Kubernetes 1.33 Release Notes

Indexes

• New and Enhanced Features
• API Changes and Removals
• Enhanced Kubernetes 1.33 on CCE
• References

New and Enhanced Features

• CPUManagerPolicyOptions (GA)

  CPUManagerPolicyOptions moved to GA. It allows you to fine-tune the resource allocation policies of CPU manager. For details, see Control CPU Management Policies on the Node.

• MultiCIDRServiceAllocator (GA)

  MultiCIDRServiceAllocator moved to GA. ServiceCIDRs and IPAddresses are introduced to record the allocations of Service cluster IP addresses. You can use ServiceCIDRs to increase the number of available cluster IP addresses.

• JobBackoffLimitPerIndex (GA)

  JobBackoffLimitPerIndex moved to GA. It allows you to control the maximum number of retries per index in an indexed job. For details, see Kubernetes v1.33: Job's Backoff Limit Per Index Goes GA.

• JobSuccessPolicy (GA)

  JobSuccessPolicy moved to GA. It allows you to use custom success policies for jobs. For example, you can specify whether some indexes are successful and the number of successful indexes to determine whether a job is complete. For details, see Kubernetes 1.33: Job's SuccessPolicy Goes GA.

• MatchLabelKeys (GA)

  MatchLabelKeysInPodAffinity moved to GA. matchLabelKeys and mismatchLabelKeys have been added to pod affinity rules.

• NodeInclusionPolicyInPodTopologySpread (GA)

  NodeInclusionPolicyInPodTopologySpread moved to GA. It allows you to use nodeAffinityPolicy and nodeTaintsPolicy in pod topology spread constraints to dynamically obtain nodes that can accept pods.

  • nodeAffinityPolicy defaults to Honor. Only the nodes that match the node selector or node affinity of the pod are included in the topology spread calculation.
  • nodeTaintsPolicy defaults to Ignore. This indicates that the node affinity and node selector rules are ignored and all nodes are included in the topology spread calculation.

  For details, see Pod Topology Spread Constraints.

• HonorPVReclaimPolicy (GA)

  HonorPVReclaimPolicy moved to GA. It ensures that when reclaimPolicy of a PV is set to Delete, the underlying storage resources are deleted based on the policy regardless of the deletion sequence of the PV or PVC. This prevents storage resource leakage.

• ImageVolume (beta)

  ImageVolume moved to beta. It allows you to use the image volume source in a pod. This volume source lets you mount a container image to the pod as a read-only volume. For details, see Kubernetes v1.33: Image Volumes graduate to beta!

• UserNamespacesSupport (beta)

  UserNamespacesSupport moved to beta. It enables pods to use the Linux user namespaces. For details, see Use a User Namespace With a Pod.

• StreamingCollectionEncodingToProtobuf (beta)

  StreamingCollectionEncodingToProtobuf moved to beta. kube-apiserver disables the watch-list strategy and uses streaming encoding instead. This feature gate effectively reduces memory usage and improves system when a large number of resources are requested. For details, see Kubernetes v1.33: Streaming List responses.

• SchedulerPopFromBackoffQ (beta)

  SchedulerPopFromBackoffQ moved to beta. It optimizes the scheduling queue behavior and allows pods to be directly popped from the backoffQ when the activeQ is empty. This significantly reduces the pod scheduling delay. For details, see Pop from backoffQ when activeQ is empty.

• ProcMountType (beta)

  ProcMountType moved to beta. It allows you to use the securityContext.procMount field of a pod to customize the mounting type of the /proc file system in the container to control the access to /proc in a refined manner. This improves pod security and isolation. This feature gate applies to scenarios where non-privileged containers need to run in user namespaces. By relaxing the restrictions on accessing /proc, compatibility and flexibility can be enhanced.

• PodLifecycleSleepAction (beta)

  PodLifecycleSleepAction moved to beta. This feature gate is enabled by default. It allows you to create containers with a hibernation lifecycle of zero seconds. For details, see Introducing Sleep Action for PreStop Hook.

• Limitations on the number of PVCs associated with a specific VolumeAttributesClass

  You are allowed to use ResourceQuota to limit the number of PVCs associated with a specific VolumeAttributesClass.

API Changes and Removals

• annotation service.kubernetes.io/topology-mode of EndpointSlices has been deprecated and replaced by spec.trafficDistribution to maintain backward compatibility.
• The apidiscovery.k8s.io/v2beta1 API group has been deprecated. This API is used by a client to obtain information about all registered APIs in a cluster. Use the stable version v2.
• WatchFromStorageWithoutResourceVersion has been deprecated. This function enables watches based on etcd without resourceVersion.
• The Endpoints API of v1 has been deprecated, but it is still supported. Use the EndpointSlices API instead. The EndpointSlices API has been stable since v1.21 and features such as dual-stack networks have been introduced. For details, see Kubernetes v1.33: Continuing the transition from Endpoints to EndpointSlices.
• The status.resize field in pods has been deprecated. It is no longer supported. The status of a resize operation is now exposed via:
  • PodResizePending: indicates that kubelet cannot grant the resize immediately (for example, reason: Deferred if temporarily unable or reason: Infeasible if impossible on the node).
  • PodResizeInProgress: indicates that the resize is accepted and being applied. Errors encountered during this phase are now reported in this condition's message with reason: Error.

  For details, see Kubernetes v1.33: In-Place Pod Resize Graduated to Beta.

Enhanced Kubernetes 1.33 on CCE

During a version maintenance period, CCE periodically updates Kubernetes 1.33 and provides enhanced functions.

For details about cluster version updates, see Patch Versions.

References

For more details about the performance comparison and function evolution between Kubernetes 1.33 and other versions, see Kubernetes v1.33 Release Notes.