CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. CCE now supports Kubernetes 1.33 cluster features. This section describes the changes made in Kubernetes 1.33.
CPUManagerPolicyOptions moved to GA. It allows you to fine-tune the resource allocation policies of CPU manager. For details, see Control CPU Management Policies on the Node.
MultiCIDRServiceAllocator moved to GA. ServiceCIDRs and IPAddresses are introduced to record the allocations of Service cluster IP addresses. You can use ServiceCIDRs to increase the number of available cluster IP addresses.
JobBackoffLimitPerIndex moved to GA. It allows you to control the maximum number of retries per index in an indexed job. For details, see Kubernetes v1.33: Job's Backoff Limit Per Index Goes GA.
JobSuccessPolicy moved to GA. It allows you to use custom success policies for jobs. For example, you can specify whether some indexes are successful and the number of successful indexes to determine whether a job is complete. For details, see Kubernetes 1.33: Job's SuccessPolicy Goes GA.
MatchLabelKeysInPodAffinity moved to GA. matchLabelKeys and mismatchLabelKeys have been added to pod affinity rules.
NodeInclusionPolicyInPodTopologySpread moved to GA. It allows you to use nodeAffinityPolicy and nodeTaintsPolicy in pod topology spread constraints to dynamically obtain nodes that can accept pods.
For details, see Pod Topology Spread Constraints.
HonorPVReclaimPolicy moved to GA. It ensures that when reclaimPolicy of a PV is set to Delete, the underlying storage resources are deleted based on the policy regardless of the deletion sequence of the PV or PVC. This prevents storage resource leakage.
ImageVolume moved to beta. It allows you to use the image volume source in a pod. This volume source lets you mount a container image to the pod as a read-only volume. For details, see Kubernetes v1.33: Image Volumes graduate to beta!
UserNamespacesSupport moved to beta. It enables pods to use the Linux user namespaces. For details, see Use a User Namespace With a Pod.
StreamingCollectionEncodingToProtobuf moved to beta. kube-apiserver disables the watch-list strategy and uses streaming encoding instead. This feature gate effectively reduces memory usage and improves system when a large number of resources are requested. For details, see Kubernetes v1.33: Streaming List responses.
SchedulerPopFromBackoffQ moved to beta. It optimizes the scheduling queue behavior and allows pods to be directly popped from the backoffQ when the activeQ is empty. This significantly reduces the pod scheduling delay. For details, see Pop from backoffQ when activeQ is empty.
ProcMountType moved to beta. It allows you to use the securityContext.procMount field of a pod to customize the mounting type of the /proc file system in the container to control the access to /proc in a refined manner. This improves pod security and isolation. This feature gate applies to scenarios where non-privileged containers need to run in user namespaces. By relaxing the restrictions on accessing /proc, compatibility and flexibility can be enhanced.
PodLifecycleSleepAction moved to beta. This feature gate is enabled by default. It allows you to create containers with a hibernation lifecycle of zero seconds. For details, see Introducing Sleep Action for PreStop Hook.
You are allowed to use ResourceQuota to limit the number of PVCs associated with a specific VolumeAttributesClass.
For details, see Kubernetes v1.33: In-Place Pod Resize Graduated to Beta.
During a version maintenance period, CCE periodically updates Kubernetes 1.33 and provides enhanced functions.
For details about cluster version updates, see Patch Versions.
For more details about the performance comparison and functional evolution between Kubernetes 1.33 and other versions, see Kubernetes v1.33 Release Notes.