Skip to main content
Version: 6.3.0

Release Notes

6.3.0 (2024-11-25)​

🚨 Upgrade Notices​

  • PostgreSQL 13 is no longer a supported version for Confluence 9.1.x. For this Confluence version, youΒ mustΒ upgrade to at least RDS 14.x. Applying the IaC for this version will upgrade Confluence's database to 14.x. As such, if you are running Confluence, ensure you run the IaC before upgrading the package on the cluster.
    • Prior to applying the IaC for the RDS upgrade, suspend the Confluence helm release and scale the Confluence statefulset to 0. The HR can be resumed after the 14.x RDS is available and healthy.
    • Upon visiting the login screen, users may be prompted with a database thread warning. Click Accept to continue.
    • SSO will be disabled on initial login due to a miniOrange upgrade dependency. Log in with admin credentials, and upgrade miniOrange to 2.3.2 in the Manage Apps section of the Admin panel.

πŸ“¦ SmoothGlue Features​

  • Kyverno Policies

    • A new policy named generate-networkpolicy-imds has been added to the default Kyverno policies. This Kyverno policy will generate a network policy in any non-Big Bang namespace. The network policy will block egress traffic to IMDS. This policy can be disabled by adding the following to the Big Bang values:

      kyvernoPolicies:
        values:
          additionalPolicies:
            generate-networkpolicy-imds:
              enabled: false
  • Crossplane provider-gitlab

    • provider-gitlab has been enabled by default. It allows Crossplane to automate functions in GitLab. This provider is used by Console to enable project creation, initialization, and manage project settings to enforce a common baseline. Currently, provider-gitlab requires additional steps to enable automation within GitLab. provider-gitlab can be disabled by adding the following to the zarf-deploy-config file:

      package:
        deploy:
          components: '-crossplane-provider-gitlab'

⏩ Upgraded Packages​

  • Jira upgrade to 9.12.15
    • Fixes CVE CVE-2024-45801
    • Issues Resolved
    • Full Release Notes
  • Confluence upgrade to 9.1.1
    • End of support for PostgreSQL 13; provides an upgrade to PostgreSQL 14.x
    • Java 21 bundled with Confluence
      • Eclipse Temurin Java 21 is now included with Confluence installations and upgrades via the installer
    • Dark theme support for custom logos and color schemes
    • Fixes multiple CVEs
    • Issues Resolved
    • Full Release Notes
  • This release of SmoothGlue Enterprise v6.3.0 includes Big Bang Version 2.40.0. For more details on the features and updates included in Big Bang Version 2.40.0, please refer to the Big Bang Release Notes.

    • Istio-controlplane:

      • This release adds a default EnvoyFilter to increase the security of the Istio cluster. This filter, which defaults to enabled, can be disabled using e.g., istio.Values.defaultSecurityHeaders.enabled: false. The filter will add the following HTTP headers when the backend service does not already provide the header:
        • StrictTransportSecurity: maxage=31536000; includeSubDomains
        • XFrameOptions: SAMEORIGIN
        • XContentTypeOptions: nosniff
        • ReferrerPolicy: strictorigin
      • In the event these additional headers cause issues with any deployment, you can disable the filter.

    • Nexus

      • Nexus realms configuration has been moved and is no longer nested under sso. The realm key has been renamed to realms, e.g.:
      addons:
        nexusRepositoryManager:
          values:
            realms:
              - "DockerToken"

🌐 Compatibility​

  • The packages for this release were built using Zarf v0.32.6.
  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.8+rke2r1
    • K3s: v1.30.6+k3s1
    • EKS: v1.29.8
  • The following AMI versions were used for testing:
    • RKE2 AMI: smoothglue-rke2-v1.29.8-rke2r1-rocky-8-base-v1.1.1-stig-2024-09-23T08-14-20Z
    • EKS AMI: structsure-eks-1.29.8-rocky-8-base-v1.1.1-stig-2024-10-28T08-12-34Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64
  • Refer to the SmoothGlue documentation for additional guidance.
  • For details on the Big Bang release, see the Big Bang Release Notes.

6.2.0 (2024-11-12)​

πŸ“¦ SmoothGlue Features​

  • The SSO buttons default to read SmoothGlue SSO , when possible.

