Kubernetes v1.36 marks a major milestone for cluster security with the general availability (GA) of fine-grained kubelet API authorization. This feature, developed by SIG Auth and SIG Node, replaces the overly broad nodes/proxy permission with precise, least-privilege access controls for the kubelet's HTTPS API. It's a game-changer for monitoring, logging, and health-checking workloads that previously required risky superuser-level access. Below, we answer common questions about this enhancement.

What exactly is the fine-grained kubelet API authorization feature?

This feature introduces a new authorization model for the kubelet's HTTPS endpoint, allowing administrators to define specific permissions for individual API paths instead of granting the all-or-nothing nodes/proxy permission. For example, you can now allow a monitoring agent to read node metrics and pod logs without also granting the ability to execute commands inside containers. The feature is controlled by the KubeletFineGrainedAuthz feature gate, which is now locked to enabled in v1.36. It works by leveraging RBAC with more granular resources and verbs, enabling a true least-privilege security model.

Why was a more precise authorization model needed?

The previous kubelet authorization model was coarse-grained: when webhook authorization was enabled, almost all kubelet API paths mapped to the single nodes/proxy subresource. This meant that any workload needing to read metrics, health status, or container logs required nodes/proxy—the same permission that also allows executing arbitrary commands in any container on the node. This violated the principle of least privilege and created a severe security risk. If a monitoring agent with this permission was compromised, an attacker could take over every container on the node. The community had recognized this problem for years (see kubernetes/kubernetes#83465), and this feature directly addresses it.

What was wrong with the old nodes/proxy permission?

Granting nodes/proxy to monitoring agents, log collectors, or health-checking tools effectively gave them node-level superuser capabilities. The permission allowed access to all kubelet APIs, including /exec (run commands in containers), /attach, /portForward, and more. This dramatically increased the blast radius of a security incident: a single compromised monitoring pod could lead to full node compromise. Moreover, the permission didn't distinguish between read and write operations for certain endpoints, as demonstrated by the WebSocket RCE risk discussed later. The new model replaces this with fine-grained RBAC rules that restrict each workload to only the specific kubelet API paths it needs.

How does the new feature improve security?

The feature enables administrators to define precise RBAC roles that map to individual kubelet API endpoints. For example, a monitoring agent can be granted get access to /metrics and /pods without any access to /exec. This drastically reduces the attack surface because even if the agent is compromised, the attacker cannot execute commands or access sensitive data outside the permitted scope. The feature also addresses the WebSocket vulnerability (see next question) by ensuring that the initial GET request for a WebSocket connection is verified against the intended verb (e.g., create for /exec). Overall, it brings kubelet authorization in line with standard Kubernetes RBAC best practices.

What is the WebSocket RCE risk associated with nodes/proxy GET?

Security researchers demonstrated in early 2026 that even a nodes/proxy GET permission—often considered "read-only"—could be abused for remote code execution (RCE). The root cause lies in the WebSocket protocol: a WebSocket connection starts with an HTTP GET handshake. The kubelet mapped this GET to the RBAC get verb and authorized the request without checking if the user also had create permission for the write operation that follows (e.g., /exec). Using a tool like websocat, an attacker with only GET access could send a WebSocket request to the kubelet's /exec endpoint on port 10250 and execute arbitrary commands. The fine-grained authorization feature fixes this by requiring explicit permission for each API path and verb, closing this loophole.

How did this feature evolve through Kubernetes releases?

The KubeletFineGrainedAuthz feature gate was first introduced as an alpha feature in Kubernetes v1.32 (opt-in). It then graduated to beta in v1.33, where it was enabled by default, allowing users to test and provide feedback. Now, with v1.36, it has reached General Availability (GA), meaning the feature gate is locked to enabled and cannot be turned off. This progression followed the standard Kubernetes feature lifecycle: alpha for initial experimentation, beta for wider testing, and GA for production readiness. The community, led by SIG Auth and SIG Node, ensured backward compatibility and a smooth transition for existing clusters.

What are the practical implications for monitoring and observability tools?

For operators running Prometheus, Fluentd, or custom health-check agents, this change means they can now grant only the minimal permissions each tool requires. Instead of a single nodes/proxy role, you can create dedicated roles like node-metrics-reader (allowing get on /metrics) and pod-log-reader (allowing get on /pods and /containerLogs). This aligns with the least-privilege security model and reduces the risk of lateral movement. However, administrators must update their RBAC configurations to leverage the new granularity. The feature is backward-compatible; existing nodes/proxy permissions still work but are no longer necessary. Documentation and examples are available in the Kubernetes documentation.