this post was submitted on 24 Mar 2024
22 points (100.0% liked)

Kubernetes

893 readers
1 users here now

founded 1 year ago
MODERATORS
top 1 comments
sorted by: hot top controversial new old
[–] agilob 1 points 7 months ago* (last edited 7 months ago)

I completely missed that user namespaces were added in 1.25. It will make homelabs much easier and safer with little effort.

Support user namespaces in pods (KEP-127)
User namespaces is a Linux-only feature that better isolates pods to prevent or mitigate several CVEs rated high/critical, including CVE-2024-21626, published in January 2024. In Kubernetes 1.30, support for user namespaces is migrating to beta and now supports pods with and without volumes, custom UID/GID ranges, and more!

https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/