⏩ Upgraded Packages​

  • Upgrades to console v6.2.x (also v6.1.x) include the following:
    • Fixed bug in SG Run Basic where tools are missing from tools page
    • Fixed bug where deployments are not presented if they have not synced in Argo
    • Console teams now have a slug attribute
    • Bug fix: removing a user from an org now removes the user from the org's teams
    • Removed non-functional rename organization action
    • Bug fix: dashboard view does not crash if there is an error retrieving tool info
    • Removed ability to set user's organization attributes from team page
    • Increased click target for organization and project cards
  • This release of SmoothGlue Enterprise v6.2.0 includes Big Bang Version 2.39.0. For more details on the features and updates included in Big Bang Version 2.39.0, please refer to the Big Bang Release Notes.
  • nexus-iq chart upgraded to 183
  • Jira has been upgraded to 9.12.14:
    • Update gluon patch from 0.5.4 to 0.5.8
    • Update cypress (source) 13.15.0 -> 13.15.1

🐞 Bug Fixes​

  • Vault can now be configured to use the correct DNS suffix for the ISO regions.

Compatibility​

  • The packages for this release were built using Zarf v0.32.6.
  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.8+rke2r1
    • K3s: v1.30.5+k3s1
    • EKS: v1.29.6
  • The following AMI versions were used for testing:
    • RKE2 AMI: smoothglue-rke2-v1.29.8-rke2r1-rocky-8-base-v1.1.1-stig-2024-09-23T08-14-20Z
    • EKS AMI: smoothglue-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-09-09T08-14-46Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64
  • Refer to the SmoothGlue documentation for additional guidance.
  • For details on the Big Bang release, see the Big Bang Release Notes.

6.1.0 (2024-10-30)​

The following are the v6.1.0 release notes for convenience:

🚨 Upgrade Notices​

This is a major update to SonarQube. During upgrade, you may get a SonarQube is under maintenance error message on the SonarQube UI.

  • To resolve this, once the HelmRelease upgrades, you will be prompted to visit your SonarQube instance at a <sonarqube_url>/setup URL. This is intended to launch a Database migration/update for SonarQube internally. The app will be available once it completes.

⏩ Upgraded Packages​

  • Console has been upgraded from v5.58 to v6.0.x and now offers the following capabilities:
    • Enhanced deployment wizard for deploying apps via Kustomize manifest (platform admins only).
    • Adds support for multiple ingress routes when using deployment wizard.
    • Adds ENABLE_SELF_SERVE_DEPLOYMENTS feature flag.
    • Fixes failure to load projects page if an expected deployment has no metadata in Argo CD.
    • Includes SonarQube, when it's deployed, on tools pages.
    • Removes non-functional rename project action.
    • Restores ability for platform admins to send credentials reset to users.
  • Big Bang has been upgraded from 2.37.0 to 2.38.0. For more details on the features and updates included in Big Bang Version 2.38.0, please refer to the Big Bang release notes.

πŸͺ² Bug Fixes​

  • Fixes an issue with load balancer stickiness.
    • When compatibility_mode is set, the object that is returned contains false. Additionally, started deprecation for IaC variable name for EKS; the old variable will remain for the time being so please only set one:
      • var.sso_nlb_stickiness_enabled => var.sso_nlb_stickiness_settings
      • var.application_nlb_stickiness_enabled => var.application_nlb_stickiness_settings
  • Updates to the RKE2 Terraform to handle multiple VPC CIDRs.

🌐 Compatibility​

  • The packages for this release were built using Zarf v0.32.6.
  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.8+rke2r1
    • K3s: v1.30.5+k3s1
    • EKS: v1.29.6
  • The following AMI versions were used for testing:
    • RKE2 AMI: structsure-rke2-v1.29.8-rke2r1-rocky-8-base-v1.1.1-stig-2024-09-23T08-14-20Z
    • EKS AMI: structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-09-30T08-10-58Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64
  • Refer to the SmoothGlue documentation for additional guidance.
  • For details on the Big Bang release, see the Big Bang Release Notes.

