Kubernetes v1.33 is now supported on new and existing LKE Enterprise clusters. This release also includes several fixes.

New

Kubernetes v1.33 can now be deployed on LKE Enterprise clusters. Several highly impactful features are included in this Kubernetes version, including:

• Container lifecycle updates: The sleep action in lifecycle hooks now supports a zero sleep duration by default. This makes graceful shutdowns much easier without needing a sleep binary in your container image.
• Ordered namespace deletion: Namespaces now follow a more secure and deterministic deletion sequence. Pods are safely removed before dependent resources, eliminating security gaps.
• Pod generation tracking: Pods now include a .metadata.generation field, allowing operators and custom controllers to track mutable field changes and configuration drift much more reliably.
• Structured authorization config: Graduated to stable, providing a more structured way to manage API authorizations.
• Security hotfixes: Early patches (like v1.33.4) addressed a critical security vulnerability where nodes could mistakenly delete themselves (CVE-2025-5187).

Fixed

• Fixed several miscellaneous issues

Upgrade notes

You can upgrade existing LKE Enterprise clusters to v1.33 with the following considerations. For full upgrade instructions, see Upgrade an LKE Enterprise cluster to a newer Kubernetes version.

• For node pools without autoscaling enabled, you must have sufficient capacity (worker nodes) available for the managed components to complete a rolling update. If any node pools contain zero nodes, the upgrade will not complete successfully.
• When upgrading multiple versions in succession, a wait period of an hour is required after each version upgrade. This provides time for all systems to reconcile.