Skip to main content
Version: 5.14.1

Release Notes

5.14.1 (2024-07-01)

Additional Notes

Starting with Gitlab 17, runner registration tokens are no longer supported by default. Applying this version as an upgrade to a pre-existing cluster will require either re-enabling runner registration tokens (https://docs.gitlab.com/ee/administration/settings/continuous_integration.html#enable-runner-registrations-tokens) or creating a runner authentication token and updating the gitlab-gitlab-runner-secret secret in the gitlab-runner namespace with the new token (https://repo1.dso.mil/big-bang/product/packages/gitlab/-/blob/main/docs/gitlab17.md)

If SSO configuration has already been setup manually, disregard this. However, if you are using the new automated SSO configuration features, any crossplane-managed keycloak groups will need to be reassociated to their crossplane object. To do so, find groups that are currently failing by kubectl get groups.group.keycloak.crossplane.io and for any that are Synched = False, you will need to manually get the UUID from keycloak and apply the crossplane.io/external-name: <UUID> annotation to the object.

Package Bug Fixes

  • zarf: upgrade gitlab to 17.1.1 to patch cve

5.14.0 (2024-06-27)

Additional Notes

If SSO configuration has already been setup manually, disregard this. However, if you are using the new automated SSO configuration features, any crossplane-managed keycloak groups will need to be reassociated to their crossplane object. To do so, find groups that are currently failing by kubectl get groups.group.keycloak.crossplane.io and for any that are Synched = False, you will need to manually get the UUID from keycloak and apply the crossplane.io/external-name: <UUID> annotation to the object.

IaC Bug Fixes

  • iac: set cluster_iam_role_dns_suffix in EKS module
  • iac: set preserve_client_ip to null if compatibility_mode is true

Package Features

  • monitoring apps sso with xrds
  • bump console to 5.49.20240614000040
  • console: update console to 5.50.x
  • crossplane: grafana uses keycloak XRD provider
  • crossplane: Keycloak-config is fully configurable from values.yaml
  • crossplane: Neuvector declarative configuration
  • Keycloak CVE fix
  • update console to 5.49x and chart 1.7.0
  • update to include console 5.49.20240614180839
  • Upgrade Big Bang to 2.29.0

Package Bug Fixes

  • crossplane: Keycloak-Config reports ready
  • crossplane: secret management for keycloak-config

Documentation

  • Create Release Notes Section in our Documentation

5.13.0 (2024-06-11)

Package Features

  • console: upgrade console to use v1.5.1 chart
  • update console to latest v5.48 to support ami
  • upgrade big bang to 2.28.1

Package Bug Fixes

  • nest templating of keycloak hostname
  • url syntax within structsure chart

5.12.0 (2024-06-04)

IaC Features

  • iac: nexus iac

IaC Bug Fixes

  • iac: IAC logic to handle no zarf registry s3 backing

Package Features

  • console: include latest Console v5.47
  • crossplane: Create XRD and Zarf package for Nexus
  • update console to support keycloak 23
  • upgrade big bang to 2.27.0

Package Bug Fixes

  • docs: transitory 404s on docs site
  • metrics-server not being deployed automatically in EKS clusters
  • zarf,crossplane: CVE fix for Confluence and Jira
  • zarf: ingress-pki failures related to Vault if CA_CERT is not specified

Documentation

  • update docs to include keycloak-config zarf variable
  • zarf: fix example zarf config in docs

5.11.1 (2024-06-17)

🚨 Danger 🚨

This release has a significant refactor in how configmaps/secrets for the Bigbang HR are created. Crossplane will recreate all of the ones Structsure manages which can result in applications temporarily being undeployed. To prevent problems and outages, suspend the bigbang helm release when performing the upgrade for this Structsure release. Afterwards, you can verify configmaps/secrets for the bigbang helm release are present and can unsuspend the helm release.

Package Bug Fixes

  • add kyverno policy exception for promtail capability

5.11.0 (2024-05-15)

🚨 Danger 🚨

This release has a significant refactor in how configmaps/secrets for the Bigbang HR are created. Crossplane will recreate all of the ones Structsure manages which can result in applications temporarily being undeployed. To prevent problems and outages, suspend the bigbang helm release when performing the upgrade for this Structsure release. Afterwards, you can verify configmaps/secrets for the bigbang helm release are present and can unsuspend the helm release.

