Deckhouse

Fixes


- **[prometheus]** Fix Alertmanager CA file (caused Unauthorized error). [3723](https://github.com/deckhouse/deckhouse/pull/3723)


See [CHANGELOG v1.42](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.42.md) for more details.

Fixes


- **[istio]** Switching default iptables in proxyv2 to iptables-legacy (after switching from Debian to Ubuntu). [3579](https://github.com/deckhouse/deckhouse/pull/3579)


See [CHANGELOG v1.42](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.42.md) for more details.

Know before the update


- If there is the `ClusterConfiguration.proxy` parameter configured, it is highly important to configure the `noProxy` parameter with your Nodes CIDRs.

Fixes


- **[candi]** Force `libseccomp2` installation while containerd install/update (due to issue https://github.com/containerd/containerd/discussions/6577). [#3504](https://github.com/deckhouse/deckhouse/pull/3504)
- **[docs]** Clarify usage of the `noProxy` parameter. [3526](https://github.com/deckhouse/deckhouse/pull/3526)
If there is the `ClusterConfiguration.proxy` parameter configured, it is highly important to configure the `noProxy` parameter with your Nodes CIDRs.
- **[prometheus]** Fixed token-based authentication between Trickster and Prometheus. [3519](https://github.com/deckhouse/deckhouse/pull/3519)
- **[prometheus]** Fix remoteWrite tlsConfig render. [3510](https://github.com/deckhouse/deckhouse/pull/3510)
- **[registrypackages]** Install flannel `1.1.2` binary to CentOS for `kubernetes-cni` newer than `0.9.1` due to missing flannel binary. [3503](https://github.com/deckhouse/deckhouse/pull/3503)
- **[user-authn]** OIDC insecure userInfo endpoint. [3501](https://github.com/deckhouse/deckhouse/pull/3501)


See [CHANGELOG v1.42](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.42.md) for more details.

Fixes


- **[global-hooks]** Fixes in cluster configuration migration process and proxy template for EKS cluster installation. [3381](https://github.com/deckhouse/deckhouse/pull/3381)


See [CHANGELOG v1.42](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.42.md) for more details.

Fixes


- **[node-manager]** Increase early-oom PSI threshold to 30 (from 5). [3427](https://github.com/deckhouse/deckhouse/pull/3427)
- **[user-authn]** Fix insecure OIDC Ca patch. [3439](https://github.com/deckhouse/deckhouse/pull/3439)

Chore


- **[candi]** Temporary disable `seccomp` for `kube-controller-manager`. [3426](https://github.com/deckhouse/deckhouse/pull/3426)
- **[candi]** Support for the Standard layout in Yandex Cloud. [3411](https://github.com/deckhouse/deckhouse/pull/3411)


See [CHANGELOG v1.42](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.42.md) for more details.

Fixes


- **[istio]** Replace CA for the Ingress validation of api-proxy, fix kiali `ClusterRole`. [3395](https://github.com/deckhouse/deckhouse/pull/3395)
- **[vertical-pod-autoscaler]** Setting `admissionReviewVersions` to `v1` in mutating webhook. [3397](https://github.com/deckhouse/deckhouse/pull/3397)

Chore


- **[monitoring-deckhouse]** Add an alert about deprecated OS versions. [3405](https://github.com/deckhouse/deckhouse/pull/3405)


See [CHANGELOG v1.42](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.42.md) for more details.