The module lifecycle stageGeneral Availability

v1.11.2

Enhancements

  • Improved stability of the managed-postgres migration process.
  • Dependent components (backend, scheduler, alertgate) now automatically restart when database credentials change.
  • Increased test coverage for built-in hooks with CI integration and coverage reporting.

v1.11.0

Enhancements

  • Added alerting for log storage when log samples are being discarded due to exceeded limits, helping administrators identify projects that need limit adjustments.

Changes

  • Built-in PostgreSQL is now powered by the Deckhouse Kubernetes Platform managed-postgres module. For installations using the built-in database (not an external PostgreSQL), the previous operator-postgres has been replaced with the DKP managed-postgres module. This provides faster security updates and CVE remediation, as well as a production-grade managed database with broader functionality. For backward compatibility, the previous operator-postgres scheme is still supported but will be removed in the next release. Before upgrading, please review the migration guide.

Bug Fixes

  • Fixed audit log verbosity to reduce noise in production logs.
  • Fixed a crash in the deploy configuration hook that occurred when trace or log storage was disabled.

v1.10.2

Bug Fixes

  • Fixed metric storage caching that could cause increased latency and load on long-term storage.
  • Fixed trace storage alerting rules that could produce false-positive alerts.
  • Fixed project dashboards displaying internal tabs that should not be visible to users.
  • Fixed insufficient resource limits for auxiliary components on large installations.

v1.10.1

Bug Fixes

  • Fixed store-gateway caching.

v1.10.0

Features

  • Added distributed trace storage. The platform now supports receiving, storing, and viewing traces:
    • Trace ingestion via OpenTelemetry (OTLP), Jaeger, and Zipkin protocols.
    • Trace viewing and search in the UI.
    • Per-project trace ingestion limits configurable via admin UI and API.
    • Trace storage usage statistics.
    • Architecture documentation and integration instructions.
  • Space and project pages now use human-readable names in URLs instead of UUIDs. Previously bookmarked UUID-based URLs continue to work.

Enhancements

  • The monitoring agent can now be deployed on nodes using the containerdV2 container runtime.
  • Eliminated false-positive alerts about cluster sync status in single-cluster deployments.
  • Updated monitoring agent to v0.89.5:
    • Fixed OS version detection when the agent runs inside a container.
    • Fixed a crash that could occur on CentOS 7 during package version detection.
    • Fixed PostgreSQL plugin issues when monitoring Yandex Cloud RDS instances.
  • Updated alert names, descriptions, and aggregation rules for better clarity and fewer false positives.

Bug Fixes

  • Fixed a data migration issue where duplicate Prometheus recording rules could cause migration failures.
  • Fixed special character handling in PromQL expressions, preventing query errors when alert rules or dashboards contain single quotes or other reserved characters.

Security

  • Fixed Critical and High severity CVEs in trace storage components and base images.
  • Updated base container images to the latest available versions.
  • Monitoring agent Go runtime upgraded to 1.24.12 to address known CVEs.

v1.9.9

Security

  • Switched all Ceph components to distroless images to reduce security risks associated with unused software in standard container images.

Enhancements

  • Documentation updates: added instructions for configuration the Nginx plugin to monitor Nginx using custom log paths and log formats.

Bug Fixes

  • Updated memory and disk usage units from SI to IEC on the Main dashboard to ensure consistency with other dashboards.

v1.9.8

Security

  • Fixed vulnerabilities related to CVE-2024-25621

v1.9.5

Security

  • Fixed vulnerabilities related to CVEs (CVE-2025-30153, CVE-2025-47912, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725)

v1.9.4

Enhancements

  • Added support for process discovery inside containers run by CRI-O.
  • Improved user creation flow for internal authentication: superusers can now create users and set passwords without requiring email confirmation.

Bug Fixes

  • Updated monitoring agent to v0.89.0:
    • Fixing MySQL replication metrics collection for MySQL 8.5+.
    • Fixed an issue where the PostgreSQL version could be incorrectly detected, leading to inaccurate metric collection.

v1.9.3

Security

  • Fixed Critical and High severity CVEs.

v1.9.2

Security

  • Fixed Critical and High severity CVEs.

v1.9.1

Bug Fixes

  • Fixed an issue where the operator-ceph could get stuck in a Pending state.

v1.9.0

Enhancements

  • Updated backup documentation: added an rclone example for backup and restore.
  • Hid internal CRDs from public documentation.

Security

  • Fixed all Critical and High severity CVEs.

v1.8.0

Changed

  • Integrated Ceph operator into the module. External ceph-operator module is no longer required.
  • Switched to DKP-provided base images for some components to ensure better compatibility and maintainability.
  • Updated base container images with partial CVE fixes to improve security.

Bug Fixes

  • Resolved issues in hooks that could lead to incomplete or faulty module installation.

v1.7.3

Bug Fixes

  • Fixed an issue preventing correct exit from dashboard edit mode.

v1.7.2

Bug Fixes

  • Fixed an issue where the GeneratorURL field of an alert was incorrectly appended with the service’s internal port, causing the link to malfunction.

v1.7.1

Bug Fixes

  • Fixed an issue that prevented the backend from establishing connections to external services — a regression introduced in version 1.7.0. This affected authorization workflows using third-party systems.
  • Updated the backend application’s security context to comply with the “restricted” security policy.

v1.7

Changes

  • Changed images from Alt Linux to Distroles for all components on ALT Linux.
  • Added livenessProbe and readinessProbe to pods where they were missing.
  • Migrated all components to use the same security context as in DKP.
  • Updated Distroles images to use the Distroles base image from DKP.
  • Fixed multiple CVEs and build warnings.

Enhancements

  • Migrated service ports from 80 and 443 to high ports.

Features

  • Added the ability for users with the User role to create dashboard/rules API tokens.
  • Included several widely used plugins into the Grafana image.

Bug Fixes

  • Fixed certificate validation issues caused by missing CA bundle.
  • Added missing registry subdomain to TLS certificate SANs.
  • Fixed issue with disabling/overwriting triggers when deleting a parent trigger.
  • Fixed missing category in the dashboard form.
  • Fixed issue where the emergency brake (which stops metric and log collection when Ceph is near capacity) did not activate if monitoring components were disabled in ModuleConfig
  • Migrated dashboards using Loki data sources to use the default-logs data source.
  • Fixed false-positive warnings about invalid data sources when using default-logs in dashboards.
  • Renamed incorrect metric names in the Redis dashboard.