Published on May 6, 2026
Kubernetes environments have long faced challenges in maintaining active admission policies during cluster bootstrap. A notable issue arose when privileged users could delete these policies before they activated, creating a security vulnerability. The gap between when the API server starts and when policies are fully operational often left clusters exposed.
The recent release of Kubernetes v1.36 presents a solution with the introduction of manifest-based admission control. This alpha feature allows administrators to define admission webhooks and CEL-based policies as files on disk, ensuring that these policies are loaded at startup. This change effectively eliminates the risk of policy deletion during critical phases of cluster operation.
The implementation works a `staticManifestsDir` in the AdmissionConfiguration file, where policy definitions are stored. These manifest files must end with the `.static.k8s.io` suffix to distinguish them from existing API-based configurations. Consequently, this setup simplifies policy management and enhances the oversight of security-related decisions.
With this enhancement, administrators can ensure that critical policies remain intact, shielded from accidental or malicious deletion. Manifest-based policies enable a new level of protection for Kubernetes environments, allowing platform teams to enforce foundational security measures that persist regardless of user actions. As a result, organizations can bolster their security posture in cloud-native deployments.
Related News
- Yelp Transforms with AI-Driven Search and Booking Features
- MailToDock Transforms Gmail into a Task Management Powerhouse
- Zuvi ColorBox Falls Short in Promise of Custom Hair Dye
- Greg Brockman Stands Firm on $30B OpenAI Investment Amid Legal Scrutiny
- Custom GPTs Streamline Workflows for Businesses
- Solaria Moves to Invest in Major Spanish Data Center Initiative