Kubernetes Cluster – Changelog Q1 2026
What’s New for Tenants
This quarter brings several changes that directly affect your workloads:
- Kubernetes v1.33: The cluster has been upgraded to Kubernetes v1.33. Check the Kubernetes 1.33 release notes for new features, deprecations, and API changes that may affect your workloads.
- New GPU Node Groups: NVIDIA L40S 48Q and L40S 12Q are now available. GPU nodes now use the taint
nvidia.com/gpu.product, allowing you to request access to specific GPU types. The previous generic taintrole.node.kubernetes.io/worker-vgpuhas been removed. - Ephemeral Volumes: You can now use Ephemeral Volumes in your workloads – useful for caches, temp files, or scratch data that doesn’t need to persist.
- vCluster Example: We added documentation on how to run a vCluster within your namespace for isolated testing or development environments.
Under the Hood
Cluster-API, CAPO, and the OpenStack Cloud Controller Manager were updated to match the new Kubernetes version. The base OS was updated to AlmaLinux 10. Graceful Node Shutdown was configured to improve stability during node updates and OpenStack maintenance.
On the networking side, Cilium was updated to v1.18 and Istio to v1.28. The legacy IPv6-to-IPv4 LoadBalancers were replaced with native IPv6 LoadBalancers. Security tooling including Falco, Trivy, Gatekeeper, and Cert-Manager all received version updates. The monitoring stack was refreshed with updates to Prometheus, OpenTelemetry Collector, and Vector.
Several bugfixes addressed orphaned nodes during machine deletion and broken OpenStack Application Credentials.
The full list of changes is available in the tables below.
Tenant-Facing Changes
| Area | Type | Description |
|---|---|---|
| Kubernetes | Update | Kubernetes to v1.33 – see release notes for API changes and new features |
| GPU | Feature | New vGPU node groups: NVIDIA L40S 48Q and L40S 12Q |
| Feature | New taint nvidia.com/gpu.product for GPU nodes – enables targeted access to specific GPU types (replaces role.node.kubernetes.io/worker-vgpu) | |
| Security | Feature | Ephemeral Volumes are now available for tenant workloads |
| Documentation | Feature | New example: running vCluster within your namespace |
Platform Updates
| Area | Type | Description |
|---|---|---|
| Kubernetes & Cluster-API | Update | Updated Cluster-API, CAPO, Barbican, and OpenStack CCM to match K8s version |
| Feature | Configured Graceful Node Shutdown for improved stability during node updates and VM shutdowns | |
| Bug | Fixed machine deletion leaving orphaned nodes | |
| Bug | Renewed OpenStack Application Credentials (cluster management & CSI controller affected) | |
| Node Image | Update | AlmaLinux 10 with updated Containerd, Runc, Stargz, and NVIDIA driver |
| Networking | Update | Cilium to v1.18 and Hubble; Istio to v1.28 and v1.26; updated OAuth2 Proxy, Certificate Copy Operator, CoreDNS-based DNS (Cache, Kubernetes DNS, Public DNS), and NIC Controller |
| Feature | Native IPv6 LoadBalancers replace legacy IPv6-to-IPv4 translation | |
| Bug | Fixed IPv6 LoadBalancer source range handling (Cilium workaround & OpenStack security group fix) | |
| Security | Update | Updated Falco, Trivy Operator with Trivy, Gatekeeper, and Cert-Manager |
| Monitoring | Update | Updated Prometheus with Prometheus Operator (including CRDs), OpenTelemetry Collector with o11y-otel-contextprocessor, Vector, and x509 Certificate Exporter |
| Storage | Bug | Disabled Snapshot Controller (was never in use) |
| Miscellaneous | Update | Updated Reloader; Generic Device Plugin updated but disabled (currently not in use) |