Kubernetes v1.36 Delivers Fine-Grained Kubelet API Authorization at General Availability

Introduction

The Kubernetes community has reached a significant security milestone with the graduation of fine-grained kubelet API authorization to General Availability (GA) in version 1.36. This feature, introduced as an alpha opt-in in v1.32 and promoted to beta (enabled by default) in v1.33, is now locked in as a stable capability. It replaces the overly permissive nodes/proxy permission with precise, least-privilege access controls for the kubelet’s HTTPS API, addressing a long-standing security concern in cluster monitoring and observability workflows.

The Problem with Coarse-Grained Authorization

The kubelet exposes an HTTPS endpoint that provides access to data of varying sensitivity: pod listings, node metrics, container logs, and the ability to execute commands inside running containers. Historically, when webhook authorization was enabled, nearly all kubelet API paths were mapped to a single nodes/proxy subresource. This meant that any workload needing to read metrics or health status required the same permission that grants arbitrary command execution in any container on the node.

The Principle of Least Privilege Violation

Granting nodes/proxy to monitoring agents, log collectors, or health checkers violates the principle of least privilege. If any of those workloads is compromised, the attacker gains node-level superuser capabilities—effectively the ability to run commands in every container on the node. This dramatically increases the blast radius of any security incident.

The WebSocket RCE Risk

The situation is even more severe than it appears. Security researchers demonstrated in early 2026 that even the nodes/proxy GET permission—routinely granted as a minimal read-only permission to monitoring tools—can be exploited to execute commands in any pod on reachable nodes. The root cause lies in a mismatch between the WebSocket protocol and the kubelet’s RBAC verb mapping. WebSocket requires an HTTP GET for the initial handshake, and the kubelet maps this GET to the get verb without a secondary check to confirm create permission for the subsequent write operation. Using a tool like websocat, an attacker can directly reach the kubelet’s /exec endpoint on port 10250 and execute arbitrary commands with a simple command:

websocat --insecure --header "Authorization: Bearer $TOKEN" --protocol v4.channel.k8s.io "wss://$NODE_IP:10250/exec/default/nginx/nginx?ou"

How Fine-Grained Authorization Works

The new feature, based on KEP-2862, introduces a much more granular authorization model. Instead of mapping all kubelet API paths to nodes/proxy, it allows administrators to define specific permissions for individual endpoints. For example, a monitoring agent can be granted read-only access to /metrics and /stats without needing access to /exec or /run. This is achieved through refined RBAC rules that differentiate between read and write operations, closing the previously exploitable gap.

Benefits and Next Steps

With this GA release, clusters running Kubernetes v1.36 automatically benefit from the enhanced security model. Administrators should review their existing RBAC configurations and replace any broad nodes/proxy grants with targeted permissions such as nodes/stats, nodes/log, or nodes/metrics. The official documentation provides guidance on migrating to the new model. This change not only reduces risk but also simplifies audit logs and improves compliance with security best practices.

Conclusion

The graduation of fine-grained kubelet API authorization marks a major step forward for Kubernetes security. By eliminating the need for coarse nodes/proxy permissions and addressing the WebSocket RCE vulnerability, the feature empowers cluster operators to enforce least-privilege access without sacrificing functionality. All users are encouraged to upgrade to v1.36 and adopt the new authorization model.