Mikel
Mikel
PostsComments
CCoder.com
Created by Mikel on 3/27/2025 in #help
Devcontainer Template Ignores GPU Limits (All GPUs Visible)
Hey folks 👋 I'm running into an issue with GPU isolation in two different Kubernetes-based Coder templates: Template A: Uses the Kubernetes (Deployment) template → GPU isolation works as expected. If I select 1 GPU, the container only sees 1 via nvidia-smi. Template B: Uses the Kubernetes (Devcontainer) template → Even when I select 1 GPU, the container sees all available GPUs on the host. Both templates configure GPU resources like this: 
resources {
  requests = {
    "nvidia.com/gpu" = data.coder_parameter.gpu.value
  }
  limits = {
    "nvidia.com/gpu" = data.coder_parameter.gpu.value
  }
}
resources {
  requests = {
    "nvidia.com/gpu" = data.coder_parameter.gpu.value
  }
  limits = {
    "nvidia.com/gpu" = data.coder_parameter.gpu.value
  }
}
One key difference is that in the Devcontainer template, I had to add the following to the security_context: 
security_context {
  run_as_user = 0
  privileged  = true
}
security_context {
  run_as_user = 0
  privileged  = true
}
I suspect this might be allowing the container to bypass Kubernetes’ GPU isolation, but I’m not sure how to safely lock it down and still allow the build process to succeed. Has anyone dealt with this before? Is there a way to use envbuilder + GPU isolation without needing to run as root/privileged? Any pointers would be much appreciated 🙏
17 replies
CCoder.com
Created by Mikel on 3/25/2025 in #help
Issue with Cloning a Specific Branch from a Private GitLab Repo Using SSH in Envbuilder
Hi everyone, I'm encountering an issue when using Envbuilder with SSH for cloning private repositories. Here's what I've noticed: When I work with a public repository and use HTTPS, everything works fine. I can clone the main branch and even specify another branch, as described in the documentation, like this: 
ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer/#refs/heads/my-feature-branch
ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer/#refs/heads/my-feature-branch
However, when I switch to a private repository that requires SSH authentication, I can successfully clone the main branch, but I'm unable to specify a different branch (e.g., sample-branch). Here's the Git URL format I'm using for the private repo: 
[email protected]:your-group/your-repo.git/#refs/heads/sample-branch
[email protected]:your-group/your-repo.git/#refs/heads/sample-branch
The error I get in the logs when trying to clone with a specified branch is: 
Failed to clone repository: clone "[email protected]:your-group/your-repo.git/#refs/heads/sample-branch": unknown error: remote: ERROR: The namespace you were looking for could not be found.
Failed to clone repository: clone "[email protected]:your-group/your-repo.git/#refs/heads/sample-branch": unknown error: remote: ERROR: The namespace you were looking for could not be found.
Am I making any syntax errors, or has anyone else faced a similar issue when using SSH and specifying a branch? Any advice or guidance on how to resolve this would be greatly appreciated. Thanks in advance for your help!
12 replies