6.0.1 (2024-10-22)​

Patch notes​

The following are the v6.0.0 release notes for convenience:

🚨 Upgrade Notices​

  • With the 6.0.0 release, Structsure Enterprise is now SmoothGlue Enterprise!
    • Structsure Enterprise Developer Collaboration Environment is now known as SmoothGlue Build Enterprise.
    • Structsure Enterprise Deploy Target is now known as SmoothGlue Run Enterprise.
  • On new installations making use of automatic Keycloak configuration, the default realm will now be named smoothglue instead of structsure. Keycloak should use redirect to this realm automatically, but any URL references to the structsure realm should be updated to point to the smoothglue realm on new installs.

    • For existing Structsure Enterprise installations making use of the automatic Keycloak realm configuration feature, you should add the following configuration to your bigbang-values.yaml in order to continue using your existing Keycloak realm:

      addons:
        keycloak:
          values:
            realms:
              - realmName: structsure

πŸ“¦ SmoothGlue Enterprise Features​

  • The following applications have updated SmoothGlue branding/theming:
    • SmoothGlue Console
    • Keycloak
    • ArgoCD
  • External Secrets Operator: Now officially bundled and supported as a SmoothGlue Enterprise component.
    • External Secrets Operator (ESO) is not installed by default on either Build or Run installations and must be enabled explicitly.

      • ESO can be enabled by setting EXTERNAL_SECRETS_ENABLED to true in your Zarf config, or by adding the following settings to your bigbang-values.yaml:

        addons:
          externalSecrets:
            enabled: true
    • If you have previously manually installed External Secrets Operator, you may need to manually update Helm annotations to allow existing resources to be adopted.
  • IaC: The SmoothGlue Enterprise IaC now includes an optional Terragrunt module to create a public or private Route 53 zone associated with the cluster. Please see the documentation for more information on how to enable and configure this module.
  • IaC: SmoothGlue Enterprise now has provides an optional Terragrunt module to create an RDS database for Nexus IQ. Please see the documentation for more information on how to enable and configure this module.

⏩ Upgraded Packages​

  • Upgraded console to v5.57.x
  • This release includes Big Bang Version 2.37.0. For more details on the features and updates included in Big Bang Version 2.37.0, please refer to the Big Bang release notes.
  • Upgraded cert-manager to v1.15.3

πŸͺ² Bug Fixes​

  • When migrating an existing Structsure Enterprise install to SmoothGlue Enterprise v6.0.0, a new Zarf Helm chart is deployed within the default namespace with an updated Crossplane Configuration for structsure-enterprise. The Helm chart fails to automatically patch the Configuration resource properly, even though it adopts the existing resource as expected. To work around this, a Zarf command will override the Configuration using a kubectl patch this release. This will not affect future releases.
  • Fixed an issue preventing user-provided TLS certificates using ZARF_VAR_CERT and ZARF_VAR_KEY from being consumed during the Zarf package deploy. If a user-provided certificate is provided, it will take precedence; otherwise, the full order of precedence is as follows, from highest to lowest:
    • certs/keys provided using ZARF_VAR_CERT or ZARF_VAR_KEY,
    • values provided to Istio using bigbang-secrets.yaml,
    • existing Istio secrets on the cluster, and finally
    • an automatically generated TLS certificate.
  • IaC: In VPCs with multiple CIDR ranges, the default security group rules for EKS clusters will now allow access from all CIDR ranges associated with the VPC, rather than just the primary CIDR block.

❗ Known Issues​

  • Although many visible references to Structsure Enterprise have been updated to SmoothGlue Enterprise, some resources will continue to use the older Structsure naming, largely for compatibility reasons. If any of the below listed resources still refer to Structsure, this is expected. These resources may be migrated to use the updated SmoothGlue branding in future releases.
    • When creating the smoothglue Keycloak realm, the default Keycloak configuration will continue to create groups for _structsureAdmins and _structsureAudit for use with Console.
    • Kubernetes objects which were previously deployed to the structsure-system namespace will continue to be deployed there, such as -overrides ConfigMaps and Secrets, as well as Crossplane and Flux resources.

