Skip to content

Instantly share code, notes, and snippets.

@agracey

agracey/cm.yaml

Last active July 9, 2025 15:49
Show Gist options
  • Save agracey/05885b1c51e7ae96faa21f60579cbae6 to your computer and use it in GitHub Desktop.
Save agracey/05885b1c51e7ae96faa21f60579cbae6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
readme.md

There are 3 "experiments" included in this patchfile:

  • Mounting the aic xorg config file into the X11 container
    • I expect that this might be needed. Going forward, I'll need to provide an easy way to do this in the helm chart
  • Mounting all of /run /dev and /sys into the X11 container
    • I don't think this should be needed but I'd rather get something working then figure out what granularity is needed than go back and forth for weeks
  • Running the userspace binary as a sidecar in the container
    • This container also has access to /run /dev and /sys
    • If it communicates with X11 using a socket that's not in one of those directories, we will need to add an emptyDir to allow communication

To use this:

  • Disable and stop the aic-render systemd service (but keep the kernel module enabled)
  • Move the binary to /opt/aic-render and make it executible
  • Add cm.yaml in the same namespace as the helm chart is installed into
    • kubectl apply -n <your-kiosk-ns> -f cm.yaml
  • Apply the patchfile to the daemonset
    • kubectl patch -n <your-kiosk-ns> ds/kiosk --type json --patch-file patch.yaml

If the pod starts and can't run the binary, it will not block the pod from starting and will just sleep infinity.

Raw
cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: aic-xorg
data:
20-aic.conf: |
Section "OutputClass"
Identifier "ArtInChip"
MatchDriver "aic-ud"
Driver "modesetting"
Option "AccelMethod" "none"
Option "PageFlip" "off"
Option "SWCursor" "on"
Option "ShadowFB" "true"
EndSection
Raw
patch.yaml
# Passthrough volume mounts
- op: add
path: /spec/template/spec/volumes/-
value:
name: run
hostPath:
path: /run/
type: Directory
- op: add
path: /spec/template/spec/volumes/-
value:
name: sys
hostPath:
path: /sys/
type: Directory
- op: add
path: /spec/template/spec/volumes/-
value:
name: dev
hostPath:
path: /dev/
type: Directory
- op: add
path: /spec/template/spec/initContainers/0/volumeMounts/-
value:
mountPath: /run/
name: run
- op: add
path: /spec/template/spec/initContainers/0/volumeMounts/-
value:
mountPath: /sys/
name: sys
- op: add
path: /spec/template/spec/initContainers/0/volumeMounts/-
value:
mountPath: /dev/
name: dev
# Add xorg conf from configMap
- op: add
path: /spec/template/spec/volumes/-
value:
name: aic-xorg
configMap:
defaultMode: 420
name: aic-xorg
optional: true
- op: add
path: /spec/template/spec/initContainers/0/volumeMounts/-
value:
mountPath: /etc/X11/xorg.conf.d/20-aic.conf
name: aic-xorg
subPath: 20-aic.conf
# Add init Container with user space binary at hostPath
- op: add
path: /spec/template/spec/volumes/-
value:
name: aic-render
hostPath:
path: /opt/aic-render
type: FileOrCreate
- op: add
path: /spec/template/spec/initContainers/0
value:
name: aic-render
restartPolicy: Always
securityContext:
privileged: true
readOnlyRootFilesystem: false
command: ['bash']
args:
- -c
- if [ -x /opt/aic-render ] ; then /opt/aic-render; else echo "No binary at /opt/aic-render so skipping" && sleep infinity; fi
volumeMounts:
- mountPath: /opt/aic-render
name: aic-render
- mountPath: /run/
name: run
- mountPath: /sys/
name: sys
- mountPath: /dev/
name: dev
- op: copy
from: /spec/template/spec/initContainers/1/image
path: /spec/template/spec/initContainers/0/image
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment