Feature Overview (aka. Goal Summary)  

Edge Devices frequently need access to  host devices like serial ports, cameras, etc. The kubernetes way of doing this in a secure manner is via device plugin.  This feature brings a generic device plugin, that can be easily used to access e.g. "/dev/video0" from a pod.

Goals (aka. expected user outcomes)

Have a fully supported device plugin for generic devices like /dev/video0 or /dev/ttyUSB0.

Requirements (aka. Acceptance Criteria):

1. add  "generic-device-plugin" capability to MicroShift 
2. allow for configuration of the device plugin, to point it to a set of allowed / posible devices (e.g. serial devices as /dev/ttyUSB*, or /dev/video*). A generic list should be possible (all video devices), but also a specific one (e.g. /dev/video0 and /dev/ttyUSB0). Config could be done e.g. using a ConfigMap. 
3. Devices must have a type (e.g. usb, camera).
4. Multiple devices per types must be supported
5. Pods can request access to a device using the resources.request.typ field in their spec.
6. Pods can access the device without elevated privileges (e.g. hostaccess) - the required privileges are handled by the device plugin pod.
7. Required privileges / rights / security profile should follow the least privileges principle and must  be reviewed by the security architect

Questions to Answer (Optional):

 ** see enhancement proposal for an in depth discussion

Out of Scope

1. Any specific device plugins, e.g. for GPU or other special purpose devices that need additional drivers, kernel modules etc.

Background

Had now multiple customers/users asking for this. Upstream example for such a device pluging

https://github.com/squat/generic-device-plugin

Customer Considerations

n/a

Documentation Considerations

Need to be documented with a couple of example, e.g. a video camera, or an USB serial device. 

Interoperability Considerations

n/a