diff --git a/Makefile b/Makefile
index c4598330..e001ef01 100644
--- a/Makefile
+++ b/Makefile
@@ -108,12 +108,6 @@ image:
     	--env EMBED_CONTAINER_IMAGES="${EMBED_CONTAINER_IMAGES}" \
         -f packaging/microshift-runner.Containerfile .
 
-# Notes:
-# - An isolated network is created if the ISOLATED_NETWORK environment variable is set
-# - The /dev directory is shared with the container to enable TopoLVM CSI driver,
-#   masking the devices that may conflict with the host
-# - The containers storage is mounted on a tmpfs to avoid usage of fuse-overlayfs,
-#   which is less efficient than the default driver
 .PHONY: run
 run:
 	@USHIFT_IMAGE=${USHIFT_IMAGE} ISOLATED_NETWORK=${ISOLATED_NETWORK} LVM_DISK=${LVM_DISK} LVM_VOLSIZE=${LVM_VOLSIZE} VG_NAME=${VG_NAME} ./src/cluster_manager.sh create
diff --git a/packaging/microshift-runner.Containerfile b/packaging/microshift-runner.Containerfile
index f5c5b3a3..3c16b991 100644
--- a/packaging/microshift-runner.Containerfile
+++ b/packaging/microshift-runner.Containerfile
@@ -58,3 +58,7 @@ RUN if [ "${EMBED_CONTAINER_IMAGES}" = "1" ] ; then \
 # shared as required by OVN images
 COPY --from=builder ${BUILDER_RSHARED_SERVICE} /usr/lib/systemd/system/microshift-make-rshared.service
 RUN systemctl enable microshift-make-rshared.service
+
+# The /var directory is shared with the container as an anonymous volume to enable
+# idmap mounts under /var/lib/kubelet for containers using 'hostUsers: false'
+VOLUME ["/var"]
diff --git a/src/cluster_manager.sh b/src/cluster_manager.sh
index dd28cb18..41a19608 100755
--- a/src/cluster_manager.sh
+++ b/src/cluster_manager.sh
@@ -80,6 +80,13 @@ _get_ip_address() {
     echo "$subnet" | awk -F. -v new="$node_id" 'NF==4{$4=new+10; printf "%s.%s.%s.%s", $1,$2,$3,$4} NF!=4{print $0}'
 }
 
+# Notes:
+# - The container joins the cluster network and gets the cluster network IP
+#   address when the ISOLATED_NETWORK environment variable is set to 0.
+# - The /dev directory is shared with the container to enable TopoLVM CSI driver,
+#   masking the devices that may conflict with the host
+# - The containers storage is mounted on a tmpfs to avoid usage of fuse-overlayfs,
+#   which is less efficient than the default driver
 _add_node() {
     local -r name="${1}"
     local -r network_name="${2}"
@@ -256,7 +263,8 @@ cluster_destroy() {
         echo "Stopping container: ${container}"
         sudo podman stop --time 0 "${container}" || true
         echo "Removing container: ${container}"
-        sudo podman rm -f "${container}" || true
+        # Remove the container and its anonymous volumes
+        sudo podman rm -f --volumes "${container}" || true
     done
 
     if sudo podman network exists "${USHIFT_MULTINODE_CLUSTER}"; then