Skip to main content
Version: 6.0.1

Release Notes

6.0.1 (2024-10-22)​

Package Bug Fixes​

  • gitlab critical cve patch 17.2.9
  • template configuration version patch correctly and add wait

6.0.0 (2024-10-16)​

🚨 Upgrade Notices​

  • With the 6.0.0 release, Structsure Enterprise is now SmoothGlue Enterprise!
    • Structsure Enterprise Developer Collaboration Environment is now known as SmoothGlue Build Enterprise.
    • Structsure Enterprise Deploy Target is now known as SmoothGlue Run Enterprise.
  • On new installations making use of automatic Keycloak configuration, the default realm will now be named smoothglue instead of structsure. Keycloak should use redirect to this realm automatically, but any URL references to the structsure realm should be updated to point to the smoothglue realm on new installs.
    • For existing Structsure Enterprise installations making use of the automatic Keycloak realm configuration feature, you should add the following configuration to your bigbang-values.yaml in order to continue using your existing Keycloak realm: 
      addons:
        keycloak:
          values:
            realms:
              - realmName: structsure

πŸ“¦ SmoothGlue Enterprise Features​

  • The following applications have updated SmoothGlue branding/theming:
    • SmoothGlue Console
    • Keycloak
    • ArgoCD
  • External Secrets Operator: Now officially bundled and supported as a SmoothGlue Enterprise component.
    • External Secrets Operator (ESO) is not installed by default on either Build or Run installations and must be enabled explicitly.
      • ESO can be enabled by setting EXTERNAL_SECRETS_ENABLED to true in your Zarf config, or by adding the following settings to your bigbang-values.yaml: 
        addons:
          externalSecrets:
            enabled: true
    • If you have previously manually installed External Secrets Operator, you may need to manually update Helm annotations to allow existing resources to be adopted.
  • IaC: The SmoothGlue Enterprise IaC now includes an optional Terragrunt module to create a public or private Route 53 zone associated with the cluster. Please see the documentation for more information on how to enable and configure this module.
  • IaC: SmoothGlue Enterprise now has provides an optional Terragrunt module to create an RDS database for Nexus IQ. Please see the documentation for more information on how to enable and configure this module.

⏩ Upgraded Packages​

  • Upgraded console to v5.57.x
  • This release includes Big Bang Version 2.37.0. For more details on the features and updates included in Big Bang Version 2.37.0, please refer to the Big Bang release notes.
  • Upgraded cert-manager to v1.15.3

πŸͺ² Bug Fixes​

  • When migrating an existing Structsure Enterprise install to SmoothGlue Enterprise v6.0.0, a new Zarf Helm chart is deployed within the default namespace with an updated Crossplane Configuration for structsure-enterprise. The Helm chart fails to automatically patch the Configuration resource properly, even though it adopts the existing resource as expected. To work around this, a Zarf command will override the Configuration using a kubectl patch this release. This will not affect future releases.
  • Fixed an issue preventing user-provided TLS certificates using ZARF_VAR_CERT and ZARF_VAR_KEY from being consumed during the Zarf package deploy. If a user-provided certificate is provided, it will take precedence; otherwise, the full order of precedence is as follows, from highest to lowest:
    • certs/keys provided using ZARF_VAR_CERT or ZARF_VAR_KEY,
    • values provided to Istio using bigbang-secrets.yaml,
    • existing Istio secrets on the cluster, and finally
    • an automatically generated TLS certificate.
  • IaC: In VPCs with multiple CIDR ranges, the default security group rules for EKS clusters will now allow access from all CIDR ranges associated with the VPC, rather than just the primary CIDR block.

❗️ Known Issues​

  • Although many visible references to Structsure Enterprise have been updated to SmoothGlue Enterprise, some resources will continue to use the older Structsure naming, largely for compatibility reasons. If any of the below listed resources still refer to Structsure, this is expected. These resources may be migrated to use the updated SmoothGlue branding in future releases.
    • When creating the smoothglue Keycloak realm, the default Keycloak configuration will continue to create groups for _structsureAdmins and _structsureAudit for use with Console.
    • Kubernetes objects which were previously deployed to the structsure-system namespace will continue to be deployed there, such as -overrides ConfigMaps and Secrets, as well as Crossplane and Flux resources.

