Release Notes
5.19.0 (2024-09-04)
IaC Features
- iac: add toggle for containerd ironbank mirror
- iac: change rds_engine_version type to string
Package Features
- enable Loki by default in DT and collab
- update console to 5.54.x
- upgrade Big Bang to v2.34.0
- Upgrade third-party Big Bang apps
Package Bug Fixes
- kyverno policy exclusion and s3 region endpoint for gitlab backup
- upgrade and restore broken cluster autoscaler functionality
- zarf: cluster autoscaler is broken
Documentation
- Neuvector upgrade docs
- RKE2 IaC reference docs
- spelling correction
- update console docs
5.19.0-rc.1 (2024-09-02)
🎉 This release of Structsure Enterprise v5.19.0 introduces several important updates, including Big Bang Version 2.34.0. For detailed information on the new features and updates included in Big Bang Version 2.34.0, please refer to the Big Bang release notes.
🔧 Upgrade Notices
🚨 Big Bang Upgrade
Nexus:
- ⚠️ Breaking Changes:
- Nexus 3.71.0-06 removes support for internal OrientDB and replaces it with H2.
- Nexus 3.71.0-06 requires Java 17+ (previously supported Java 8 and 11).
- ⚠️ Migration Required: If you are using an internal database, refer to the migration steps before upgrading.
- ⚠️ Breaking Changes:
Minio-operator:
- The MinIO Operator Console has been deprecated and removed starting from version 6.0.0.
BigBang:
- Resolved an issue with an invalid value in the
images.txt
release artifact.
- Resolved an issue with an invalid value in the
📢 Confluence Upgrade
- This release includes a major version upgrade of Confluence from 8.9.4 to 9.0.2.
- For detailed upgrade notes from Atlassian, refer to the Confluence 9.0 upgrade notes.
🚨 Important: Please update the miniOrange SSO app and any other apps you are using to ensure compatibility with Confluence version 9.0.
✨ Major Features
🛠️ Containerd Iron Bank Mirror
- Structsure Enterprise now includes a built-in containerd mirror for mirroring Iron Bank images to Zarf's internal registry. This mirror is enabled by default, and instructions on how to disable it are available here.
🔍 Compatibility
🧩 Zarf Version
- The packages for this release were built using Zarf v0.32.6.
🌐 Kubernetes Distributions and Versions
- The packages were tested across the following Kubernetes distributions:
- RKE2:
v1.29.7+rke2r1
- K3S:
v1.30.0
- EKS:
v1.29
- RKE2:
📦 AMI Versions
- The following AMI versions were used for testing:
- RKE2 AMI:
Structsure-rke2-v1.29.7-rke2r1-rocky-8-base-v1.1.1-stig-2024-08-12T08-14-46Z
- EKS AMI:
Structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-07-29T08-12-23Z
- Base AMI:
Rocky-8-EC2-LVM-8.10-20240528.0.x86_64
- RKE2 AMI:
📝 Changelog
🛠️ Infrastructure as Code (IaC) Features
- iac: Added toggle for containerd Iron Bank mirror.
- iac: Changed
rds_engine_version
type to string.
📦 Package Features
- Enabled Loki by default in DT and collab.
- Updated console to version 5.54.x.
- Upgraded Big Bang to version 2.34.0.
- Upgraded third-party Big Bang apps.
🐞 Bug Fixes
- Fixed Kyverno policy exclusion and S3 region endpoint for GitLab backup.
- Restored broken cluster autoscaler functionality.
- Resolved cluster autoscaler issue.
📚 Documentation Updates
- Updated Neuvector upgrade documentation.
- Added RKE2 IaC reference documentation.
- Corrected spelling errors.
- Updated console documentation.
🛑 Known Issues
- ❗ Incorrect Virtual Service Host Configuration in Loki Scalable Mode
🔗 Helpful Links
- Refer to the Structsure documentation for additional guidance.
- For details on the Big Bang release, see the Big Bang Release Notes.
5.18.0 (2024-08-21)
This release of Structsure Enterprise v5.18.0 includes Big Bang Version 2.33.0. For more details on the features and updates included in Big Bang Version 2.33.0, please refer to the Big Bang release notes.
Upgrade Notices
EKS Default Node Group Naming
The eks-cluster
IaC module now supports a variable called default_eks_node_group_name
, which allows specifying the name for the default node group and its EC2 instances. If the value is empty, the default node group will inherit the cluster's name.
