Published on May 6, 2026
Kubernetes environments have long faced challenges in maintaining active admission policies during cluster bootstrap. A notable issue arose when privileged users could delete these policies before they activated, creating a security vulnerability. The gap between when the API server starts and when policies are fully operational often left clusters exposed.
The recent release of Kubernetes v1.36 presents a solution with the introduction of manifest-based admission control. This alpha feature allows administrators to define admission webhooks and CEL-based policies as files on disk, ensuring that these policies are loaded at startup. This change effectively eliminates the risk of policy deletion during critical phases of cluster operation.
The implementation works a `staticManifestsDir` in the AdmissionConfiguration file, where policy definitions are stored. These manifest files must end with the `.static.k8s.io` suffix to distinguish them from existing API-based configurations. Consequently, this setup simplifies policy management and enhances the oversight of security-related decisions.
With this enhancement, administrators can ensure that critical policies remain intact, shielded from accidental or malicious deletion. Manifest-based policies enable a new level of protection for Kubernetes environments, allowing platform teams to enforce foundational security measures that persist regardless of user actions. As a result, organizations can bolster their security posture in cloud-native deployments.
Related News
- Large Language Models Enhance Reasoning Through Adaptive Thinking
- Starmer Confronts Social Media Giants Over Child Safety Concerns
- Gemini App Launch Enhances Mac User Experience
- A Major Shift in AI: Navigating the Future
- Personalized MacBooks: Appleās DIY Revolution for Color Enthusiasts
- Canva's New Integrations Streamline Workflow Across Popular Apps