1.33¶
Canonical Kubernetes 1.33 - Release notes - 30 June 2025
Requirements and compatibility¶
Canonical Kubernetes can be installed on a variety of operating systems using several methods. For specific requirements, see the Installation guides.
What’s new¶
Kubernetes 1.33 - read more about the upstream release here.
Controlled feature upgrade process - With the second release of Canonical Kubernetes, seamlessly upgrade from one version to the next. With a coordinated approach to our feature upgrades and snap refreshes, version drift is prevented and this ensures a smooth, predictable upgrade path for cluster features.
Support updating node certificates - Users can now update their external certificates on a running node. See our external certificate refresh guide for more information.
k8s certs-status
command - This new command provides a detailed view of the certificates status on a node.k8s inspect
command - This new command collects diagnostics and other relevant information from a Kubernetes node, either control-plane or worker node, and compiles them into a tarball report.To find out more about what information is collected in the tarball see our inspection reports reference guide.
Also in this release¶
Update CNI to v1.6.2
Update Helm to v3.18.3
Update k8s-dqlite to v1.3.2
Update Cilium version to 1.17.1
Update CoreDNS version to 1.12, chart to 1.39.2
Update Containerd version to 1.7.27
Update
GetNodeStatus
andGetClusterConfig
RPC endpointsEnable Cilium protocol differentiation
Enable Cilium session affinity
Allow Cilium SCTP configuration through annotations
Enable cluster-config.load-balancer.l2-mode by default
Added revision implementation for pebble
DISA STIG hardening guides improved
Other documentation improvements
Note
Changes to default configuration values apply only to new clusters and do not affect existing clusters during upgrade.
Deprecations and API changes¶
Upstream - Please review the upstream release notes, which include depreciation notices and API changes for Kubernetes 1.33.
Fixed bugs and issues¶
Fixed performing PreInitChecks (#1423)
Fixed custom containerd path on cleanup (#1469)
Fixed node label controller (#1363)
Fixed service argument quotations (#1222)
Fixed IPv6 parsing for k8s-apiserver-proxy (#1370)
Fixed snap refresh on worker nodes (#1239)
Fixed certificates refresh panic (#1150)
Fixed cluster config merge checks (#1089)
Fixed memory leak in k8s-dqlite (#1061)
Fixed custom containerd paths (#1046)
Fixed certificates usage during control plane join (#1029)
Upgrade notes¶
See our upgrade notes page for instructions on how to upgrade to 1.33. For dual-stack environments, there are additional configuration steps you may need to implement for a successful upgrade.