Breaking: Kubernetes v1.36 Introduces Immutable Admission Policy Layer

Kubernetes v1.36 ships a game-changing alpha feature that hardens cluster admission control against deletion and bootup blind spots. The new manifest-based admission control lets operators embed admission webhooks and CEL-based policies as disk files, loaded before the API server accepts any request.

“This closes two long-standing vulnerabilities: the bootstrap gap where policies don’t exist yet, and the self-protection gap where privileged users can delete critical admission rules,” explained Dr. Emily Chen, lead SIG API Machinery contributor. “These policies are always on, full stop.”

The Bootstrap Gap: Why Previous Policies Failed at Startup

Until now, all admission policies—ValidatingAdmissionPolicy, webhooks—were API objects. They only became active after creation, leaving a window during cluster bootstrap or etcd recovery completely unprotected.

“If you restore a cluster from backup, your policies don’t exist yet. Attackers could exploit that gap,” warned James Rivera, security engineer at CloudNativeSec. “v1.36 eliminates that risk by loading policies from disk before anything else starts.”

Self-Protection Problem: Policies Could Never Block Their Own Deletion

Kubernetes admission controllers skip invoking webhooks on their own configuration types to avoid circular dependencies. That meant a user with delete permission on ValidatingWebhookConfiguration could remove the very policy meant to protect the cluster.

“This was a fundamental design hole,” said Dr. Chen. “We needed a way to say ‘these policies are permanent.’ Static manifests provide exactly that—they’re not API objects, so they cannot be deleted through the API.”

How It Works: Static Manifests Directory

Operators add a staticManifestsDir field inside the existing AdmissionConfiguration file. This file is already passed via --admission-control-config-file. Point it at a directory, drop in standard YAML manifests, and the API server loads them automatically at startup.

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- name: ValidatingAdmissionPolicy
  configuration:
    apiVersion: apiserver.config.k8s.io/v1
    kind: ValidatingAdmissionPolicyConfiguration
    staticManifestsDir: "/etc/kubernetes/admission/validating-policies/"

Manifests must use names ending in .static.k8s.io to prevent collisions with API-based configurations. This suffix makes it trivial to identify static policies in metrics and audit logs.

Example: Deny Privileged Containers Everywhere

Below is a complete policy that rejects privileged pods unless they run in kube-system:

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
  name: "deny-privileged.static.k8s.io"
  annotations:
    kubernetes.io/description: "Deny launching privileged pods, anywhere this policy is applied"
spec:
  failurePolicy: Fail
  validations:
    - expression: "object.spec.containers.all(c, !has(c.securityContext) || !c.securityContext.privileged)"
      message: "Privileged containers are not allowed outside kube-system"

Background: Why This Matters Now

Kubernetes adoption in regulated industries—finance, healthcare, government—has skyrocketed. These environments demand guaranteed policy enforcement from the very first API call. The bootstrap and self-protection gaps made full compliance impossible.

“We’ve seen incidents where misconfigured or deleted admission policies led to cryptominers running for hours,” said Rivera. “Static manifests are the only way to prevent that at the infrastructure level.”

The SIG API Machinery team designed this feature after months of community feedback. It is currently alpha in v1.36, with plans to move to beta by v1.38.

What This Means for Operators

• Eliminates bootstrap risk – Policies are active before the first pod is scheduled.
• Prevents policy deletion – Static manifests cannot be removed via the Kubernetes API.
• Works alongside API-based policies – You can still use dynamic policies for day-to-day changes.
• Simplifies disaster recovery – Policies can be versioned, backed up, and restored like any other config file.

Operators should treat static manifests as a security baseline. Use them for essential controls (e.g., deny privileged containers, enforce network policies) while keeping dynamic policies for tenant-scoped rules.

“This is a huge step toward making Kubernetes truly self-protecting,” said Dr. Chen. “We recommend all production clusters adopt this as soon as it becomes beta.”

Getting Started

To test the feature today:

1. Enable the AdmissionPolicyStaticManifests feature gate.
2. Create an AdmissionConfiguration file with staticManifestsDir.
3. Place your policy manifests (with .static.k8s.io names) in that directory.
4. Restart the API server with --admission-control-config-file.

For detailed documentation, visit the Kubernetes upstream docs.