🌐 Compatibility​

  • The packages for this release were built using Zarf v0.32.6.
  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.9-rke2r1
    • K3S: v1.30.5+k3s1
    • EKS: v1.29.8
  • The following AMI versions were used for testing:
    • RKE2 AMI: structsure-rke2-v1.29.9-rke2r1-rocky-8-base-v1.1.1-stig-2024-10-14T08-10-40Z
    • EKS AMI: structsure-eks-1.29.8-rocky-8-base-v1.1.1-stig-2024-10-14T08-10-55Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64

πŸ”— Helpful Links​

6.0.0-rebrand.2 (2024-10-15)​

Package Bug Fixes​

  • force kubectl patch on configuration resource

6.0.0-rebrand.1 (2024-10-14)​

⚠ BREAKING CHANGES​

  • Force major version increment for rebrand

  • change pre-release name for rebrand branch

IaC Features​

  • iac: add route53 iac module

IaC Bug Fixes​

  • iac: use all assigned vpc cidr blocks in sg rules

Package Features​

  • add external secrets XRD and zarf
  • add Nexus IQ IaC
  • Argo CD rebranding for SmoothGlue
  • bump console to version 5.57
  • crossplane, iac, docs: support run and build cluster types
  • Jgsw 879 rebrand docs update
  • rebranding keycloak structsure realm as smoothglue
  • upgrade third-party Big Bang apps
  • zarf: rebranding structsure-enterprise zarf as smoothglue

Package Bug Fixes​

  • allow certs to be updated
  • mitigate deploy-time cert/certmanager interference
  • references to deployTarget in CI
  • templating for smoothglue-theme.jar
  • update keycloak to use keycloak.v3 for account theme

Documentation​

  • add glossary, edits to getting-started.md
  • smoothglue logo, landing, and branding updates

Other Changes​

  • move smoothglue theme creation to structsure-enterprise chart

5.21.0 (2024-10-01)​

πŸ“¦ Structsure Features​

  • Vault can now be configured with a CA cert when talking to AWS services like KMS. This is relevant when Vault is configured to use KMS in higher environments to auto unseal and can now be set via the CA_CERT_AWS configuration option in the Zarf Config file as explained in the "Install -> Installation Options" section of the Structsure documentation.

⏩ Upgraded Packages​

  • Jira has been upgraded from 9.12.12 to 9.12.13
  • Console has been upgraded from v5.55 to v5.56
    • Fixed flickering page heading text
    • Improved misleading and confusing log messages
    • Updated Next.js dependencies to address new vulnerability
    • Set Argo CD project permissions when creating deployments
  • Big Bang has been upgraded from 2.35.0 to 2.36.0. For more details on the features and updates included in Big Bang Version 2.36.0, please refer to the Big Bang release notes

πŸͺ² Bug Fixes​

  • Fixed an issue that prevented nip.io certs from being disabled when trying to use cert-manager. Documentation on how to properly enable cert-manager can be found in the Structsure documentation under "How-To Guides > Applications > Cert-Manager > How to setup and install cert-manager for structsure"

❗️ Known Issues​

  • Incorrect Virtual Service Host Configuration in Loki Scalable Mode

🌐 Compatibility​

  • The packages for this release were built using Zarf v0.32.6.
  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.8+rke2r1
    • K3S: v1.30.5+k3s1
    • EKS: v1.29.6
  • The following AMI versions were used for testing:
    • RKE2 AMI: structsure-rke2-v1.29.8-rke2r1-rocky-8-base-v1.1.1-stig-2024-09-23T08-14-20Z
    • EKS AMI: structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-09-30T08-10-58Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64
  • Refer to the Structsure documentation for additional guidance.
  • For details on the Big Bang release, see the Big Bang Release Notes.

5.20.0 (2024-09-23)​

πŸŽ‰ This release of Structsure Enterprise v5.20.0 introduces several important updates, including Big Bang Version 2.35.0. For detailed information on the new features and updates included in Big Bang Version 2.35.0, please refer to the Big Bang release notes.

