The following components will be restarted during the update from the Deckhouse 1.37
- Kubernetes Control Plane components
- log-shipper
- openvpn
- Prometheus
- user-authn
Component version updates
- log-shipper/vector: `0.24.2`
- dex: `2.35`
Major changes
- The new **[admission-policy-engine](https://deckhouse.io/en/documentation/latest/modules/015-admission-policy-engine/)** module allows you to use security policies in the cluster namespace according to the Kubernetes [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/). To apply a policy, it is enough to set a label `security.deckhouse.io/pod-policy=<POLICY_NAME>` to the corresponding namespace.
- Code refactoring has been conducted to prepare for storing Deckhouse module configurations in separate custom resources instead of using the `deckhouse` ConfigMap. The feature is expected to be introduced in the next release.
- Validation of the [publicDomainTemplate](https://deckhouse.io/en/documentation/v1/deckhouse-configure-global.html#parameters-modules-publicdomaintemplate) parameter has been added.
- Fixes have been made to the `Kubernetes / Ingress Nginx Controllers` and `Kubernetes / Ingress Nginx Controller Details` Grafana dashboards.
- Automatic volume expansion in Prometheus has been removed because it failed to work as expected.
- The `tlsMode` parameter has been removed in the [istio](https://deckhouse.io/en/documentation/latest/modules/110-istio/configuration.html) module.
See [CHANGELOG v1.38](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.38.md) for more details.