Kubernetes v1.36: Admission Policies That Can't Be Deleted

2026-05-04

9 min read

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Kubernetes v1.36 introduces manifest-based admission control, loading policies from disk at API server startup to ensure they can't be accidentally deleted.

•Policies are loaded before the API server serves requests, eliminating security gaps during cluster bootstrap
•Use staticManifestsDir in AdmissionConfiguration to specify YAML files that must end in .static.k8s.io
•Manifest-based policies can intercept operations on admission resources themselves, preventing admin tampering
•Policy file changes are detected at runtime and applied atomically without server restart
•Self-contained policies work without API references, functioning even before etcd is available

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Kubernetes v1.36: Admission Policies That Can't Be Deleted

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Mitigate credential exposure in Windows environments with Boundary and Vault

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)