Login
September 17, 2025|
Voiced by Amazon Polly |
Introduction to Kubernetes v1.33 “Octarine”
Kubernetes v1.33, codenamed “Octarine”, continues the evolution of the world’s most widely adopted container orchestration platform. With a strong focus on improving developer productivity, operational simplicity, and extending cloud-native capabilities, this release introduces stable features, beta enhancements, and exciting alpha previews.
This blog post covers the major changes and improvements in v1.33, highlights new APIs, and addresses important technical FAQs to help you confidently understand and adopt the release.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Key Features and Enhancements
Sidecar Container Lifecycle Management (GA)
One of the long-awaited features, sidecar container lifecycle support, has finally reached General Availability (GA) in v1.33. This feature allows containers within a Pod to have more coordinated startup and shutdown behaviors.
- Highlights: Sidecars can be marked as non-primary containers. Kubernetes respects the startup and shutdown order of init, main, and sidecar containers. Helps improve observability, log collection, and service mesh proxies (e.g., Envoy).
- Use Case: Injecting a logging sidecar (like Fluent Bit) that continues to process logs after the main app container exits.
ReadWriteOncePod PersistentVolume Access Mode (GA)
The ReadWriteOncePod (RWO-P) volume access mode, initially introduced as alpha in v1.22, is now GA.
- Highlights: Ensures exclusive volume access by a single Pod. Prevents accidental multi-attach issues in StatefulSets. Supports CSI drivers and dynamically provisioned volumes.
- Use Case: Stateful apps like PostgreSQL or MySQL that require exclusive disk access.
Node System Swap Support (Beta)
Linux swap support has always been a hot topic in Kubernetes. In v1.33, Kubernetes introduces controlled swap support at the node level in Beta.
- Highlights: – Admins can allow system swap with fine-grained control. Reduces node pressure for low-priority workloads. Configurable via kubelet flags.
- Caveats: Swap can introduce unpredictability; caution is advised.
Kubernetes Gateway API (Beta)
Kubernetes’ long-term goal of replacing Ingress with a more extensible API sees a leap forward. Previously, in alpha, the Gateway API matured to Beta in v1.33.
- Highlights: – Defines GatewayClass, Gateway, HTTPRoute, and TCPRoute Supports advanced traffic routing use cases (e.g., weighted traffic splitting). Integrates well with service meshes and external gateways.
- Use Case: Canary deployments using HTTPRoute with weighted backends.
Container Resource-Based Scheduling (Alpha)
- A new alpha feature in v1.33 enables scheduling decisions based on container-level resource requests rather than Pod-level aggregates.
- Highlights: Useful in multi-container Pods where only one container is resource-intensive. Allows better bin-packing and node utilization. Requires enabling the ContainerResourceBasedScheduling feature gate.
Deprecations and Removals
Every Kubernetes release sunsets legacy or unused features. Here’s what you should be aware of in v1.33:
- PodSecurityPolicy (PSP): Fully removed. Use alternatives like OPA/Gatekeeper or Kyverno.
- Beta APIs deprecated: Several APIs, like batch/v1beta1 for CronJobs, were removed; migrate to batch/v1.
- dockershim: Was already deprecated in earlier releases and is now completely removed from kubelet.
Action Required: Audit your cluster API usage using kubent or pluto tools.
Performance and Security Improvements
Performance:
Recent improvements have significantly enhanced Kubernetes performance in large-scale environments. Scheduler throughput has been optimized for clusters with over 5,000 nodes, enabling faster and more efficient pod placement. Additionally, API server caching for Custom Resource Definitions (CRDs) has been improved, which reduces the load on etcd and boosts overall system responsiveness. Control plane components also benefit from faster startup times, contributing to quicker cluster initialization and recovery.
Security:
The latest updates enhance Kubernetes security and observability. All control plane components now support TLS 1.3 by default, strengthening encryption and communication security. Audit logs have been improved to include container image digests, providing better traceability and helping to ensure image integrity. Additionally, Role-Based Access Control (RBAC) has been refined with more granular permissions for ephemeral containers, allowing for more precise and secure access control during debugging and troubleshooting.
Upgrading to Kubernetes v1.33
Before You Upgrade:
To prepare for upcoming Kubernetes changes and maintain cluster stability, reviewing and updating deprecated APIs is important to avoid future compatibility issues. Additionally, ensure that your CSI drivers support ReadWriteOncePod (RWO-P) volumes, as this volume access mode is increasingly used in modern workloads. Finally, validate your Custom Resource Definitions (CRDs) and webhook configurations to ensure they comply with current Kubernetes standards and function correctly with evolving APIs.
Upgrade Strategy:
For a reliable and safe Kubernetes upgrade, it’s essential to begin by backing up your etcd data and overall cluster state to prevent data loss in case of issues. The upgrade process should start with the control plane nodes, followed by the worker nodes, to maintain cluster stability. To minimize risk and enable smoother rollouts, consider using blue/green or canary deployment strategies for node groups, allowing you to test updates on a subset of nodes before applying changes cluster-wide.
Final Thoughts
Kubernetes v1.33 “Octarine” is a balanced release that continues to refine existing primitives while pushing the ecosystem forward. From long-awaited sidecar lifecycle controls to smarter volume and traffic management, this release caters to operators and developers.
Whether you’re running production clusters or sandbox environments, it’s worth exploring the features, understanding the impacts, and planning your upgrade accordingly.
Drop a query if you have any questions regarding Octarine and we will get back to you quickly.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.
FAQs
1. What happens if I use deprecated APIs in my YAML?
ANS: – Your workload might fail to deploy after upgrade. Use kubectl convert or migration tools to fix manifests.
2. How does the Gateway API differ from Ingress?
ANS: – Gateway API is more extensible, supports multiple protocols, and provides better separation of concerns between infra and dev teams.
3. Can I enable sidecar lifecycle support for all Pods by default?
ANS: – No. You must explicitly mark containers using restartPolicy and container ordering annotations.
WRITTEN BY Akshay Ramnani
Akshay Ramnani works as a DevOps Engineer with over 3 years of hands-on experience in architecting CI/CD pipelines, Kubernetes-based deployments, and multi-cloud automation across AWS, GCP, and Azure. He has a proven track record in scaling microservices on Amazon EKS, streamlining observability platforms, and driving infrastructure as code using Terraform, Helm, and ArgoCD.
PREV
Comments