diff --git a/plugin/pkg/admission/noderestriction/admission.go b/plugin/pkg/admission/noderestriction/admission.go
index 13191b59b10..9615a871c49 100644
--- a/plugin/pkg/admission/noderestriction/admission.go
+++ b/plugin/pkg/admission/noderestriction/admission.go
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package node
+package noderestriction
 
 import (
 	"fmt"
@@ -37,24 +37,22 @@ const (
 // Register registers a plugin
 func Register(plugins *admission.Plugins) {
 	plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) {
-		return NewPlugin(nodeidentifier.NewDefaultNodeIdentifier(), false), nil
+		return NewPlugin(nodeidentifier.NewDefaultNodeIdentifier()), nil
 	})
 }
 
 // NewPlugin creates a new NodeRestriction admission plugin.
 // This plugin identifies requests from nodes
-func NewPlugin(nodeIdentifier nodeidentifier.NodeIdentifier, strict bool) *nodePlugin {
+func NewPlugin(nodeIdentifier nodeidentifier.NodeIdentifier) *nodePlugin {
 	return &nodePlugin{
 		Handler:        admission.NewHandler(admission.Create, admission.Update, admission.Delete),
 		nodeIdentifier: nodeIdentifier,
-		strict:         strict,
 	}
 }
 
 // nodePlugin holds state for and implements the admission plugin.
 type nodePlugin struct {
 	*admission.Handler
-	strict         bool
 	nodeIdentifier nodeidentifier.NodeIdentifier
 	podsGetter     coreinternalversion.PodsGetter
 }
@@ -92,12 +90,8 @@ func (c *nodePlugin) Admit(a admission.Attributes) error {
 	}
 
 	if len(nodeName) == 0 {
-		if c.strict {
-			// In strict mode, disallow requests from nodes we cannot match to a particular node
-			return admission.NewForbidden(a, fmt.Errorf("could not determine node identity from user"))
-		}
-		// Our job is just to restrict identifiable nodes
-		return nil
+		// disallow requests we cannot match to a particular node
+		return admission.NewForbidden(a, fmt.Errorf("could not determine node from user %s", a.GetUserInfo().GetName()))
 	}
 
 	switch a.GetResource().GroupResource() {
diff --git a/plugin/pkg/admission/noderestriction/admission_test.go b/plugin/pkg/admission/noderestriction/admission_test.go
index 71cea49e870..9dbc8388703 100644
--- a/plugin/pkg/admission/noderestriction/admission_test.go
+++ b/plugin/pkg/admission/noderestriction/admission_test.go
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package node
+package noderestriction
 
 import (
 	"strings"
@@ -82,7 +82,6 @@ func Test_nodePlugin_Admit(t *testing.T) {
 
 	tests := []struct {
 		name       string
-		strict     bool
 		podsGetter coreinternalversion.PodsGetter
 		attributes admission.Attributes
 		err        string
@@ -473,7 +472,7 @@ func Test_nodePlugin_Admit(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			c := NewPlugin(nodeidentifier.NewDefaultNodeIdentifier(), tt.strict)
+			c := NewPlugin(nodeidentifier.NewDefaultNodeIdentifier())
 			c.podsGetter = tt.podsGetter
 			err := c.Admit(tt.attributes)
 			if (err == nil) != (len(tt.err) == 0) {