The following components will be restarted during the update from the Deckhouse 1.32
* Prometheus/Grafana
* Kubernetes 1.19, 1.21, and 1.22 Control Plane components
* v0.33+ Ingress controllers
* kube-dns
* openvpn
* bashible-apiserver
* cert-manager
* chrony
* cluster-autoscaler
* cloud-provider-aws
* cloud-provider-azure
* cloud-provider-gcp
* cloud-provider-vsphere
* cloud-provider-yandex
* cni-flannel
* cni-simple-bridge
* dashboard
* descheduler
* extended-monitoring
* istio
* kube-proxy
* local-path-provisioner
* machine-controller-manager
* metallb
* monitoring-kubernetes
* network-policy-engine
* node-local-dns
* operator-prometheus
* pod-reloader
* prometheus-metrics-adapter
* prometheus-pushgateway
* snapshot-controller
* terraform-manager
* user-authn (dex-authenticator)
* vertical-pod-autoscaler
Component version updates
* containerd: v1.5.11
* CoreDNS: v1.9.1
* Dasboard: 2.5.1
* flannel: 0.15.1
* Grafana: 8.5.2 (including statusmap 0.5.1)
* Istio control-plane: 1.12, 1.13
* Alpine Linux for the underlying components images: 3.12.12
Important update notes:
* Components based on the Alpine image will be restarted due to its update. For most components, restarting does not affect the performance of applications in the cluster and should be seamless. On the other hand, restarting the following components may affect the performance of the cluster:
* Restarting Ingress controllers (versions 0.33 and higher) will result in terminating long-lived connections or WebSockets.
* Restarting the Kubernetes control plane will result in the API server becoming temporarily unavailable. This may cause the cluster management tools (kubectl, Dashboard) to become temporarily non-functional.
* Restarting the openvpn module will result in terminating OpenVPN sessions and reconnecting clients.
* Restarting the monitoring components will cause Grafana to be temporarily unavailable; some graphs will have no data for the restart period unless Prometheus is running in high availability mode.
* Restarting kube-dns may increase response time to DNS queries.
* Versions 0.25 and 0.26 of the Ingress controller can no longer be used in the cluster. The automatic update to Deckhouse 1.33 will be blocked if obsolete versions of the Ingress controller are used. Note that if a manual Deckhouse update is forced on the cluster, the Ingress controller will become inoperative.
* Manual migration from the deprecated annotation `service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"` to the field `spec.publishNotReadyAddresses: true` is required. If the migration is not completed, service discovery (via DNS) mechanisms would cease to function for not ready endpoints.
Major changes
* Support for Kubernetes 1.23.
* Support for Ubuntu 22.04 LTS as a node OS.
* The latest Grafana 8.5 (includes the updated statusmap 0.5.1 plugin).
* Update of linstor components.
* DexProvider for Gitlab supports working with refresh tokens, and this allows you to use the user-auth module with GitLab version 15.
* A new [cni-cilium](https://deckhouse.io/en/documentation/latest/modules/021-cni-cilium/) module enables a [Cilium](https://cilium.io/)-based networking in the Kubernetes cluster.
* Cilium supports Network Policy for managing access between applications within a cluster as well as defining network policies at the host level.
* Enabling the cilium module activates the [cilium-hubble](https://deckhouse.io/en/documentation/latest/modules/500-cilium-hubble/) module that provides Hubble, a networking and security observability platform.
* Note that migration of clusters using cni-flannel or cni-simple-bridge modules to Cilium is not yet possible.
* The [keepalived](https://deckhouse.io/en/documentation/latest/modules/450-keepalived/) and [network-gateway](https://deckhouse.io/en/documentation/latest/modules/450-network-gateway/) modules are now available in Deckhouse Enterprise Edition.
* The following modules have been included in the Deckhouse Community Edition and are now available for use:
* [extended-monitoring](https://deckhouse.io/en/documentation/latest/modules/340-extended-monitoring/) (enabled by default in the Default bundle);
* [namespace-configurator](https://deckhouse.io/en/documentation/latest/modules/600-namespace-configurator/) (enabled by default in the Default bundle);
* [okmeter](https://deckhouse.io/en/documentation/latest/modules/500-okmeter/) (an [Okmeter](https://okmeter.io/) license is required for use);
* [openvpn](https://deckhouse.io/en/documentation/latest/modules/500-openvpn/);
* [secret-copier](https://deckhouse.io/en/documentation/latest/modules/600-secret-copier/).
* Commands have been added to the Deckhouse container to make it easier to edit the cluster configuration. The additional information is available in the [documentation](https://deckhouse.io/en/documentation/latest/deckhouse-faq.html#how-do-i-change-the-configuration-of-a-cluster).
* Public Kubernetes control plane images are no longer used if a cluster is deployed using Deckhouse. All the required images, including the Kubernetes control plane images, are pulled from a single container registry. By default, the registry.deckhouse.io geo-distributed container registry is used, but you can use your own (e.g., if your environments are private). This installation mode was available before and has been tested; the only difference is that it is now used by default.
* Improvements to the log-shipper module:
* The new [rateLimit](https://deckhouse.io/en/documentation/v1.33.0/modules/460-log-shipper/cr.html#clusterlogdestination-v1alpha1-spec-ratelimit) parameter in the `ClusterLogsDestination` custom resource lets you limit the number of transmitted log records per minute and thus prevent flooding the storage with too many logs.
* The module now supports filtering by resource labels (regular expressions are supported). For example, you can use this function to discard messages from a particular container/Pod with or without some label.
* The number of metrics sent by log collection and shipping agents has been optimized, reducing the load on Prometheus.
* Support for the UDP protocol in openvpn will, in some cases, increase the VPN speed.
* You can now use tokens when sending metrics to remote storage via the Prometheus remote write.
* The underlying Alpine image has been updated to fix the [CVE-2022-0778](https://www.cve.org/CVERecord?id=CVE-2022-0778) vulnerability.
* Istio module enhancements:
* Simplified control-plane version control system including automatic patch-versions update.
* New parameter [holdApplicationUntilProxyStarts](https://deckhouse.io/en/documentation/v1.33.0/modules/110-istio/configuration.html#parameters-proxyconfig-holdapplicationuntilproxystarts) which guarantees that istio sidecar starts before application container.
* New parameter [enableHTTP10](https://deckhouse.io/en/documentation/v1.33.0/modules/110-istio/configuration.html#parameters-enablehttp10) to allow HTTP/1.0 requests handling.
See [CHANGELOG v1.33](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.33.md) for more details.