Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 9. Using the Generic Device Plugin
The Generic Device Plugin (GDP) for MicroShift enables your containerized applications to securely access physical host devices, such as serial ports, video cameras, or sound cards directly from within Kubernetes pods. By using GDP, you can extend capabilities of MicroShift to support applications that require direct hardware interaction, such as Internet of Things (IoT) applications.
9.1. Understanding the Generic Device Plugin
The Generic Device Plugin in Red Hat build of MicroShift is a Kubernetes device plugin that enables pods to access host devices such as serial ports, cameras, and sound cards securely. You can use it for edge and IoT workloads that require direct hardware access without elevated container privileges.
The GDP integrates with the kubelet to advertise available devices to the node and facilitate their allocation to pods without requiring elevated privileges within the container itself. It is designed to handle devices that are initialized and managed by the operating system and do not require any special initialization procedures or drivers for a pod to use them.
Here are examples of generic devices that are suitable for the GDP:
-
Serial ports, for example,
/dev/ttyUSB*,/dev/ttyACM*. -
Video cameras, for example,
/dev/video0. -
Sound devices, for example,
/dev/snd,/dev/snd/controlC0. - USB devices specified by Vendor ID and Product ID, or, optionally, by the device serial number.
The following specialized devices are not suitable for the GDP:
- Devices that require specific initialization procedures beyond standard operating system management.
- Specialized hardware that needs additional drivers or kernel modules. Examples of this specialized hardware include GPUs and FPGAs. These types of devices typically require their own specialized device plugins.
9.2. Limitations and considerations for the Generic Device Plugin
The Generic Device Plugin in Red Hat build of MicroShift has limitations and considerations for exposing host devices. You can use this information to choose suitable devices, configure stable identifiers, and plan for performance.
9.2.1. Devices not suited for the Generic Device Plugin
The GDP is designed for devices that are managed directly by the operating system and do not require special setup procedures. Devices that are not well-suited for the Generic Device Plugin include:
- Complex hardware requiring specialized drivers such as GPUs (graphics processing units) or FPGAs (field-programmable gate arrays). These types of hardware typically require dedicated device plugins that can perform unique initialization procedures, memory management, or queue resets before a pod can use them.
- Devices with specific vendor-supplied software stacks. Devices that require a complex software stack or proprietary APIs beyond direct file system access might require a specialized plugin.
9.2.2. Device identification and logging
When you use glob paths, for example, /dev/ttyUSB*, to expose multiple similar devices, the GDP allocates devices based on availability. However, if your application needs to connect to an exactly specified physical device, for example, serial device 3 out of 10, using broad glob paths might be insufficient. In such cases, configure individual device entries in the config.yaml file using more stable and unique identifiers such as:
-
Specific device paths, for example,
/dev/video0. -
Symbolic links provided by the operating system, for example,
/dev/serial/by-id/or/dev/serial/by-path/. - USB vendor ID, product ID, and serial number combinations for precise USB device targeting.
9.2.3. Performance considerations
The count parameter in the config.yaml file enables a device group to be scheduled multiple times concurrently. While there are no explicit limits set within the GDP for the count (for example, 1000 for /dev/fuse), the actual performance depends on the host system’s capabilities and the nature of the device itself. Running a very high number of concurrent processes that access the same device might affect performance.
9.3. Configuring the Generic Device Plugin
The Generic Device Plugin (GDP) is disabled by default in MicroShift. To expose host devices such as serial ports and cameras to pods in Red Hat build of MicroShift, you can enable the Generic Device Plugin and define devices in the config.yaml file or create a configuration snippet file such as /etc/microshift/config.d/10-gdp.yaml.
Prerequisites
- You installed MicroShift.
-
You created a custom
config.yamlfile in the/etc/microshiftdirectory. -
You installed the OpenShift CLI (
oc). -
You have
sudoprivileges on the MicroShift host. -
You have identified the specific host devices that you want to expose to your MicroShift node. For example,
/dev/video0,/dev/ttyUSB*, or USB Vendor/Product IDs.
