10

I have a docker container used to convert the flux of my webcam into rtsp (docker image: ullaakut/rtspatt). It work well when I use --device /dev/video0:/dev/video0.

But I did not found anything helping me to do the same using Kubernetes. I just want a way to access the webcam from the container... Anyone can help me ?

Borhink
  • 307
  • 1
  • 3
  • 15
  • Any webcam, anywhere in the cluster? Can you guarantee that _every_ node in the cluster has a webcam, you don’t care which one you’re using, and there will never be another pod on the same node trying to use it? (I don’t think you actually want Kubernetes here.) – David Maze Dec 11 '19 at 17:29
  • 2
    This is for a very specific case, we must show a demo of our product in a highly secure place where the equipment is as small as possible (a laptop with a webcam). We don't have time to migrate the whole project outside of Kubernetes. I'm looking for a solution. – Borhink Dec 12 '19 at 07:44

1 Answers1

14

Currently there is no configuration option which would enable to use --device in Kubernetes.

See these discussions for more details: https://github.com/kubernetes/kubernetes/issues/5607 https://github.com/kubernetes/kubernetes/issues/60748

However, you might be able to use host devices if you enable the privileged mode for the pod.

https://kubernetes.io/docs/concepts/policy/pod-security-policy/#privileged

This allows the container nearly all the same access as processes running on the host. This is useful for containers that want to use linux capabilities like manipulating the network stack and accessing devices.

containers:
- name: foo
  volumeMounts:
  - mountPath: /dev/video0
    name: dev-video0
  securityContext:
    privileged: true
volumes:
- name: dev-video0
  hostPath:
    path: /dev/video0

Not sure though if you really need the volumeMounts and volumes. Just try and see if it works without them.

Using privileged: true is not really ideal from a security point of view.

You should also set the nodeName property on the pod, so it'll always run on one specific node (this node will have the camera attached).

An alternative solution might be to use plugins: https://github.com/bluebeach/k8s-hostdev-plugin.

Dávid Molnár
  • 10,673
  • 7
  • 30
  • 55
  • 1
    Thank's for the answer. It's about all I already found on the internet, I was hoping for an alternative solution without the use of `privileged`, but I'm running out of time so I think I will use this for the demo, or launching only this container outside of Kubernetes as discreetly as possible. – Borhink Dec 12 '19 at 07:54
  • 3
    There's been recent activity on the thread David linked, which led me to [someone who has found a solution](https://github.com/kubernetes/kubernetes/issues/7890#issuecomment-766088805). I have not tested it myself but it looks very promising – alkalinity Mar 29 '21 at 17:19
  • The link shared did not work. Any other solution? – Hacker May 29 '21 at 11:16
  • If you mean the link to k8s-hostdev-plugin, then that's fixed now. – Dávid Molnár May 29 '21 at 15:45