The following components will be restarted during the update from the Deckhouse v1.45
- Kubernetes Control Plane components
- Prometheus/Grafana
- Ingress controller
- `cni-cilium`
- `cni-flannel`
- `dex` (the `user-authn` module)
- `documentation` (former name `deckhouse-web`)
- `early-oom` (the `node-manager` module)
- `image-availability8-exporter` (the `extended-monitoring` module)
- `kube-dns`
- `kube-proxy`
- `linstor`
- `log-shipper`
- `monitoring-kubernetes`
- `openvpn`
- `operator-trivy`
- `runtime-audit-engine`
Important update notes
- The [runtime-audit-engine module](https://deckhouse.io/documentation/v1.46/modules/650-runtime-audit-engine/) requires a Linux kernel version `5.8` or later.
- **RBAC changes.** Write permissions (for namespace, limitrange, resourcequota, role and clusterrole objects) for accessLevel `Editor`, `Admin` and `ClusterEditor` specified in CR [ClusterAuthorizationRule](https://deckhouse.io/documentation/v1.46/modules/140-user-authz/cr.html#clusterauthorizationrule) have been restricted ([more...](https://github.com/deckhouse/deckhouse/pull/4494)).
- The obsolete `extended-monitoring.flant.com/enabled` (the [extended-monitoring module](https://deckhouse.io/documentation/v1.46/modules/340-extended-monitoring/configuration.html#how-to-use-extended-monitoring-exporter)) annotations have been replaced with the `extended-monitoring.deckhouse.io/enabled: ""` labels. Please switch to them **as soon as possible**.
- If you deploy the `deckhouse-web` moduleConfig via a CI/CD process, then you have to replace it with the `documentation` moduleConfig (run `kubectl get mc documentation -o yaml` to get its content).
Major changes
- The **new namespaced scope [AuthorizationRule](https://deckhouse.io/documentation/v1.46/modules/140-user-authz/cr.html#authorizationrule) custom resource** allows you to manage RBAC within a specific namespace.
- You can now **browse alerts in a cluster without the web interface**. Information about active alerts can now be viewed not only in the Grafana/Prometheus web interface, but also in the CLI. This can be useful, for example, if you only have access to the cluster API server and can't open the Grafana/Prometheus web interface ([more...](https://deckhouse.io/documentation/v1.46/modules/300-prometheus/faq.html#how-to-get-information-about-alerts-in-a-cluster)).
- The documentation domain has changed from `deckhouse` to `documentation` (the FQDN is derived from the [publicDomainTemplate](https://deckhouse.io/documentation/v1/deckhouse-configure-global.html#parameters-modules-publicdomaintemplate) parameter). The `deckhouse-web` module has also been renamed to [documentation](https://deckhouse.io/documentation/v1.46/modules/810-documentation/). If you deploy the `deckhouse-web` moduleConfig via a CI/CD process, then you have to replace it with the documentation moduleConfig (run kubectl get mc documentation -o yaml to get its content).
- A dashboard has been added to the *Security* directory of *Grafana* with a summary report on cluster compliance with [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes) practices. You can also [get detailed information](https://deckhouse.io/documentation/v1.46/modules/500-operator-trivy/faq.html#how-to-view-all-resources-that-have-not-passed-cis-compliance-checks) about the resources which failed the CIS checks.
- By statically building the Kubernetes components used in Deckhouse, we've minimized potential problems when running them in various distributions.
Component version updates
- [operator-trivy:](https://deckhouse.io/documentation/v1.46/modules/500-operator-trivy/) `0.40.0`
- [Prometheus:](https://deckhouse.io/documentation/v1.46/modules/300-prometheus/) `2.44.0`
- [shell-operator:](https://github.com/flant/shell-operator) `1.2.1`
- falco ([runtime-audit-engine](https://deckhouse.io/documentation/v1.46/modules/650-runtime-audit-engine/)): `0.34.1`
See [CHANGELOG v1.46](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.46.md) for more details.