Kubernetes v1.36 promotes User Namespaces to GA on Linux. It brings rootless workload isolation.
Kubelet leans on kernel ID-mapped mounts. It sidesteps expensive chown by remapping UID/GID at mount time and confines privileged processes. No more mass-chown screams.
