Kubernetes 1.33 introduced the options for pods to run in user namespaces [1]. With user namespaces, Kubernetes can remap the UID and GID of the pod within its own namespace, ensuring that it runs as an unprivileged user on the host. This greatly enhances the security of your workloads.

For Harness builds running on kubernetes infrastructure, allowing those pods to run in user namespaces will allow to harden security by improving process isolation and reducing the risk of lateral movement attacks.

[1] https://www.cncf.io/blog/2025/07/16/securing-kubernetes-1-33-pods-the-impact-of-user-namespace-isolation/