Is it possible to mount a directory from the root filesystem without using a privileged container?

Cluster information:

Kubernetes version: 1.29.5+k3s1
Cloud being used: bare-metal
Installation method: k3s install script
Host OS: Ubuntu 20.04.6 LTS
CNI and version: flannel 1.4.0-flannel1+v0.24.2
CRI and version: containerd 1.7.15-k3s1

Question

I have a pod that needs to read data from /dev/i2c-7. Currently this only works by setting:

securityContext:
    privileged: true

Which seems to give the container full access to the host’s root filesystem.

volumes and volumeMounts don’t seem to work, I have to provide access to the whole host system just to access this single device. Is there a way to improve security a bit and mount only that single directory? I am struggling to find any information about this sort of use case.

Hi,

I believe this Volumes | Kubernetes might be what you are looking for.

As mentioned, volumes and volumeMounts of /dev/i2c-* devices don’t work.

However, I have found a solution which is to use this plugin. I set up a device for each i2c-* device and now my pods can connect to /dev devices easily.