Mastering Kubelet Security: Q&A on Kubernetes v1.36 Fine-Grained Authorization
Kubernetes v1.36 makes a major stride in cluster security with the general availability (GA) of fine-grained kubelet API authorization. This feature, originally an alpha opt-in in v1.32 and beta-enabled by default in v1.33, now replaces the broad nodes/proxy permission with precise, least-privilege access controls. Below, we answer key questions about this enhancement, its motivation, and how it transforms kubelet access management.
What exactly is fine-grained kubelet API authorization?
Fine-grained kubelet API authorization is a GA feature in Kubernetes v1.36 that lets you control access to the kubelet's HTTPS API on a per-endpoint basis. Instead of the old all-or-nothing nodes/proxy permission, you can now define separate RBAC rules for pods, metrics, logs, and exec operations. For example, a monitoring agent can be limited to reading /metrics and /stats without getting the ability to run commands inside containers. This is achieved by the KubeletFineGrainedAuthz feature gate, now locked to enabled, which maps each kubelet API path to a dedicated subresource (e.g., nodes/metrics, nodes/log, nodes/exec). This granularity allows administrators to apply the principle of least privilege precisely, reducing the blast radius of a potential compromise.
Why was the old nodes/proxy permission so risky?
The nodes/proxy permission acted like a master key for the kubelet's API. Before v1.36, almost every kubelet endpoint—whether for reading pod logs, fetching node metrics, or executing commands—required this single permission. Granting it to monitoring agents, log collectors, or health checkers meant they could also execute arbitrary commands inside any container on the node. This violated the principle of least privilege. If an attacker compromised such a workload, they could pivot to run commands in every container, potentially exfiltrating data or installing malware. The community had flagged this issue for years (see kubernetes/kubernetes#83465), and the new feature directly addresses that design flaw.
How could a read-only permission like nodes/proxy GET lead to remote code execution?
Security researchers demonstrated in early 2026 that even the minimal nodes/proxy GET permission—commonly granted to monitoring tools—could be abused for remote code execution. The flaw lies in how WebSocket connections interact with the kubelet's RBAC model. The WebSocket protocol (RFC 6455) starts every connection with an HTTP GET request. The kubelet authorizes this GET using the get verb, but it does not perform a secondary check to see if the user also has create permission for the write operation that follows. Using a tool like websocat, an attacker could directly hit the kubelet's /exec endpoint on port 10250 and pass commands. For example:
websocat --insecure --header "Authorization: Bearer $TOKEN" --protocol v4.channel.k8s.io "wss://$NODE_IP:10250/exec/default/nginx/nginx?command=sh"
This bypass effectively turned a read-only token into a full command execution capability.
What new RBAC resources does fine-grained authorization introduce?
With fine-grained kubelet authorization, you now have separate subresources for each major kubelet API endpoint. These include:
- nodes/metrics – for accessing node metrics (e.g.,
/metrics) - nodes/stats – for pod and container statistics (e.g.,
/stats) - nodes/log – for reading container logs (
/logs) - nodes/exec – for executing commands in containers (
/exec) - nodes/portforward – for port forwarding to pods (
/portForward) - nodes/proxy – retained for backward compatibility with endpoints not yet subdivided
get nodes/metrics for a monitoring agent, get nodes/log for a log collector, and only grant create nodes/exec to specific tools that require command execution. This eliminates the need to grant the overly broad nodes/proxy permission for common observability tasks.
How do I migrate from the old nodes/proxy permission?
Upgrade your cluster to Kubernetes v1.36, which has the feature gate locked to enabled. Then, audit your existing RBAC roles that use nodes/proxy and replace them with fine-grained permissions. For example, if a Prometheus server currently has get nodes/proxy, change its ClusterRole to include get nodes/metrics and get nodes/stats. For a Fluentd log collector, grant get nodes/log. If you have custom controllers that need exec access, limit them to create nodes/exec. Use the kubectl auth can-i command to test new permissions: kubectl auth can-i get nodes/log --as system:serviceaccount:monitoring:log-collector. Test thoroughly in a non-production environment first. Finally, remove the old nodes/proxy permission from all roles where it is no longer needed.
Is there still a use for the nodes/proxy permission after v1.36?
Yes, but it should be reserved for specific administrative tasks that require access to the full kubelet API or for endpoints that have not been subdivided into fine-grained subresources. For instance, the kubelet's /pods endpoint (listing all pods) and /healthz might still map to nodes/proxy. Additionally, if you have legacy workloads that rely on direct, unfiltered proxy access to the kubelet, you can continue to grant nodes/proxy but only to a minimal set of trusted components. In general, however, the principle is: grant the narrowest permission necessary. For most monitoring and logging tools, the new subresources are sufficient and safer. Consider revisiting any role that still uses nodes/proxy and split it into granular rules where possible to reduce security risk.
What are the security benefits in practice?
Fine-grained authorization significantly limits the blast radius of a compromised workload. For example, if a monitoring agent with only get nodes/metrics is breached, an attacker can see node metrics but cannot read container logs, execute commands, or port-forward. Similarly, a log collector with get nodes/log cannot access metrics or exec. This containment is crucial for multi-tenant clusters where different teams may manage observability tools. Additionally, the feature closes the WebSocket attack vector described earlier, because get nodes/metrics does not allow write operations like /exec. By following least privilege, you reduce the attack surface and make your cluster more resilient to incidents. This enhancement also brings Kubernetes in line with modern security best practices for API access control.