Deckhouse

Fixes


- **[node-manager]** Updated govmomi to the latest version so that VMs with Networks under Distributed Virtual Switch can be created. [2444](https://github.com/deckhouse/deckhouse/pull/2444)

Chore


- **[node-manager]** Clarify master NodeGroup cri change. [2525](https://github.com/deckhouse/deckhouse/pull/2525)


See [CHANGELOG v1.36](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.36.md) for more details.

Features


- **[docs]** Added the `How to install?` section on the site. [2367](https://github.com/deckhouse/deckhouse/pull/2367)

Fixes


- **[istio]** Fix default `tlsMode` behavior. [2479](https://github.com/deckhouse/deckhouse/pull/2479)
- **[linstor]** Fix linstor-affinity-controller leader election. [2489](https://github.com/deckhouse/deckhouse/pull/2489)
- **[log-shipper]** Ignore pipelines without destinations. [2480](https://github.com/deckhouse/deckhouse/pull/2480)
- **[monitoring-kubernetes]** Check current `node_memory_SUnreclaim_bytes` in the `NodeSUnreclaimBytesUsageHigh` alert. [2510](https://github.com/deckhouse/deckhouse/pull/2510)
- **[monitoring-kubernetes]** Better way to ignore kubelet mounts for node-exporter. [2427](https://github.com/deckhouse/deckhouse/pull/2427)
- **[node-manager]** Fail early-oom gracefully with a helpful log message and a low-severity alert if PSI subsystem is unavailable. [2451](https://github.com/deckhouse/deckhouse/pull/2451)
- **[node-manager]** Fixed a bug with spot Machine deletion in Yandex.Cloud. It now correctly deletes machines in 15 minute intervals. [2394](https://github.com/deckhouse/deckhouse/pull/2394)
- **[upmeter]** Fix non-working statuspage by removing hardcoded localhost in backend URL [2499](https://github.com/deckhouse/deckhouse/pull/2499)

Chore


- **[cni-cilium]** Reverted bpf masquerading mode for all cilium installations except in OpenStack.
Set `rp_filter` to 0 for all interfaces in the `sysctl_tuner` script. [2481](https://github.com/deckhouse/deckhouse/pull/2481)


See [CHANGELOG v1.36](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.36.md) for more details.

Fixes


- **[deckhouse]** Fix stucked `DeckhouseUpdating` alert during the deckhouse update process. [2472](https://github.com/deckhouse/deckhouse/pull/2472)


See [CHANGELOG v1.36](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.36.md) for more details.

Fixes


- **[deckhouse]** Fix panic in a release tracking during the deckhouse update process. [2465](https://github.com/deckhouse/deckhouse/pull/2465)


See [CHANGELOG v1.36](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.36.md) for more details.

Fixes


- **[cni-cilium]** Fix cilium mode for static clusters. [2452](https://github.com/deckhouse/deckhouse/pull/2452)
`cilium-agents` will be restarted.
- **[snapshot-controller]** Fix `maxSurge` for `snapshot-validation-webhook`. [2450](https://github.com/deckhouse/deckhouse/pull/2450)


See [CHANGELOG v1.36](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.36.md) for more details.

Component version updates:
- DRBD (linstor): `9.1.9`
- Istio: `1.13.7`
- kube-state-metric: `2.6.0`
- Vector (log-shipper): `0.23.3`

Important update notes
- All Ingress Nginx controllers with a not-specified version will upgrade to version `1.1`.
- Ingress Nginx controllers will restart.
- Deckhouse system controllers can be restarted due to new VPA settings.
- etcd Pods will restart and trigger leader elections. It will affect Kubernetes API performance until all the etcd Pods use the new configuration.
- Removed support of Kubernetes 1.19. You need to migrate to Kubernetes 1.20+ to upgrade Deckhouse to release 1.36.

Major changes
- Kubernetes 1.24 support.
- End of Kubernetes 1.19 support. To upgrade Deckhouse to version 1.36 in a Kubernetes 1.19 cluster, you must first upgrade Kubernetes to version 1.20 or higher.
- The default version of the Ingress controller has been changed. Now, it is version 1.1 (it was version 0.33). All Ingress controllers where the version was not explicitly specified in the configuration will be updated to version 1.1.
- Validation of Ingress rules is enabled by default in the Ingress controller version 1.1 (you can disable it using the [validationEnabled](https://deckhouse.io/en/documentation/v1/modules/402-ingress-nginx/cr.html#ingressnginxcontroller-v1-spec-validationenabled) parameter).
- It is now possible to configure Deckhouse update notifications via webhook (in the [update.notification](https://deckhouse.io/en/documentation/latest/modules/002-deckhouse/configuration.html#parameters-update-notification) section of the deckhouse module).
- Big update to the Capacity Planning Dashboard (Main -> Capacity Planning). Even more useful information.
- [Changed](https://github.com/deckhouse/deckhouse/pull/1918) VPA parameters and `requests/limits` values of Deckhouse components. The new [modules.resourcesRequests.controlPlane](https://deckhouse.io/en/documentation/latest/deckhouse-configure-global.html#parameters-modules-resourcesrequests-controlplane) parameter (instead of deprecated `everyNode` and `masterNode` parameters).
- Added a graph on the number of nodes in the dashboard Nodes (reflects the process of scaling the cluster).
- Log-shipper:
- Improved performance and memory leak fixes.
- Filters by namespaces and Pods.
- Fixes in [cni-cilium](https://deckhouse.io/en/documentation/latest/modules/021-cni-cilium/) module.
- Fixes and updates in [istio](https://deckhouse.io/en/documentation/latest/modules/110-istio/) module.
- After the update, the `D8IstioDataPlaneVersionMismatch` alert will appear. Recreate all workloads so that the sidecar runs with the current version to resolve the alert.

See [CHANGELOG v1.36](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.36.md) for more details.