Major changes
* **The *delivery* module has been removed.** DKP will not proceed with the update if the *delivery* module is enabled in the cluster.
* **Support for Ingress controller version 1.6 has been discontinued.** The minimum supported version is 1.9.
* The **ceph-csi** module is **no longer being developed**. The module is considered deprecated. It is recommended to replace the *ceph-csi* module with the [csi-ceph](https://github.com/deckhouse/csi-ceph) module.
* Support for OpenSuse has been added.
* New configuration options for the DKP [update mode](https://deckhouse.ru/products/kubernetes-platform/documentation/v1.65/modules/002-deckhouse/configuration.html#parameters-update-mode) have been added. In `Manual` mode, confirmation is now also required for patch versions. If you need to apply patch versions automatically but confirm the update of minor versions, use `AutoPatch` mode.
* The status of the *DeckhouseRelease* resource now contains either the exact time when the new version was applied (previously, it could differ from the actual time) or a command to confirm the update.
* A check to see if the [project](https://deckhouse.io/products/kubernetes-platform/documentation/v1.65/modules/160-multitenancy-manager/cr.html#project) conforms to the [project template](https://deckhouse.io/products/kubernetes-platform/documentation/v1.65/modules/160-multitenancy-manager/cr.html#projecttemplate) has been added.
* DKP now automatically creates etcd database backups once a day (at 00:00 UTC). The result is saved in `/var/lib/etcd/etcd-backup.snapshot` directory on all master nodes.
* A new *[iamNodeRole](https://deckhouse.io/products/kubernetes-platform/documentation/v1.65/modules/030-cloud-provider-aws/cluster_configuration.html#awsclusterconfiguration-iamnoderole)* parameter for the AWS provider has been added. It allows you to use a custom IAM role for a node instead of the role created by DKP. This may come in handy, for example, if you need to add more permissions to the IAM node role (e. G., to enable ECR access, etc.).
* A new *[nameservers](https://deckhouse.io/products/kubernetes-platform/documentation/v1.65/modules/030-cloud-provider-azure/cluster_configuration.html#azureclusterconfiguration-nameservers)* parameter has been added for the Azure provider. It allows you to specify a list of DNS servers used on nodes.
* `dhctl converge` now migrates master nodes fully automatically, even when transitioning to a cluster with a single master node. Previously, manual actions might have been required.
Security
* It is forbidden to modify resources created by DKP (they have the `heritage: deckhouse `label).
* Support for scanning images in repositories that use insecure connections or self-signed certificates has been added.
* Openvpn and documentation modules, as well as part of the istio module components, now use distroless images.
Component version updates
- kruise-controller-manager (ingress-nginx): 1.7.2
- addon-operator: 1.5.0
- containerd: 1.7.20
- cilium: 1.14.14
- openvpn: 2.6.12
A list of internal modules or their components that will be restarted during the upgrade
- Ingress controller
- bashible-apiserver
- capi-controller-manager
- cert-manager
- cilium
- cilium-hubble
- containerd
- control-plane-manager
- d8-kube-proxy
- dashboard
- deckhouse
- documentation
- grafana
- istio
- kruise-controller-manager
- metrics-scraper
- openvpn
- prometheus
- upmeter
- user-authn
See [CHANGELOG v1.65](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.65.md) for more details.