🌐 Compatibility​

  • The packages for this release were built using Zarf v0.32.6.
  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.9-rke2r1
    • K3S: v1.30.5+k3s1
    • EKS: v1.29.8
  • The following AMI versions were used for testing:
    • RKE2 AMI: structsure-rke2-v1.29.9-rke2r1-rocky-8-base-v1.1.1-stig-2024-10-14T08-10-40Z
    • EKS AMI: structsure-eks-1.29.8-rocky-8-base-v1.1.1-stig-2024-10-14T08-10-55Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64
  • Refer to the SmoothGlue Enterprise documentation for additional guidance.
  • For details on the Big Bang release, see the Big Bang Release Notes.

6.0.0 (2024-10-16)​

🚨 Upgrade Notices​

  • With the 6.0.0 release, Structsure Enterprise is now SmoothGlue Enterprise!
    • Structsure Enterprise Developer Collaboration Environment is now known as SmoothGlue Build Enterprise.
    • Structsure Enterprise Deploy Target is now known as SmoothGlue Run Enterprise.
  • On new installations making use of automatic Keycloak configuration, the default realm will now be named smoothglue instead of structsure. Keycloak should use redirect to this realm automatically, but any URL references to the structsure realm should be updated to point to the smoothglue realm on new installs.
    • For existing Structsure Enterprise installations making use of the automatic Keycloak realm configuration feature, you should add the following configuration to your bigbang-values.yaml in order to continue using your existing Keycloak realm: 
      addons:
        keycloak:
          values:
            realms:
              - realmName: structsure

πŸ“¦ SmoothGlue Enterprise Features​

  • The following applications have updated SmoothGlue branding/theming:
    • SmoothGlue Console
    • Keycloak
    • ArgoCD
  • External Secrets Operator: Now officially bundled and supported as a SmoothGlue Enterprise component.
    • External Secrets Operator (ESO) is not installed by default on either Build or Run installations and must be enabled explicitly.
      • ESO can be enabled by setting EXTERNAL_SECRETS_ENABLED to true in your Zarf config, or by adding the following settings to your bigbang-values.yaml: 
        addons:
          externalSecrets:
            enabled: true
    • If you have previously manually installed External Secrets Operator, you may need to manually update Helm annotations to allow existing resources to be adopted.
  • IaC: The SmoothGlue Enterprise IaC now includes an optional Terragrunt module to create a public or private Route 53 zone associated with the cluster. Please see the documentation for more information on how to enable and configure this module.
  • IaC: SmoothGlue Enterprise now has provides an optional Terragrunt module to create an RDS database for Nexus IQ. Please see the documentation for more information on how to enable and configure this module.

⏩ Upgraded Packages​

  • Upgraded console to v5.57.x
  • This release includes Big Bang Version 2.37.0. For more details on the features and updates included in Big Bang Version 2.37.0, please refer to the Big Bang release notes.
  • Upgraded cert-manager to v1.15.3

πŸͺ² Bug Fixes​

  • When migrating an existing Structsure Enterprise install to SmoothGlue Enterprise v6.0.0, a new Zarf Helm chart is deployed within the default namespace with an updated Crossplane Configuration for structsure-enterprise. The Helm chart fails to automatically patch the Configuration resource properly, even though it adopts the existing resource as expected. To work around this, a Zarf command will override the Configuration using a kubectl patch this release. This will not affect future releases.
  • Fixed an issue preventing user-provided TLS certificates using ZARF_VAR_CERT and ZARF_VAR_KEY from being consumed during the Zarf package deploy. If a user-provided certificate is provided, it will take precedence; otherwise, the full order of precedence is as follows, from highest to lowest:
    • certs/keys provided using ZARF_VAR_CERT or ZARF_VAR_KEY,
    • values provided to Istio using bigbang-secrets.yaml,
    • existing Istio secrets on the cluster, and finally
    • an automatically generated TLS certificate.
  • IaC: In VPCs with multiple CIDR ranges, the default security group rules for EKS clusters will now allow access from all CIDR ranges associated with the VPC, rather than just the primary CIDR block.

