been changed to domain. MR

# -- Domain used for BigBang created exposed services, can be overridden by individual packages.
domain: bigbang.dev

Resources

Bigbang is in the process of implementing resource requests and limits on all pods in preparation of setting OPA constraints to deny. If you notice multiple pod restarts check for OOMKill termination errors and pod limits may need to be increased.

Upgrades from previous releases

If coming from a version pre-1.15 note the additional upgrade notices in any release in between. The BB team doesn't test/guarantee upgrades from anything pre-1.15.

Packages

Package	Type	Package Version	BB Version
Istio Controlplane	Core	`1.10.4`	`1.10.4-bb.3`
Istio Operator	Core	`1.10.4`	`1.10.4-bb.1`
Jaeger	Core	`2.23.0`	`2.23.0-bb.2`
Kiali	Core	`1.39.0`	`1.39.0-bb.2`
Cluster Auditor	Core	`1.16.0`	`0.3.0-bb.7`
OPA Gatekeeper	Core	`3.5.2`	`3.5.2-bb.1`
Elasticsearch Kibana	Core	`7.13.4`	`0.1.21-bb.0`
ECK Operator	Core	`1.6.0`	`1.6.0-bb.2`
Fluentbit	Core	`1.8.6`	`0.16.6-bb.0`
Monitoring	Core	G: `7.5.2`, P: `2.25.0`, A: `0.21.0`	`14.0.0-bb.8`
Twistlock	Core	`21.04.439`	`0.0.9-bb.0`
Argocd	Addon	`2.0.1` (w/ p1 plugins)	`3.6.8-bb.8`
Authservice	Addon	`0.4.0`	`0.4.0-bb.17`
MinIO Operator	Addon	`4.1.2`	`4.1.2-bb.3`
MinIO	Addon	`RELEASE.2020-11-19T23-48-16Z`	`4.1.2-bb.6`
Gitlab	Addon	`13.12.9`	`4.12.9-bb.6`
Gitlab Runners	Addon	`13.12.0`	`0.29.0-bb.1`
Nexus	Addon	`3.34.0`	`34.0.0-bb.0`
SonarQube	Addon	`8.9` (w/ p1 plugins)	`9.6.3-bb.1`
Anchore	Addon	ENG: `0.10.0`, ENT: `3.1.0`	`1.13.0-bb.8`
Mattermost Operator	Addon	`1.14.0`	`1.14.0-bb.4`
Mattermost	Addon	`5.38.2`	`0.2.0-bb.1`
Velero	Addon	`1.6.3`	`2.23.6-bb.1`
Keycloak	Addon	`14.0.0`	`11.0.1-bb.6`

Changes in v1.17.0

Big Bang CI

There were also a number of internal CI changes made over the past release period, for more details you can check the relevant MRs.

Known Issues

On some k8s distros certain components in the kube-system namespace are unable to be scraped by Prometheus
Nexus needs nodeAffity set to FIPS enable nodes. Issue

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Open issues here
Join our chat
Check out the documentation for guidance on how to get started

Future

Don't see your feature and/or bug fix? Check out our roadmap for estimates on when you can expect

Edited Sep 24, 2021 by Micah Nagel

Admin message

Release 1.17.0

1. Release Prep

2. Test and Validate Release Candidate

3. Create Release

RELEASE NOTES

Release 1.17.0 Release Notes

Upgrade Notices

Hostname Changed to Domain

Resources

Upgrades from previous releases

Packages

Changes in v1.17.0

Big Bang

Istio Controlplane

Gatekeeper

Kiali

Jaeger

Logging

Keycloak

SonarQube

Anchore

ARgoCD

Authservice

Gitlab

FluentBit

Twistlock

Velero

HAProxy

Documentation

Big Bang CI

Known Issues

Helpful Links

Future