An update to Kubernetes – version 1.33 – that features 64 enhancements is being released today by the Cloud Native Computing Foundation. 

According to the CNCF, the theme for Kubernetes v1.33 is “Octarine: The Color of Magic,” inspired by Terry Pratchett’s Discworld comic fantasy book series. This release highlights the open-source magic that Kubernetes enables across the ecosystem

In the announcement, the CNCF noted: “The v1.33 release is a reminder that, as Pratchett wrote, ‘It’s still magic even if you know how it’s done.’ Even if you know the ins and outs of the Kubernetes code base, stepping back at the end of the release cycle, you’ll realize that Kubernetes remains magical.”

Nina Polshakova, 1.33 release lead and a software engineer at Solo.io, 570 individual contributors and 121 different companies worked on the update that resulted in 18 stable features, 20 in beta, 24 in alpha and 2 deprecations.

This release marks the addition of long-awaited support for container sidecars, which are often used by service meshes such as Linkerd and Istio to abstract away observability, connectivity and security features from the application itself. Polshakova said Kubernetes didn’t have native support for coordinating how the sidecar was managed with the main container. “Now,” she explained with the project’s graduation to stable, “the sidecar will always start before and terminate after the main container, so that ensures the proper initialization and tear-down of the sidecar container relative to the main container.”

Another important feature is dynamic resource allocation, which Polshakova said with the other features “indicates a growing demand for running new workload types in Kubernetes.” What this features does, according to the CNCF, is allow users to dynamically update resource configurations in the Pod. Among its effects are the possibility of “verticle scale-up for stateful processes without downtime, and seamless scale-down with traffic is low, the CNCF explained in a sneak-peek blog on the release. This is moving into beta.

Polshakova also noted that support for user namespaces in Linux Pods will be a part of the 1.33 release, as it has been one of the project’s oldest Kubernetes Enhancement Proposals (KEP). It was opened in 2016, she said, and explained that the reason it took so long to come to fruition is that it required many changes. “In addition to having changes in Kubernetes, it had changes in containerd, CRI-O, runc, and even the kernel, just to make the speaker happen,” she said. 

Further, she said that the user namespaces “allows developers to isolate their user ID inside the container from those of the host, so that reduces the attack surface if your container is compromised. It’s a very important feature for multi-tenant clusters and for dealing with security implications when you want to enforce the principle of least privilege.”

Alex Lawrence, Sysdig’s director of cloud security, said, “Kubernetes 1.33 raises the bar for securing cloud-native workloads, with smarter scaling, stronger identity controls, and tighter policy enforcement – giving security teams more control without slowing down delivery. I’m also particularly excited about service account token configuration enhancements, which support better least privilege access, multi-tenant security, and role-based access control (RBAC) alignment.”

Two features being deprecated – which means they will be supported for a year before being removed from the platform – are the stable Endpoints API and removal of kube-proxy version information in node status, according to the CNCF.

The Endpoints API was effectively replaced by the EndpointSlices API, which introduced features such as dual-stack networking, rendering the original API ready for deprecation.

The status.nodeInfo.kubeProxyVersion field had already been deprecated in v. 1.31 and was disabled by default; it is removed entirely in v. 1.33.

“The Kubernetes project continues to evolve,” Polshakova said. “Not only to meet users where they are, but it also evolves to meet them where they’re going.  It is built by the community, for the community. So even though it’s adopted across different industries, it’s still a very flexible platform that has contributors all around the world from different companies coming together to work on this. So I think those factors make it a healthy open source project that will remain open.”

This release doesn’t exist in isolation—it’s part of a broader trajectory toward making Kubernetes the definitive platform for ML workloads, according to Itiel Shwartz, CTO and co-founder at Kubernetes management platform provider Komodor. He noted that the graduation of multiple features from alpha to beta to stable status demonstrates the Kubernetes community’s commitment to addressing the unique needs of AI/ML practitioners.
“For MLOps teams, this release signals that investments in Kubernetes as a foundation for ML infrastructure are increasingly well-supported by the platform’s native capabilities, reducing the need for complex workarounds and custom solutions that were previously necessary to run production ML workloads at scale,” he said. “The v1.33 release represents not just an incremental improvement but a significant milestone in Kubernetes’ journey to become the standard platform for orchestrating the complex, resource-intensive workloads that define modern AI development.”