Release Notes - 2.49.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.30.3 (RKE2).
Upgrade Notices📜
- Kyverno-policies - MR:
- A new Kyverno Policy has been added which mutates pod specs to drop
ALLcapabilities in all containers if not already done. This policy works in tandem with therequire-drop-all-capabilitiespolicy to make it easier for SREs to securely deploy workloads to their clusters without having to explicitly modify the pod’s containers’securityContexts to be compliant. - If Big Bang consumers are currently excluding certain workloads from the
require-drop-all-capabilitiespolicy due to incompatibilities with that policy, those exclusions should also be included for this new policy:add-default-capability-dropto avoid workload interruption.
- A new Kyverno Policy has been added which mutates pod specs to drop
Upgrades from previous releases📜
If coming from a version pre-2.48.0, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.48.0.
Packages📜
| Package | Type | Package Version | BB Version |
|---|---|---|---|
 Alloy |
Addon | 1.7.1 |
2.0.16-bb.0 🔗 |
| Anchore Enterprise |
Addon | 5.15.0 |
3.5.0-bb.1 🔗 |
| Argocd |
Addon | 2.14.3 |
7.8.7-bb.0 🔗 |
| Authservice | Addon | 1.0.4 |
1.0.4-bb.1 |
| Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.22 |
| Eck Operator | Core | 2.16.1 |
2.16.1-bb.0 |
| Elasticsearch Kibana | Core | Kibana 8.17.3 Elasticsearch 8.17.3 |
1.27.0-bb.0 |
| External Secrets |
Addon | 0.14.3 |
0.14.3-bb.1 🔗 |
| Fluentbit | Core | 3.2.7 |
0.48.6-bb.0 |
| Fortify | Addon | 24.4.2.0009 |
1.1.2320154-bb.22 |
| Gatekeeper |
Core | 3.18.2 |
3.18.2-bb.1 🔗 |
| Gitlab |
Addon | 17.9.2 |
8.9.2-bb.0 🔗 |
| Gitlab Runner |
Addon | 17.8.0 |
0.73.0-bb.1 🔗 |
| Grafana | Core | 11.5.2 |
8.10.1-bb.0 |
| Haproxy | Addon | 2.2.33 |
1.19.3-bb.10 |
| Harbor | Addon | 2.11.0 |
1.16.1-bb.0 |
| Holocron | Addon | 3.3.2 |
1.0.13 |
| Istio Controlplane | Core | Istio 1.23.5 Tetrate Istio Distro 1.23.5 |
1.23.5-bb.0 |
| Istio Operator | Core | Istio Operator 1.23.5 Tetrate Istio Distro Operator 1.23.5 |
1.23.5-bb.0 |
| Jaeger |
Core | 1.62.0 |
2.57.0-bb.4 🔗 |
| Keycloak | Addon | 25.0.6 |
2.5.1-bb.6 |
| Kiali |
Core | 2.6.0 |
2.6.0-bb.0 🔗 |
| Kyverno | Core | 1.13.4 |
3.3.6-bb.0 |
| Kyverno Policies |
Core | 3.3.4 |
3.3.4-bb.3 🔗 |
| Kyverno Reporter | Core | 3.0.0 |
3.0.1-bb.2 |
| Loki |
Core | 3.4.2 |
6.27.0-bb.0 🔗 |
| Mattermost |
Addon | 10.5.1 |
10.5.1-bb.3 🔗 |
| Mattermost Operator | Addon | 1.22.1 |
1.22.1-bb.1 |
| Metrics Server |
Addon | 0.7.2 |
3.12.2-bb.2 🔗 |
Mimir  |
Addon | '2.14.2' |
5.5.1-bb.8 🔗 |
| Minio | Addon | RELEASE.2025-01-20T14-49-07Z |
7.0.0-bb.2 |
| Minio Operator | Addon | 7.0.0 |
7.0.0-bb.1 |
| Monitoring |
Core | Prometheus 3.2.1 Grafana 11.5.2 Alertmanager 0.28.0 |
69.7.3-bb.0 🔗 |
| Neuvector | Core | 5.4.1 |
2.8.3-bb.1 |
| Nexus | Addon | 3.75.0-06 |
75.0.0-bb.2 |
| Promtail | Core | 3.4.2 |
6.16.6-bb.2 |
| Sonarqube | Addon | 10.7.0-community |
10.7.0-bb.0 |
| Tempo | Core | Tempo 2.7.1 Tempo Query 2.7.1 |
1.18.2-bb.0 |
| Thanos |
Addon | 0.37.2 |
15.9.1-bb.2 🔗 |
| Twistlock |
Core | 33.03.138 |
0.19.0-bb.3 🔗 |
| Vault |
Addon | 1.18.5 |
0.29.1-bb.9 🔗 |
| Velero | Addon | 1.15.2 |
8.3.0-bb.0 |
| Wrapper | Core | N / A | 0.4.12 |
Changes in 2.49.0📜
Big Bang MRs📜
- !5877: PR-108
- !5879: chore(ol-istio): removed unused gateway schema values
