Changelog v1.69.6

Fixes

[cni-cilium] Fixed race condition when deleting element from ipcache map during VM migration. #13344
[metallb] Fixed IP pool exhaustion on LoadBalancer deletion. #13352
[node-manager] Revert cluster autoscaler #13416

For more information, see the changelog and minor version release changes.

Changelog v1.68.14

Fixes

[runtime-audit-engine] Fix CrashLoopBack due to invalid config. #13144

For more information, see the changelog and minor version release changes.

Changelog v1.69.5

Features

[candi] Add rosa 12.6. #13369

Fixes

[cloud-provider-yandex] fix WithNATInstance clusters converge #13189
[node-manager] Autoscaler - remove additional cordon node by mcm provider. #13391

For more information, see the changelog and minor version release changes.

Changelog v1.69.4

Features

[deckhouse-controller] sequential processing of module releases #13216
[deckhouse-controller] sequential processing of module releases #13084

Fixes

[dhctl] <Disable caching metaconfig during converge and disable converge deckhouse manifests. #13230
[dhctl] Fix incorrect behavior that fails sudoers preflight check if password contains whitespaces. #13140
[node-manager] Increase verbosity and revert versions and fix bug with unsupported mcm annotation #13180
[upmeter] upmeter sa token rotation #13201
[user-authn] Add separate ServiceAccount to basic-auth-proxy. #13214

Chore

[ceph-csi] Add "Deprecated" status to module #13174
low
[control-plane-manager] add audit policy rules for virtualization #13086

For more information, see the changelog and minor version release changes.

Changelog v1.69.3

Know before update

Ingress-nginx controller pods of v1.9 will be restated.

Fixes

[control-plane-manager] Stale service account alert fix. #13129
[ingress-nginx] All necessary shared libraries are added to the container image. #13124
Ingress-nginx controller pods of v1.9 will be restated.
[kube-dns] Expanded pattern for stubZones to allow underscores (_) in domain names. #13118
[user-authn] Fix secret generation on empty data field in the dex client app secret. #13092

For more information, see the changelog and minor version release changes.

Changelog v1.68.13

Fixes

[prometheus] Enables WAL for Grafana SQLite database to prevent locking errors, thus fixing in-dashboard alerting. #13068
Grafana deployment will be rollout restarted.

For more information, see the changelog and minor version release changes.

Changelog v1.69.2

Fixes

[deckhouse] Gracefully restore deployed modules on HA installations. #13077
[prometheus] enable WAL for the grafana SQLite database to prevent locking errors, thus fixing in-dashboard alerting. #13063
the grafana deployment will be rollout restarted
For more information, see the changelog and minor version release changes.

Changelog v1.69.1

Know before update

release upgrade will be blocked on AWS-based clusters where SA doesn't have DescribeAddressesAttribute and DescribeInstanceTopology roles. They are required for new Terraform AWS Provider version.

Features

[deckhouse] enable UnmetCloudConditions check #12957
release upgrade will be blocked on AWS-based clusters where SA doesn't have DescribeAddressesAttribute and DescribeInstanceTopology roles. They are required for new Terraform AWS Provider version.
[node-manager] enable UnmetCloudConditions check #12845
[node-manager] UnmetCloudConditions requirement and alert #12530

Fixes

[cloud-provider-vcd] Add a hook to set legacyMode based on the detected VCD API version #13015
[deckhouse-controller] Fix runtime handling for the global config. #12985
[dhctl] fix bootstrap and abort config preparation #13008
[loki] fix storage capacity calculator hook for Loki #13003
fixes the bug introduced in v1.69.0
[operator-trivy] Add proxy env variables support to the trivy server. #13036

For more information, see the changelog and minor version release changes.

Changelog v1.68.12

Fixes

[cloud-provider-zvirt] fix invalid zvirt csi template #12961

For more information, see the changelog and minor version release changes.

Important

Support for Kubernetes 1.32 has been added, while support for Kubernetes 1.27 has been discontinued. The default Kubernetes version has been changed to 1.30. In future DKP releases, support for Kubernetes 1.28 will be removed.
All DKP components will be restarted during the update.