If the node group name is changed, this will trigger a node group replacement. To avoid triggering node group replacement inadvertently on existing clusters, if this value is not set, the default will match the previous value, "structsure-nodes"
. If the default node group is disabled using the disable_default_node_groups
variable (usually used in conjunction with additional_eks_managed_groups
), the default_eks_node_group_name
variable will have no effect.
Compatibility
Zarf Version
The packages for this release were built using the following Zarf version:
- Zarf:
v0.32.6
Kubernetes Distributions and Versions
The packages were tested across the following Kubernetes distributions and versions:
- Rancher Kubernetes Engine 2 (RKE2):
v1.29.7+rke2r1
- Kubernetes Lightweight (K3S):
v1.30.0
- Elastic Kubernetes Service (EKS):
v1.29
AMI Versions
The following AMI versions were used for testing:
- RKE2 AMI:
Structsure-rke2-v1.29.7-rke2r1-rocky-8-base-v1.1.1-stig-2024-08-12T08-14-46Z
- EKS AMI:
Structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-07-29T08-12-23Z
- Base AMI:
Rocky-8-EC2-LVM-8.10-20240528.0.x86_64
Changelog
IaC Features
- Iac: Allow configuration of the RDS backup retention period
- Iac: Allow passing root CAs as strings or base64
- Iac: EKS default node group name supports inherited cluster name
Package Features
- Upgrade Big Bang to v2.33.0
Package Bug Fixes
- Collect existing Big Bang values and merge into provided values
- Default values prevent Console deploy
- Handle empty existing bigbang-overrides
- Prevent failed upgrades from creating multiple XRs
Documentation
- Explicitly export
zarf_config
variable in upgrade documentation
Helpful Links
- Check out the documentation for guidance
- Big Bang v2.33.0 Release Notes
5.18.0-rc.1 (2024-08-19)
This release of Structsure Enterprise v5.18.0 includes Big Bang Version 2.33.0. For more details on the features and updates included in Big Bang Version 2.33.0, please refer to the Big Bang release notes.
Upgrade Notices
EKS Default Node Group Naming
The eks-cluster
IaC module now supports a variable called default_eks_node_group_name
, which allows specifying the name for the default node group and its EC2 instances. If the value is empty, the default node group will inherit the cluster's name.
If the node group name is changed, this will trigger a node group replacement. To avoid triggering node group replacement inadvertently on existing clusters, if this value is not set, the default will match the previous value, "structsure-nodes"
. If the default node group is disabled using the disable_default_node_groups
variable (usually used in conjunction with additional_eks_managed_groups
), the default_eks_node_group_name
variable will have no effect.
Compatibility
Zarf Version
The packages for this release were built using the following Zarf version:
- Zarf:
v0.32.6
Kubernetes Distributions and Versions
The packages were tested across the following Kubernetes distributions and versions:
- Rancher Kubernetes Engine 2 (RKE2):
v1.29.7+rke2r1
- Kubernetes Lightweight (K3S):
v1.30.0
- Elastic Kubernetes Service (EKS):
v1.29
AMI Versions
The following AMI versions were used for testing:
- RKE2 AMI:
Structsure-rke2-v1.29.7-rke2r1-rocky-8-base-v1.1.1-stig-2024-08-12T08-14-46Z
- EKS AMI:
Structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-07-29T08-12-23Z
- Base AMI:
Rocky-8-EC2-LVM-8.10-20240528.0.x86_64
Changelog
IaC Features
- Iac: Allow configuration of the RDS backup retention period
- Iac: Allow passing root CAs as strings or base64
- Iac: EKS default node group name supports inherited cluster name
Package Features
- Upgrade Big Bang to v2.33.0
Package Bug Fixes
- Collect existing Big Bang values and merge into provided values
- Default values prevent Console deploy
- Handle empty existing bigbang-overrides
- Prevent failed upgrades from creating multiple XRs
Documentation
- Explicitly export
zarf_config
variable in upgrade documentation
Helpful Links
- Check out the documentation for guidance
- Big Bang Release Notes
5.17.1 (2024-08-26)
Package Bug Fixes
- collect existing bigbang values and merge into provided values
- default values prevent console deploy
- handle empty existing bigbang-overrides
- prevent failed upgrades from creating multiple XRs
5.17.0 (2024-08-16)
This release of Structsure Enterprise v5.17.0 includes Big Bang Version 2.32.0. For more details on the features and updates included in Big Bang Version 2.32.0, please refer to the Big Bang release notes.