❗️ Known Issues​

  • Although many visible references to Structsure Enterprise have been updated to SmoothGlue Enterprise, some resources will continue to use the older Structsure naming, largely for compatibility reasons. If any of the below listed resources still refer to Structsure, this is expected. These resources may be migrated to use the updated SmoothGlue branding in future releases.
    • When creating the smoothglue Keycloak realm, the default Keycloak configuration will continue to create groups for _structsureAdmins and _structsureAudit for use with Console.
    • Kubernetes objects which were previously deployed to the structsure-system namespace will continue to be deployed there, such as -overrides ConfigMaps and Secrets, as well as Crossplane and Flux resources.

🌐 Compatibility​

  • The packages for this release were built using Zarf v0.32.6.
  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.9-rke2r1
    • K3S: v1.30.5+k3s1
    • EKS: v1.29.8
  • The following AMI versions were used for testing:
    • RKE2 AMI: structsure-rke2-v1.29.9-rke2r1-rocky-8-base-v1.1.1-stig-2024-10-14T08-10-40Z
    • EKS AMI: structsure-eks-1.29.8-rocky-8-base-v1.1.1-stig-2024-10-14T08-10-55Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64

πŸ”— Helpful Links​

6.0.0-rebrand.2 (2024-10-15)​

Package Bug Fixes​

  • force kubectl patch on configuration resource

6.0.0-rebrand.1 (2024-10-14)​

⚠ BREAKING CHANGES​

  • Force major version increment for rebrand

  • change pre-release name for rebrand branch

IaC Features​

  • iac: add route53 iac module

IaC Bug Fixes​

  • iac: use all assigned vpc cidr blocks in sg rules

Package Features​

  • add external secrets XRD and zarf
  • add Nexus IQ IaC
  • Argo CD rebranding for SmoothGlue
  • bump console to version 5.57
  • crossplane, iac, docs: support run and build cluster types
  • Jgsw 879 rebrand docs update
  • rebranding keycloak structsure realm as smoothglue
  • upgrade third-party Big Bang apps
  • zarf: rebranding structsure-enterprise zarf as smoothglue

Package Bug Fixes​

  • allow certs to be updated
  • mitigate deploy-time cert/certmanager interference
  • references to deployTarget in CI
  • templating for smoothglue-theme.jar
  • update keycloak to use keycloak.v3 for account theme

Documentation​

  • add glossary, edits to getting-started.md
  • smoothglue logo, landing, and branding updates

Other Changes​

  • move smoothglue theme creation to structsure-enterprise chart

5.21.0 (2024-10-01)​

πŸ“¦ Structsure Features​

  • Vault can now be configured with a CA cert when talking to AWS services like KMS. This is relevant when Vault is configured to use KMS in higher environments to auto unseal and can now be set via the CA_CERT_AWS configuration option in the Zarf Config file as explained in the "Install -> Installation Options" section of the Structsure documentation.

⏩ Upgraded Packages​

  • Jira has been upgraded from 9.12.12 to 9.12.13
  • Console has been upgraded from v5.55 to v5.56
    • Fixed flickering page heading text
    • Improved misleading and confusing log messages
    • Updated Next.js dependencies to address new vulnerability
    • Set Argo CD project permissions when creating deployments
  • Big Bang has been upgraded from 2.35.0 to 2.36.0. For more details on the features and updates included in Big Bang Version 2.36.0, please refer to the Big Bang release notes

πŸͺ² Bug Fixes​

  • Fixed an issue that prevented nip.io certs from being disabled when trying to use cert-manager. Documentation on how to properly enable cert-manager can be found in the Structsure documentation under "How-To Guides > Applications > Cert-Manager > How to setup and install cert-manager for structsure"

❗️ Known Issues​

  • Incorrect Virtual Service Host Configuration in Loki Scalable Mode

🌐 Compatibility​

  • The packages for this release were built using Zarf v0.32.6.
  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.8+rke2r1
    • K3S: v1.30.5+k3s1
    • EKS: v1.29.6
  • The following AMI versions were used for testing:
    • RKE2 AMI: structsure-rke2-v1.29.8-rke2r1-rocky-8-base-v1.1.1-stig-2024-09-23T08-14-20Z
    • EKS AMI: structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-09-30T08-10-58Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64
  • Refer to the Structsure documentation for additional guidance.
  • For details on the Big Bang release, see the Big Bang Release Notes.

