Cluster information:
Kubernetes version: v1.24.1+k3s1
Cloud being used: bare-metal
Installation method:
Host OS: Ubuntu 22.04
CNI and version:
CRI and version: containerd://1.6.6-k3s1
apiVersion: apps/v1
kind: Deployment
metadata:
name: deba
labels:
app: deba
spec:
replicas: 1
selector:
matchLabels:
app: deba
template:
metadata:
labels:
app: deba
spec:
containers:
- name: deba
image: red_herring
imagePullPolicy: Always
resources:
requests:
memory: "256M"
limits:
memory: "4096M"
volumeMounts:
- name: dev
mountPath: /dev
volumes:
- name: dev
hostPath:
path: /dev
securityContext:
capabilities:
add:
- SYS_PTRACE
Hi All,
Above is the yaml file I am using and I am trying to add a character device to be exported to unprivileged pod. But the issue is when a process running in the container, try to open the device I am getting EPERM. The process is running with root uid inside the container. The char device node permission on host is as following
crw-rw-rw- 1 root root 231, 192 Jan 9 07:51 /dev/lota
I have come across the following
- The files or directories created on the underlying hosts are only writable by root. You either need to run your process as root in a privileged Container or modify the file permissions on the host to be able to write to a
hostPathvolume
in Volumes | Kubernetes
I am very much new to kubernetes and containers, so some pointer would be highly appreciated.