Kubernetes v1.36: Permanent Admission Policies for Enhanced Security

If you've ever grappled with enforcing security policies across multiple Kubernetes clusters, you know the frustration all too well. When it comes to implementing admission policies, you face a perplexing dilemma. These policies manifest as API objects, but they can't function until created, leaving a significant window of vulnerability. Right after a cluster starts up, there's a gap when your policies remain inactive, and any privileged user can easily remove them. This kind of oversight presents serious risks in a multi-tenant environment.

Bridging the Void in Security

The current method for enforcing policies in Kubernetes primarily hinges on the API. By creating a ValidatingAdmissionPolicy or configuring a webhook as an API object, the admission controller integrates it seamlessly. However, this approach shines only when the system is in steady state. During the initial bootstrap phase, when the API server begins handling requests, there exists a delay before policies become operational. This delay can be exacerbated during recovery scenarios, such as restoring from a backup or addressing an etcd failure. Another critical issue arises from the system's self-protection mechanisms. Admission webhooks and policies cannot act upon their own configuration resources, thanks to Kubernetes avoiding self-referential logic. This means that an unauthorized user with sufficient privileges can delete vital admission policies without any checks. This vulnerability underscores a severe lack of control over policy enforcement. The Kubernetes SIG API Machinery team recognized the need for a solution whereby it could unequivocally ensure that certain policies remain in effect, irrespective of any actions taken within the cluster.

Introducing Manifest-Based Admission Control

Kubernetes version 1.36 is set to introduce an alpha feature that tackles the aforementioned issues: manifest-based admission control. This new capability enables you to define admission webhooks and CEL-based policies as static files on disk that the API server loads at startup prior to accepting any incoming requests. To implement this, simply add a `staticManifestsDir` field in your existing `AdmissionConfiguration` configuration file, pointing it to a specific directory where policy YAML files are located. The API server then loads these definitions immediately, eliminating the risk of running without active policies during critical moments. These manifest files follow standard Kubernetes resource definitions, but with a stipulation that they must end with the `.static.k8s.io` suffix. This particular naming convention avoids collisions with API-based configurations and enhances clarity when reviewing audit trails and metrics regarding admission decisions. Consider a practical example: a manifest that denies the creation of privileged containers outside the `kube-system` namespace. With this policy in place, any attempt to bypass it would be futile, solidifying your security posture from the outset.

New Protections and Possibilities

What’s particularly striking about this update is the newfound ability to protect your admission configurations themselves. Under the previous API-centric model, no webhooks or policies could intervene during alterations of configuration types like ValidatingAdmissionPolicy or ValidatingWebhookConfiguration. This limitation was prudent, as a webhook that could thwart its own configuration alterations might inadvertently trap users, leaving no recourse via the API. With the shift to manifest-based policies, this circular dependency is eliminated. If a misconfigured policy interferes inappropriately, adjustments can be made directly in the manifest file, allowing the API server to adapt without needing to route through the API layer. Now, you can create policies that safeguard your admission resources against modification or deletion. For those responsible for managing shared clusters, this innovation is a genuine leap forward in ensuring that critical security configurations remain intact, safeguarded from even the highest level of administrative intervention. Imagine implementing a policy that blocks any changes to admission resources tagged with a specific label like `platform.example.com/protected: "true"`. This represents a significant enhancement to your operational security, essentially barring cluster admins from inadvertently or intentionally erasing necessary safeguards.With Kubernetes evolving, the introduction of manifest-based admission policies is reshaping how we manage security through resource configurations. This feature grants a significant layer of protection, ensuring that any resources labeled `platform.example.com/protected: "true"` are impervious to alterations or deletions. It's critical for organizations striving to bolster their infrastructure against unintentional changes, as this protection is embedded directly on disk, bypassing API-level tampering. ### Important Considerations The design of these configuration files intentionally limits them to self-contained manifests. This means you can't reference external API resources, which might feel restrictive but actually serves to ensure reliability during precarious scenarios, such as cluster startup when etcd might not yet be accessible. Indeed, if you’re operating multiple API server instances, be aware that they each handle manifest files autonomously—there isn’t any built-in synchronization across servers. This model resembles other configurations used for security measures, like encryption at rest, allowing Kubernetes to flag configuration drifts through metric labels. One of the key advantages of this setup is the ability to modify policies without restarting the API server. When a manifest file is changed, the server will perform validation on the new configuration and seamlessly swap it in—if there’s a validation failure, the server retains the previously validated configuration and logs the issue. This capability means you can deploy updates across your infrastructure effectively, leveraging existing management tools like Ansible or Puppet while maintaining uninterrupted service. Importantly, the initial loading phase is stringent; if any manifest is found to be invalid at startup, the API server won’t boot. This approach prioritizes rigorous checks to avoid running policies that don't meet expectations, a strategy that speaks to prioritizing safety and reliability in development. ### Get Your Hands Dirty If you're eager to experiment with this in Kubernetes v1.36, follow these steps: 1. Activate the [ManifestBasedAdmissionControlConfig](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#ManifestBasedAdmissionControlConfig) feature gate for every kube-apiserver. 2. Prepare a directory containing your static manifest files. If needed, ensure it's mounted read-only in the API server Pod. 3. Set up the `staticManifestsDir` within your [AdmissionConfiguration](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/) specifying where to find those files. 4. Launch the API server using the `--admission-control-config-file` pointing to your existing AdmissionConfiguration file. For deeper insights, refer to the [full documentation on Manifest-Based Admission Control](https://kubernetes.io/docs/reference/access-authn-authz/manifest-admission-control/), and keep tabs on the progress via [KEP-5793](https://kep.k8s.io/5793). ### Join the Conversation We value community engagement—share your experiences or stay updated by joining us in the [#sig-api-machinery](https://kubernetes.slack.com/archives/C0EG7JC6T) channel on Kubernetes Slack. Want to take a more active role? Participate in our [SIG API Machinery meetings](https://github.com/kubernetes/community/blob/master/sig-api-machinery/README.md#meetings) every other Wednesday, and help shape the future of Kubernetes security. In a rapidly changing technical landscape, initiatives like this signal a marked shift toward a more resilient and secure Kubernetes, one that encourages active community participation and shared knowledge.