Wednesday’s release of the latest version of the Kubernetes open source resource orchestration platform brings some long-awaited features for AI workloads, security and overall enterprise use.
“It’s a pretty big release,” said Nina Polshakova, the engineer who was the release lead for version 1.33. This edition consists of 64 enhancements, significantly more than the 44 of the previous release.
Of those enhancements, 18 have graduated to Stable, 20 are entering Beta, 24 have entered Alpha, and two are deprecated or withdrawn.
Key updates include native support for sidecar containers and in-place resource resizing for pods, while Beta features introduce advances in areas like dynamic resource allocation and user namespaces.
Some older cruft is being removed as well — the stable Endpoints API and the in-tree gitRepo volume driver — in favor of more scalable approaches.
During the v1.33 release cycle, Kubernetes received contributions from as many as 121 different companies and 570 individuals.
The New Logo
As with each new release of Kubernetes, v1.33 gets a new logo. This one is called “Octarine: The Color of Magic,” and it is inspired by Terry Pratchett’s Discworld series of science fiction novels. In Pratchett’s world, octarine is the color of magic (a sort of fluorescent greenish-yellow purple) and is visible only to wizards and cats.
Polshakova created the design. She explained the reference is meant to celebrate the wizardry of the K8s maintainers, explained. “It’s still magic even if you know how it’s done,” Pratchett once wrote.
Here are three major features that come with this release.
Sidecar Containers (Stable)
Sidecar containers have been one of the most anticipated releases in a while, Polshakova explained.
If your job is running containers, how do you ensure the containers you are in charge of are working correctly? Why, with the instrumentation in other containers, of course. But how do you make sure those containers are in place when your app starts?
Hence, the need for sidecar containers, to handle such extra-curricular tasks as networking, logging, and metrics gathering.
This work was done as part of KEP-753: Sidecar Containers led by the Node Special Interest Group.
Though sidecars have been widely used since the start of Kubernetes, surprisingly, Kubernetes itself did not have native support for sidecar containers until this release. Service mesh providers, for instance, have employed workarounds to ensure their containers are ready to go before the app initializes. Now, Kubernetes handles this.
“Native sidecar support reduces the friction of sidecar adoption, because it’s guaranteed to have your sidecar start before the application and terminate after,” Polshakova explained.
This version comes with the ability to deploy a separate class of “auxiliary containers” for this task, called init containers (Short for initialization). In this release, the restartPolicy is set toAlways to ensure they run through the whole pod’s lifecycle, terminating only after the main containers exit.
This ensures that sidecars start before application containers, remain running throughout the pod’s lifecycle, and terminate automatically after the main containers exit.
Sidecar containers will make it easier to run service meshes, and it makes it easier to manage complex, multi-container applications.
Dynamic Resource Allocation (Alpha, Beta)
Eagerly awaited by those running AI systems, Dynamic Resource Allocation (DRA) is an API (KEP #4381) for allocating non-CPU or memory resources, such as GPUs, TPUs, and FPGAs.
These network interfaces will allow administrators with workloads that require these computational resources to easily schedule them in standardized, structured parameters (though third-party drivers would still be necessary for preparing the resources).
As initially laid out in K8s v1.30, the API, now in Beta, introduced four new resource types: ResourceClaim, ResourceClaimTemplate, DeviceClass, and ResourceSlice.
This is not the first stab at DRA. The concept was introduced in Kubernetes v1.26, but was removed by v1.32.
In addition, there are four feature gates (in Alpha) for further customization:
- Device Taints and Tolerations (DRADeviceTaints): Similar to node taints, these gates limit what architectures a workload can run on.
- Prioritized Alternatives (DRAPrioritizedList): These gates provide alternative ways to satisfy a request should the desired configuration not be available.
- Admin Access Control (DRAAdminAccess): These gates restrict workloads to authorized users.
- Partitionable Devices (DRAPartitionableDevices): Gates to support device partitions for multiple devices.
DRA is proving crucial for managing Kubernetes’ hottest new workload, generative AI.
“If you have a node with GPU access, then you can schedule your AI workload and have it your third-party driver dynamically allocate that,” Polshakova said.
Namespaces
For version 1.33, user namespaces are finally on by default for Linux pods.
Namespaces are a Linux feature that has been carried over to Kubernetes.
In Linux, namespaces provide an abstraction layer so that resources can be cleanly separated into their own individual instances. The isolation secures resources against unwanted intrusion and helps get a better handle on who is using how much of each resource.
Since the namespaces are divided up by user IDs, the feature allows pods to run workloads from multiple parties, each identified by a different ID.
Namespaces have also been a long-requested feature, Polshakova said. The alpha release appeared in version 1.25 and the initial beta appeared in v1.30 (which was disabled by default).
Existing Pods will not be affected by the update, unless the admin opts in through pod.spec.hostUsers.
Summary
“Kubernetes v1.33 is coming up with some great improvements that make clusters more secure, scalable, and easier to manage,” wrote Devtron’s technical intern, Lavish Pal, in a blog post about the release.
Kubernetes v1.33, installable via kubeadm, is available for download on GitHub or on the Kubernetes download page. For all changes, see the release notes. To learn more about Kubernetes v1.33, listen to a web presentation from the Release Team themselves on Friday, May 16, 2025, at 4 p.m. (UTC).
The post Kubernetes v1.33 Advances in AI, Security and the Enterprise appeared first on The New Stack.
Kubernetes 1.33 brought the maintainer wizardry, with fresh namespace support, native sidecars and dedicated resource allocation for GPUs and TPUs.