πŸ”§ Upgrade Notices​

🚨 Big Bang Upgrade

  • Istio-controlplane - MR:
    • Istio gets updated to 1.22.4. Big Bang apps should automatically cycle to get the latest sidecar version and config. Be sure to cycle pods for any community or tenant applications manually.
  • Mattermost - MR:
    • Postgresql using the builtin bitnami module does not upgrade gracefully. You must manually backup and restore your database before accepting this upgrade. Using the builtin postgresql module is not a supported configuration in production environments. If you are using the IaC module for Mattermost, this warning can be ignored.
  • Automated the Velero temporary manual fix suggested by Big Bang. You don’t need to apply the temporary fix mentioned in the third bullet point yourself: https://repo1.dso.mil/big-bang/bigbang/-/releases/2.35.0#upgrade-notices

πŸ“’ Console Upgrade to v5.55.x

  • Expand reliance on database tool records instead of env vars
  • Use more reliable metadata to discover tools via virtual service queries
  • Initialize tool records by querying virtual services instead of env vars
  • Present extended platform tools in non-AMI use cases

πŸ“’ Dynamic dbconfig.xml for Jira and confluence

  • Enabled dynamic creation of dbconfig.xml for Jira and Confluence.
  • Set forceConfigUpdate to true by default, ensuring the dbconfig.xml is recreated on every pod restart.
  • Users can override this behavior by setting forceConfigUpdate to false in their claim to preserve the file across restarts.

πŸ“’ Enhance eks-cluster Terraform Module

  • Clarified that s3_kms_key_id must be provided as a full ARN, not just the key name or ID.
  • Made object ownership configurable between "BucketOwnerPreferred" and "BucketOwnerEnforced."
  • Enforced secure S3 bucket creation with attach_deny_insecure_transport_policy = true.
  • Added validation for s3_object_ownership to ensure valid values like "BucketOwnerPreferred" or "BucketOwnerEnforced."

🐞 Bigbang HelmRelease Reconciles Before Zarf Deploy Finishes

  • Starting with this release, the bigbang Flux HelmRelease object in the bigbang namespace will be temporarily suspended when starting the upgrade package deployment. If the bigbang HelmRelease is suspended outside of this automatic suspension, it will trigger a failure of the upgrade package deployment starting with this release, since suspension of the HelmRelease object will prevent the upgrade from completing successfully.

🐞 Remove Temporary Neuvector Command

  • Removed a pin that deleted crds nvvulnerabilityprofiles.neuvector.com and nvcomplianceprofiles.neuvector.com at zarf start. No longer required after Big Bang 2.7.6-bb.0

🐞 Vault-Agent Trust CAs

  • Fixed an issue that prevented vault-agents from trusting Certificate Authorities when providing a CA cert as an input to the Zarf package. This update re-enables a Bigbang-managed integration between Prometheus and Vault. If you have deployed Vault prior to this update, ensure you followed the documented initialization instructions for Vault including the steps for configuring the Vault policies for Prometheus. Prometheus will be offline until Vault has been configured.

🐞 Force Mattermost to use Database Connection String

  • Fixed an issue where Mattermost wouldn't respect when database connection string changed. Database password and hostname can now be changed for Mattermost.

🐞 Upgrade Gitlab to v17.2.7 to Resolve Critical CVE

🧩 Zarf Version​

  • The packages for this release were built using Zarf v0.32.6.

🌐 Kubernetes Distributions and Versions​

  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.8+rke2r1
    • K3S: v1.30.5+k3s1
    • EKS: v1.29.6

πŸ“¦ AMI Versions​

  • The following AMI versions were used for testing:
    • RKE2 AMI: structsure-rke2-v1.29.8-rke2r1-rocky-8-base-v1.1.1-stig-2024-09-23T08-14-20Z
    • EKS AMI: structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-09-09T08-14-46Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64

:pencil: Changelog​

:tools:️ Infrastructure as Code (IaC) Features​

  • iac: enhance eks-cluster terraform module

πŸ“¦ Package Features​

  • bump console to v5.55.x
  • helm: dynamic dbconfig.xml for Jira & confluence
  • upgrade BB to 2.35

