1.4 KiB
Device Plugins
Kubernetes Device Plugins are processes that map device nodes into unprivileged containers. They provide an alternative to manually bind-mounting devices using pod volumes, which typically requires granting container processes more privileges than they would otherwise need.
fuse-device-plugin
The fuse-device-plugin is a simple plugin that maps the /dev/fuse device
node into a container. This device node is required in order to use FUSE
filesystems. Buildah, for example, used an FUSE implementation of
OverlayFS when building container images in an unprivileged container.
As of October 2023, Upsteam development of the fuse-device-plugin appears to
have stalled, and its "official" container image is several years old at this
point. While the project itself is simple and probably does not need much
maintenance, running a container based on an operating system that old is quite
dangerous. As such, I've created created my own container image for it
that gets rebuilt and updated automatically.