1.33

Canonical Kubernetes 1.33 - Release notes - 30 June 2025

Requirements and compatibility

Canonical Kubernetes can be installed on a variety of operating systems using several methods. For specific requirements, see the Installation guides.

What’s new

  • Kubernetes 1.33 - read more about the upstream release here.

  • Controlled feature upgrade process - With the second release of Canonical Kubernetes, seamlessly upgrade from one version to the next. With a coordinated approach to our feature upgrades and snap refreshes, version drift is prevented and this ensures a smooth, predictable upgrade path for cluster features.

  • Support updating node certificates - Users can now update their external certificates on a running node. See our external certificate refresh guide for more information.

  • k8s certs-status command - This new command provides a detailed view of the certificates status on a node.

  • k8s inspect command - This new command collects diagnostics and other relevant information from a Kubernetes node, either control-plane or worker node, and compiles them into a tarball report.To find out more about what information is collected in the tarball see our inspection reports reference guide.

Also in this release

  • Update CNI to v1.6.2

  • Update Helm to v3.18.3

  • Update k8s-dqlite to v1.3.2

  • Update Cilium version to 1.17.1

  • Update CoreDNS version to 1.12, chart to 1.39.2

  • Update Containerd version to 1.7.27

  • Update GetNodeStatus and GetClusterConfig RPC endpoints

  • Enable Cilium protocol differentiation

  • Enable Cilium session affinity

  • Allow Cilium SCTP configuration through annotations

  • Enable cluster-config.load-balancer.l2-mode by default

  • Added revision implementation for pebble

  • DISA STIG hardening guides improved

  • Other documentation improvements

Note

Changes to default configuration values apply only to new clusters and do not affect existing clusters during upgrade.

Deprecations and API changes

  • Upstream - Please review the upstream release notes, which include depreciation notices and API changes for Kubernetes 1.33.

Fixed bugs and issues

  • Fixed performing PreInitChecks (#1423)

  • Fixed custom containerd path on cleanup (#1469)

  • Fixed node label controller (#1363)

  • Fixed service argument quotations (#1222)

  • Fixed IPv6 parsing for k8s-apiserver-proxy (#1370)

  • Fixed snap refresh on worker nodes (#1239)

  • Fixed certificates refresh panic (#1150)

  • Fixed cluster config merge checks (#1089)

  • Fixed memory leak in k8s-dqlite (#1061)

  • Fixed custom containerd paths (#1046)

  • Fixed certificates usage during control plane join (#1029)

Upgrade notes

See our upgrade notes page for instructions on how to upgrade to 1.33. For dual-stack environments, there are additional configuration steps you may need to implement for a successful upgrade.