<ul><li>The Kubernetes v1.33 release addresses long-standing issues with imagePullPolicy behavior.</li><li>In the past, the IfNotPresent policy allowed unauthorized pods to use private images already present on a node.</li><li>Kubernetes v1.33 introduces a change where credentials are verified before allowing pod access to images.</li><li>Performance and service stability were key considerations in revising the feature.</li><li>The update ensures that pods sharing credentials from the same source will not need to re-authenticate.</li><li>The Never option requires credentials for accessing private images, even if already present.</li><li>The Always policy ensures authentication of each image request with the registry.</li><li>The feature relies on file-based caches on nodes to manage image pulls efficiently.</li><li>Future plans include integrating with Projected service account tokens and implementing caching improvements.</li><li>To try the new feature, enable KubeletEnsureSecretPulledImages in Kubernetes v1.33.</li></ul>

Kubernetes v1.33: Image Pull Policy the way you always thought it worked!

Discover more