Changelog v1.71.0 #13483

deckhouse-BOaTswain · 2025-05-16T07:18:52Z

Changelog v1.71.0

[MALFORMED]

[tools][docs] Add script to run documentation of an external module #13095 missing section, missing summary, missing type, unknown section ""
[static-routing-manager] remove embedded static-routing-manager module in favor of downloadable one #13433 unknown section "static-routing-manager"
[docs] Update top navigation L2 processing #13692 missing section, missing summary, missing type, unknown section ""

Know before update

All Prometheuses pods will be restarted
Snapshot-controller module will be restarted while Deckhouse updating.
The minimum supported version of Kubernetes is now 1.29. All control plane components will restart.
The new version of Cilium requires that the Linux kernel on the nodes be version 5.8 or later. If any of the cluster nodes have a kernel version lower than 5.8, the D8 upgrade will be blocked. Also, pods of cilium will be restarted and some features may be added or changed.

Features

[admission-policy-engine] Add SecurityPolicy with ability to check images, signed with cosign. For SE+ #13699
[candi] Added support for Kubernetes 1.33 and discontinued support for Kubernetes 1.28. #13357
The minimum supported version of Kubernetes is now 1.29. All control plane components will restart.
[cni-cilium] Added optional least-conn load-balancing algorithm for Services. #13867
[cni-cilium] Added a traffic encryption mode using WireGuard (pod-to-pod and node-to-node). #13749
[cni-cilium] Cni-cilium is updated to consider Virtualization Nesting Level when discovering tunnel-port value. #9996
[deckhouse-controller] Optimized ModuleRelease update flow. #14144
[deckhouse-controller] add readiness probe hook support #13748
[deckhouse-controller] add LTS release channel #13546
[dhctl] add detailed phase/sub-phase progress reporting with JSONL file output or RPC updates from dhctl-server #13412
[docs] Added documentation for integrating with the DVP cloud provider. #13380
[istio] Images for 1.21 were refactored to achieve distroless #14228
[istio] Added Istio version 1.25 (1.25.2). Ambient mesh isn't supported yet. #12356
[node-manager] Add capiEmergencyBrake setting to node-manager ModuleConfig, what can disable CAPI if set to true. #13614
[node-manager] Add version v1alpha2 to SSHCredential, with field sudoPasswordEncoded. #13346
[node-manager] Add systemd shutdown inhibitors to delay system shutdown until Pods with the specific label are gone from the Node. #12241
[upmeter] add automatic detection of frozen or growing deckhouse queue in upmeter-agent #13179

Fixes

[candi] fix double preview version in candi/version_map #13670
[candi] containerd auditd rules #13560
[candi] added ignoring user configuration files for bashible scripts #13559
[cilium-hubble] Added probes for kube-rbac-proxy. #13877
[cloud-provider-dynamix] Fix ssh public key absence on CloudEphemeral nodes #13907
[cloud-provider-huaweicloud] Fixed documentation and examples for huaweicloud provider #14225
[cloud-provider-vsphere] Add /tmp emptyDir for csi-node-legacy #14208
[cni-cilium] Fixed CiliumLocalRedirectPolicy working if bpf-lb-algorithm-annotation parameter is enabled. #14179
[cni-cilium] Fix build in closed environments #14094
[cni-cilium] Added probes for kube-rbac-proxy. #13877
[cni-cilium] fixed bug in cilium 1.17 operator priority filter #13734
[control-plane-manager] Use last_over_time to fetch the last available etcd DB size metric if it's missing. #13682
[deckhouse-controller] new module readiness handling #14226
[deckhouse-controller] add handling required module empty version for module dependency #14157
[deckhouse-controller] Prevent module configuration errors from blocking the entire Deckhouse queue #13730
[dhctl] Add Local Registry Configuration Check to Installation Process #13645
[extended-monitoring] Fix CVEs vulnerabilities x509-certificate-exporter #13804
[extended-monitoring] Fix CVEs vulnerabilities image-availability-exporter #13802
[extended-monitoring] Fix CVEs vulnerabilities events-exporter #13801
[extended-monitoring] Fix CVEs vulnerabilities extended-monitoring-exporter #13798
[istio] Added probes for kube-rbac-proxy. #13877
[kube-dns] Added probes for kube-rbac-proxy. #13877
[kube-proxy] Added probes for kube-rbac-proxy. #13877
[loki] Refactor file size evaluator using st_blocks in disk-based retention. #14112
Avoid force-expiration checker reaching size threshold too lately.
[loki] Fix CVEs vulnerabilities loki #13796
[metallb] BGP grafane dashboard is deployed only when BGP balancing is enabled #13478
[node-local-dns] Added probes for kube-rbac-proxy. #13877
[node-manager] Add support scaling from zero to CAPI node groups #13744
[openvpn] Added probes for kube-rbac-proxy. #13877
[operator-prometheus] Fix CVEs vulnerabilities operator-prometheus #13792
[operator-trivy] added startup probe to trivy-server #13731
[pod-reloader] added probes for kube-rbac-proxy in pod-reloader components. #13874
[prometheus] Fix CVEs vulnerabilities mimir #14287
[prometheus] Fix CVEs vulnerabilities grafana #13947
[prometheus] Fix CVEs vulnerabilities prometheus #13751
[prometheus] Fix CVEs vulnerabilities aggregatio-proxy #13746
[prometheus] Fix CVEs vulnerabilities trickster #13745
[prometheus] Fix CVEs vulnerabilities promxy #13743
[prometheus] Fix CVEs vulnerabilities memcached-exporter #13742
[prometheus] Fix CVEs vulnerabilities alerts receiver #13740
[prometheus] Fix CVEs vulnerabilities alertmanager #13739
[prometheus-metrics-adapter] Fix CVEs vulnerabilities prometheus-metrics-adapter #13794
[runtime-audit-engine] falco build fixes for CSE #14160
[service-with-healthchecks] Added probes for kube-rbac-proxy. #13877
[service-with-healthchecks] fixed handling of Pods without IP addresses and corrected initial readiness threshold evaluation. #12390
[user-authn] The logic of label transfer and annotation to secret has been changed for DexClient #14055
[user-authn] dex CVE vulnerabilities fixes #13309
[user-authz] fix user-authz hook, rolebinding empty subject namespace #13756
low

