Kubernetes v1.36: Smarter Kubelet API Security with Granular Authorization Now Stable

By • min read

<p>Welcome! In Kubernetes v1.36, a significant security enhancement reaches general availability: fine-grained kubelet API authorization. This feature, driven by SIG Auth and SIG Node, replaces the coarse 'nodes/proxy' permission with precise controls for monitoring, logging, and health checks, drastically reducing attack surfaces. Let's explore what changed and why it matters.</p> <h2 id="q1">What is the fine-grained kubelet API authorization feature in Kubernetes v1.36?</h2> <p>This feature, tracked by KEP-2862 and enabled by the now-locked <code>KubeletFineGrainedAuthz</code> feature gate, replaces the overly broad <code>nodes/proxy</code> permission with specific RBAC rules for individual kubelet API endpoints. Instead of granting blanket access to all kubelet operations, administrators can now define policies that allow only the exact actions needed—for example, reading pod metrics without permitting command execution. It graduated from alpha in v1.32 to beta in v1.33, and is now stable and enabled by default.</p><figure style="margin:20px 0"><img src="https://picsum.photos/seed/1689216084/800/450" alt="Kubernetes v1.36: Smarter Kubelet API Security with Granular Authorization Now Stable" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px"></figcaption></figure> <h2 id="q2">Why was this feature needed? The 'nodes/proxy' problem</h2> <p>The kubelet exposes an HTTPS API with endpoints for pods, metrics, logs, and—critically—exec into containers. Previously, when webhook authorization was used, nearly all these paths mapped to a single <code>nodes/proxy</code> subresource. This meant any workload needing kubelet data—like a monitoring agent—required the same permission that allows arbitrary command execution in any container on the node. The principle of least privilege was violated: a small monitoring tool could be a gateway for catastrophic attacks if compromised.</p> <h2 id="q3">What was wrong with the old nodes/proxy permission?</h2> <p>Granting <code>nodes/proxy</code> to any workload is effectively giving node-level superuser access. If a monitoring agent, log collector, or health checker is breached, attackers gain the ability to run commands in every container on that node. This dramatically increases blast radius and has been a known issue in the Kubernetes community for years (see <a href="https://github.com/kubernetes/kubernetes/issues/83465">kubernetes/kubernetes#83465</a>). The problem was especially acute in multi-tenant clusters or shared infrastructure.</p> <h2 id="q4">What is the WebSocket RCE risk with nodes/proxy GET?</h2> <p>Security researchers demonstrated in early 2026 that even read-only <code>nodes/proxy</code> GET access can be abused for remote code execution. The root cause: WebSocket connections (<a href="https://tools.ietf.org/html/rfc6455">RFC 6455</a>) initiate with an HTTP GET handshake, which the kubelet maps to the RBAC <code>get</code> verb. However, after the GET handshake, the connection can be used for write operations (e.g., exec). Without a secondary check for <code>create</code> permission, an attacker with only GET access to <code>nodes/proxy</code> can connect to <code>/exec</code> on port 10250 and run arbitrary commands using tools like <code>websocat</code>. The new feature prevents this by requiring explicit permissions for exec endpoints separate from read-only endpoints.</p> <h2 id="q5">How does the new feature improve access control?</h2> <p>Fine-grained authorization maps each kubelet API path to its own RBAC resource and verb. For example, reading pod metrics now requires <code>get</code> on <code>nodes/metrics</code>, while executing commands requires <code>create</code> on <code>nodes/exec</code>. This allows least-privilege policies: a monitoring tool can be granted only <code>get nodes/metrics</code> and <code>get nodes/stats</code>, without any <code>exec</code> or <code>log</code> permissions. The feature also corrects the WebSocket vulnerability by ensuring that <code>exec</code> endpoints require explicit <code>create</code> permission, not just <code>get</code>.</p> <h2 id="q6">How does this feature work technically under the hood?</h2> <p>When the kubelet receives an API request, it now inspects the exact path (e.g., <code>/metrics</code>, <code>/exec</code>, <code>/log</code>, <code>/pods</code>) and maps it to a specific RBAC resource and verb. For instance, <code>/exec</code> requires <code>create</code> on <code>nodes/exec</code>, while <code>/stats/summary</code> requires <code>get</code> on <code>nodes/stats</code>. The feature uses the same webhook or ABAC authorization modes as before, but with richer subjectaccessreview objects. It is fully backward compatible: existing <code>nodes/proxy</code> permissions continue to work, but administrators can now define more precise alternatives. The feature gate is locked to enabled in v1.36, so no opt-in is needed.</p> <h2 id="q7">How can users adopt this feature in their clusters?</h2> <p>To take advantage of fine-grained authorization, cluster administrators should replace broad <code>nodes/proxy</code> ClusterRoles with specific ones for each workload. For example, create a ClusterRole that only allows <code>get</code> on <code>nodes/metrics</code>, <code>nodes/stats</code>, and <code>nodes/log</code> for a logging agent. Tools like <code>kubectl</code> and monitoring systems may need RBAC adjustments. The Kubernetes documentation provides examples of new RBAC rules. Since the feature is GA, no feature gate changes are required. Start auditing existing RBAC bindings that use <code>nodes/proxy</code> and gradually migrate to the new granular permissions for better security posture.</p> <h2 id="q8">What does this graduation to GA signify for the community?</h2> <p>General availability means the fine-grained kubelet authorization is production-ready, stable, and supported long-term. It addresses a long-standing security concern voiced in <a href="https://github.com/kubernetes/kubernetes/issues/83465">issue #83465</a> and closes a major gap in Kubernetes’ default security model. By enabling least-privilege access, it reduces the blast radius of compromised monitoring or logging workloads. This milestone encourages broader adoption of secure practices across the ecosystem and signals that Kubernetes continues to mature its security foundations. The feature is now recommended for all clusters, especially those with multi-tenant or sensitive workloads.</p>