Changelog v1.46
The following components will be restarted during the update from the Deckhouse v1.45
- Kubernetes Control Plane components
- Prometheus/Grafana
cni-cilium
cni-flannel
early-oom
(thenode-manager
module)image-availability8-exporter
(theextended-monitoring
module)kube-dns
kube-proxy
linstor
log-shipper
monitoring-kubernetes
openvpn
operator-trivy
runtime-audit-engine
Important update notes
- The runtime-audit-engine module requires a Linux kernel version
5.8
or later. - RBAC changes. Write permissions (for namespace, limitrange, resourcequota, role and clusterrole objects) for accessLevel
Editor
,Admin
andClusterEditor
specified in CR ClusterAuthorizationRule have been restricted (more...). - The obsolete
extended-monitoring.flant.com/enabled
(the extended-monitoring module) annotations have been replaced with theextended-monitoring.deckhouse.io/enabled: ""
labels. Please switch to them as soon as possible.
Major changes
- The new namespaced scope AuthorizationRule custom resource allows you to manage RBAC within a specific namespace.
- You can now browse alerts in a cluster without the web interface. Information about active alerts can now be viewed not only in the Grafana/Prometheus web interface, but also in the CLI. This can be useful, for example, if you only have access to the cluster API server and can't open the Grafana/Prometheus web interface (more...).
- The documentation domain has changed from
deckhouse
todocumentation
(the FQDN is derived from the publicDomainTemplate parameter). Thedeckhouse-web
module has also been renamed to documentation. - A dashboard has been added to the Security directory of Grafana with a summary report on cluster compliance with CIS Kubernetes Benchmark practices. You can also get detailed information about the resources which failed the CIS checks.
- By statically building the Kubernetes components used in Deckhouse, we've minimized potential problems when running them in various distributions.
Component version updates
- operator-trivy:
0.40.0
- Prometheus:
2.44.0
- shell-operator:
1.2.1
- falco (runtime-audit-engine):
0.34.1
See CHANGELOG v1.46 for more details.