Chore

[cilium-hubble] Upgrade Cilium to 1.17.4. #12199
Pods of cilium will be restarted and some features may be added or changed.
[cloud-provider-aws] Add stage to every cloud provider module #13908
[cloud-provider-azure] Add stage to every cloud provider module #13908
[cloud-provider-dvp] Add stage to every cloud provider module #13908
[cloud-provider-dynamix] Add stage to every cloud provider module #13908
[cloud-provider-dynamix] Fixed vulnerabilities and some bugs for cloud-provider-zvirt and cloud-provider-dynamix #13562
[cloud-provider-gcp] Add stage to every cloud provider module #13908
[cloud-provider-huaweicloud] Add stage to every cloud provider module #13908
[cloud-provider-openstack] Add stage to every cloud provider module #13908
[cloud-provider-vcd] Add stage to every cloud provider module #13908
[cloud-provider-vsphere] Add stage to every cloud provider module #13908
[cloud-provider-yandex] Add stage to every cloud provider module #13908
[cloud-provider-zvirt] Add stage to every cloud provider module #13908
[cloud-provider-zvirt] Fixed vulnerabilities and some bugs for cloud-provider-zvirt and cloud-provider-dynamix #13562
[cni-cilium] Upgrade Cilium to 1.17.4. #12199
The new version of Cilium requires that the Linux kernel on the nodes be version 5.8 or later. If any of the cluster nodes have a kernel version lower than 5.8, the D8 upgrade will be blocked. Also, pods of cilium will be restarted and some features may be added or changed.
[control-plane-manager] Set max storage logs depth to 30 days in the documentation. #14088
[control-plane-manager] etcd update to v3.6.1 #14018
[deckhouse] Change requests and limits for the pod, based on the medium usage. Prevent node OOM in the corner cases. #14189
[deckhouse] Liveness and Readiness probes for kube-rbac-proxy #13957
[deckhouse] Liveness and Readiness probes for kube-rbac-proxy #13696
[deckhouse] Removed snapshot-controller module (snapshot-controller external module will be used instead automatically). #13613
Snapshot-controller module will be restarted while Deckhouse updating.
[istio] The .enableHTTP10 and .proxyConfig fields have been moved to the .dataPlane section in the ModuleConfig. #13435
[node-manager] passwordHash in nodeuser cr is not required #13623
[prometheus] Makes Deckhouse Prom++ available in all editions Deckhouse #14223
All Prometheuses pods will be restarted
[user-authz] bump golang.org/x/net to v0.40.0 #13672
[user-authz] add CRD to dict #13622

For more information, see the changelog and minor version release changes.

Signed-off-by: deckhouse-BOaTswain <89150800+deckhouse-boatswain@users.noreply.github.com>

deckhouse-BOaTswain added this to the v1.71.0 milestone May 16, 2025

deckhouse-BOaTswain added auto changelog status/backport Cherry-pick PR to the release branch from the Milestone labels May 16, 2025

github-actions bot assigned deckhouse-BOaTswain May 16, 2025

deckhouse-BOaTswain force-pushed the changelog/v1.71.0 branch 12 times, most recently from 4bcfb72 to 9e0940e Compare May 23, 2025 09:59

deckhouse-BOaTswain force-pushed the changelog/v1.71.0 branch 13 times, most recently from 486dfa8 to 018300f Compare May 28, 2025 11:14

deckhouse-BOaTswain force-pushed the changelog/v1.71.0 branch 28 times, most recently from e2a37d5 to 2aeec19 Compare July 5, 2025 10:53

Re-generate changelog v1.71.0

31a44f9 7A2A

Signed-off-by: deckhouse-BOaTswain <89150800+deckhouse-boatswain@users.noreply.github.com>

deckhouse-BOaTswain force-pushed the changelog/v1.71.0 branch from 2aeec19 to 31a44f9 Compare July 5, 2025 10:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Changelog v1.71.0 #13483

Changelog v1.71.0 #13483

Uh oh!

Uh oh!

Uh oh!

Changelog v1.71.0 #13483

Are you sure you want to change the base?

Changelog v1.71.0 #13483

Uh oh!

Conversation

Uh oh!

Changelog v1.71.0

[MALFORMED]

Know before update

Features

Fixes

Chore

Uh oh!

Uh oh!