I need to allow the ranges 0-1000 , and 6000-7000 to be used for application deployments , and forbid all others.
Does this configuration will prevent someone to exec into pod/container and can switch to some other uid/gid ?
Linux does not normally permit non-root users to exec as other UID/GIDs without something like sudo. As long as you also limit capabilities, privileged, privilege escalation and unsafe mount types, you can be fairly certain your pods will only run with processes as the UID/GIDs that you specify.