Kubernetes 1.25 has been officially released.

1.25 contains a total of 40 functional changes, including:

• 15 enhancements are entering the alpha stage
• 10 enhancements are being upgraded to beta stage
• 13 enhancements are being upgraded to stable stage
• Two features have been marked as deprecated or removed

major changes

cgroup v2 supports official GA

cgroups are one of the key Linux kernel features for organizing and managing container resources on a node. In the early days of Kubernetes, all container runtimes were built with cgroup v1, and now cgroups v2 support has been upgraded to GA status. With cgroups v2, container workloads will work more securely, including rootless containers, and use the latest kernel features more reliably.

Timezone support in CronJob upgraded to beta

CronJob instances are created by the schedule provided in the resource specification. However, the time zone of newly created resources depends on where the controller manager is running. With the new enhancements you get a new field spec.timeZone where you can use a valid timezone from the tz database.

Remove PodSecurityPolicy

In Kubernetes 1.25, PodSecurityPolicy was completely removed after being deprecated in version 1.21. PodSecurityPolicy was the solution to define rules for Pod functionality, but over time it became complex and confusing. Instead, Kubernetes has now implemented a Pod Security Admission Controller with a well-defined migration path.

Retroactive default StorageClass assignment (alpha version)

The default storage class is primarily configured by the cluster administrator during cluster creation. However, you should also change the default storage class in the cluster when the underlying storage provider or business needs change. The new alpha feature focuses on changing the Kubernetes behavior to be retroactive for PVCs without any storage class.

Automatic refresh of official CVE sources (alpha version)

Kubernetes is one of the most active open source repositories, so there are many CVE related issues and PRs that cannot be filtered. New alpha features ensure issues and PRs are flagged with the help of automation. This new approach will let you list CVEs with relevant information as an end user, maintainer, or platform provider.

Defaults to seccomp (upgrade to beta)

Kubernetes allows for improved container security by defining seccomp profiles; it has been an alpha feature since version 1.22. Enabling Seccomp by default adds a security layer to prevent CVEs and 0-days, and this feature has now been upgraded to beta in version 1.25.

The theme for the 1.25 release of Kubernetes is“Combiner”the team hopes to express with this release the spirit of respect for collaboration and openness that transforms everyone from independent developers, writers and users scattered around the world to a combined force capable of changing the world.

Release Announcement | Changelog