Upgrade Notices
Kubernetes Upgrade Requirement
This release requires Kubernetes native sidecars. Hence, an upgrade to Kubernetes v1.29 or later is required.
Post-Upgrade Instructions
To ensure the istio-proxy
sidecar container switches to an init container (due to Kubernetes native sidecar support), restart all Istio-supporting pods immediately after the upgrade. Use the following commands:
for ns in $(kubectl get ns -l app.kubernetes.io/part-of=bigbang,istio-injection=enabled -o custom-columns=":metadata.name"); do
kubectl rollout restart deployment -n $ns
kubectl rollout restart statefulset -n $ns
kubectl rollout restart daemonset -n $ns
done
Backup Recommendations
It is highly advised to create backups of current admin passwords before performing the Structsure upgrade for the following applications to prevent the loss of credentials:
- Grafana
- Keycloak
- SonarQube
- NeuVector
Default Admin Passwords
If not changed manually, the default admin passwords are as follows:
- Grafana:
Monitoring-grafana
secret within themonitoring
namespace. This password will be overridden to a randomly generated strong password. - Keycloak:
keycloak-env
secret within thekeycloak
namespace. In tested upgrades, the admin password didn’t change when only the composition was applied, but it may change during the full upgrade with the Structsure Zarf package due to changes in the default chart values. - SonarQube: Default username and password are both
admin
. The password is prompted to change upon first login. Similar to Keycloak, the password may change during the full upgrade. - NeuVector: Default username and password are both
admin
. The admin and metrics users' passwords will be overridden to randomly generated strong passwords.
Major Features
Persistent Volumes for Monitoring Applications
We now offer persistence via Persistent Volume Claims (PVCs) for the following monitoring applications:
- Grafana
- Prometheus
- Alertmanager
Enabling Persistence
To enable persistence, set persistence = true
in the cluster_inputs
object in your hcl
and rerun your Terragrunt stage. Caution: If you are currently overriding, providing custom PVCs, or using a third-party solution for these applications, your settings might be overwritten.
Specific Considerations
- Grafana: When persistence is enabled, only one pod is allowed due to the
ReadWriteOnce
access mode of the default EBS storage class. Refer to the docs to configureReadWriteMany
(e.g., Amazon EFS) if multiple pods are desired. - Prometheus: Allows for adjusting the retention period and retention file size.
Compatibility
Zarf Version
The packages for this release were built using the following Zarf version:
- Zarf:
v0.32.6
Kubernetes Distributions and Versions
The packages were tested across the following Kubernetes distributions and versions:
- Rancher Kubernetes Engine 2 (RKE2):
v1.29.7+rke2r1
- Kubernetes Lightweight (K3S):
v1.30.0
- Elastic Kubernetes Service (EKS):
v1.29
AMI Versions
The following AMI versions were used for testing:
- RKE2 AMI:
structsure-rke2-v1.29.7-rke2r1-rocky-8-base-v1.1.1-stig-2024-08-12T08-14-46Z
- EKS AMI:
structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-07-29T08-12-23Z
- Base AMI:
rocky-8-EC2-LVM-8.10-20240528.0.x86_64
Changelog
IaC Bug Fixes
- Iac: Always set S3 regionendpoint for Zarf init
- Iac: Automatically remove duplicates in allowed_security_groups
Package Features
- Bump Console version to 5.52.x
- Crossplane: Argo CD declarative SSO
- Crossplane: NeuVector is configured with read-only Prometheus user and admin user with random passwords
- Crossplane: Web app default passwords randomly generated
- Increment RKE2 K8s to 1.29, fail Zarf package deploy if K8s version < 1.29
- Persistent storage for monitoring apps
- Upgrade Big Bang to v2.32.0
Package Bug Fixes
- Dig Keycloak config realm to avoid nil pointer during Zarf deploy
- Prevent Kyverno policy from erroneously Helm templating values
- Revert rendering of values in Structsure-enterprise chart
- Use appropriate whitespace in generate Kyverno policy
Documentation
- Updated Zarf version in documentation
Helpful Links
- Check out the documentation for guidance
- Big Bang v2.32.0 Release Notes
Warning
It is Highly advised to create backups of current admin passwords before this smoothglue upgrade of the following apps to ensure protection of lost credentials. Implementing this upgrade may change the admin passwords to randomly generated strings for the following listed apps. The new passwords can be found and overridden within this docs page: https://structsure.gitlab.io/-/jigsaw/structsure-enterprise/-/jobs/7548192629/artifacts/public/docs/unreleased/how-to/operations/how-to-change-app-credentials/
Once the full release is cut they can be found here: https://docs.structsure.io/docs/unreleased/how-to/operations/how-to-change-app-credentials/
The Default admin passwords are the following if they haven’t been changed manually:
Grafana (Monitoring-grafana secret within monitoring namespace. This admin password WILL be overridden to a randomly generated strong password.)
