Kubernetes v1.36: Smarter Kubelet Access Control Now Generally Available
By
<p>Kubernetes v1.36 marks a major milestone for cluster security with the general availability (GA) of fine-grained kubelet API authorization. This feature, developed by SIG Auth and SIG Node, replaces the overly broad <code>nodes/proxy</code> permission with precise, least-privilege access controls for the kubelet's HTTPS API. It's a game-changer for monitoring, logging, and health-checking workloads that previously required risky superuser-level access. Below, we answer common questions about this enhancement.</p>
<h2 id="q1">What exactly is the fine-grained kubelet API authorization feature?</h2>
<p>This feature introduces a new authorization model for the kubelet's HTTPS endpoint, allowing administrators to define specific permissions for individual API paths instead of granting the all-or-nothing <code>nodes/proxy</code> permission. For example, you can now allow a monitoring agent to read node metrics and pod logs without also granting the ability to execute commands inside containers. The feature is controlled by the <code>KubeletFineGrainedAuthz</code> feature gate, which is now locked to enabled in v1.36. It works by leveraging <a href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/">RBAC</a> with more granular resources and verbs, enabling a true least-privilege security model.</p><figure style="margin:20px 0"><img src="https://picsum.photos/seed/119574175/800/450" alt="Kubernetes v1.36: Smarter Kubelet Access Control Now Generally Available" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px"></figcaption></figure>
<h2 id="q2">Why was a more precise authorization model needed?</h2>
<p>The previous kubelet authorization model was coarse-grained: when webhook authorization was enabled, almost all kubelet API paths mapped to the single <code>nodes/proxy</code> subresource. This meant that any workload needing to read metrics, health status, or container logs required <code>nodes/proxy</code>—the same permission that also allows executing arbitrary commands in any container on the node. This violated the <strong>principle of least privilege</strong> and created a severe security risk. If a monitoring agent with this permission was compromised, an attacker could take over every container on the node. The community had recognized this problem for years (see <a href="https://github.com/kubernetes/kubernetes/issues/83465">kubernetes/kubernetes#83465</a>), and this feature directly addresses it.</p>
<h2 id="q3">What was wrong with the old <code>nodes/proxy</code> permission?</h2>
<p>Granting <code>nodes/proxy</code> to monitoring agents, log collectors, or health-checking tools effectively gave them node-level superuser capabilities. The permission allowed access to all kubelet APIs, including <code>/exec</code> (run commands in containers), <code>/attach</code>, <code>/portForward</code>, and more. This dramatically increased the <strong>blast radius</strong> of a security incident: a single compromised monitoring pod could lead to full node compromise. Moreover, the permission didn't distinguish between read and write operations for certain endpoints, as demonstrated by the <a href="#q5">WebSocket RCE risk</a> discussed later. The new model replaces this with fine-grained RBAC rules that restrict each workload to only the specific kubelet API paths it needs.</p>
<h2 id="q4">How does the new feature improve security?</h2>
<p>The feature enables administrators to define precise RBAC roles that map to individual kubelet API endpoints. For example, a monitoring agent can be granted <code>get</code> access to <code>/metrics</code> and <code>/pods</code> without any access to <code>/exec</code>. This drastically reduces the attack surface because even if the agent is compromised, the attacker cannot execute commands or access sensitive data outside the permitted scope. The feature also addresses the WebSocket vulnerability (see <a href="#q5">next question</a>) by ensuring that the initial GET request for a WebSocket connection is verified against the intended verb (e.g., <code>create</code> for <code>/exec</code>). Overall, it brings kubelet authorization in line with standard Kubernetes RBAC best practices.</p>
<h2 id="q5">What is the WebSocket RCE risk associated with <code>nodes/proxy</code> GET?</h2>
<p>Security researchers demonstrated in early 2026 that even a <code>nodes/proxy</code> GET permission—often considered "read-only"—could be abused for remote code execution (RCE). The root cause lies in the WebSocket protocol: a WebSocket connection starts with an HTTP GET handshake. The kubelet mapped this GET to the RBAC <code>get</code> verb and authorized the request without checking if the user also had <code>create</code> permission for the write operation that follows (e.g., <code>/exec</code>). Using a tool like <code>websocat</code>, an attacker with only GET access could send a WebSocket request to the kubelet's <code>/exec</code> endpoint on port 10250 and execute arbitrary commands. The fine-grained authorization feature fixes this by requiring explicit permission for each API path and verb, closing this loophole.</p>
<h2 id="q6">How did this feature evolve through Kubernetes releases?</h2>
<p>The <code>KubeletFineGrainedAuthz</code> feature gate was first introduced as an <em>alpha</em> feature in Kubernetes v1.32 (opt-in). It then graduated to <em>beta</em> in v1.33, where it was enabled by default, allowing users to test and provide feedback. Now, with v1.36, it has reached <strong>General Availability (GA)</strong>, meaning the feature gate is locked to enabled and cannot be turned off. This progression followed the standard Kubernetes feature lifecycle: alpha for initial experimentation, beta for wider testing, and GA for production readiness. The community, led by SIG Auth and SIG Node, ensured backward compatibility and a smooth transition for existing clusters.</p>
<h2 id="q7">What are the practical implications for monitoring and observability tools?</h2>
<p>For operators running Prometheus, Fluentd, or custom health-check agents, this change means they can now grant only the minimal permissions each tool requires. Instead of a single <code>nodes/proxy</code> role, you can create dedicated roles like <code>node-metrics-reader</code> (allowing <code>get</code> on <code>/metrics</code>) and <code>pod-log-reader</code> (allowing <code>get</code> on <code>/pods</code> and <code>/containerLogs</code>). This aligns with the <strong>least-privilege</strong> security model and reduces the risk of lateral movement. However, administrators must update their RBAC configurations to leverage the new granularity. The feature is backward-compatible; existing <code>nodes/proxy</code> permissions still work but are no longer necessary. Documentation and examples are available in the <a href="https://kubernetes.io/docs/reference/access-authn-authz/kubelet-authorization/">Kubernetes documentation</a>.</p>