this post was submitted on 24 Mar 2024
22 points (100.0% liked)

Kubernetes

849 readers
1 users here now

founded 1 year ago
MODERATORS
[email protected]
[email protected]
22
A Peek at Kubernetes v1.30 (kubernetes.io)
submitted 5 months ago by [email protected] to c/[email protected]
1 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

I completely missed that user namespaces were added in 1.25. It will make homelabs much easier and safer with little effort.

Support user namespaces in pods (KEP-127)
User namespaces is a Linux-only feature that better isolates pods to prevent or mitigate several CVEs rated high/critical, including CVE-2024-21626, published in January 2024. In Kubernetes 1.30, support for user namespaces is migrating to beta and now supports pods with and without volumes, custom UID/GID ranges, and more!

https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/