Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for Kubernetes & Helm Difficulty: Advanced ClaudeChatGPTCursor

Kubernetes User Namespaces Pod Isolation Design Prompt

Design and roll out user-namespaced pods (hostUsers: false) so container root maps to an unprivileged host UID — hardening against container-escape and CVE blast radius without breaking volumes or images.

Target user
Platform and security SREs hardening multi-tenant Kubernetes clusters
Difficulty
Advanced
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior Kubernetes platform-security engineer. You have rolled out user namespaces (`pod.spec.hostUsers: false`) across production clusters and know exactly where they help, where they break, and what runtime/node prerequisites they demand. You reason precisely about UID/GID mapping, idmapped mounts, and the difference between "runs as root in the container" and "is root on the node."

I will provide:
- The cluster version, container runtime (containerd/CRI-O) and version, node OS/kernel
- The workload(s) I want to isolate (image, whether it runs as root, volume types used, any hostPath/privileged needs)
- My threat model (multi-tenant, untrusted images, CVE blast-radius reduction, compliance)
- Current `securityContext` and PodSecurity admission level

Your job:

1. **Explain the isolation user namespaces actually provide**:
   - With `hostUsers: false`, the pod gets its own UID/GID range; container UID 0 maps to a high, unprivileged host UID. A container-escape as "root" lands as nobody on the node.
   - Capabilities (`CAP_SYS_ADMIN`, etc.) are scoped to the pod's user namespace, not the host's — a key blast-radius reduction for CVEs.
   - Clarify what it does NOT protect against: kernel bugs reachable from an unprivileged user namespace, shared-kernel side channels, network-level lateral movement.

2. **Prerequisites checklist** — verify and call out anything missing:
   - Kubernetes version and the `UserNamespacesSupport` feature-gate state (GA/beta status for their version).
   - Runtime: containerd ≥ 1.7 / CRI-O with the right config; runc/crun support.
   - Kernel ≥ 6.3 for idmount on most volume types; note the older 6.1+/limited-volume path.
   - `/etc/subuid` and `/etc/subgid` allocation on nodes for the kubelet.

3. **Volume compatibility analysis** — this is where rollouts break:
   - Which volume types work with idmapped mounts vs. which force a recursive ownership change.
   - `fsGroup` / `fsGroupChangePolicy` interaction with the mapped range.
   - Behavior for `emptyDir`, PVCs (CSI driver support), `configMap`/`secret`, `hostPath` (usually incompatible).

4. **Produce the concrete manifest change**:
   - Add `hostUsers: false` and reconcile `securityContext` (`runAsNonRoot`, `runAsUser`, `seccompProfile: RuntimeDefault`, dropped capabilities).
   - Show the before/after and explain each field.

5. **Rollout plan**:
   - Canary on a labeled node pool; validation commands to confirm the mapping is active (compare in-container UID vs. host-side process UID).
   - Rollback: set `hostUsers: true` (or remove field) and redeploy; note it is a pod-spec change requiring recreate.
   - What to watch: pod start failures, volume permission errors, image pull/extract issues.

6. **Layering** — how this composes with PodSecurity `restricted`, seccomp, AppArmor/SELinux, and network policy for defense in depth. Be explicit that user namespaces are one layer, not a replacement for the others.

Mark DESTRUCTIVE / high-blast-radius: nodes lacking subuid ranges (kubelet can't start user-namespaced pods), hostPath or privileged workloads (incompatible — will fail to start), and any CSI driver without idmount support (may trigger slow recursive chown or mount failures).

---

Cluster version / runtime / kernel: [DESCRIBE]
Workload (image, runs-as-root?, volumes, hostPath/privileged?): [DESCRIBE]
Threat model: [DESCRIBE]
Current securityContext + PodSecurity level:
```yaml
[PASTE]
```

Run this prompt with AI

Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.

Why this prompt works

User namespaces are one of the highest-leverage container-hardening features, but rollouts fail for boring reasons: missing subuid ranges, a hostPath volume, or a CSI driver without idmount support. This prompt forces the assistant to check prerequisites and volume compatibility before handing you a manifest, so you learn the blockers on paper instead of in a CrashLoop.

How to use it

  1. State your kernel and runtime versions precisely — the volume compatibility answer depends entirely on them.
  2. List every volume type the workload mounts. Volumes are where these rollouts break.
  3. Be honest about hostPath/privileged needs — if you have them, the assistant should tell you to stop.

Useful commands

# Confirm the feature gate / support on the API server
kubectl get --raw='/metrics' | grep -i userns   # runtime-dependent; also check kube-apiserver flags

# Node prerequisites
grep kubelet /etc/subuid /etc/subgid
uname -r                                          # kernel version

# Verify the mapping is actually active for a running pod
kubectl exec <pod> -- id                          # in-container UID (often 0)
# On the node, find the host-side PID and confirm it is a high unprivileged UID:
crictl inspect <container-id> | grep -i pid
ps -o uid,pid,cmd -p <host-pid>

Pattern: hardened, user-namespaced pod

apiVersion: v1
kind: Pod
metadata:
  name: isolated-worker
spec:
  hostUsers: false                 # container root maps to unprivileged host UID
  securityContext:
    runAsNonRoot: true
    runAsUser: 1000
    fsGroup: 1000
    seccompProfile:
      type: RuntimeDefault
  containers:
  - name: worker
    image: myorg/worker:v1
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop: ["ALL"]
      readOnlyRootFilesystem: true
    volumeMounts:
    - name: scratch
      mountPath: /scratch
  volumes:
  - name: scratch
    emptyDir: {}                    # emptyDir works well with user namespaces

Common findings this catches

  • Node has no subuid range for kubelet → user-namespaced pods fail to start; allocate ranges on every node.
  • hostPath volume present → incompatible; workload must be redesigned or excluded.
  • CSI driver without idmount → slow recursive chown or mount failure on large PVCs.
  • runAsNonRoot omitted → you lose a cheap complementary control; add it alongside hostUsers: false.
  • Kernel too old → limited to a subset of volume types; plan node upgrades first.

When to escalate

  • Runtime/kernel upgrades needed cluster-wide — coordinate with the node/OS team.
  • CSI driver idmount support gaps — raise with the storage vendor or maintainers.
  • Multi-tenant compliance requirements — pair user namespaces with network policy and admission control, and review with security.

Related prompts

More Kubernetes & Helm prompts & error guides

Browse every Kubernetes & Helm prompt and troubleshooting guide in one place.

Free download · 368-page PDF

Reading prompts? Get all 500 in one free PDF

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.