I am running a Kubernetes Pod for a service that needs to access the /dev/tpm0 device on the host. This works in privileged mode, however, I want to work unprivileged. Is there a way of establishing a proxy for /dev/tpm0 under a /anotherpath accessible to a specific user that is not root? Something like socat but for devices - or is it possible to configure /dev/tpm0 on the system to be accessible without privileged mode?
The privileged mode is required by Kubernetes to access devices. There seems to be no workaround.
To avoid custom containers to access the device directly, it is possible to use the device plugin at https://github.com/squat/generic-device-plugin
This plugin will now run in privileged mode under kube-system, however, all other containers can now run unprivileged.