Major changes

The ceph-csi module is now deprecated. Plan to migrate to the csi-ceph module instead. For details, refer to the Ceph documentation.
You can now grant access to Deckhouse web interfaces using user names via the auth.allowedUserEmails field. Access restriction is configured together with the auth.allowedUserGroups parameter in configuration of the following modules with web interfaces: cilium-hubble, dashboard, deckhouse-tools, documentation, istio, openvpn, prometheus, and upmeter (example for prometheus).
A new dashboard “Cilium Nodes Connectivity Status&Latency” has been added to Grafana in the cni-cilium module. It helps monitor node network connectivity issues. The dashboard displays a connectivity matrix similar to the cilium-health status command, using metrics that are already available in Prometheus.
A new D8KubernetesStaleTokensDetected alert has been added in the control-plane-manager module that is triggered when stale service account tokens are detected in the cluster.
You can now create a Project from an existing namespace and adopt existing objects into it. To do this, annotate the namespace and its resources with projects.deckhouse.io/adopt. This lets you switch to using Projects without recreating cluster resources.
A Terminating status has been added to ModuleSource and ModuleRelease resources. The new status will be displayed when an attempt to delete one of them fails.
The installer container now automatically configures cluster access after a successful bootstrap. A kubeconfig file is generated in ~/.kube/config, and a local TCP proxy is set up through an SSH tunnel. This allows you to use kubectl locally right away without manually connecting to the control-plane node via SSH.
Changes to Kubernetes resources in multi-cluster and federation setups are now tracked directly via Kubernetes API. This enables faster synchronization between clusters and eliminates the use of outdated certificates. In addition, mounting of ConfigMap and Secret resources into Pods has been removed to eliminate family system compromise risks.
A new dynamicforward plugin has been added to CoreDNS, improving DNS query processing in the cluster. It integrates with node-local-dns, continuously monitors kube-dns endpoints, and automatically updates the list of DNS forwarders. If the control-plane node is unavailable, DNS queries are still forwarded to available endpoints, improving cluster stability.
A new log rotation approach has been introduced in the loki module. Now, old logs are automatically removed when disk usage exceeds a threshold: either 95% of PVC size or PVC size minus the size required to store two minutes of log data at the configured ingestion rate (ingestionRateMB). The retentionPeriodHours parameter no longer controls the data retention and is used for monitoring alerts only. If loki begins removing old logs before the set period is reached, a LokiRetentionPerionViolation alert will be triggered, informing the user that they must reduce the value of retentionPeriodHours or increase the PVC size.
A new nodeDrainTimeoutSecond parameter lets you set the maximum timeout when attempting to drain a node (in seconds) for each NodeGroup resource. Previously, you could only use the default value (10 minutes) or reduce it to 5 minutes using the quickShutdown parameter, which is now deprecated.
The openvpn module now includes a defaultClientCertExpirationDays parameter, allowing you to define the lifetime of client certificates.

Security

Known vulnerabilities have been addressed in the following modules: ingress-nginx, istio, prometheus, local-path-provisioner.

Component version updates

The following DKP components have been updated:

Kubernetes control plane: 1.29.14, 1.30.1, 1.31.6, 1.32.2
dex: 2.42.0
go-vcloud-director: 2.26.1
prometheus: 2.55.1
local-path-provisioner: 0.0.31
machine-controller-manager: v0.36.0-flant.19
terraform provider
- OpenStack: 1.54.1
- vCD: 3.14.1
cert-manager: 1.17.1

Releases: deckhouse/deckhouse

v1.69.6 Deckhouse Kubernetes Platform

Changelog v1.69.6

Fixes

Uh oh!

v1.68.14 Deckhouse Kubernetes Platform

Changelog v1.68.14

Fixes

Uh oh!

v1.69.5 Deckhouse Kubernetes Platform

Changelog v1.69.5

Features

Fixes

Uh oh!

v1.69.4 Deckhouse Kubernetes Platform

Changelog v1.69.4

Features

Fixes

Chore

Uh oh!

v1.69.3 Deckhouse Kubernetes Platform

Changelog v1.69.3

Know before update

Fixes

Uh oh!

v1.68.13 Deckhouse Kubernetes Platform

Changelog v1.68.13

Fixes

Uh oh!

v1.69.2 Deckhouse Kubernetes Platform

Changelog v1.69.2

Fixes

Uh oh!

v1.69.1 Deckhouse Kubernetes Platform

Changelog v1.69.1

Know before update

Features

Fixes

Uh oh!

v1.68.12 Deckhouse Kubernetes Platform

Changelog v1.68.12

Fixes

Uh oh!

v1.69.0 Deckhouse Kubernetes Platform

Important

Major changes

Security

Component version updates

Uh oh!