5.20.0 (2024-09-23)​

πŸŽ‰ This release of Structsure Enterprise v5.20.0 introduces several important updates, including Big Bang Version 2.35.0. For detailed information on the new features and updates included in Big Bang Version 2.35.0, please refer to the Big Bang release notes.

πŸ”§ Upgrade Notices​

🚨 Big Bang Upgrade

  • Istio-controlplane - MR:
    • Istio gets updated to 1.22.4. Big Bang apps should automatically cycle to get the latest sidecar version and config. Be sure to cycle pods for any community or tenant applications manually.
  • Mattermost - MR:
    • Postgresql using the builtin bitnami module does not upgrade gracefully. You must manually backup and restore your database before accepting this upgrade. Using the builtin postgresql module is not a supported configuration in production environments. If you are using the IaC module for Mattermost, this warning can be ignored.
  • Automated the Velero temporary manual fix suggested by Big Bang. You don’t need to apply the temporary fix mentioned in the third bullet point yourself: https://repo1.dso.mil/big-bang/bigbang/-/releases/2.35.0#upgrade-notices

πŸ“’ Console Upgrade to v5.55.x

  • Expand reliance on database tool records instead of env vars
  • Use more reliable metadata to discover tools via virtual service queries
  • Initialize tool records by querying virtual services instead of env vars
  • Present extended platform tools in non-AMI use cases

πŸ“’ Dynamic dbconfig.xml for Jira and confluence

  • Enabled dynamic creation of dbconfig.xml for Jira and Confluence.
  • Set forceConfigUpdate to true by default, ensuring the dbconfig.xml is recreated on every pod restart.
  • Users can override this behavior by setting forceConfigUpdate to false in their claim to preserve the file across restarts.

πŸ“’ Enhance eks-cluster Terraform Module

  • Clarified that s3_kms_key_id must be provided as a full ARN, not just the key name or ID.
  • Made object ownership configurable between "BucketOwnerPreferred" and "BucketOwnerEnforced."
  • Enforced secure S3 bucket creation with attach_deny_insecure_transport_policy = true.
  • Added validation for s3_object_ownership to ensure valid values like "BucketOwnerPreferred" or "BucketOwnerEnforced."

🐞 Bigbang HelmRelease Reconciles Before Zarf Deploy Finishes

  • Starting with this release, the bigbang Flux HelmRelease object in the bigbang namespace will be temporarily suspended when starting the upgrade package deployment. If the bigbang HelmRelease is suspended outside of this automatic suspension, it will trigger a failure of the upgrade package deployment starting with this release, since suspension of the HelmRelease object will prevent the upgrade from completing successfully.

🐞 Remove Temporary Neuvector Command

  • Removed a pin that deleted crds nvvulnerabilityprofiles.neuvector.com and nvcomplianceprofiles.neuvector.com at zarf start. No longer required after Big Bang 2.7.6-bb.0

🐞 Vault-Agent Trust CAs

  • Fixed an issue that prevented vault-agents from trusting Certificate Authorities when providing a CA cert as an input to the Zarf package. This update re-enables a Bigbang-managed integration between Prometheus and Vault. If you have deployed Vault prior to this update, ensure you followed the documented initialization instructions for Vault including the steps for configuring the Vault policies for Prometheus. Prometheus will be offline until Vault has been configured.

🐞 Force Mattermost to use Database Connection String

  • Fixed an issue where Mattermost wouldn't respect when database connection string changed. Database password and hostname can now be changed for Mattermost.

🐞 Upgrade Gitlab to v17.2.7 to Resolve Critical CVE

🧩 Zarf Version​

  • The packages for this release were built using Zarf v0.32.6.

