You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/docs/concepts/workloads/pods/user-namespaces.md
+11-1Lines changed: 11 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -251,6 +251,8 @@ circumstances:
251
251
252
252
## Limitations
253
253
254
+
### Host namespaces
255
+
254
256
When using a user namespace for the pod, it is disallowed to use other host
255
257
namespaces. In particular, if you set `hostUsers: false` then you are not
256
258
allowed to set any of:
@@ -259,6 +261,14 @@ allowed to set any of:
259
261
*`hostIPC: true`
260
262
*`hostPID: true`
261
263
264
+
### Filesystem support
265
+
266
+
Pods that use a user namespace require the filesystem to support **idmapped mounts**.
267
+
Some filesystems don't support id-mapped mounts, and therefore cannot be used with user namespaces.
268
+
NFS volumes cannot be mounted in a user-namespace pod because the Linux NFS client doesn't yet support idmapped mounts.
269
+
For the current list of supported filesystems, see the Linux kernel’s [`mount_setattr(2)` man page](https://man7.org/linux/man-pages/man2/mount_setattr.2.html).
270
+
For more technical details, see [our blog post](https://kubernetes.io/blog/2025/04/25/userns-enabled-by-default/#everything-you-wanted-to-know-about-user-namespaces-in-kubernetes).
271
+
262
272
## {{% heading "whatsnext" %}}
263
273
264
-
* Take a look at [Use a User Namespace With a Pod](/docs/tasks/configure-pod-container/user-namespaces/)
274
+
* Take a look at [Use a User Namespace With a Pod](/docs/tasks/configure-pod-container/user-namespaces/)
0 commit comments