IaC Features

  • iac: add efs-dynamic iac module for RWX storage

Package Features

  • configuring ArgoCD for high availability
  • create dashboard for daily active users in grafana
  • crossplane: add keycloak configurations managed by XRD
  • upgrade big bang to 2.26.0
  • zarf deployment waits for all packages to report ready status

Package Bug Fixes

  • promtail: allow promtail to bypass read access control
  • zarf: no minio-overrides cm or secret created when deploying minio

Documentation

  • adding edge install and maintenance docs to docusaurus
  • how to use custom images / git repos
  • inline code block styling
  • Structsure doc edits

Other Changes

  • iac: remove unused variable declarations from iac
  • xrd: convert application XRDs for function pipelines

5.10.0 (2024-05-01)

IaC Bug Fixes

  • iac: gitlab tmp bucket

Package Features

  • Upgrade BB to 2.25
  • Vault IaC and HA config

Package Bug Fixes

  • patch nfs permission fixer for Confluence

Documentation

  • Argo CD is two words

5.9.0 (2024-04-16)

IaC Features

  • iac: adding create IAM role logic to Gitlab, Mattermost, Loki, and Velero
  • iac: Enable RKE2 customer supplied userdata config

IaC Bug Fixes

  • iac: Add policy for S3 Userdata
  • iac: update cp and va var names

Package Features

  • crossplane: patch, go-templating functions & keycloak-provider
  • enable keycloak fine grained authz by default
  • Upgrade BigBang to 2.24

Documentation

  • web proxy configuration

5.8.0 (2024-04-05)

Additional Notes:

  • Minimum zarf version supported is now v0.32.6

IaC Features

  • iac: Add efs for jira and confluence
  • iac: add IRSA support for Velero add-on
  • iac: Update EKS IAC to allow clients to provide an existing IAM role

IaC Bug Fixes

  • iac: EKS IAM policies not tagged when compatibility_mode is set

Package Features

  • upgrade console to 5.45x
  • upgrading to Big Bang 2.23.0

Package Bug Fixes

  • config from previous deploys can't be unset
  • zarf: cluster auditor claim/secret name
  • zarf: on init disable storage redirect
  • zarf: resolve issue with helm templates in multi-node clusters

Documentation

  • add compatability mode documentation

Other Changes

  • iac: add IRSA related variables to EKS IaC

5.7.0 (2024-03-20)

IaC Bug Fixes

  • iac: offering other IAM role than InstanceOpsRole

Package Features

  • update console to 5.44
  • upgrading Big Bang to 2.22.0
  • zarf: upgrade supported zarf version to v0.32.4

Package Bug Fixes

  • upgrade Confluence to 8.8.1 to address vulnerabilities

Documentation

  • add Identity section to Console technical manual
  • clarify release to main branch instructions
  • commit/MR guidelines for release notes

5.6.0 (2024-3-5)

Warning:

  • Changes to Sonarqube password generation require terraform to generate a new password for pre-existing deployments. As a result, Sonarqube will be down from the time the IaC is ran until the cluster has reconciled the outputted BigBang values files.
  • Changes to GitLab's RDS settings will cause a restart of the database. GitLab will be down during the restart.

Additional Notes:

  • With the addition of cluster-autoscaler, the recommended minimum version of k8s is now 1.27.

Features

  • add ability to force SSL on Gitlab RDS, on by default
  • add cluster-autoscaler xrd and zarf packages
  • add Kiali as optional add-on
  • add Tempo as optional add-on
  • enable keycloak cac auth support
  • update Crossplane provider-kubernetes to v0.11.4
  • update Crossplane to v1.15.0
  • Upgrade BigBang to v2.21
  • upgrading Big Bang to 2.21.1

Bug Fixes

  • sonarqube password generation

Other Changes

  • document the release process
  • docusaurus design updates
  • minor corrections
  • minor updates
  • simplify IaC CI
  • versioning the 5.6.0 documentation

5.5.0 (2024-2-21)

Features

  • add metrics-server BigBang add-on
  • allow shared terragrunt modules outside of git repo
  • bb 2.20.0 upgrade
  • enable automatic etcd backup to s3
  • update structsure console to 5.43
  • use differential zarf packages to speed up package build and deploy

Bug Fixes

  • add ability to turn off NLB security groups
  • exporting user data variables
  • force re-creation of crossplane private-registry-internal secret

Other Changes

  • allow creation of pre-release on main even if mr is open
  • alternative method to SSH into a cluster
  • blackhole api.github.com in coredns EKS add-on
  • landing page updates
  • versioning the 5.5.0 documentation

5.4.1 (2024-2-12)

Bug Fixes

  • add missing redis image used by authservice
  • don't hardcode rke2 userdata region
  • ensure RKE2 AMI filter selects the Rocky 8 AMI
  • handle empty ami data object in RKE2 IaC
  • remove link
  • update checksum var

Other Changes

  • add note about missing Authservice image to upgrabe-big-bang doc
  • always build iac bundle on tags and protected branches
  • disable release jobs for branch and MR pipelines
  • refactor documenation pipeline to fix pages and publishing

5.4.0 (2024-2-9)

Features

  • add docs and IAC package to release pipeline
  • update provider-kubernetes to v0.11.2
  • update Structsure Console to 5.42.20240202021119
  • upgrading big bang to 2.19.1

Bug Fixes

  • checksum-manifest only included on tagged commits
  • pipelines cannot retrieve latest zarf release package
  • restrict the EKS terraform module to version 19.x
  • rke2 CP / kyverno

