Skip to content

Use NodeRestriction admission controller


ID: MS-M9027
MITRE mitigation: -

NodeRestriction admission controller limits the permissions of kubelet and allows it to modify only its own Node object and only the pods that are running on its own node. This may limit attackers who have access to the Kubelet API from gaining full control over the cluster.

Techniques Addressed by Mitigation

ID Name Use
MS-TA9030 Access Kubelet API Limit Kubelet permissions to pods and nodes