Kubernetes support for docker user namespace remapping Kubernetes support for docker user namespace remapping kubernetes kubernetes

Kubernetes support for docker user namespace remapping


docker kubernetes namespaces kubernetes-security

So, it's not supported yet like Docker as per this (as alluded in the comments) and this.

However, if you are looking at isolating your workloads there are other alternatives (it's not the same, but the options are pretty good):

You can use Pod Security Policies and specifically you can use RunAsUser, together with AllowPrivilegeEscalation=false. Pod Security Policies can be tied to RBAC so you can restrict how users run their pods.

In other words, you can force your users to run pods only as 'youruser' and disable the privileged flag in the pod securityContext. You can also disable sudo and in your container images.

Furthermore, you can drop Linux Capabilities, specifically CAP_SETUID. And even more advanced use a seccomp profile, use SElinux or an Apparmor profile.

Other alternatives to run untrusted workloads (in alpha as of this writing):

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last