Deckhouse

Fixes


- **[deckhouse-config]** Apply defaults before spec.settings validation. [3206](https://github.com/deckhouse/deckhouse/pull/3206)
- **[ingress-nginx]** Fix manual pods rollout for `HostPort` inlet. [3207](https://github.com/deckhouse/deckhouse/pull/3207)
- **[node-manager]** Fix node-group template generation when `minPerZone==0` and capacity is not set. [3222](https://github.com/deckhouse/deckhouse/pull/3222)


See [CHANGELOG v1.41](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.41.md) for more details.

The following components will be restarted during the update from the Deckhouse 1.40
- ceph-csi
- prometheus

The following modules will be restarted during the update if a proxy server is used in the cluster
> A proxy server is used in the cluster if the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables are set.
- cloud-provider-yandex
- image-availability-exporter
- linstor
- snapshot-controller

Component version updates:
- CSI driver (cloud-provider-vsphere module): `v2.5.4`
- Ceph CSI: `v3.7.2`

Important update notes:
Editing the deckhouse ConfigMap is no longer possible due to switching to the new Deckhouse configuration mechanism.

Major changes:
- **The new Deckhouse configuration mechanism has been implemented.**
The global Deckhouse configuration and module configurations are now stored in `ModuleConfig` resources. The former method of configuring Deckhouse via the `deckhouse` ConfigMap is no longer available. See the [documentation](https://deckhouse.io/documentation/v1.41/) for more information about the new configuration method.
- Basic authentication using the `auth.password` parameter is no longer supported (use the [user-auth](https://deckhouse.io/documentation/v1.41/modules/150-user-authn/) module to restrict access). This change affects `cilium-hubble`, `dashboard`, `deckhouse-web`, `istio`, `openvpn`, `prometheus`, and `upmeter` modules.
- The standby node allocation mechanism has been improved.
- It is now possible to disable creating `letsencrypt` and `letsencrypt-staging` ClusterIssuer resources (use the [disableLetsencrypt](https://deckhouse.io/documentation/v1.41/modules/101-cert-manager/configuration.html#parameters-disableletsencrypt) parameter to do so).
- [The instruction](https://deckhouse.io/documentation/v1.41/deckhouse-faq.html#nexus) for configuring Nexus in docker registry proxy mode have been updated.
- The Grafana *homepage* has been updated. Some items have been redesigned; information about the update channel used, the update windows, and the depth of Prometheus metrics collection has been added:

See [CHANGELOG v1.41](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.41.md) for more details.

Fixes


- **[node-manager]** Fix `cluster-autoscaler` configMap generation when a few node groups have the same priority. [3062](https://github.com/deckhouse/deckhouse/pull/3062)


See [CHANGELOG v1.40](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.40.md) for more details.

Fixes


- **[candi]** Changed desired kernel version to 5.11.0-46-generic for Ubuntu 20.04. [3043](https://github.com/deckhouse/deckhouse/pull/3043)
- **[monitoring-applications]** Fix the discovery hook for the `monitoring-applications` module. [3044](https://github.com/deckhouse/deckhouse/pull/3044)


See [CHANGELOG v1.40](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.40.md) for more details.

Fixes


- **[monitoring-kubernetes-control-plane]** Port to listen changed to 8008 because it is already used by the ingress-nginx module. [3019](https://github.com/deckhouse/deckhouse/pull/3019)


See [CHANGELOG v1.40](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.40.md) for more details.