NodeRestriction admission plugin

Jan 1, 0001

Definition

The NodeRestriction admission plugin is a security feature in Kubernetes that limits the actions that kubelets can perform on resources in the cluster. It ensures that kubelets can only modify their own Node and Pod objects, preventing them from making unauthorized changes to other nodes or pods. This plugin is crucial for maintaining the integrity and security of the cluster by enforcing strict access controls at the node level.

Secure Settings Example

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
  - name: NodeRestriction

Insecure Settings Example

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
  # NodeRestriction plugin is missing, allowing kubelets to potentially modify unauthorized resources

NodeRestriction admission plugin

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter