- TechOps Examples
- Posts
- Understanding Kubernetes Pods with Elevated Permissions
Understanding Kubernetes Pods with Elevated Permissions
Govardhana M K
July 03, 2025
TechOps Examples
Hey — It's Govardhana MK 👋
Welcome to another technical edition.
Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.
Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities, and articles.
👀 Remote Jobs
Hiveon is hiring a Platform/DevOps Engineer
Remote Location: Worldwide
Assured is hiring a Staff Site Reliability Engineer
Remote Location: Worldwide
📚️ Resources
Looking to promote your company, product, service, or event to 48,000+ Cloud Native Professionals? Let's work together. Advertise With Us
🧠 DEEP DIVE USE CASE
Understanding Kubernetes Pods with Elevated Permissions
When you run containers in Kubernetes, they usually live in their own little world. They can't see your host machine’s files, processes, or network unless you explicitly allow it.
But sometimes, pods can ask for extra permissions to interact with the host. That’s where things like privileged, hostPID, hostPath, hostNetwork, and hostIPC come in. These are ways a pod can reach outside its sandbox.
Privileged
If this is turned on, the pod gets full access to the host, like it’s not even inside a container. It can do almost anything the host can. This is very powerful and very risky.hostPID
By default, a pod can only see its own processes. If this is true, it can see all the processes running on the host machine. Useful for monitoring, but also dangerous.hostPath
This lets the pod mount a specific folder from the host. For example, it could access/etcor/var/log. Good for some tools, but can expose sensitive data.hostNetwork
Normally, each pod has its own network. If this is true, the pod uses the host’s network directly. It can listen on host ports and see host network traffic.hostIPC
This allows the pod to share memory and other IPC resources with the host. It’s rarely needed and often not safe.
Think of each one as a door. A closed door means the pod stays isolated. An open door means it can interact with that part of the host.
Let’s explore these most seen combinations in prod with simple and easy-to-understand visuals.
Everything allowed
Nothing allowed
Privileged Only
HostPid Only
HostPath Only
HostNetwork Only
HostIPC Only
Privileged and HostPid
I am giving away 50% OFF on all annual plans of membership offerings for a limited time.
A membership will unlock access to read these deep dive editions on Thursdays and Saturdays.
Upgrade to Paid to read the rest.
Become a paying subscriber to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
Paid subscriptions get you:
- • Access to archieve of 175+ use cases
- • Deep Dive use case editions (Thursdays and Saturdays)
- • Access to Private Discord Community
- • Invitations to monthly Zoom calls for use case discussions and industry leaders meetups
- • Quarterly 1:1 'Ask Me Anything' power session