Deckhouse

All Deckhouse components will be restarted during the release update.

Important update notes
- Kubernetes 1.21 support has been discontinued.
- The [operator-trivy](https://deckhouse.io/documentation/v1/modules/500-operator-trivy/) module is no longer available in Community Edition.
- The terraform provider for [cloud-provider-aws](https://deckhouse.io/documentation/v1.45/modules/030-cloud-provider-aws/environment.html#json-policy) module was bumped to `4.50.0`, therefore there are new requirements for deckhouse IAM user in AWS. It is necessary to add the allowed actions below:
- `ec2:DescribeInstanceTypes`
- `ec2:DescribeSecurityGroupRules`

Major changes
- **Support for Kubernetes 1.26** has been added, and support for Kubernetes 1.21 has been removed.
- **The new [loki](https://deckhouse.io/documentation/v1.45/modules/462-loki/) module** deploys Grafana Loki-based log storage and configures Deckhouse components to work with it.
- The Nginx Ingress controller update mechanism has been improved thanks to the use of [OpenKruise](https://github.com/deckhouse/deckhouse/pull/4124) advanced DaemonSet. This will prevent occasional downtimes that might otherwise occur.
- The Nginx Ingress Controller 1.6 has been added (it is based on Nginx `1.21.6`). Please check the [list of important changes](https://github.com/deckhouse/deckhouse/pull/3923)…
- For better security, Deckhouse components now use the checksum instead of the image tag when referencing the container image.
- It is now easier to disable or enable modules:
shell
kubectl -ti -n d8-system exec deploy/deckhouse -- deckhouse-controller module disable deckhouse-web

- The **[descheduled](https://deckhouse.io/documentation/v1.45/modules/400-descheduler/)** module configuration is now carried out via the [Descheduler](https://deckhouse.io/documentation/v1.45/modules/400-descheduler/cr.html#descheduler) custom resource. The existing configuration will be automatically converted.
- The **[log-shipper](https://deckhouse.io/documentation/v1.45/modules/460-log-shipper/)** module now provides options to use a [buffer](https://deckhouse.io/documentation/v1.45/modules/460-log-shipper/cr.html#clusterlogdestination-v1alpha1-spec-buffer), a [rate limit](https://deckhouse.io/documentation/v1.45/modules/460-log-shipper/cr.html#clusterlogdestination-v1alpha1-spec-ratelimit), as well as an arbitrary regex pattern for parsing multiline logs (spec.multilineParser.custom parameter in [ClusterLoggingConfig](https://deckhouse.io/documentation/v1.45/modules/460-log-shipper/cr.html#clusterloggingconfig) and [PodLoggingConfig](https://deckhouse.io/documentation/v1.45/modules/460-log-shipper/cr.html#podloggingconfig)).
- The **[virtualization](https://deckhouse.io/documentation/v1.45/modules/490-virtualization/)** module has been updated, which has greatly improved its stability.
- The design of the authentication page in the **[user-auth](https://deckhouse.io/documentation/v1/modules/150-user-authn/)** module has been [updated](https://github.com/deckhouse/deckhouse/pull/4305).
- A dashboard for cilium has been added to Grafana:


Component version updates
- Cilium: `1.12.8`
- Terraform provider (cloud-provider-aws): `4.50.0`
- Dashboard: `2.7.0`
- Kubernetes control plane: `1.23.17`, `1.24.13`, `1.25.9`, `1.26.4`
- Kubevirt: `0.59.0`
- LINSTOR: `1.21.0`
- Vector (log-shipper): `0.28.1`


See [CHANGELOG v1.45](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.45.md) for more details.

Fixes


- **[log-shipper]** Fix throttling alert labels. [4222](https://github.com/deckhouse/deckhouse/pull/4222)


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.44.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.44.0).

Fixes


- **[deckhouse-config]** Remove `nodeSelector` for `deckhouse-config-webhook`. [4192](https://github.com/deckhouse/deckhouse/pull/4192)
- **[deckhouse-config]** Temporarily set the `Recreate` strategy for `deckhouse-config-webhook` Deployment. [4191](https://github.com/deckhouse/deckhouse/pull/4191)
- **[prometheus]** Fix the time interval for Prometheus longterm. [4174](https://github.com/deckhouse/deckhouse/pull/4174)
- **[virtualization]** Fix nil pointer exception and `volumeAttachments` status. [4164](https://github.com/deckhouse/deckhouse/pull/4164)


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.44.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.44.0).

Fixes


- **[cni-cilium]** Use predefined MAC-addresses for virtualization workloads. [4071](https://github.com/deckhouse/deckhouse/pull/4071)
- **[cni-cilium]** Perform routing lookup for custom tables. [4046](https://github.com/deckhouse/deckhouse/pull/4046)
- **[containerized-data-importer]** Make CDI working with `customCertificate`. [3985](https://github.com/deckhouse/deckhouse/pull/3985)
- **[log-shipper]** Add job label selector to alerts query. [4051](https://github.com/deckhouse/deckhouse/pull/4051)
- **[prometheus]** Increase Prometheus self sample limit. [4066](https://github.com/deckhouse/deckhouse/pull/4066)
- **[runtime-audit-engine]** Fix `K8sAudit` -> `k8s_audit` source convert action. [4134](https://github.com/deckhouse/deckhouse/pull/4134)

Chore


- **[cni-cilium]** Split `cilium` and `virt-cilium`. [4088](https://github.com/deckhouse/deckhouse/pull/4088)
All cilium agent Pods will be restarted.


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.44.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.44.0).

Features


- **[virtualization]** Kubevirt `v0.58.1`. [3989](https://github.com/deckhouse/deckhouse/pull/3989)

Fixes


- **[deckhouse-config]** Place the `deckhouse-config-webhook` on the same node as Deckhouse. [4014](https://github.com/deckhouse/deckhouse/pull/4014)
- **[istio]** D8IstioDeprecatedIstioVersionInstalled alert description clarification. [4010](https://github.com/deckhouse/deckhouse/pull/4010)
- **[log-shipper]** Fix the exclude clause for unschedulable nodes in the RateLimit alert. [4018](https://github.com/deckhouse/deckhouse/pull/4018)


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.44.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.44.0).