Keycloak (keycloak-env secret within keycloak namespace.)
Sonarqube (Default username is admin and so is the password, prompted to change it upon first login.)
Neuvector (Default username is admin and so is the password. This admin and metrics users' passwords WILL be overridden to a randomly generated strong password.)
5.17.0-rc.1 (2024-08-09)
Package Features
- bump console version to 5.52.x
- crossplane: argocd declarative sso
- crossplane: Neuvector is configured with read-only prometheus user and admin user with random passwords
- crossplane: web app default passwords randomly generated
- persistent storage for monitoring apps
- upgrade Big Bang to v2.32.0
Package Bug Fixes
- dig keycloak config realm to avoid nil pointer during zarf deploy
- prevent kyverno policy from erroneously helm templating values
Documentation
- add self to maintainers, update onboarding template with devenv setup link
- update zarf version
5.16.1 (2024-08-26)
Package Bug Fixes
- collect existing bigbang values and merge into provided values
- dig keycloak config realm to avoid nil pointer during zarf deploy
- handle empty existing bigbang-overrides
- prevent failed upgrades from creating multiple XRs
- prevent kyverno policy from erroneously helm templating values
- revert rendering of values in structsure-enterprise chart
- use appropriate whitespace in generate kyverno policy
5.16.0 (2024-07-25)
Warning
- Included in this update is a fix for crossplane pods to be excluded from a kyverno policy that was blocking scheduling for crossplane pods. The fix will be applied automatically as part of the package. The IaC creates some values for kyverno policies that are no longer needed as those have been moved to the package. If you upgrading from a previous version, you will need to review the
kyverno-policies-overrides
config map in thestructsure-system
namespace and remove any entries that the IaC added. IaC specific entries can be identified by viewing the value file outputs of the IaC. - Included in this update is better support for a containerd mirror of registry1.dso.mil to the internal zarf registry. Running the IaC to apply these changes will generate a new launch template and will cycle EKS nodes onto the new config. If you are using a Structsure EKS AMI, you will need to use an AMI that was built on or before 07/11/2024. If using an AMI prior to that build date, the containerd mirror will stop functioning until a new AMI is used.
IaC Bug Fixes
- iac: eks registry mirror for all environments
Package Features
- enable NetworkPolicy in vpc cni by default
- Upgrade Big Bang to v2.31
Documentation
- don't render wiki/style guide as part of public docs site
Helpful Links
- Big Bang v2.31.0 Release Notes
5.15.1 (2024-08-26)
Package Bug Fixes
- collect existing bigbang values and merge into provided values
- dig keycloak config realm to avoid nil pointer during zarf deploy
- handle empty existing bigbang-overrides
- prevent failed upgrades from creating multiple XRs
- prevent helm rollback from deleteing claims
- prevent kyverno policy from erroneously helm templating values
- revert rendering of values in structsure-enterprise chart
- use appropriate whitespace in generate kyverno policy
5.15.0 (2024-07-11)
Warning
Changes to Console password generation require Terraform to generate a new password for pre-existing deployments. As a result, Console will be down from the time the IaC is ran until the cluster has reconciled the outputted BigBang values files.
Additional Notes
As part of the Big Bang upgrade, Keycloak may have some trouble reconciling. We have tested that a way to ensure a smooth upgrade is to, before upgrading, delete the statefulsets for Keycloak in your cluster and let the new version upgrade the helm to bring it back. For more notes on this, please see the official documentation for Big Bang 2.30.
Kiali is now enabled by default.
The default storage location for SSH keys for cluster management have been moved from AWS Parameter Store to AWS Secrets Manager. As a result, the following IAM permissions are required in order to run the IAC:
{ "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:TagResource" ], "Resource": "*" }
iac: rds_engine_version as var Users can now set the versions of each modules RDS via {tool}_inputs, such as confluence_inputs, in the hcl file.
