- Without User Namespaces (old behavior)
Container root (UID 0)= Host root (UID 0)- With User Namespaces
Container root (UID 0)
↓ mapped to
Host UID 100000+ (unprivileged)
nginx-pod-userspace.yml
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: nginx
spec:
hostUsers: true
containers:
- image: nginx
name: nginx