Cluster information:
Kubernetes version: 1.29.5+k3s1
Cloud being used: bare-metal
Installation method: k3s install script
Host OS: Ubuntu 20.04.6 LTS
CNI and version: flannel 1.4.0-flannel1+v0.24.2
CRI and version: containerd 1.7.15-k3s1
Question
I have a pod that needs to read data from /dev/i2c-7
. Currently this only works by setting:
securityContext:
privileged: true
Which seems to give the container full access to the host’s root filesystem.
volume
s and volumeMount
s don’t seem to work, I have to provide access to the whole host system just to access this single device. Is there a way to improve security a bit and mount only that single directory? I am struggling to find any information about this sort of use case.