Merged
Conversation
…nvox rather the gke auto upgrade
ntner
approved these changes
Nov 5, 2025
Contributor
ntner
left a comment
There was a problem hiding this comment.
- Install at previous minor version and update
- Install at new version
- Telemetry based param groupings at install
- Common convox rack param set variations after install
- New application install and running with multiple resources
- Existing application working after upgrade
- Review and Deploy Workflows working across update
- General and build stress-testing
- Additional GCP testing
- Additional Azure testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is the feature/update/fix?
Major Release: Kubernetes 1.33 Infrastructure Upgrade with Enhanced Container Security and Cloud Provider Improvements
This release introduces critical infrastructure updates and new features:
Core Infrastructure Upgrades:
Feature: Disable Host Users for Linux Containers
convox.ymlfor enhanced container isolationFix: Azure 4MB Source Upload Issue
Update: GKE Extended Release Channel Support
Why is this important?
Kubernetes 1.33 and Core Component Updates:
Enhanced Container Security with Host User Isolation:
Azure Platform Improvements:
GKE Version Management:
How to use it?
Automatic Updates Applied
Once you update your rack to version 3.23.0, the following improvements are automatically applied:
No additional configuration is required for these updates - they take effect immediately after the rack update completes.
Disabling Host Users for Linux Containers
To enable the host user isolation feature, add the
disableHostUsersattribute to your service definition inconvox.yml:When
disableHostUsers: trueis set:Configuration Considerations
Does it have a breaking change?
Yes, this update contains breaking changes. Due to the Kubernetes version upgrade from previous versions to 1.33, this update cannot be rolled back once applied.
Critical Notes:
Important: We strongly recommend:
Requirements
To use this update, you must be on at least version
3.22.0for both the CLI and the rack.Update the CLI: Run
convox updateto update your CLI to the latest version. You can verify your CLI version withconvox version.For a minor version update, you must state the version with the command
convox rack update 3.23.0 -r rackName.You must be on at least rack version
3.22.0to perform this update.If you are unfamiliar with v3 rack versioning, we advise checking the documentation Updating a Rack for more information before applying any updates.