IaC Features
- iac: EKS containerd mirror for ironbank images
- For now, this is supported for Structsure AMIs. We have noticed that non-Structsure AMIs have an issue with the config and we are working on a follow-up solve.
- iac: eks node group sizes as obj var
- Users can now set the sizes (min, max, desired) of the default EKS nodegroup via hcl file.
- iac: rds engine_version as var
- Users can now set the versions of each modules RDS via {tool}-inputs in the hcl file. Note that users who have their Confluence RDS database version greater than
13.8
will revive an error upgrading infra until this release when they can set the RDS database version.
- Users can now set the versions of each modules RDS via {tool}-inputs in the hcl file. Note that users who have their Confluence RDS database version greater than
- iac: Save SSH private keys to AWS Parameter store from SSM
- The SSH key will now be found in the AWS Secrets Manager instead of the SSM Parameter store.
- iac: update default iac k8s version to 1.28
IaC Bug Fixes
- iac: special characters within console database password
Package Features
- crossplane: automatic kiali sso integration
- Enable docs search
- Upgrade Big Bang to 2.30.0
Package Bug Fixes
- crossplane: crossplane exempt from kyverno drop all policy
Documentation
- new section on High Availability Configuration
Helpful Links
- Big Bang v2.30.0 Release Notes
5.14.2 (2024-08-26)
Package Bug Fixes
- collect existing bigbang values and merge into provided values
- crossplane: crossplane exempt from kyverno drop all policy
- dig keycloak config realm to avoid nil pointer during zarf deploy
- handle empty existing bigbang-overrides
- prevent failed upgrades from creating multiple XRs
- prevent helm rollback from deleteing claims
- prevent kyverno policy from erroneously helm templating values
- revert rendering of values in structsure-enterprise chart
- use appropriate whitespace in generate kyverno policy
5.14.1 (2024-07-01)
Additional Notes
Starting with Gitlab 17, runner registration tokens are no longer supported by default. Applying this version as an upgrade to a pre-existing cluster will require either re-enabling runner registration tokens (https://docs.gitlab.com/ee/administration/settings/continuous_integration.html#enable-runner-registrations-tokens) or creating a runner authentication token and updating the gitlab-gitlab-runner-secret
secret in the gitlab-runner
namespace with the new token (https://repo1.dso.mil/big-bang/product/packages/gitlab/-/blob/main/docs/gitlab17.md)
If SSO configuration has already been setup manually, disregard this. However, if you are using the new automated SSO configuration features, any crossplane-managed keycloak groups will need to be reassociated to their crossplane object. To do so, find groups that are currently failing by kubectl get groups.group.keycloak.crossplane.io
and for any that are Synched
= False
, you will need to manually get the UUID from keycloak and apply the crossplane.io/external-name: <UUID>
annotation to the object.
Package Bug Fixes
- zarf: upgrade gitlab to 17.1.1 to patch cve
5.14.0 (2024-06-27)
Additional Notes
If SSO configuration has already been setup manually, disregard this. However, if you are using the new automated SSO configuration features, any crossplane-managed keycloak groups will need to be reassociated to their crossplane object. To do so, find groups that are currently failing by kubectl get groups.group.keycloak.crossplane.io
and for any that are Synched
= False
, you will need to manually get the UUID from keycloak and apply the crossplane.io/external-name: <UUID>
annotation to the object.
IaC Bug Fixes
- iac: set cluster_iam_role_dns_suffix in EKS module
- iac: set preserve_client_ip to null if compatibility_mode is true
Package Features
- monitoring apps sso with xrds
- bump console to 5.49.20240614000040
- console: update console to 5.50.x
- crossplane: grafana uses keycloak XRD provider
- crossplane: Keycloak-config is fully configurable from values.yaml
- crossplane: Neuvector declarative configuration
- Keycloak CVE fix
- update console to 5.49x and chart 1.7.0
- update to include console 5.49.20240614180839
- Upgrade Big Bang to 2.29.0
Package Bug Fixes
- crossplane: Keycloak-Config reports ready
- crossplane: secret management for keycloak-config
Documentation
- Create Release Notes Section in our Documentation
Helpful Links
- Big Bang v2.29.0 Release Notes
5.13.1 (2024-08-26)
Package Bug Fixes
- collect existing bigbang values and merge into provided values
- handle empty existing bigbang-overrides
- prevent failed upgrades from creating multiple XRs
- prevent helm rollback from deleteing claims
- prevent kyverno policy from erroneously helm templating values
- revert rendering of values in structsure-enterprise chart
- use appropriate whitespace in generate kyverno policy
5.13.0 (2024-06-11)
Fixed a bug that caused certain add-ons (metrics-server, cluster-autoscaler) to be installed even if not specified in the configuration this can be enabled or disabled at will, please see our docs for details.
