Kubernetes 1.33 supports user namespaces in pods via [](https://www.cncf.io/blog/2025/07/16/securing-kubernetes-1-33-pods-the-impact-of-user-namespace-isolation/). This avoids using the host user namespace and creates a user namespace specific to each pod.

This feature is important for running untrusted code, such as CI/CD pipelines.

DigitalOcean appears not to support it yet. Creating a pod with results in in the pod events.