Changelog v1.46

The following components will be restarted during the update from the Deckhouse v1.45

The runtime-audit-engine module requires a Linux kernel version 5.8 or later.
RBAC changes. Write permissions (for namespace, limitrange, resourcequota, role and clusterrole objects) for accessLevel Editor, Admin and ClusterEditor specified in CR ClusterAuthorizationRule have been restricted (more...).
The obsolete extended-monitoring.flant.com/enabled (the extended-monitoring module) annotations have been replaced with the extended-monitoring.deckhouse.io/enabled: "" labels. Please switch to them as soon as possible.

The new namespaced scope AuthorizationRule custom resource allows you to manage RBAC within a specific namespace.
You can now browse alerts in a cluster without the web interface. Information about active alerts can now be viewed not only in the Grafana/Prometheus web interface, but also in the CLI. This can be useful, for example, if you only have access to the cluster API server and can't open the Grafana/Prometheus web interface (more...).
The documentation domain has changed from deckhouse to documentation (the FQDN is derived from the publicDomainTemplate parameter). The deckhouse-web module has also been renamed to documentation.
A dashboard has been added to the Security directory of Grafana with a summary report on cluster compliance with CIS Kubernetes Benchmark practices. You can also get detailed information about the resources which failed the CIS checks.
By statically building the Kubernetes components used in Deckhouse, we've minimized potential problems when running them in various distributions.

See CHANGELOG v1.46 for more details.