15

Is it possible to map, the device port(USB port) of a worker node, to a POD? Similar to docker create --device=/dev/ttyACM0:/dev/ttyACM0

Is it possible? I checked the refence doc, but could not find anything.

In Docker service, is it possible to map --device port to service container(if I am running only 1 container)?

Cœur
  • 37,241
  • 25
  • 195
  • 267
jisan
  • 223
  • 1
  • 2
  • 6

2 Answers2

23

You can actually get this to work. You need to run the container privileged and use a hostPath like this:

  containers:
  - name: acm
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /dev/ttyACM0
      name: ttyacm
  volumes:
  - name: ttyacm
    hostPath:
      path: /dev/ttyACM0
Janos Lenart
  • 25,074
  • 5
  • 73
  • 75
  • Many thanks. I am trying now. By any chance you know any hack for docker service too? :) Greetings. – jisan Mar 13 '17 at 14:36
  • 5
    One may wish to specify `type: CharDevice` or `type: BlockDevice` on the volume with [`hostPath`](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) so that you can get some minimal configuration checking and explicitly state developer intent. – Rob Hall Jun 05 '21 at 16:09
  • this will allow to work with the device, but it will not isolate the device, as in privileged mode you would have access to all devices still – kvs Jul 28 '23 at 09:54
-1

seems that this is not possible. The related API definition documentation for the v1.Container objects doesn't contain any container engine specific parameters or any parameters which are passed to the arguments of the container engine (click).

Also the shorthand imperative kubectl run ... doesn't provide any arguments which are passed to the container engine (here's the documentation).

While this doesn't solve you problem, I hope my answer still helps you to answer similar questions with the help of the documentation.

pagid
  • 13,559
  • 11
  • 78
  • 104
  • 1
    Yes, I went through this documentations before posting. And this was what I understood, while docker run --device=.... allows to map device port to container. But kubernetes does not. Also docker service does not. It is possible only when starting single container. There must be reason. Your answer still helps me to see a 2nd opinion. . Thanks a lot. :) – jisan Mar 09 '17 at 15:56
  • 1
    Not at the moment. Even tough you can do `docker service create --mount source=/dev/something,target=/dev/something,type=bind ...` there is no support for `--privilege` nor `--cap-add` (see https://github.com/docker/docker/issues/24862) – Janos Lenart Mar 13 '17 at 19:03