Introduction

Kubernetes continues to advance its security posture with the graduation of fine-grained kubelet API authorization to General Availability (GA) in version 1.36. This milestone, championed by SIG Auth and SIG Node, marks a significant step forward in enforcing the principle of least privilege within Kubernetes clusters. The KubeletFineGrainedAuthz feature gate, which began as an opt-in alpha in v1.32 and became beta (enabled by default) in v1.33, is now locked to enabled, providing all users with enhanced control over kubelet API access.

The Problem with Coarse-Grained Authorization

Historically, kubelet authorization followed a coarse-grained model. When webhook authorization was active, nearly all kubelet API endpoints were mapped to a single nodes/proxy subresource. This meant that any workload—monitoring agents, log collectors, health checks—required the nodes/proxy permission to interact with the kubelet. Unfortunately, this same permission grants the ability to execute arbitrary commands inside running containers on the node.

This design violates the principle of least privilege. Granting nodes/proxy to monitoring tools widens the blast radius of any security incident. If a compromised workload holds this broad permission, an attacker can run commands in every container on the node, potentially escalating to full cluster compromise.

The nodes/proxy GET WebSocket RCE Risk

The severity of this issue became even more apparent with security research published in early 2026. Researchers demonstrated that even nodes/proxy GET—a minimal read-only permission commonly given to monitoring tools—can be exploited to execute arbitrary commands in any pod.

The root cause lies in the mismatch between WebSocket protocol behavior and kubelet RBAC mapping. The WebSocket handshake (RFC 6455) requires an initial HTTP GET request. The kubelet maps this GET to the RBAC get verb and authorizes the request without performing a secondary check for create permission on the subsequent write operation. Using a tool like websocat, an attacker can directly reach the kubelet's /exec endpoint on port 10250 and execute commands:

websocat --insecure \
 --header "Authorization: Bearer $TOKEN" \
 --protocol v4.channel.k8s.io \
 "wss://$NODE_IP:10250/exec/default/nginx/nginx?ou"

How Fine-Grained Kubelet Authorization Works

The new GA feature replaces the monolithic nodes/proxy permission with a set of fine-grained RBAC rules. Each kubelet API path now maps to its own subresource, allowing administrators to grant minimal permissions:

• /pods for listing pods
• /stats/summary for node metrics
• /metrics for Prometheus-style metrics
• /logs for container logs
• /exec (and /attach) for command execution—restricted only to authorized subjects

This granularity ensures that a monitoring agent can read metrics without gaining the ability to run shell commands. It directly addresses the long-standing community concern outlined in KEP-2862.

Benefits for Cluster Administrators and Security Teams

With fine-grained authorization now GA, cluster operators can:

• Reduce blast radius: A compromised monitoring tool cannot execute commands in containers.
• Simplify auditing: Each RBAC role is scoped to specific kubelet endpoints, making it easier to review permissions.
• Improve compliance: Meet least-privilege requirements without sacrificing observability.

Security teams gain confidence that their monitoring infrastructure, while still functional, no longer carries inherent RCE risks.

Upgrading to the New Feature

No manual action is required to enable fine-grained authorization; the feature gate is locked to enabled in v1.36. However, administrators should review existing RBAC roles that currently grant nodes/proxy. The Kubernetes documentation provides guidance on migrating to the new granular permissions.

For clusters still using legacy roles, Kubernetes will continue to allow nodes/proxy for backward compatibility, but the community strongly recommends adopting the new, more secure approach.

Conclusion

The graduation of fine-grained kubelet API authorization to GA in Kubernetes v1.36 marks a crucial win for security and maintainability. By eliminating the dangerous nodes/proxy blanket permission, Kubernetes empowers administrators to enforce least privilege at the node level. This change, combined with the closure of the WebSocket RCE loophole, significantly strengthens cluster defenses—without compromising the observability that modern operations rely on.