Procedure
-
From your CLI using
sudoprivileges, open/etc/microshift/config.yamlin a text editor. -
Locate the
genericDevicePluginsection. If it is not present, add it. Set the
statusparameter toEnabledand define thedevicesthat should be exposed. Each device definition needs anameand one or moregroups. Each group can specify devices usingpaths, for file-based devices, including glob patterns, orusbs, for USB devices using Vendor/Product IDs. You cannot mixpathsandusbswithin the same device group.GDP fields with default values
apiServer: # ... genericDevicePlugin: devices: - groups: - paths: - path: /dev/ttyUSB* - path: /dev/ttyACM* name: serial - groups: - paths: - path: /dev/fuse name: fuse - groups: - usbs: - product: "0x7523" serial: "" vendor: "0x1a86" name: converter domain: device.microshift.io status: Enabledwhere:
/dev/ttyUSB*- Specifies the file path for all the USB serial devices that are matched by this glob.
/dev/ttyACM*- Specifies the file path for all the ACM serial devices that are matched by this glob.
/dev/fuse- Specifies the file path for a fuse device.
fuse- Specifies the name of the device.
0x7523- Specifies the Product ID for a CH340 serial converter.
0x1a86- Specifies the Vendor ID for a CH340 serial converter.
device.microshift.io- Specifies the default domain for the GDP.
Important-
The output of the
microshift show-configparameter might include pre-configured default paths for serial devices even if you have not explicitly configured them inconfig.yaml. These paths represent the default discovery settings if the Generic Device Plugin is enabled without specific user configuration. -
For consistency and precise device targeting, especially when dealing with multiple similar devices, consider using stable device paths like
/dev/serial/by-id/or specific USB Vendor, Product, or Serial IDs instead of broad glob patterns like/dev/ttyUSB*. -
The
countparameter in a device group allows a single device, or a set of devices matched by a glob, to be allocated multiple times concurrently to different pods. If omitted,countdefaults to1.
-
Save the
config.yamlfile. Restart the MicroShift service to apply the changes:
$ sudo systemctl restart microshiftAllow some time for MicroShift to restart and for the GDP to register its devices with the Kubelet.
Verification
You can check the available devices in your node by running the following command:
$ oc describe node <microshift_node_name> | grep "device.microshift.io"Depending on your configuration, expect output that indicates that the devices are now discoverable and schedulable within your MicroShift node.
Example output
Capacity: cpu: 2 device.microshift.io/audio: 0 device.microshift.io/capture: 0 device.microshift.io/custom-device: 1 device.microshift.io/dummy-video: 0 device.microshift.io/fuse: 0 device.microshift.io/serial: 5 device.microshift.io/video: 0 Allocatable: cpu: 2 device.microshift.io/audio: 0 device.microshift.io/capture: 0 device.microshift.io/custom-device: 1 device.microshift.io/dummy-video: 0 device.microshift.io/fuse: 0 device.microshift.io/serial: 5 device.microshift.io/video: 0 Allocated resources: (Total limits may be over 100 percent, i.e., overcommitted.) Resource Requests Limits -------- -------- ------ cpu 450m (22%) 500m (25%) memory 1550Mi (42%) 500Mi (13%) ephemeral-storage 0 (0%) 0 (0%) hugepages-1Gi 0 (0%) 0 (0%) hugepages-2Mi 0 (0%) 0 (0%) device.microshift.io/audio 0 0 device.microshift.io/capture 0 0 device.microshift.io/custom-device 1 1 device.microshift.io/dummy-video 1 1 device.microshift.io/fuse 0 0 device.microshift.io/serial 0 0 device.microshift.io/video 0 0
9.4. Deploying applications that use generic devices
After the Generic Device Plugin (GDP) is configured and enabled in MicroShift, you can deploy Kubernetes workloads, such as pods, deployments, or StatefulSets, that request access to the host devices that you have exposed. Devices are made available inside the container without requiring the pod to run with elevated privileges.
