...
- Does your code requiredirect access to host hardware? For example, you may need to use a microphone in order to record and analyze sound waves. You might need to use the host GPU for model (re)training. You could potentially need to access a video stream directly from an attached camera. In these situations, you should first try to bind mount the device to see if that approach is sufficient. Another approach is to use `cap-add` to add only the kernel capabilities that you specifically need. By way of contrast, priviledged mode adds all of the kernel's `CAP_*` capabilities.
- Does your service need to spawn other containers? This is a common task in CI/CD pipelines. It may be needed for parallel stream processing tasks.
...