5 Key Enhancements in Kubernetes v1.36 for Bulletproof Admission Policies

Kubernetes administrators have long faced a frustrating chicken-and-egg problem: admission policies are API objects that don't exist until created and can be deleted by anyone with sufficient permissions. This leaves clusters vulnerable during bootstrap and recovery. Kubernetes v1.36 introduces an alpha feature that changes the game: manifest-based admission control. This article explores five aspects of this new capability, from the core problem to practical implementation, showing how you can make your admission policies truly unremovable. Jump to the first item or read on for a full breakdown.

1. The Chicken-and-Egg Problem: Why Traditional Admission Policies Fail

Most Kubernetes policy enforcement relies on API objects like ValidatingAdmissionPolicy or webhook configurations. While this works in steady state, it introduces a critical gap: during cluster bootstrap or etcd recovery, policies don't exist until someone creates them. This means there's always a window where your cluster is unprotected. Even worse, privileged users can delete these policies because admission webhooks cannot intercept operations on their own configuration resources (to avoid circular dependencies). The result: your critical security guardrails are both temporary and deletable. This inherent vulnerability motivated SIG API Machinery to design a solution that enforces policies from the very first request.

2. Manifest-Based Admission Control: The Solution That Can't Be Deleted

Kubernetes v1.36 introduces manifest-based admission control as an alpha feature. Instead of relying on API-created objects, this approach lets you define admission webhooks and CEL-based policies as files on disk. The API server loads these files at startup, before serving any requests. This means policies are active from the moment the server starts, and they cannot be removed via the API. The mechanism uses the staticManifestsDir field in the AdmissionConfiguration file, which you already pass to the API server via --admission-control-config-file. Point this field at a directory containing your policy YAML files, and the server automatically includes them.

3. Implementation Details: Configuring Static Manifests

Setting up manifest-based admission is straightforward. Add a staticManifestsDir under the relevant plugin in your AdmissionConfiguration file. For example, for ValidatingAdmissionPolicy:

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- name: ValidatingAdmissionPolicy
  configuration:
    apiVersion: apiserver.config.k8s.io/v1
    kind: ValidatingAdmissionPolicyConfiguration
    staticManifestsDir: "/etc/kubernetes/admission/validating-policies/"

Drop your policy YAML files into that directory. The only requirement: all object names must end with .static.k8s.io. This reserved suffix prevents collisions with API-based configurations and helps identify static policies in metrics and audit logs. The manifest files are standard Kubernetes resource definitions, making adoption easy.

4. Self-Protection and Immutability: Why This Matters

The key benefit of manifest-based admission is immutability. Since policies are loaded from disk and not exposed as editable API objects, they cannot be deleted or modified by any user—even cluster admins. This solves the self-protection problem: static policies are always active and cannot be bypassed. Additionally, they close the bootstrap gap because they exist before the API server starts handling requests. For organizations that require guaranteed security baselines (e.g., in multi-tenant or regulated environments), this feature provides a way to enforce policies that are "always on, full stop." It also simplifies disaster recovery: restore the config file, restart the server, and policies are back instantly.

5. Practical Example: Denying Privileged Containers Outside kube-system

To see manifest-based policies in action, consider a policy that denies privileged pods outside the kube-system namespace. Create a ValidatingAdmissionPolicy YAML file with name ending in .static.k8s.io:

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
  name: "deny-privileged.static.k8s.io"
  annotations:
    kubernetes.io/description: "Deny launching privileged pods, anywhere this policy is applied"
...

Place this file in your staticManifestsDir, and the API server will enforce it from startup. Any attempt to create a privileged container outside kube-system will be rejected. Because this policy is manifest-based, it cannot be deleted via the API, ensuring persistent enforcement. This example demonstrates how static manifests provide a robust foundation for security policies.

Conclusion: Kubernetes v1.36's manifest-based admission control is a significant step toward making admission policies truly unremovable. By loading policies from disk before serving requests, it eliminates the bootstrap gap and prevents privileged users from deleting critical security rules. While still in alpha, this feature promises to simplify cluster hardening and disaster recovery. Administrators should start experimenting with it in non-production environments to prepare for future stable releases.