Have you ever dreamt of treating a pod like a host in which you run containers? While it has been possible for a long time, the Kubernetes default of a masked proc and lack of user namespaces has severely limited capabilities. However, with user namespaces reaching beta in Kubernetes, and research by the CRI-O team, we are now closer than ever! Join Peter Hunt and Sohan Kunkerkar as they walk through the history of nested containers, what is currently possible with all of the security knobs Kubernetes provides (as well as the support matrix of privileged/rootful/networking), and future work that will enable features in Kubernetes pods that seem almost VM like. This talk is designed for developers, operators and anyone interested in the intersection of container engines and Kubernetes. No need to pinch yourself, you're not dreaming!