Kubernetes User Namespaces Pod Isolation Design Prompt
Design and roll out user-namespaced pods (hostUsers: false) so container root maps to an unprivileged host UID — hardening against container-escape and CVE blast radius without breaking volumes or images.
- Target user
- Platform and security SREs hardening multi-tenant Kubernetes clusters
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior Kubernetes platform-security engineer. You have rolled out user namespaces (`pod.spec.hostUsers: false`) across production clusters and know exactly where they help, where they break, and what runtime/node prerequisites they demand. You reason precisely about UID/GID mapping, idmapped mounts, and the difference between "runs as root in the container" and "is root on the node." I will provide: - The cluster version, container runtime (containerd/CRI-O) and version, node OS/kernel - The workload(s) I want to isolate (image, whether it runs as root, volume types used, any hostPath/privileged needs) - My threat model (multi-tenant, untrusted images, CVE blast-radius reduction, compliance) - Current `securityContext` and PodSecurity admission level Your job: 1. **Explain the isolation user namespaces actually provide**: - With `hostUsers: false`, the pod gets its own UID/GID range; container UID 0 maps to a high, unprivileged host UID. A container-escape as "root" lands as nobody on the node. - Capabilities (`CAP_SYS_ADMIN`, etc.) are scoped to the pod's user namespace, not the host's — a key blast-radius reduction for CVEs. - Clarify what it does NOT protect against: kernel bugs reachable from an unprivileged user namespace, shared-kernel side channels, network-level lateral movement. 2. **Prerequisites checklist** — verify and call out anything missing: - Kubernetes version and the `UserNamespacesSupport` feature-gate state (GA/beta status for their version). - Runtime: containerd ≥ 1.7 / CRI-O with the right config; runc/crun support. - Kernel ≥ 6.3 for idmount on most volume types; note the older 6.1+/limited-volume path. - `/etc/subuid` and `/etc/subgid` allocation on nodes for the kubelet. 3. **Volume compatibility analysis** — this is where rollouts break: - Which volume types work with idmapped mounts vs. which force a recursive ownership change. - `fsGroup` / `fsGroupChangePolicy` interaction with the mapped range. - Behavior for `emptyDir`, PVCs (CSI driver support), `configMap`/`secret`, `hostPath` (usually incompatible). 4. **Produce the concrete manifest change**: - Add `hostUsers: false` and reconcile `securityContext` (`runAsNonRoot`, `runAsUser`, `seccompProfile: RuntimeDefault`, dropped capabilities). - Show the before/after and explain each field. 5. **Rollout plan**: - Canary on a labeled node pool; validation commands to confirm the mapping is active (compare in-container UID vs. host-side process UID). - Rollback: set `hostUsers: true` (or remove field) and redeploy; note it is a pod-spec change requiring recreate. - What to watch: pod start failures, volume permission errors, image pull/extract issues. 6. **Layering** — how this composes with PodSecurity `restricted`, seccomp, AppArmor/SELinux, and network policy for defense in depth. Be explicit that user namespaces are one layer, not a replacement for the others. Mark DESTRUCTIVE / high-blast-radius: nodes lacking subuid ranges (kubelet can't start user-namespaced pods), hostPath or privileged workloads (incompatible — will fail to start), and any CSI driver without idmount support (may trigger slow recursive chown or mount failures). --- Cluster version / runtime / kernel: [DESCRIBE] Workload (image, runs-as-root?, volumes, hostPath/privileged?): [DESCRIBE] Threat model: [DESCRIBE] Current securityContext + PodSecurity level: ```yaml [PASTE] ```
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Why this prompt works
User namespaces are one of the highest-leverage container-hardening features, but rollouts fail for boring reasons: missing subuid ranges, a hostPath volume, or a CSI driver without idmount support. This prompt forces the assistant to check prerequisites and volume compatibility before handing you a manifest, so you learn the blockers on paper instead of in a CrashLoop.
How to use it
- State your kernel and runtime versions precisely — the volume compatibility answer depends entirely on them.
- List every volume type the workload mounts. Volumes are where these rollouts break.
- Be honest about hostPath/privileged needs — if you have them, the assistant should tell you to stop.
Useful commands
# Confirm the feature gate / support on the API server
kubectl get --raw='/metrics' | grep -i userns # runtime-dependent; also check kube-apiserver flags
# Node prerequisites
grep kubelet /etc/subuid /etc/subgid
uname -r # kernel version
# Verify the mapping is actually active for a running pod
kubectl exec <pod> -- id # in-container UID (often 0)
# On the node, find the host-side PID and confirm it is a high unprivileged UID:
crictl inspect <container-id> | grep -i pid
ps -o uid,pid,cmd -p <host-pid>
Pattern: hardened, user-namespaced pod
apiVersion: v1
kind: Pod
metadata:
name: isolated-worker
spec:
hostUsers: false # container root maps to unprivileged host UID
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
containers:
- name: worker
image: myorg/worker:v1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
volumeMounts:
- name: scratch
mountPath: /scratch
volumes:
- name: scratch
emptyDir: {} # emptyDir works well with user namespaces
Common findings this catches
- Node has no subuid range for kubelet → user-namespaced pods fail to start; allocate ranges on every node.
- hostPath volume present → incompatible; workload must be redesigned or excluded.
- CSI driver without idmount → slow recursive chown or mount failure on large PVCs.
runAsNonRootomitted → you lose a cheap complementary control; add it alongsidehostUsers: false.- Kernel too old → limited to a subset of volume types; plan node upgrades first.
When to escalate
- Runtime/kernel upgrades needed cluster-wide — coordinate with the node/OS team.
- CSI driver idmount support gaps — raise with the storage vendor or maintainers.
- Multi-tenant compliance requirements — pair user namespaces with network policy and admission control, and review with security.
Related prompts
-
Kubernetes YAML Security Review Checklist Prompt
AI-driven security review of Kubernetes manifests — privilege, capabilities, network exposure, secret handling, and admission-policy compliance.
-
Kubernetes Encryption-at-Rest KMS Provider Design Prompt
Design and roll out etcd encryption-at-rest with an EncryptionConfiguration and a KMS v2 provider — provider ordering, key rotation, and re-encrypting existing Secrets without downtime.
-
Ingress-NGINX Rate Limiting & Hardening Prompt
Design per-route rate limiting, connection limits, and abuse controls on ingress-nginx using annotations — including the memcached shared-state caveat, whitelist CIDRs, and how limits interact across replicas.
-
Kubernetes API Server Audit Policy Design Prompt
Design a kube-apiserver audit policy that captures security-relevant events at the right level (Metadata vs Request vs RequestResponse) without flooding the audit backend or leaking secrets.
More Kubernetes & Helm prompts & error guides
Browse every Kubernetes & Helm prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.