Use host devices and fuse mounts in system containers on Kubernetes #964

mueckinger · 2025-09-28T15:04:04Z

mueckinger
Sep 28, 2025

My use-case is to enable fuse mounts in a system container on Kubernetes. This requires to "hand-over" /dev/fuse to the system container. In Kubernetes there is no Docker-like --device flag to handle devices. Also hostPath-volume-mounting the folder /dev/fuse did not work in my case. I stumbled upon generic-device-plugin. With this plugin, which is a DaemonSet running on your node, and the following podSpec I was able to mount sshfs and run AppImages in system containers on a Ubuntu-based Kubernetes node:

      securityContext:
        appArmorProfile:
          type: Unconfined
        capabilities:
          add:
            - SYS_ADMIN

It seems that fuse mount requires CAP_SYS_ADMIN privileges. And in case of an ubuntu node AppArmor prohibits fuse mount operations from the container as well.

I wonder if there is an easier way to accomplish this? If not I'll leave it here for documentation.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Use host devices and fuse mounts in system containers on Kubernetes #964

Uh oh!

{{title}}

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Use host devices and fuse mounts in system containers on Kubernetes #964

Uh oh!

mueckinger Sep 28, 2025

Replies: 0 comments

mueckinger
Sep 28, 2025