Version v1.10 of the documentation is for the Talos version being developed. For the latest stable version of Talos, see the latest version.

User Namespaces

Guide on how to configure Talos Cluster to support User Namespaces

User Namespaces are a feature of the Linux kernel that allows unprivileged users to have their own range of UIDs and GIDs, without needing to be root.

Refer to the official documentation for more information on Usernamespaces.

Enabling Usernamespaces

To enable User Namespaces in Talos, you need to add the following configuration to Talos machine configuration:

---
cluster:
  apiServer:
    extraArgs:
      feature-gates: UserNamespacesSupport=true,UserNamespacesPodSecurityStandards=true
machine:
  sysctls:
    user.max_user_namespaces: "11255"
  kubelet:
    extraConfig:
      featureGates:
        UserNamespacesSupport: true
        UserNamespacesPodSecurityStandards: true

After applying the configuration, refer to the official documentation to configure workloads to use User Namespaces.

Last modified December 17, 2024: chore: prepare for Talos 1.10 (03116ef9b)