My container needs to communicate via a device connected by USB. The device is under
/dev/bus/usb on the physical machine. Since the device ID will change by plugging and unplugging the device, it is impractical to load the device specifically by using device plugins. Instead, I do a volume mapping from
/dev/bus/usb to the container, practically sharing all the USB pseudo-files. From here there are two ways to go:
- Either add privileged mode to the security context which is a huge security risk.
- Add the line
c 189:* rwmto the device Cgroup of the container.
Now the question is could I make this automated in Kubernetes? I assume it would be convenient to be able to pass raw device Cgroup context in the deployment file or possibly add options to Kubelet for a set of labels. I am open to hearing the forum suggestions on this matter.