Kubernetes v1.33 is almost around the corner, and like previous releases, it brings a mix of stable, beta, and alpha enhancements. This time around, we have a total of 64 enhancements tracked for the code freeze in this release. Among these, 18 have graduated to stable, 20 are entering into Beta, and 24 are entering into Alpha, whereas two features have been marked for deprecation.
Let's dig into all the major features and changes in Kubernetes v1.33.
Features moving from Graduate to Stable
Take taints/tolerations into consideration when calculating PodTopologySpreas skew #3094
Feature Group: sig-scheduling
Provides a feature to consider node taints when calculating pod topology spread skew, helping avoid unexpected Pending pods by excluding nodes that the pod doesn't tolerate. This improves scheduling decisions for workloads that don't tolerate all taints, while still ensuring that restarts from events like rolling updates or node drains are unaffected.
Introduce MatchLabelKeys to Pod Affinity and Pod Anti Affinity #3633
Feature Group: sig-scheduling
This feature adds MatchLabelKeys and MismatchLabelKeys to PodAffinityTerm, enabling fine-grained control over Pod scheduling based on label keys. It helps optimize placement during scenarios like rolling upgrades and prevents scheduling issues. Enabled via a feature gate, it ensures minimal performance impact and includes tests for functionality.
Multiple Service CIDRs #1880
Feature Group: sig-network
This feature enables dynamic expansion of Kubernetes Service IPs by introducing ServiceCIDR and IPAddress APIs. It allows adding multiple, immutable CIDRs to scale ClusterIP addresses without downtime, resolving issues like static allocation and apiserver inconsistencies. Each Service gets a unique IP address, managed by a race-free allocator and self-healing controllers. It supports overlapping CIDRs, better IPv6 (/64), flexible IP scaling, and future enhancements while staying backward compatible.
Topology Aware Routing #2433
Feature Group: sig-network
This feature introduces a hints field in EndpointSlices that helps guide kube-proxy to prefer routing traffic to endpoints within the same zone. It aims to improve network performance and reduce cross-zone data transfer costs in multi-zone Kubernetes clusters.
Add subresource support to kubectl #2590
Feature Group: sig-cli
This proposal introduces a --subresource flag to kubectl commands like get, patch, edit, apply, and replace, enabling direct access to subresources such as status, scale, and resize. It simplifies operations that previously required --raw or curl, and supports both built-in and custom resources. Pretty-printed output is included, and unsupported subresources return clear errors.
Sidecar Containers #753
Feature Group: sig-apps, sig-node
This feature adds native support for sidecar containers in Kubernetes by allowing initContainers with restartPolicy: Always. These sidecars start early, run alongside main containers, support probes and lifecycle hooks, and don’t block Pod termination. It improves lifecycle handling, startup/shutdown sequencing, and reliability for patterns like logging, service meshes, config watchers, and Jobs with long-running helpers.
Node: cpumanager: add options to reject non SMT-aligned workload #2625
Feature Group: sig-node
This feature provides the full-pcpus-only option in Kubernetes ensures strict CPU isolation by allocating only full physical cores to containers, preventing the sharing of threads on SMT-enabled systems. Pods requesting fractional CPUs are rejected with an SMTAlignmentError. This improves performance and predictability for latency-sensitive workloads, and is an opt-in feature that can be disabled if needed.
Features moving to Beta
Add CPUManager policy option to restrict reservedSystemCPUs to system daemons and interrupt processing #4540
Feature Group: sig-node
This feature provides the strict-cpu-reservation option in Kubernetes, ensuring that reserved CPU cores are used only for system processes, preventing burstable and best-effort pods from using them. This improves performance and system stability. While it may limit CPU access for best-effort pods, Kubernetes mitigates this with monitoring and optional safeguards like MinSharedCPUs, without changing existing policy behavior.
Volume Source: OCI Artifact and/or Image #4639
Feature Group: sig-node, sig-storage
This feature adds a new VolumeSource to Kubernetes that mounts OCI images as read-only volumes, allowing files to be shared across containers without baking them into container images. It reuses existing image pull logic, supports pull policies, and integrates with Kubelet and CRI for lifecycle and auth management.
In-Place Update of Pod Resources #1287
Feature Group: sig-autoscaling, sig-node, sig-scheduling
This feature allows to enables in-place vertical scaling in Kubernetes by introducing a /resize subresource to mutate container resource requests/limits without restarting Pods. It separates desired (spec.resources) and actual (status.resources, allocatedResources) resource states, and adds a resizePolicy for fine-grained control over restart behavior. CRI is extended to support non-restartable updates and runtime resource introspection, improving support for dynamic resource management with minimal disruption.
Support User Namespace in pods #127
Feature Group: sig-node
This feature introduces user namespaces in Kubernetes, allowing containers to run with different user IDs inside the container compared to the host. This enhances security by isolating container privileges. It adds a hostUsers field to enable or disable this feature, improving pod-to-pod and node-to-pod isolation and mitigating known vulnerabilities.
Features moving to Alpha
Configurable tolerance for Horizontal Pod Autoscalers #4951
Feature Group: sig-autoscaling
This feature introduces a customizable tolerance field in the Horizontal Pod Autoscaler (HPA) to allow users to fine-tune the scaling behavior of workloads. The new field enables setting different tolerance values for scaling up and scaling down actions, overriding the default 10% global tolerance. If the field is not specified, the HPA will fall back to the default global tolerance.
Container Stop Signals #4960
Feature Group: sig-node
This feature introduces a stopSignal field in ContainerSpec.Lifecycle, allowing users to define custom stop signals like SIGUSR1 for container shutdowns in Kubernetes. The signal is passed to the container runtime via CRI, eliminating the need to rebuild images for signal customization. If unset, it falls back to the image-defined or runtime default signal. The effective stop signal is reflected in the container’s status, with Windows pods restricted to SIGTERM and SIGKILL.
PreferSameNode Traffic Distribution (formerly PreferLocal traffic policy/Node-level topology) #3015
Feature Group: sig-network
This feature enhances traffic routing control by introducing PreferSameZone for zone-local endpoints and PreferSameNode for node-local endpoints. It replaces the vague PreferClose option, ensuring more predictable routing behavior, while still allowing fallbacks and integration with load-balancing tools like topology spread constraints and autoscaling.
Conclusion
Kubernetes v1.33 is coming up with some great improvements that make clusters more secure, scalable, and easier to manage. With new stable features and exciting updates in beta and alpha, it’s a solid step toward building stronger and more efficient infrastructure.
If you liked this blog and want to know about the changes in the previous Kubernetes version, please refer to the blogs below.
satyam soni
Rupin Solanki
Abhinav Dubey