🐞 Bug Fixes​

  • bigbang HelmRelease reconciles before zarf deploy finishes
  • force mattermost to use database connection string
  • remove temp neuvector cmd
  • upgrade gitlab to v17.2.7 to resolve critical CVE
  • vault-agent trust CAs

:octagonal_sign: Known Issues​

  • ❗ Incorrect Virtual Service Host Configuration in Loki Scalable Mode
  • Refer to the Structsure documentation for additional guidance.
  • For details on the Big Bang release, see the Big Bang Release Notes.

5.19.0 (2024-09-04)​

πŸŽ‰ This release of Structsure Enterprise v5.19.0 introduces several important updates, including Big Bang Version 2.34.0. For detailed information on the new features and updates included in Big Bang Version 2.34.0, please refer to the Big Bang release notes.

πŸ”§ Upgrade Notices​

🚨 Big Bang Upgrade​

  • Nexus:

    • ⚠️ Breaking Changes:
      • Nexus 3.71.0-06 removes support for internal OrientDB and replaces it with H2.
      • Nexus 3.71.0-06 requires Java 17+ (previously supported Java 8 and 11).
      • ⚠️ Migration Required: If you are using an internal database, refer to the migration steps before upgrading.

  • Minio-operator:

    • The MinIO Operator Console has been deprecated and removed starting from version 6.0.0.

  • BigBang:

    • Resolved an issue with an invalid value in the images.txt release artifact.

πŸ“’ Confluence Upgrade​

  • This release includes a major version upgrade of Confluence from 8.9.4 to 9.0.2.
  • For detailed upgrade notes from Atlassian, refer to the Confluence 9.0 upgrade notes.

🚨 Important: Please update the miniOrange SSO app and any other apps you are using to ensure compatibility with Confluence version 9.0.

✨ Major Features​

πŸ› οΈ Containerd Iron Bank Mirror​

  • Structsure Enterprise now includes a built-in containerd mirror for mirroring Iron Bank images to Zarf's internal registry. This mirror is enabled by default, and instructions on how to disable it are available here.

πŸ” Compatibility​

🧩 Zarf Version​

  • The packages for this release were built using Zarf v0.32.6.

🌐 Kubernetes Distributions and Versions​

  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.7+rke2r1
    • K3S: v1.30.0
    • EKS: v1.29

πŸ“¦ AMI Versions​

  • The following AMI versions were used for testing:
    • RKE2 AMI: Structsure-rke2-v1.29.7-rke2r1-rocky-8-base-v1.1.1-stig-2024-08-12T08-14-46Z
    • EKS AMI: Structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-07-29T08-12-23Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64

πŸ“ Changelog​

πŸ› οΈ Infrastructure as Code (IaC) Features​

  • iac: Added toggle for containerd Iron Bank mirror.
  • iac: Changed rds_engine_version type to string.

πŸ“¦ Package Features​

  • Enabled Loki by default in DT and collab.
  • Updated console to version 5.54.x.
  • Upgraded Big Bang to version 2.34.0.
  • Upgraded third-party Big Bang apps.

🐞 Bug Fixes​

  • Fixed Kyverno policy exclusion and S3 region endpoint for GitLab backup.
  • Restored broken cluster autoscaler functionality.
  • Resolved cluster autoscaler issue.

πŸ“š Documentation Updates​

  • Updated Neuvector upgrade documentation.
  • Added RKE2 IaC reference documentation.
  • Corrected spelling errors.
  • Updated console documentation.

πŸ›‘ Known Issues​

  • ❗ Incorrect Virtual Service Host Configuration in Loki Scalable Mode

πŸ”— Helpful Links​

  • Refer to the Structsure documentation for additional guidance.
  • For details on the Big Bang release, see the Big Bang Release Notes.

5.18.0 (2024-08-21)​

This release of Structsure Enterprise v5.18.0 includes Big Bang Version 2.33.0. For more details on the features and updates included in Big Bang Version 2.33.0, please refer to the Big Bang release notes.

