Month: June 2026

• Without User Namespaces (old behavior)

Container root (UID 0)= Host root (UID 0)

• With User Namespaces

Container root (UID 0)
        ↓ mapped to
Host UID 100000+ (unprivileged)

nginx-pod-userspace.yml

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: nginx
  name: nginx
spec:
  hostUsers: true
  containers:
  - image: nginx
    name: nginx

• https://github.com/kubernetes/enhancements/issues/127