Other Changes

  • add instructions for deploying trend micro
  • create missing versions
  • fix error in release-zarf-package job in main
  • govcloud release & checksum release
  • merge Structsure AWS IaC repo into Structsure Enterprise
  • push final docs to docs.structsure.io
  • quickstart: remove duplicate quickstart
  • update single node install instructions

5.3.0 (2024-1-24)

Features

  • add govcloud runner & add runner tags
  • checksum manifest for zarf assets
  • update to Big Bang 2.18.0

Other Changes

  • automatically link and upload packages to s3 on tag pipelines
  • console: initial Structsure Console docs
  • remove all requests to api.github.com

5.2.0 (2024-1-19)

Features

  • update console image to 5.42.20240111143003
  • update to Big Bang 2.17.0

Bug Fixes

  • update crossplane version checks in zarf package
  • update neuvector tag to fix bug
  • upgrade Confluence to 8.7.2 to address vulnerabilities

Other Changes

  • add separate build-zarf-sbom job
  • automatically upload release artifacts to s3
  • don't attach artifacts with semantic-release
  • don't publish sbom if one was not generated
  • increase pipeline instance storage size
  • refactor build jobs as part of parent pipeline
  • revert separate job for zarf sbom

5.1.0 (2024-1-15)

Known Issues

  • On RKE2-based clusters, Kyverno may prevent new control plane nodes from joining the cluster. If rotating or adding a new control plane node, we currently recommend scaling down Kyverno while creating the new control plane node and scaling Kyverno back up upon completion of the maintenance.
  • With some configuration values, Neuvector will fail to deploy by default with this release. In order to ensure that Neuvector deploys, you may add the flag --set NEUVECTOR_ENABLED=true to your zarf package deploy command to work around this.

Features

  • add console xrd/zarf
  • add Vault as an optional component
  • cert-manager xrd and zarf package
  • update Crossplane to v1.14.4
  • update provider-kubernetes to v0.10.0
  • update to Big Bang 2.16.0
  • upgrade jira to 9.12.0

Bug Fixes

  • add directory change for pages job when ran on main branch
  • add keycloak config to console
  • add nextauth_url to console config
  • console default values
  • replace every instance of kubectl with ./zarf tools kubectl
  • update Confluence image to 8.7.1 for CVEs
  • yq wasn't pointing to the zarf packaged yq

Other Changes

  • adding 5.0.0 version to docs
  • automatically release on named release branches
  • Build Cache Optimization
  • convert commitlint config to js syntax
  • don't comment on issues and mrs with each release
  • fix baseUrl for docusaurus
  • fix typo for Console and sort items
  • merge structsure-docs into structsure enterprise
  • only update changelog on releases, not pre-releases
  • typo in release config
  • use manual zarf cache

5.0.1 (2024-1-12)

Known Issues

  • On RKE2-based clusters, Kyverno may prevent new control plane nodes from joining the cluster. If rotating or adding a new control plane node, we currently recommend scaling down Kyverno while creating the new control plane node and scaling Kyverno back up upon completion of the maintenance.

Bug Fixes

  • update gitlab webservice to 16.7.0 to patch cve

5.0.0 (2023-12-7)

Known Issues

  • On RKE2-based clusters, Kyverno may prevent new control plane nodes from joining the cluster. If rotating or adding a new control plane node, we currently recommend scaling down Kyverno while creating the new control plane node and scaling Kyverno back up upon completion of the maintenance.
  • Confluence and Jira have critical security advisories published as of December 5th, 2023. A patch release will be published once updated Iron Bank images are available for both applications.

Features

  • add confluence XRD
  • add gitlab runner xrd
  • add keycloak plugin init container
  • add mattermost XRD
  • adding gitlab xrd and zarf
  • adding jira XRD
  • adding mattermost operator XRD
  • fluentbit xrd and zarf package
  • increase node capacity and volume size
  • refactor structsure-enterprise package and support collab clusters
  • SonarQube XRD
  • structsure upgrade preserve custom bigbang values
  • upgrade bb to 2.13.1
  • upgrade big bang to 2.14.0
  • upgrade packages to 2.11.0
  • upgrade to bb 2.12.0
  • upgrade to bb 2.15.1

Bug Fixes

  • add KyvernoPolicies exception for Zarf resources
  • address ci caches
  • confluence patch for CVE-2023-22518
  • exclude aws cloud provider and csi driver from kyverno
  • fixing twistlock components
  • make snapshotter-crds optional in structsure-enterprise zarf pkg

Other Changes

  • ADR for product organization and workflow
  • automatically generate sbom alongside release software artifacts
  • change XRD pipeline instance type to m5a.4xlarge
  • create rc pre-releases from main instead of alphas
  • fix IMDSv2 pipeline errors
  • fixed spelling
  • fixed spelling
  • make image URI based on CI variables
  • pin zarf to a specific version
  • replacing mgmt-bootstrap with enterprise
  • update runners documentation