Upgrade Notices​

EKS Default Node Group Naming​

The eks-cluster IaC module now supports a variable called default_eks_node_group_name, which allows specifying the name for the default node group and its EC2 instances. If the value is empty, the default node group will inherit the cluster's name.

If the node group name is changed, this will trigger a node group replacement. To avoid triggering node group replacement inadvertently on existing clusters, if this value is not set, the default will match the previous value, "structsure-nodes". If the default node group is disabled using the disable_default_node_groups variable (usually used in conjunction with additional_eks_managed_groups), the default_eks_node_group_name variable will have no effect.

Compatibility​

Zarf Version​

The packages for this release were built using the following Zarf version:

  • Zarf: v0.32.6

Kubernetes Distributions and Versions​

The packages were tested across the following Kubernetes distributions and versions:

  • Rancher Kubernetes Engine 2 (RKE2): v1.29.7+rke2r1
  • Kubernetes Lightweight (K3S): v1.30.0
  • Elastic Kubernetes Service (EKS): v1.29

AMI Versions​

The following AMI versions were used for testing:

  • RKE2 AMI: Structsure-rke2-v1.29.7-rke2r1-rocky-8-base-v1.1.1-stig-2024-08-12T08-14-46Z
  • EKS AMI: Structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-07-29T08-12-23Z
  • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64

Changelog​

IaC Features​

  • Iac: Allow configuration of the RDS backup retention period
  • Iac: Allow passing root CAs as strings or base64
  • Iac: EKS default node group name supports inherited cluster name

Package Features​

  • Upgrade Big Bang to v2.33.0

Package Bug Fixes​

  • Collect existing Big Bang values and merge into provided values
  • Default values prevent Console deploy
  • Handle empty existing bigbang-overrides
  • Prevent failed upgrades from creating multiple XRs

Documentation​

  • Explicitly export zarf_config variable in upgrade documentation
  • Check out the documentation for guidance
  • Big Bang v2.33.0 Release Notes

5.17.1 (2024-08-26)​

Package Bug Fixes​

  • collect existing bigbang values and merge into provided values
  • default values prevent console deploy
  • handle empty existing bigbang-overrides
  • prevent failed upgrades from creating multiple XRs

5.16.1 (2024-08-26)​

Package Bug Fixes​

  • collect existing bigbang values and merge into provided values
  • dig keycloak config realm to avoid nil pointer during zarf deploy
  • handle empty existing bigbang-overrides
  • prevent failed upgrades from creating multiple XRs
  • prevent kyverno policy from erroneously helm templating values
  • revert rendering of values in structsure-enterprise chart
  • use appropriate whitespace in generate kyverno policy

5.15.1 (2024-08-26)​

Package Bug Fixes​

  • collect existing bigbang values and merge into provided values
  • dig keycloak config realm to avoid nil pointer during zarf deploy
  • handle empty existing bigbang-overrides
  • prevent failed upgrades from creating multiple XRs
  • prevent helm rollback from deleteing claims
  • prevent kyverno policy from erroneously helm templating values
  • revert rendering of values in structsure-enterprise chart
  • use appropriate whitespace in generate kyverno policy

5.14.2 (2024-08-26)​

Package Bug Fixes​

  • collect existing bigbang values and merge into provided values
  • crossplane: crossplane exempt from kyverno drop all policy
  • dig keycloak config realm to avoid nil pointer during zarf deploy
  • handle empty existing bigbang-overrides
  • prevent failed upgrades from creating multiple XRs
  • prevent helm rollback from deleteing claims
  • prevent kyverno policy from erroneously helm templating values
  • revert rendering of values in structsure-enterprise chart
  • use appropriate whitespace in generate kyverno policy

5.13.1 (2024-08-26)​

Package Bug Fixes​

  • collect existing bigbang values and merge into provided values
  • handle empty existing bigbang-overrides
  • prevent failed upgrades from creating multiple XRs
  • prevent helm rollback from deleteing claims
  • prevent kyverno policy from erroneously helm templating values
  • revert rendering of values in structsure-enterprise chart
  • use appropriate whitespace in generate kyverno policy