Package Features
- console: upgrade console to use v1.5.1 chart
- update console to latest v5.48 to support ami
- upgrade big bang to 2.28.1
Package Bug Fixes
- nest templating of keycloak hostname
- url syntax within structsure chart
Helpful Links
- Big Bang v2.28.1 Release Notes
5.12.0 (2024-06-04)
Automatic configuration of Single Sign On is enabled. This will create a realm and ODIC clients for all installed applications.
If this is a pre-existing cluster you can disable it, please see our docs for details.
Additionally, Structsure has upgraded Flux which includes new CRDs. You may need to update your Flux CLI as a result.
IaC Features
- iac: nexus iac
IaC Bug Fixes
- iac: IAC logic to handle no zarf registry s3 backing
Package Features
- console: include latest Console v5.47
- crossplane: Create XRD and Zarf package for Nexus
- update console to support keycloak 23
- upgrade big bang to 2.27.0
Package Bug Fixes
- docs: transitory 404s on docs site
- metrics-server not being deployed automatically in EKS clusters
- zarf,crossplane: CVE fix for Confluence and Jira
- zarf: ingress-pki failures related to Vault if CA_CERT is not specified
Documentation
- update docs to include keycloak-config zarf variable
- zarf: fix example zarf config in docs
5.11.1 (2024-06-17)
🚨 Danger 🚨
This release has a significant refactor in how configmaps/secrets for the Bigbang HR are created. Crossplane will recreate all of the ones Structsure manages which can result in applications temporarily being undeployed. To prevent problems and outages, suspend the bigbang
helm release when performing the upgrade for this Structsure release. Afterwards, you can verify configmaps/secrets for the bigbang
helm release are present and can unsuspend the helm release.
Package Bug Fixes
- add kyverno policy exception for promtail capability
5.11.0 (2024-05-15)
🚨 Danger 🚨
This release has a significant refactor in how configmaps/secrets for the Bigbang HR are created. Crossplane will recreate all of the ones Structsure manages which can result in applications temporarily being undeployed. To prevent problems and outages, suspend the bigbang
helm release when performing the upgrade for this Structsure release. Afterwards, you can verify configmaps/secrets for the bigbang
helm release are present and can unsuspend the helm release.
IaC Features
- iac: add efs-dynamic iac module for RWX storage
Package Features
- configuring ArgoCD for high availability
- create dashboard for daily active users in grafana
- crossplane: add keycloak configurations managed by XRD
- upgrade big bang to 2.26.0
- zarf deployment waits for all
packages
to report ready status
Package Bug Fixes
- promtail: allow promtail to bypass read access control
- zarf: no minio-overrides cm or secret created when deploying minio
Documentation
- adding edge install and maintenance docs to docusaurus
- how to use custom images / git repos
- inline code block styling
- Structsure doc edits
Other Changes
iac: remove unused variable declarations from iac
xrd: convert application XRDs for function pipelines
A change was made to how storage classes are created. If Structsure does not detect an existing default ReadWriteOnce storage class, it will create one using EBS. If EFS modules are enabled and Structsure does not detect an existing default ReadWriteMany storage class, it will create one using EFS. Note that the EBS storage class manifest shipped with Structsure has been removed.
HA for neuvector is now enabled, and as such EFS will be required unless this is disabled via:
modules ={
storageclass_efs_dynamic = false
}
## 5.10.0 (2024-05-01)
### IaC Bug Fixes
* **iac:** gitlab tmp bucket
The IAC creates a new IAM policy that may already exist. If you receive the error EntityAlreadyExists: A policy called allow-kms already exists, then delete the existing policy via the AWS console and re-run the IAC.
### Package Features
* Upgrade BB to 2.25
* Vault IaC and HA config
### Package Bug Fixes
* patch nfs permission fixer for Confluence
### Documentation
* Argo CD is two words