- !5793: Mimir Disable limit on max_global_series_per_user
- !5846: feat(istio): added iterable gateways
- !5856: remove unnecessary enabled entries
- !5849: Resolve “Enable driftDetection for Storage and Collab packages”
Alloy📜
# Changelog Updates
## [2.0.16-bb.0] - 2025-03-07
### Changed
- k8s-monitoring updated from 2.0.4 to 2.0.16
- Alloy updated from 1.5.1 to 1.7.1
- configmap-reload updated from v0.12.0 to v0.14.0
## [2.0.4-bb.1] - 2025-02-20
### Changed
- add default value of enableReporting to false to disable reaching out to internet
Anchore Enterprise📜
# Changelog Updates
## [3.5.0-bb.1] - 2025-03-12
### Changed
- Added Dynamic Network Policy
## [3.5.0-bb.0] - 2025-03-07
### Changed
- Updated Anchore Enterprise chart to `3.5.0`
- Updated Anchore Enterprise tag to `5.15.0`
- Updated Anchore Enterprise UI tag to `5.15.0`
Argocd📜
- !5906: update argocd 7.8.7-bb.0
# Changelog Updates
## [7.8.7-bb.0] - 2025-03-05
### Changed
- registry1.dso.mil/ironbank/big-bang/argocd v2.14.2 -> v2.14.3
- ironbank/big-bang/argocd v2.14.2 -> v2.14.3
External Secrets📜
- !5884: externalSecrets update to 0.14.3-bb.1
# Changelog Updates
## [0.14.3-bb.1] - 2025-03-11
### Changed
- Resolve errors from enabling drift detection for ESO
Gatekeeper📜
- !5813: gatekeeper update to 3.18.2-bb.1
# Changelog Updates
## [3.18.2-bb.1] - 2025-02-21
### Changed
- Updated gluon from 0.5.12 to 0.5.14
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl from v1.29.12 -> v1.30.10
Gitlab📜
- !5898: gitlab update to 8.9.2-bb.0
# Changelog Updates
## [8.9.2-bb.0] - 2025-03-17
### Changed
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.67.0 -> v1.68.0
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.9.1 -> 17.9.2
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.9.1 -> 17.9.2
## [8.9.1-bb.1] - 2025-03-06
### Changed
- Added configuration for dynamic network policy support
Gitlab Runner📜
- !5874: SKIP UPGRADE gitlabRunner update to 0.73.0-bb.1
# Changelog Updates
## [0.73.0-bb.1] - 2025-03-06
### Changed
- Changed cypress test to use data-testid
Jaeger📜
# Changelog Updates
## [2.57.0-bb.4] - 2025-03-11
### Updated
- jaegertracing/jaeger-collector 1.65.0 -> 1.66.0
- jaegertracing/jaeger-es-index-cleaner 1.65.0 -> 1.67.0
- jaegertracing/jaeger-ingester 1.65.0 -> 1.66.0
- jaegertracing/jaeger-query 1.65.0 -> 1.66.0
- kubernetes/kubectl v1.30.9 -> v1.30.10
## [2.57.0-bb.3] - 2025-03-10
### Add
- Istio Operator-less network policy support
Kiali📜
- !5873: kiali update to 2.6.0-bb.0
# Changelog Updates
## [2.6.0-bb.0] - 2026-03-10
### Updated
- Updated Kiali and Kiali-operator to v2.6.0
Kyverno Policies📜
- !5718: kyvernoPolicies update to 3.3.4-bb.3
# Changelog Updates
## [3.3.4-bb.3] - 2025-01-21
### Changed
- Added `add-default-capability-drop` policy
## [3.3.4-bb.2] - 2024-12-15
### Changed
- Added `additionalPolicyExceptions` to values.yaml
- Added `additional-PolicyExceptions.yaml`
Loki📜
- !5860: loki update to 6.27.0-bb.0
# Changelog Updates
## [6.27.0-bb.0] - 2025-03-05
### Changed
- docker.io/grafana/loki-canary 3.3.2 -> 3.4.2
- minio-instance 6.0.4-bb.2 -> 7.0.0-bb.2
- registry1.dso.mil/ironbank/grafana/grafana-enterprise-logs v3.3.0 -> v3.4.1
- registry1.dso.mil/ironbank/ironbank/opensource/grafana/enterprise-logs-provisioner 3.4.0 -> 3.4.1
- registry1.dso.mil/ironbank/opensource/grafana/loki 3.3.2 -> 3.4.2
