From 2cd32108bdafe63f4243c76d1db1b2ce283fee72 Mon Sep 17 00:00:00 2001
From: Erich Blume <blume.erich@gmail.com>
Date: Thu, 19 Feb 2026 12:38:11 -0800
Subject: [PATCH] Run device plugin as privileged for GPU device node access

NVML needs both libnvidia-ml.so and /dev/nvidia* device nodes.
Mount libs to a non-clobbering path and run privileged (matching
NVIDIA's official deployment) for device file access.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 argocd/manifests/nvidia-device-plugin/daemonset.yaml | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/argocd/manifests/nvidia-device-plugin/daemonset.yaml b/argocd/manifests/nvidia-device-plugin/daemonset.yaml
index f3f9545..4ded1bd 100644
--- a/argocd/manifests/nvidia-device-plugin/daemonset.yaml
+++ b/argocd/manifests/nvidia-device-plugin/daemonset.yaml
@@ -29,11 +29,9 @@ spec:
             - name: CDI_ROOT
               value: /var/run/cdi
             - name: LD_LIBRARY_PATH
-              value: /usr/lib/x86_64-linux-gnu
+              value: /run/nvidia/lib
           securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
+            privileged: true
           volumeMounts:
             - name: device-plugins
               mountPath: /var/lib/kubelet/device-plugins
@@ -41,7 +39,7 @@ spec:
               mountPath: /var/run/cdi
               readOnly: true
             - name: nvidia-libs
-              mountPath: /usr/lib/x86_64-linux-gnu
+              mountPath: /run/nvidia/lib
               readOnly: true
       volumes:
         - name: device-plugins