✦ For everyone, free.

Practical knowledge for real and everyday life

Home

4.20 Kubernetes Node Runtime Boundary

Kubernetes Node Runtime Boundary defines the limits and constraints on a node's execution environment within a Kubernetes cluster.

Kubernetes Node Runtime Boundary is the conceptual and technical line separating what is shared across all containers running on a node, namely the host kernel, from what is isolated per container or per pod through namespaces, cgroups, and additional security layers, defining both the practical capabilities available to workloads and the security perimeter that protects the host and co-located pods from one another.


The Shared Kernel Model

Single Kernel, Many Containers

Unlike virtual machines, which each run a complete guest kernel on top of a hypervisor, containers on a Kubernetes node all share the single host kernel. Isolation is achieved entirely through kernel-level mechanisms, namespaces and cgroups, rather than through hardware-level virtualization boundaries.

Implications for Isolation Strength

Because every container on a node ultimately makes system calls into the same kernel, a vulnerability in the kernel's namespace or cgroup implementation, or a container escape exploiting a kernel bug, can potentially affect the host or other containers, a fundamentally different risk profile than the stronger isolation boundary a hypervisor provides between virtual machines.


What the Boundary Isolates

Namespace-Isolated Resources

Linux namespaces isolate specific categories of kernel resources per container or per pod: PID namespaces isolate process trees, mount namespaces isolate filesystem views, network namespaces isolate network interfaces and routing tables, and UTS namespaces isolate hostname and domain name.

cgroup-Bounded Resources

cgroups do not provide isolation in the same sense as namespaces but instead bound and account for resource consumption, CPU time, memory, and I/O bandwidth, preventing one container from monopolizing shared physical resources at the expense of others on the same node.

What Remains Shared

Certain kernel resources are not namespaced at all in standard configurations, including the kernel's own internal state, loaded kernel modules, and time (absent time namespace usage), meaning changes or vulnerabilities touching these shared areas can have cross-container effects regardless of namespace isolation.


Reinforcing the Boundary

Security Context Restrictions

Pod and container security contexts narrow the effective boundary further by dropping Linux capabilities, enforcing non-root user execution, applying seccomp filters to restrict available system calls, and setting read-only root filesystems, all reducing the attack surface available to a compromised container.

Mandatory Access Control Systems

AppArmor and SELinux provide an additional, independent layer of confinement applied at the kernel level, restricting what files, capabilities, and operations a container's process can access even if namespace and capability restrictions alone would have permitted it.

Pod Security Standards

Cluster-level policy enforcement, through Pod Security Admission or third-party policy engines, can require workloads to meet minimum isolation postures, such as disallowing privileged containers or host namespace sharing, keeping the runtime boundary from being weakened by individual pod configurations.


When the Boundary Is Intentionally Crossed

Host Namespace Sharing

Pods can explicitly opt into sharing the host's PID, network, or IPC namespace through fields such as hostPID, hostNetwork, and hostIPC, deliberately weakening the node runtime boundary for workloads that genuinely need host-level visibility, such as node monitoring or networking agents.

Privileged Containers

A container marked privileged receives nearly all Linux capabilities and bypasses most of the additional restrictions a security context would otherwise apply, effectively collapsing much of the runtime boundary between that container and the host, a configuration reserved for workloads with a legitimate need for deep host access.

hostPath Volume Access

Mounting a hostPath volume gives a container direct access to a portion of the node's filesystem, crossing the mount namespace boundary in a controlled way and requiring careful scoping to avoid exposing sensitive host paths to workloads that do not need them.


Strengthening the Boundary Beyond Standard Containers

Sandboxed Runtimes

Alternative runtime implementations such as gVisor intercept and reimplement system calls in userspace, interposing an additional boundary between the container and the host kernel, reducing the surface area of kernel code paths a compromised container can directly reach.

Lightweight Virtual Machine Runtimes

Runtimes such as Kata Containers run each pod inside a minimal, dedicated virtual machine with its own guest kernel, while still integrating with the standard CRI interface, trading some performance and density for isolation guarantees closer to those of full virtualization.

RuntimeClass Selection

Kubernetes exposes the RuntimeClass resource, allowing different pods on the same node to be executed by different underlying runtime implementations, so that workloads with heightened isolation requirements can be scheduled onto nodes and runtime configurations that reinforce the node runtime boundary specifically for them.


Practical Consequences for Workload Placement

Multi-Tenancy Considerations

Because the standard node runtime boundary relies on a shared kernel, clusters hosting workloads from mutually untrusted tenants often adopt additional isolation strategies, such as dedicated node pools per tenant or sandboxed runtimes, rather than relying solely on namespace and cgroup isolation between pods on shared nodes.