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.30.9 -> v1.30.10
- registry1.dso.mil/ironbank/opensource/memcached/memcached 1.6.36 -> 1.6.37
Mattermost📜
- !5902: mattermost update to 10.5.1-bb.3
# Changelog Updates
## [10.5.1-bb.3] - 2025-03-13
### Changed
- ironbank/opensource/kubernetes/kubectl updated from v1.30.10 to v1.30.11
Metrics Server📜
- !5870: metricsServer update to 3.12.2-bb.2
# Changelog Updates
## [3.12.2-bb.2] - 2025-03-07
### Upgraded
- Update kubectl `1.29.8` -> `1.30.10`
- Update gluon `0.5.4` -> `0.5.14`
- Update addon-resizer `1.8.21` -> `1.8.23`
Mimir📜
# Changelog Updates
## [5.5.1-bb.8] - 2025-03-19
### Added
- Added minio label to existing netpol to allow istio-proxy scraping
## [5.5.1-bb.7] - 2025-03-11
### Added
- Added network policy to allow prometheus scraping on port 15020 for the istio-proxy podMonitors
Monitoring📜
- !5891: monitoring update to 69.7.3-bb.0
# Changelog Updates
## [69.7.3-bb.0] - 2025-03-05
### Updated
- Updated grafana-plugins 11.4.0 -> 11.5.2
- Updated k8s-sidecar 1.29.0 -> 1.30.0
- Updated kube-state-metrics v2.14.0 -> v2.15.0
- Updated kubectl v1.30.9 -> v1.30.10
- Updated prometheus-config-reloader v0.79.2 -> v0.80.1
- Updated prometheus-operator v0.79.2 -> v0.80.1
- Updated alertmanager v0.27.0 -> v0.28.0
- Updated node-exporter v1.8.2 -> v1.9.0
- Updated prometheus v3.1.0 -> v3.2.1
- Updated snmp_exporter v0.27.0 -> v0.28.0
Thanos📜
- !5880: thanos update to 15.9.1-bb.2
# Changelog Updates
## [15.9.1-bb.2] - 2025-03-07
### Upgraded
- Upgraded kutectl from `1.30.9` to `1.30.10`
- Upgraded bitnami-common `2.29.1` to `2.30.0`
Twistlock📜
- !5903: Add dynamic network policy for twistlock
- !5894: twistlock update to 0.19.0-bb.3
- !5757: twistlock update to 0.19.0-bb.0 (twistlock v33.03.138)
# Changelog Updates
## [0.19.0-bb.3] - 2025-03-14
### Changed
- Added Istio Operator-less network policy support
## [0.19.0-bb.2] - 2025-03-12
### Changed
- Edited contrib script `twistlock-defenders.sh` and `chart/scripts/contrib/scripts/il2-bb-sil-prod-example.env` env file to allow manual deployment of twistlock to support multi-cluster scenarios.
## [0.19.0-bb.0] - 2025-02-01
### Changed
- gluon updated from 0.5.12 to 0.5.14
- ironbank/opensource/kubernetes/kubectl updated from v1.30.7 to v1.30.9
- ironbank/twistlock/console/console updated from 33.01.137 to 33.03.138
- ironbank/twistlock/defender/defender updated from 33.01.137 to 33.03.138
Vault📜
- !5848: vault update to 0.29.1-bb.9
# Changelog Updates
## [0.29.1-bb.9] - 2025-02-28
### Changed
- registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s (source) v1.6.1 -> v1.6.2
Known Issues📜
- Kyverno-Reporter - ISSUE
- there is currently a bug within the prometheus Kyverno Reporter (serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0) target
Workaround Steps
- set both the default-istio-system and policy-reporter-default peerauthentication’s to PERMISSIVE
kubectl edit peerauthentication default-istio-system -n istio-system kubectl edit peerauthentication policy-reporter-default -n kyverno-reporter
- set both the default-istio-system and policy-reporter-default peerauthentication’s to PERMISSIVE
- there is currently a bug within the prometheus Kyverno Reporter (serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0) target
Workaround Steps
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.