Deckhouse

Fixes


- **[candi]** Send bootstrap logs from cluster-api static instances. [6252](https://github.com/deckhouse/deckhouse/pull/6252)
- **[candi]** Fix CAPI kubeconfig hook, which cannot work on fresh installations. [6252](https://github.com/deckhouse/deckhouse/pull/6252)
- **[candi]** Removed `shortNames` from CAPI CRDs. [6252](https://github.com/deckhouse/deckhouse/pull/6252)
- **[cloud-provider-vsphere]** Fix slugification datastore names containing hyphens. [6286](https://github.com/deckhouse/deckhouse/pull/6286)
- **[linstor]** Changed the method of loading DRBD kernel module on the nodes with active LINSTOR satellites. [6278](https://github.com/deckhouse/deckhouse/pull/6278)

Chore


- **[user-authz]** Add missing multitenancy constraint for cluster authorization rules. Fixes user validation webhook. [6256](https://github.com/deckhouse/deckhouse/pull/6256)


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.53.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.53.0).

Major changes

- **Support for Kubernetes 1.28.**
- **Kubernetes 1.23 is no longer supported**. Deckhouse will not update if the Kubernetes version in the cluster is 1.23.
- The _cert-manager_, _descheduler_, _pod-reloader_, _metallb_, as well as _vertical-pod-autoscaler_ components and cloud provider modules, now use distroless images. This increases module security and reduces the attack surface.

The following components will be restarted during the update
- Kubernetes control plane
- Ingress Controller
- cert-manager
- chrony
- cloud-provider-aws
- cloud-provider-azure
- cloud-provider-gcp
- cloud-provider-openstack
- cloud-provider-vsphere
- cloud-provider-yandex
- control-plane-manager
- descheduler
- kube-proxy
- metallb
- node-manager
- operator-trivy
- pod-reloader
- pod-reloader
- report-updater (operator-trivy)
- user-authn
- vertical-pod-autoscaler

See [CHANGELOG v1.53](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.53.md) for more details.

Fixes


- **[candi]** Fix deckhouse containerd start after installing new containerd-deckhouse package. [6329](https://github.com/deckhouse/deckhouse/pull/6329)


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.52.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.52.0).

Fixes


- **[extended-monitoring]** Fix extended monitoring rules for node disk usage. [6227](https://github.com/deckhouse/deckhouse/pull/6227)
- **[linstor]** Changed the method of loading DRBD kernel module on the nodes with active LINSTOR satellites. [6288](https://github.com/deckhouse/deckhouse/pull/6288)


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.52.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.52.0).

Fixes


- **[candi]** Allow underscore in `httpProxy` and `httpsProxy` settings. [6216](https://github.com/deckhouse/deckhouse/pull/6216)
- **[linstor]** Changes in controller liveness probe. [6203](https://github.com/deckhouse/deckhouse/pull/6203)


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.52.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.52.0).