Major changes:
- Deckhouse EE now features an administrator web interface. You can enable it using the following command:
shell
kubectl -n d8-system exec deploy/deckhouse -c deckhouse -- deckhouse-controller module enable deckhouse-admin
Note that the administrator web interface is only available in clusters that use `registry.deckhouse.io`.
- `admission-policy-engine`, `extended-monitoring`, `log-shipper`, `loki`, `monitoring-kubernetes`, `prometheus`, `prometheus-metrics-adapter`, and `runtime-audit-engine` modules have been switched to distroless images. This increases module security and reduces the attack surface.
- The new [namespaceSelector](https://deckhouse.io/documentation/v1.51/modules/140-user-authz/cr.html#clusterauthorizationrule-v1-spec-namespaceselector) parameter of the _ClusterAuthorizationRule_ resource replaces the deprecated [allowAccessToSystemNamespaces](https://deckhouse.io/documentation/v1.51/modules/140-user-authz/cr.html#clusterauthorizationrule-v1-spec-allowaccesstosystemnamespaces) and [limitNamespaces](https://deckhouse.io/documentation/v1.51/modules/140-user-authz/cr.html#clusterauthorizationrule-v1-spec-limitnamespaces) parameters. The _namespaceSelector_ parameter limits the list of namespaces available to the user/group.
- The [minimalNotificationTime](https://deckhouse.io/documentation/v1.51/modules/002-deckhouse/configuration.html#parameters-update-notification-minimalnotificationtime) parameter now allows you to defer applying Deckhouse minor updates for a set amount of time. Previously, minimalNotificationTime could only be used if the [webhook URL](https://deckhouse.io/documentation/v1.51/modules/002-deckhouse/configuration.html#parameters-update-notification-webhook) was provided, but now it can be used independently. This might come in handy if you want a new Deckhouse version to be applied with a certain delay after the information about it becomes available in the release channel (a [DeckhouseRelease](https://deckhouse.io/documentation/v1.51/modules/002-deckhouse/cr.html#deckhouserelease) custom resource will be automatically created in the cluster). This will give you time to decide whether you should prepare for the upgrade, postpone it, or apply it immediately. The parameter has no effect on patch updates.
- Minor Deckhouse updates are now applied incrementally. Previously, it was possible to skip minor versions when changing the update mode or release channel.
The following components will be restarted during the update:
- **Kubernetes control plane**
- **Ingress Controller**
- `cert-manager`
- `cloud-provider-aws`: `cloud-controller-manager`, `cloud-data-discoverer`
- `cloud-provider-azure`: `cloud-controller-manager`, `cloud-data-discoverer`
- `cloud-provider-gcp`: `cloud-data-discoverer`
- `cloud-provider-openstack`: `cloud-controller-manager`, `cloud-data-discoverer`
- `cloud-provider-vsphere`: `cloud-controller-manager`
- `cloud-provider-yandex`: `cloud-controller-manager`, `cloud-metrics-exporter`
- `cni-cilium`
- `cni-flannel`
- `containerized-data-importer`
- `documentation`
- `extended-monitoring`
- `kube-proxy`
- `log-shipper`
- `loki`
- `metallb`: `speaker`
- `monitoring-kubernetes`
- `node-manager`: `bashible-apiserver`, `cluster-autoscaler`
- `operator-trivy`
- `operator-prometheus`
- `prometheus`
- `prometheus-metrics-adapter`
- `runtime-audit-engine`
- `terraform-manager`
- `user-authz`: `webhook`
- `user-authn`: `kubeconfig-generator`
- `virtualization`
Component version updates:
- Kubernetes control plane: `1.24.17`, `1.25.13`, `1.26.8`, `1.27.5`
- `operator-trivy`: `0.44.0`
See [CHANGELOG v1.51](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.51.md) for more details.