Add USB bus to device cgroup

General Discussions
1

My container needs to communicate via a device connected by USB. The device is under /dev/bus/usb on the physical machine. Since the device ID will change by plugging and unplugging the device, it is impractical to load the device specifically by using device plugins. Instead, I do a volume mapping from /dev/bus/usb to the container, practically sharing all the USB pseudo-files. From here there are two ways to go:

  1. Either add privileged mode to the security context which is a huge security risk.
  2. Add the line c 189:* rwm to the device Cgroup of the container.

Now the question is could I make this automated in Kubernetes? I assume it would be convenient to be able to pass raw device Cgroup context in the deployment file or possibly add options to Kubelet for a set of labels. I am open to hearing the forum suggestions on this matter.

2

Did you find a solution to this? I also need to pass a USB device to my container. In Docker, it is easily done with --device=/dev/ttyUSB0. However with Kubernetes I cannot get it to pass through even with securityContext in privileged mode.

3

Hi, I managed to somehow make it work with device plugins. There are a few implementations of “generic” device plugins for Kubernetes that are capable of loading any random device into the pod. I personally found this one interesting:

The code is written very simply. You might adapt it for some specific actions, but as it is, it should help you out with a simple serial device.

For privileged mode, you should pass the device pseudo link (/dev/ttyUSB0) as a volume to the container. The rest should be practically possible. I hope this response will help you on this matter.