Workflow

Deckhouse

Latest version: v0.4.9

Safety actively analyzes 681844 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 14 of 50

1.44

The following components will be restarted during the update from the Deckhouse v1.43
- Kubernetes Control Plane components
- Prometheus/Grafana
- `admission-policy-engine`
- `ceph-csi`
- `cloud-provider-vsphere`
- `istio`
- `log-shipper-agent`
- `node-manager`
- `node-local-dns`
- `operator-prometheus`
- `openvpn`
- `prometheus-metrics-adapter`
- `virtualization`


Component version updates:
- Alertmanager: `0.25.0`
- cilium: `1.11.14`
- Kubernetes control plane: `1.23.16`, `1.24.10`, `1.25.6`
- istio: `1.16.2`
- Kiali (istio): `1.62`
- Kubevirt: `0.58.1`
- Librdkafka (log-shipper): `2.0.2`
- Prometheus operator: `0.62.0`
- Vector: `0.27.0`

Major changes:

- **The new [operator-trivy](https://deckhouse.io/documentation/v1.44/modules/500-operator-trivy/) module** periodically runs the vulnerability scanning with [Trivy](https://github.com/aquasecurity/trivy). To use it, add the `security-scanning.deckhouse.io/enabled` label to a namespace. Scanning results are available in Grafana: the _Security / Trivy Image Vulnerability Overview_ dashboard.
- **The new [runtime-audit-engine](https://deckhouse.io/documentation/v1.44/modules/650-runtime-audit-engine/) module** identifies security threats. Unlike `operator-trivy`, this module analyzes audit events. `runtime-audit-engine` is based on the [Falco](https://falco.org/) project.
- **The new [flow-schema](https://deckhouse.io/documentation/v1.44/modules/011-flow-schema/) module** configures queues and priorities for some requests to the API server. It helps to avoid overloading the API server. This module is enabled by default.
- In the `openvpn` module, it is now possible to enable high availability mode using the [highAvailability](https://deckhouse.io/documentation/v1.44/modules/500-openvpn/configuration.html#parameters-highavailability) parameter — this will run two copies of the OpenVPN server. You can also activate [logging](https://deckhouse.io/documentation/v1.44/modules/500-openvpn/#users-traffic-audit) of user activity.
- Support for Istio `1.16` has been added. Istio `1.12` and `1.13` are no longer supported.
- Sending alerts to Telegram via the built-in Alertmanager has [become easier](https://deckhouse.io/documentation/v1.44/modules/300-prometheus/usage.html#sending-alerts-to-telegram) — it is enough to configure the connection in the [telegramConfigs](https://deckhouse.io/documentation/v1.44/modules/300-prometheus/cr.html#customalertmanager-v1alpha1-spec-internal-receivers-telegramconfigs) parameter and create the Secret. An additional proxy server is no longer needed.

See [CHANGELOG v1.44](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.44.md) for more details.

1.44.0

1.43.8

Know before update


- Fix restarts containerd services on nodes.

Fixes


- **[candi]** Update of containerd to `1.6.18`. [3929](https://github.com/deckhouse/deckhouse/pull/3929)
Fix restarts containerd services on nodes.


See [CHANGELOG v1.43](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.43.md) for more details.

1.43.7

Fixes


- **[cni-cilium]** Exclude vmCIDRs from SNAT. [3899](https://github.com/deckhouse/deckhouse/pull/3899)
- **[istio]** Yet another iptables fix — the upstream way. Got rid of iptables-wrapper in favor of hardcoded iptables-legacy. [3897](https://github.com/deckhouse/deckhouse/pull/3897)


See [CHANGELOG v1.43](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.43.md) for more details.

1.43.6

Fixes


- **[admission-policy-engine]** Fix PDBs for controllers. [3886](https://github.com/deckhouse/deckhouse/pull/3886)
- **[cni-cilium]** fix vpa resource for cni-cilium agent. [3890](https://github.com/deckhouse/deckhouse/pull/3890)
- **[cni-cilium]** Preserve default tunnel port `8472` for virtualization workloads. [3887](https://github.com/deckhouse/deckhouse/pull/3887)
Short network downtime for virtualization-enabled clusters.


See [CHANGELOG v1.43](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.43.md) for more details.

1.43.5

Features


- **[virtualization]** Allow to specify `affinity` and `topologySpreadConstraints`. [3852](https://github.com/deckhouse/deckhouse/pull/3852)

Fixes


- **[cni-cilium]** Set correct MTU values in tunnel mode. [3836](https://github.com/deckhouse/deckhouse/pull/3836)
- **[log-shipper]** Make log-shipper-agents sending whole JSON message with metadata to Kafka destination. [3692](https://github.com/deckhouse/deckhouse/pull/3692)
- **[monitoring-deckhouse]** Remove confusing alert `ModuleConfigHasObsoleteVersion`. [3798](https://github.com/deckhouse/deckhouse/pull/3798)
- **[virtualization]** Some fixes regarding queue and panic when creating empty disks. [3822](https://github.com/deckhouse/deckhouse/pull/3822)


See [CHANGELOG v1.43](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.43.md) for more details.

Page 14 of 50

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.