docs: final README pass

- Add Antigravity and SSH to feature list in intro
- Add shm.sizeLimit to Display/resources table
- Update startup flow to show accurate antigravity launch flags
- Fix kubectl describe label selector
- Add troubleshooting note for latest-tag pod restart

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

README.md

@@ -3,7 +3,8 @@
 ![Build and Push](https://github.com/cpfarhood/devcontainer/actions/workflows/build-and-push.yaml/badge.svg)
 
 A containerized cloud development environment with web-based GUI access, featuring:
-- **VSCode** via browser-based VNC (port 5800)
+- **VSCode or Google Antigravity** via browser-based VNC (port 5800)
+- **SSH access** option (OpenSSH on port 22, additive with any IDE)
 - **Happy Coder** AI assistant backed by Claude
 - **Automatic GitHub repo cloning** on startup
 - **Persistent home directory** via ReadWriteMany PVC
@@ -160,6 +161,7 @@ With any non-`none` value, a `ServiceAccount` named `devcontainer-{name}` is cre
 | `groupId` | `1000` | GID for the app user |
 | `storage.size` | `32Gi` | Home PVC size |
 | `storage.className` | `ceph-filesystem` | StorageClass (must be ReadWriteMany) |
+| `shm.sizeLimit` | `2Gi` | `/dev/shm` size (memory-backed; used by Electron apps) |
 | `resources.requests.memory` | `2Gi` | |
 | `resources.requests.cpu` | `1000m` | |
 | `resources.limits.memory` | `8Gi` | |
@@ -182,9 +184,9 @@ Container start
           → rm daemon.state.json.lock    — clear stale Happy lock
           → happy daemon start           — starts Happy Coder background daemon
       → IDE=vscode:      code --new-window --wait /workspace/{repo}
-        IDE=antigravity:  antigravity --new-window --wait /workspace/{repo}
+        IDE=antigravity:  antigravity --no-sandbox --user-data-dir ~/.config/antigravity ... /workspace/{repo}
         IDE=none:         sleep infinity
-      (SSH=true: sshd also running as root on port 22)
+      (SSH=true: sshd also running as root on port 22; host keys persisted on PVC)
 ```
 
 ### Storage
@@ -230,7 +232,15 @@ Then restart the pod to pick up the new env var.
 ```bash
 kubectl port-forward deployment/devcontainer-mydev 5800:5800
 kubectl logs deployment/devcontainer-mydev
-kubectl describe pod -l instance=mydev
+kubectl describe pod -l app.kubernetes.io/instance=mydev
+```
+
+### Pod not picking up new image after upgrade
+
+The chart uses `image.tag: latest`. Kubernetes won't restart the pod on a Helm upgrade unless the Deployment spec changes. Force a restart manually:
+
+```bash
+kubectl rollout restart deployment/devcontainer-mydev
 ```
 
 ### Repository not cloning

chart/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: devcontainer
 description: Antigravity Dev Container with Happy Coder AI assistant
 type: application
-version: 0.1.6
+version: 0.1.12
 appVersion: "latest"

chart/templates/deployment.yaml

@@ -71,6 +71,8 @@ spec:
               mountPath: /home
             - name: workspace
               mountPath: /workspace
+            - name: shm
+              mountPath: /dev/shm
           {{- if ne (.Values.ide | default "vscode") "none" }}
           livenessProbe:
             httpGet:
@@ -99,6 +101,10 @@ spec:
       volumes:
         - name: workspace
           emptyDir: {}
+        - name: shm
+          emptyDir:
+            medium: Memory
+            sizeLimit: {{ .Values.shm.sizeLimit }}
         - name: userhome
           persistentVolumeClaim:
             claimName: {{ include "antigravity.pvcName" . }}

chart/values.yaml

@@ -41,6 +41,11 @@ storage:
   size: 32Gi
   className: ceph-filesystem
 
+# Shared memory size — mounted at /dev/shm as a memory-backed emptyDir.
+# Electron apps (Antigravity, Chrome) use /dev/shm for GPU/IPC buffers.
+shm:
+  sizeLimit: 2Gi
+
 resources:
   requests:
     memory: "2Gi"

scripts/cont-init-sshd.sh

@@ -5,12 +5,30 @@
 
 echo "=== SSH enabled: starting sshd ==="
 
-# Generate host keys if missing (first boot or ephemeral /etc/ssh)
+HOME_DIR="/home/user"
-ssh-keygen -A 2>/dev/null || true
+HOST_KEY_STORE="$HOME_DIR/.ssh/host_keys"
+
+# Persist host keys on the home PVC so clients don't see a "host key
+# changed" warning after pod restarts.
+if [ -d "$HOST_KEY_STORE" ] && [ -n "$(ls "$HOST_KEY_STORE"/ssh_host_* 2>/dev/null)" ]; then
+    # Restore previously generated host keys
+    echo "Restoring SSH host keys from PVC..."
+    cp "$HOST_KEY_STORE"/ssh_host_* /etc/ssh/
+    chmod 600 /etc/ssh/ssh_host_*_key
+    chmod 644 /etc/ssh/ssh_host_*_key.pub
+else
+    # First boot: generate and save host keys to PVC
+    echo "Generating SSH host keys (first boot)..."
+    ssh-keygen -A 2>/dev/null || true
+    mkdir -p "$HOST_KEY_STORE"
+    cp /etc/ssh/ssh_host_* "$HOST_KEY_STORE/"
+    chmod 700 "$HOST_KEY_STORE"
+    chown -R 1000:1000 "$HOST_KEY_STORE"
+    echo "SSH host keys saved to PVC."
+fi
 
 # Populate authorized_keys from env var (injected via Kubernetes secret)
 if [ -n "$SSH_AUTHORIZED_KEYS" ]; then
-    HOME_DIR="/home/user"
     mkdir -p "$HOME_DIR/.ssh"
     chmod 700 "$HOME_DIR/.ssh"
     printf '%s\n' "$SSH_AUTHORIZED_KEYS" > "$HOME_DIR/.ssh/authorized_keys"

scripts/startapp.sh

@@ -21,7 +21,13 @@ echo "Workspace: $WORKSPACE_DIR"
 case "$IDE" in
     antigravity)
         echo "Opening Google Antigravity in: $WORKSPACE_DIR"
-        exec antigravity --new-window --wait "$WORKSPACE_DIR"
+        # --no-sandbox is required for Electron apps in Docker (no kernel sandbox available).
+        # Explicit --user-data-dir and --extensions-dir pin config to the home PVC so
+        # settings and the setup wizard state survive pod restarts.
+        exec antigravity --no-sandbox \
+            --user-data-dir "$HOME/.config/antigravity" \
+            --extensions-dir "$HOME/.antigravity/extensions" \
+            --new-window --wait "$WORKSPACE_DIR"
         ;;
     none)
         echo "IDE=none: no IDE launched, keeping container alive."