Skip to content

v1.58.0 Deckhouse Kubernetes Platform

Pre-release
Pre-release
Compare
Choose a tag to compare
@z9r5 z9r5 released this 26 Feb 05:30
· 506 commits to main since this release
v1.58.0
e28f810
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Deckhouse Kubernetes Platform v1.58 Release Overview

Major changes

  • Support for Kubernetes 1.29 has been added while support for Kubernetes 1.24 has been discontinued. The default Kubernetes version (1.25) remains the same for now. Note that it will be switched to 1.27 in the next release.
  • Deckhouse Enterprise Edition now features support for VMware Cloud Director. The related cloud provider module is under active development.
  • Project-related changes (the multitenancy-manager module).
    • The ProjectTemplate (project template, a new resource) and Project (project instance) resources are now used to define a project. The ProjectType resource is considered deprecated and will be removed in future releases.
    • Three predefined project templates have been added: default, secure and secure with dedicated nodes. Now, all you need to do to start a project is to create a Project resource (example). Refer to the documentation to learn more about the predefined project templates.
  • The MetalLB dashboard has been added to Grafana. Dashboard screenshots can be found in the respective PR.
  • The documentation in the cluster has been updated to include the ModuleSource modules documentation (the ModuleSource resource). Browse it by switching to the module documentation section in the Documentation drop-down list at the top menu of the page.
  • The log message metadata now features a field containing the name of the NodeGroup. See the documentation for more details on log collection.
  • The WithNATInstance layout of the Yandex Cloud provider module now features a section of parameters for managing the NAT instance resources (the natInstanceResources parameter).
  • New options to customize the registry connection when configuring availability monitoring of container images in a cluster (the imageAvailability.registry section) have been added. For example, you can now specify a certificate authority certificate (good for private environments).
  • An option to control the protocol to connect to the upstream DNS server (the transportProtocolMode parameter) has been added.

Security

  • cilium-operator, cilium-hubble, and openvpn have been migrated to distroless images.
  • The Ingress controller build process has been refactored to improve security.
  • The general build process has also been refactored to improve security.
  • The following vulnerabilities have been addressed in the istio module: CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327.

Component version updates

  • Kubernetes control plane: 1.26.14, 1.27.11, 1.28.7, 1.29.2
  • containerd: 1.7.13
  • local-path-provisioner: 0.0.26
  • Prometheus: 2.45.2
  • runc: 1.1.12

A list of internal modules or their components that will be restarted during the upgrade

Note that all Deckhouse Kubernetes Platform components including the Ingress controller, Prometheus/Grafana, and Kubernetes control plane will be restarted during the upgrade.

See CHANGELOG v1.58 for more details.

Assets 2