Prerequisites
- You installed MicroShift.
- You enabled and configured GDP.
-
You installed OpenShift CLI (
oc).
Procedure
Define the device request in your
Podspecification:apiVersion: v1 kind: Pod metadata: name: device-app spec: containers: - name: container image: <your_application_image> command: ["/path/to/your/app"] args: ["--device_path=/dev/video0"] resources: limits: device.microshift.io/video: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] runAsNonRoot: true seccompProfile: type: "RuntimeDefault"where:
spec.containers.image- Specifies the container image.
spec.containers.command- Specifies the command for your application.
spec.containers.args- Specifies the arguments for your application. For example, how your application might use the device.
spec.containers.resources.limits-
Specifies the resource limit for the device. The resource name must follow the pattern
device.microshift.io/<device_name>, where<device_name>matches thenamethat you specified in your configuration file. This example requests one instance of thevideodevice. spec.containers.securityContext- Specifies the privilege escalation. Define and configure with the least privilege value to ensure that the container has only required permissions, such as access to the device file, and to restrict other capabilities for the container.
Deploy the Kubernetes workload by applying the manifest to the MicroShift node by running the following command:
$ oc apply -f <your_workload_manifest.yaml>After the pod is running, the specified host device is available at its original path, or
mountPathif specified, inside the container. Your application can then interact with it as if it were a local device.For example, if you requested
device.microshift.io/serial, which maps to/dev/ttyUSB*, your application might find the device at/dev/ttyUSB0or a similar path inside the container.
Verification
Verify device access by running the following command inside the running pod:
$ oc exec -it <pod_name> -- ls -l /dev/video0
9.5. Generic Device Plugin configuration reference
The Generic Device Plugin configuration reference lists and describes the parameters in the genericDevicePlugin section of the` config.yaml` file in Red Hat build of MicroShift. You can use this reference when you enable the GDP and define which host devices to expose.
| Parameter | Description |
|---|---|
|
|
The |
|
|
Is a subgroup that lists the device definitions to be exposed by the plugin. Each |
|
| Lists device groups. Devices within a group comprise a pool of devices under a common name. When you request a device from that pool, you can receive a device from different defined paths. |
|
|
Specifies how many times this group of devices can be mounted concurrently. If unspecified, |
|
|
Lists the host device file paths. Paths can be glob patterns, for example, |
|
|
Specifies up to how many times this device can be used in the group concurrently when other devices in the group yield more matches. For example, if one path in the group matches 5 devices and another matches 1 device but has a limit of 10, then the group provides 5 pairs of devices. When unspecified, the limit defaults to |
|
|
The file path at which the host device should be mounted within the container. When unspecified, |
|
|
The file path of a device on the host, for example, |
|
|
The file-system permissions given to the mounted device. Applies only to mounts of type
*
*
*
When unspecified, |
|
|
Specifies whether the path should be mounted read-only. The values are |
|
|
Describes what type of file-system node this |
|
|
Lists the USB specifications that this device group consists of. The vendor and product IDs must always match. The serial ID must match if provided, or skipped if the ID is empty, The |
|
|
The USB Product ID of the device to match on, for example, |
|
| The serial number of the device to match on. A USB device must match exactly on all the given attributes to pass. |
|
|
The USB Vendor ID of the device to match on, for example, |
|
|
A unique string representing the kind of device this specification describes, for example, |
|
|
|
|
|
|
9.6. Troubleshooting configuration issues
The following entries explain common Generic Device Plugin configuration issues and how to resolve them.
Invalid configuration: failed to parse device-
Occurs when you have incorrectly mixed
pathsandusbsfields within the samegroupsentry for a device. Eachgroupmust exclusively use eitherpathsorusbsto define its devices. Cannot define both path and usbs at the same time-
Occurs when you have incorrectly mixed
pathsandusbsfields within the samegroupsentry for a device. Eachgroupmust exclusively use eitherpathsorusbsto define its devices.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}