...
Running pods on your own nodes (i.e., virtual machines) ensures a high level of isolation. However, Kubernetes doesn't provide complete isolation for users within the same namespace. To address this specific limitation, we have introduced integrated add-ons for Kubernetes. These enhancements include authentication mechanisms based on Keystone and IAM tokens, along with refined authorization procedures to ensure comprehensive user and resource isolation.
Kindly be aware that pods running on shared nodes do not achieve full isolation as they share the same computing resources (virtual machine) and rely on the security capabilities of the container runtime, such as Docker or Containerd.