🌐 Kubernetes Distributions and Versions​

  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.8+rke2r1
    • K3S: v1.30.5+k3s1
    • EKS: v1.29.6

πŸ“¦ AMI Versions​

  • The following AMI versions were used for testing:
    • RKE2 AMI: structsure-rke2-v1.29.8-rke2r1-rocky-8-base-v1.1.1-stig-2024-09-23T08-14-20Z
    • EKS AMI: structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-09-09T08-14-46Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64

:pencil: Changelog​

:tools:️ Infrastructure as Code (IaC) Features​

  • iac: enhance eks-cluster terraform module

πŸ“¦ Package Features​

  • bump console to v5.55.x
  • helm: dynamic dbconfig.xml for Jira & confluence
  • upgrade BB to 2.35

🐞 Bug Fixes​

  • bigbang HelmRelease reconciles before zarf deploy finishes
  • force mattermost to use database connection string
  • remove temp neuvector cmd
  • upgrade gitlab to v17.2.7 to resolve critical CVE
  • vault-agent trust CAs

:octagonal_sign: Known Issues​

  • ❗ Incorrect Virtual Service Host Configuration in Loki Scalable Mode
  • Refer to the Structsure documentation for additional guidance.
  • For details on the Big Bang release, see the Big Bang Release Notes.

5.19.0 (2024-09-04)​

πŸŽ‰ This release of Structsure Enterprise v5.19.0 introduces several important updates, including Big Bang Version 2.34.0. For detailed information on the new features and updates included in Big Bang Version 2.34.0, please refer to the Big Bang release notes.

πŸ”§ Upgrade Notices​

🚨 Big Bang Upgrade​

  • Nexus:

    • ⚠️ Breaking Changes:
      • Nexus 3.71.0-06 removes support for internal OrientDB and replaces it with H2.
      • Nexus 3.71.0-06 requires Java 17+ (previously supported Java 8 and 11).
      • ⚠️ Migration Required: If you are using an internal database, refer to the migration steps before upgrading.

  • Minio-operator:

    • The MinIO Operator Console has been deprecated and removed starting from version 6.0.0.

  • BigBang:

    • Resolved an issue with an invalid value in the images.txt release artifact.

πŸ“’ Confluence Upgrade​

  • This release includes a major version upgrade of Confluence from 8.9.4 to 9.0.2.
  • For detailed upgrade notes from Atlassian, refer to the Confluence 9.0 upgrade notes.

🚨 Important: Please update the miniOrange SSO app and any other apps you are using to ensure compatibility with Confluence version 9.0.

✨ Major Features​

πŸ› οΈ Containerd Iron Bank Mirror​

  • Structsure Enterprise now includes a built-in containerd mirror for mirroring Iron Bank images to Zarf's internal registry. This mirror is enabled by default, and instructions on how to disable it are available here.

πŸ” Compatibility​

🧩 Zarf Version​

  • The packages for this release were built using Zarf v0.32.6.

🌐 Kubernetes Distributions and Versions​

  • The packages were tested across the following Kubernetes distributions:
    • RKE2: v1.29.7+rke2r1
    • K3S: v1.30.0
    • EKS: v1.29

πŸ“¦ AMI Versions​

  • The following AMI versions were used for testing:
    • RKE2 AMI: Structsure-rke2-v1.29.7-rke2r1-rocky-8-base-v1.1.1-stig-2024-08-12T08-14-46Z
    • EKS AMI: Structsure-eks-1.29.6-rocky-8-base-v1.1.1-stig-2024-07-29T08-12-23Z
    • Base AMI: Rocky-8-EC2-LVM-8.10-20240528.0.x86_64

πŸ“ Changelog​

πŸ› οΈ Infrastructure as Code (IaC) Features​

  • iac: Added toggle for containerd Iron Bank mirror.
  • iac: Changed rds_engine_version type to string.

πŸ“¦ Package Features​

  • Enabled Loki by default in DT and collab.
  • Updated console to version 5.54.x.
  • Upgraded Big Bang to version 2.34.0.
  • Upgraded third-party Big Bang apps.

🐞 Bug Fixes​

  • Fixed Kyverno policy exclusion and S3 region endpoint for GitLab backup.
  • Restored broken cluster autoscaler functionality.
  • Resolved cluster autoscaler issue.

πŸ“š Documentation Updates​

  • Updated Neuvector upgrade documentation.
  • Added RKE2 IaC reference documentation.
  • Corrected spelling errors.
  • Updated console documentation.

πŸ›‘ Known Issues​

  • ❗ Incorrect Virtual Service Host Configuration in Loki Scalable Mode

πŸ”— Helpful Links​

  • Refer to the Structsure documentation for additional guidance.
  • For details on the Big Bang release, see the Big Bang Release Notes.