Deckhouse

Fixes


- **[ingress-nginx]** Fix RBAC rules for `kruise-controller`. [4353](https://github.com/deckhouse/deckhouse/pull/4353)


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.45.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.45.0).

Fixes


- **[cloud-provider-gcp]** Disabled Node IPAM in GCP CCM that conflicted with kube-controller-manager's IPAM controller. [4110](https://github.com/deckhouse/deckhouse/pull/4110)
- **[extended-monitoring]** Fix RBAC rules for `image-availability-exporter`. [4346](https://github.com/deckhouse/deckhouse/pull/4346)


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.45.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.45.0).

All Deckhouse components will be restarted during the release update.

Important update notes
- Kubernetes 1.21 support has been discontinued.
- The [operator-trivy](https://deckhouse.io/documentation/v1/modules/500-operator-trivy/) module is no longer available in Community Edition.
- The terraform provider for [cloud-provider-aws](https://deckhouse.io/documentation/v1.45/modules/030-cloud-provider-aws/environment.html#json-policy) module was bumped to `4.50.0`, therefore there are new requirements for deckhouse IAM user in AWS. It is necessary to add the allowed actions below:
- `ec2:DescribeInstanceTypes`
- `ec2:DescribeSecurityGroupRules`

Major changes
- **Support for Kubernetes 1.26** has been added, and support for Kubernetes 1.21 has been removed.
- **The new [loki](https://deckhouse.io/documentation/v1.45/modules/462-loki/) module** deploys Grafana Loki-based log storage and configures Deckhouse components to work with it.
- The Nginx Ingress controller update mechanism has been improved thanks to the use of [OpenKruise](https://github.com/deckhouse/deckhouse/pull/4124) advanced DaemonSet. This will prevent occasional downtimes that might otherwise occur.
- The Nginx Ingress Controller 1.6 has been added (it is based on Nginx `1.21.6`). Please check the [list of important changes](https://github.com/deckhouse/deckhouse/pull/3923)…
- For better security, Deckhouse components now use the checksum instead of the image tag when referencing the container image.
- It is now easier to disable or enable modules:
shell
kubectl -ti -n d8-system exec deploy/deckhouse -- deckhouse-controller module disable deckhouse-web

- The **[descheduled](https://deckhouse.io/documentation/v1.45/modules/400-descheduler/)** module configuration is now carried out via the [Descheduler](https://deckhouse.io/documentation/v1.45/modules/400-descheduler/cr.html#descheduler) custom resource. The existing configuration will be automatically converted.
- The **[log-shipper](https://deckhouse.io/documentation/v1.45/modules/460-log-shipper/)** module now provides options to use a [buffer](https://deckhouse.io/documentation/v1.45/modules/460-log-shipper/cr.html#clusterlogdestination-v1alpha1-spec-buffer), a [rate limit](https://deckhouse.io/documentation/v1.45/modules/460-log-shipper/cr.html#clusterlogdestination-v1alpha1-spec-ratelimit), as well as an arbitrary regex pattern for parsing multiline logs (spec.multilineParser.custom parameter in [ClusterLoggingConfig](https://deckhouse.io/documentation/v1.45/modules/460-log-shipper/cr.html#clusterloggingconfig) and [PodLoggingConfig](https://deckhouse.io/documentation/v1.45/modules/460-log-shipper/cr.html#podloggingconfig)).
- The **[virtualization](https://deckhouse.io/documentation/v1.45/modules/490-virtualization/)** module has been updated, which has greatly improved its stability.
- The design of the authentication page in the **[user-auth](https://deckhouse.io/documentation/v1/modules/150-user-authn/)** module has been [updated](https://github.com/deckhouse/deckhouse/pull/4305).
- A dashboard for cilium has been added to Grafana:


Component version updates
- Cilium: `1.12.8`
- Terraform provider (cloud-provider-aws): `4.50.0`
- Dashboard: `2.7.0`
- Kubernetes control plane: `1.23.17`, `1.24.13`, `1.25.9`, `1.26.4`
- Kubevirt: `0.59.0`
- LINSTOR: `1.21.0`
- Vector (log-shipper): `0.28.1`


See [CHANGELOG v1.45](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.45.md) for more details.

Fixes


- **[log-shipper]** Fix throttling alert labels. [4222](https://github.com/deckhouse/deckhouse/pull/4222)


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.44.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.44.0).

Fixes


- **[deckhouse-config]** Remove `nodeSelector` for `deckhouse-config-webhook`. [4192](https://github.com/deckhouse/deckhouse/pull/4192)
- **[deckhouse-config]** Temporarily set the `Recreate` strategy for `deckhouse-config-webhook` Deployment. [4191](https://github.com/deckhouse/deckhouse/pull/4191)
- **[prometheus]** Fix the time interval for Prometheus longterm. [4174](https://github.com/deckhouse/deckhouse/pull/4174)
- **[virtualization]** Fix nil pointer exception and `volumeAttachments` status. [4164](https://github.com/deckhouse/deckhouse/pull/4164)


For more information, see the [changelog](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.44.md) and minor version [release changes](https://github.com/deckhouse/deckhouse/releases/tag/v1.44.0).