Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: coder/envbox
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: coder/envbox
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: stats
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 2 commits
  • 2 files changed
  • 1 contributor

Commits on Nov 11, 2025

  1. fix: enable stats propagation from inner to outer container 

    Set CgroupnsMode to "host" for the inner container, allowing resource
usage stats to propagate naturally from the inner container to the outer
container's cgroup hierarchy.

This fixes an issue where Kubernetes metrics-server and docker stats
only reported the outer container's overhead (sysbox, dockerd) instead
of the actual workload running in the inner container. The fix is
essential for correct autoscaling and resource monitoring.

Changes:
- dockerutil/container.go: Add CgroupnsMode: "host" to HostConfig
- dockerutil/container.go: Make resource limits conditional (only if >0)
- integration/docker_test.go: Add Stats test to verify propagation

With this change, the inner container's cgroup becomes a child of the
outer container's cgroup, and CPU/memory accounting naturally bubbles up.

Fixes cgroup stats reporting for Kubernetes HPA/VPA and monitoring tools.
    @sreya
    sreya committed Nov 11, 2025
    Configuration menu
    Copy the full SHA
    97244cb View commit details
    Browse the repository at this point in the history

  2. test: improve Stats test to be deterministic and flake-free 

    Replace flaky time.Sleep and CPU workload test with deterministic checks:
- Test 1: Verify inner container cgroup is visible from outer container
- Test 2: Read inner container memory usage from outer container
- Test 3: Verify Docker stats API returns data

Changes:
- Remove time.Sleep, use require.Eventually instead
- Remove CPU-intensive workload (yes > /dev/null)
- Test the actual fix: cgroup hierarchy visibility
- Support both cgroupv1 and cgroupv2 paths
- Faster, more reliable, clearer failure modes

The test now directly verifies what cgroupns=host provides:
the inner container's cgroup is a child of the outer container's
cgroup, allowing stats to naturally propagate upward.
    @sreya
    sreya committed Nov 11, 2025
    Configuration menu
    Copy the full SHA
    d37783e View commit details
    Browse the repository at this point in the history
Loading