Deckhouse

The following components will be restarted during the update from the Deckhouse 1.42
- the `containerd` service
- `basic-auth`
- `chrony`
- `cilium-hubble`
- `cloud-provider-aws`
- `cloud-provider-azure`
- `cloud-provider-gcp`
- `cloud-provider-openstack`
- `cloud-provider-vsphere`
- `cloud-provider-yandex`
- `cni-cilium`
- `control-plane-manager`
- `dashboard`
- `deckhouse`
- `deckhouse-web`
- `extended-monitoring`
- `flant-integration`
- `ingress-nginx`
- `istio`
- `keepalived`
- `kube-dns`
- `kube-proxy`
- `linstor`
- `log-shipper`
- `metallb`
- `monitoring-kubernetes`
- `monitoring-ping`
- `network-gateway`
- `node-local-dns`
- `node-manager`
- `openvpn`
- `prometheus`
- `registrypackages`
- `terraform-manager`
- `upmeter`
- `user-authn`
- `user-authz`

Component version updates:
- Gatekeeper (the `admission-policy-engine` module): `3.10.0`
- `containerd: `1.6.14`
- `cilium`: `1.11.12`
- `cilium-hubble`: `0.9.5`
- `linstor`: `1.20.3`
- `shell-operator`: `1.1.3`

Major changes:

- **The new [virtualization](https://deckhouse.io/documentation/v1.43/modules/490-virtualization/) module** makes it possible to declaratively manage virtual machines on bare-metal servers. Using virtual machines is now as easy as using Pods in Kubernetes. All you have to do is create the [appropriate custom resource](https://deckhouse.io/documentation/v1.43/modules/490-virtualization/cr.html). Note that the [cni-cilium](https://deckhouse.io/documentation/v1.43/modules/021-cni-cilium/) module must be enabled for the virtualization module to work.
- The NodeGroup's new [quickShutdown](https://deckhouse.io/documentation/v1.43/modules/040-node-manager/cr.html#nodegroup-v1-spec-cloudinstances-quickshutdown) parameter cuts the node's drain time to just 5 minutes.
- Several base module images have been updated to fix known vulnerabilities (CVEs).
- Outdated `certmanager.k8s.io/*` annotations of the [cert-manager](https://deckhouse.io/documentation/v1.43/modules/101-cert-manager/) module are no longer supported.

See [CHANGELOG v1.43](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.43.md) for more details.

Fixes


- **[prometheus]** Fix Alertmanager CA file (caused Unauthorized error). [3723](https://github.com/deckhouse/deckhouse/pull/3723)


See [CHANGELOG v1.42](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.42.md) for more details.

Fixes


- **[istio]** Switching default iptables in proxyv2 to iptables-legacy (after switching from Debian to Ubuntu). [3579](https://github.com/deckhouse/deckhouse/pull/3579)


See [CHANGELOG v1.42](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.42.md) for more details.

Know before the update


- If there is the `ClusterConfiguration.proxy` parameter configured, it is highly important to configure the `noProxy` parameter with your Nodes CIDRs.

Fixes


- **[candi]** Force `libseccomp2` installation while containerd install/update (due to issue https://github.com/containerd/containerd/discussions/6577). [#3504](https://github.com/deckhouse/deckhouse/pull/3504)
- **[docs]** Clarify usage of the `noProxy` parameter. [3526](https://github.com/deckhouse/deckhouse/pull/3526)
If there is the `ClusterConfiguration.proxy` parameter configured, it is highly important to configure the `noProxy` parameter with your Nodes CIDRs.
- **[prometheus]** Fixed token-based authentication between Trickster and Prometheus. [3519](https://github.com/deckhouse/deckhouse/pull/3519)
- **[prometheus]** Fix remoteWrite tlsConfig render. [3510](https://github.com/deckhouse/deckhouse/pull/3510)
- **[registrypackages]** Install flannel `1.1.2` binary to CentOS for `kubernetes-cni` newer than `0.9.1` due to missing flannel binary. [3503](https://github.com/deckhouse/deckhouse/pull/3503)
- **[user-authn]** OIDC insecure userInfo endpoint. [3501](https://github.com/deckhouse/deckhouse/pull/3501)


See [CHANGELOG v1.42](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.42.md) for more details.

Fixes


- **[global-hooks]** Fixes in cluster configuration migration process and proxy template for EKS cluster installation. [3381](https://github.com/deckhouse/deckhouse/pull/3381)


See [CHANGELOG v1.42](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.42.md) for more details.