docs(srv): update doc on sandbox environments MTA-6006 (#4918)

* docs(srv): update doc on sandbox environments MTA-6006

* docs(srv): update

* docs(srv): update

* docs(srv): update

* docs(srv): update

* docs(srv): update

* docs(srv): update

* docs(srv): update

* docs(srv): update

* docs(srv): update

* Update pages/serverless-containers/reference-content/containers-sandbox.mdx

Co-authored-by: Thomas TACQUET <[email protected]>

* Update pages/serverless-functions/reference-content/functions-sandbox.mdx

Co-authored-by: Thomas TACQUET <[email protected]>

* Update pages/serverless-containers/reference-content/containers-limitations.mdx

Co-authored-by: Benedikt Rollik <[email protected]>

* Apply suggestions from code review

Co-authored-by: ldecarvalho-doc <[email protected]>

---------

Co-authored-by: Thomas TACQUET <[email protected]>
Co-authored-by: Benedikt Rollik <[email protected]>
Co-authored-by: ldecarvalho-doc <[email protected]>

Author: 4 people

menu/navigation.json

@@ -3929,6 +3929,10 @@
                     "label": "Functions autoscaling",
                     "slug": "functions-autoscaling"
                   },
+                  {
+                    "label": "Functions sandbox",
+                    "slug": "functions-sandbox"
+                  },
                   {
                     "label": "Code examples",
                     "slug": "code-examples"
@@ -4097,6 +4101,10 @@
                     "label": "Containers port parameter",
                     "slug": "port-parameter-variable"
                   },
+                  {
+                    "label": "Containers sandbox",
+                    "slug": "containers-sandbox"
+                  },
                   {
                     "label": "Differences between Jobs, Functions and Containers",
                     "slug": "difference-jobs-functions-containers"

pages/serverless-containers/concepts.mdx

@@ -193,8 +193,10 @@ This process ensures a seamless update experience, minimizing user disruption du
 ## Sandbox
 
 A sandbox is an isolation area for your container. Serverless Containers offer two sandboxing environments:
-- **v2** - Recommended for faster cold starts. Can introduce some overhead on specific workflows with consequent amount of *syscalls*.
-- **v1** - Legacy sandboxing with slower cold starts, but fully supports Linux system call interface. Prefer this option when processing large amounts of *syscalls*.
+- **v1** - Legacy sandboxing with slower cold starts, but fully supports Linux syscall interface.
+- **v2** - Recommended for faster cold starts, but only supports a selection of Linux syscalls.
+
+Refer to the [dedicated documentation](/serverless-containers/reference-content/containers-sandbox/) for more information on sandbox environments.
 
 ## Scale to zero
 

pages/serverless-containers/faq.mdx

@@ -144,9 +144,13 @@ Ensure that your code avoids heavy computations or long-running initialization a
 
 ### Which Linux syscalls are supported?
 
+Serverless Containers offer two sandboxing environments:
+
 - [Sandbox](/serverless-containers/concepts/#sandbox) v1 guarantees full compatibility with Linux syscalls.
 
-- [Sandbox](/serverless-containers/concepts/#sandbox) v2 relies on [gVisor](https://gvisor.dev/), which implements a selection of syscalls. Refer to the [official gVisor documentation](https://gvisor.dev/docs/user_guide/compatibility/linux/amd64/) for a comprehensive list of supported syscalls.
+- [Sandbox](/serverless-containers/concepts/#sandbox) v2 relies on [gVisor](https://gvisor.dev/), which implements a selection of syscalls.
+
+Refer to the [dedicated documentation](/serverless-containers/reference-content/containers-sandbox/) for more information on sandboxing environments.
 
 ### What are the limitations of Serverless Containers?
 

pages/serverless-containers/reference-content/containers-limitations.mdx

@@ -98,7 +98,7 @@ When container CPU and/or memory are not provided by the client, these default v
 | Resources | Default value  |
 |-----------|----------------|
 | CPU       | 1000 mvCPU     |
-| Memory    | 2048 MB       |
+| Memory    | 2048 MB        |
 
 ## Architecture
 
@@ -127,3 +127,7 @@ Below is an example than illustrates this behavior:
 * Time +2H: Despite the failed deployment, the first container is still handling incoming requests.
 * Time +25H: The 24-hour window expires, and both the first working container and the failed container are removed,
 leading to service disruption until a new successful deployment is made.
+
+## Containers sandbox
+
+Refer to the [dedicated documentation](/serverless-containers/reference-content/containers-sandbox/) for more information on the limitations of sandbox environments for Serverless Containers.

pages/serverless-containers/reference-content/containers-sandbox.mdx

@@ -0,0 +1,35 @@
+---
+meta:
+  title: Containers sandbox
+  description: Learn more about the sandboxing environments of Scaleway Serverless Containers.
+content:
+  h1: Containers sandbox
+  paragraph: Learn more about the sandboxing environments of Scaleway Serverless Containers.
+tags: containers sandbox sandboxing gvisor isolation mechanism serverless v1 v2 clock drift skew
+dates:
+  validation: 2025-05-07
+  posted: 2025-05-07
+categories:
+  - serverless
+  - containers
+---
+
+In the context of Scaleway Serverless Containers, a [Sandbox environment](/serverless-containers/concepts/#sandbox) is a critical security mechanism that isolates each container from others, ensuring that they operate in a secure and controlled space. Containers run in dedicated execution environments that prevent unauthorized access and potential interference between different resources.
+
+Scaleway Serverless Containers offers two sandbox environment options:
+
+- Sandbox v1 (legacy)
+- Sandbox v2 (recommended)
+
+## Sandbox v1
+
+Sandbox v1 is Serverless Containers' legacy sandboxing environment with slower [cold starts](/serverless-containers/concepts/#cold-start), but fully supports Linux system call interface.
+
+<Message type="important">
+Sandbox v1 is known to experience clock drift over time. A difference of approximately **two seconds** can be observed after 24 hours of uninterrupted execution. This issue especially affects long-running containers, whereas short-lived containers are much less impacted. Update to sandbox v2 to solve the issue.
+</Message>
+
+## Sandbox v2
+
+Sandbox v2 is a modern isolation environment that relies on [gVisor](https://gvisor.dev/). This option offers faster [cold starts](/serverless-containers/concepts/#cold-start), but only implements a selection of Linux syscalls.
+Refer to the [official gVisor documentation](https://gvisor.dev/docs/user_guide/compatibility/linux/amd64/) for a comprehensive list of supported syscalls.

pages/serverless-containers/troubleshooting/cannot-deploy-image.mdx

@@ -19,7 +19,7 @@ I am unable to deploy my image using Serverless Containers.
 
 ## Possible solutions
 
-- Make sure the container is listening on the specified PORT for HTTP requests (or use variable `$PORT`).
+- Make sure the container is listening on the specified PORT for HTTP requests (or use variable `$PORT`). Refer to the [dedicated documentation](/serverless-containers/reference-content/port-parameter-variable/) for more information.
 
 - Make sure the container is bound to `0.0.0.0`.
 

pages/serverless-containers/troubleshooting/container-clock-drift.mdx

@@ -0,0 +1,27 @@
+---
+meta:
+  title: I am experiencing clock drift with my container
+  description: Discover the causes and solutions to clock drift issues in Scaleway Serverless Containers.
+content:
+  h1: I am experiencing clock drift with my container
+  paragraph: Discover the causes and solutions to clock drift issues in Scaleway Serverless Containers.
+tags: containers clock drift skew error time difference serverless troubleshooting
+dates:
+  validation: 2025-05-07
+  posted: 2025-05-07
+categories:
+  - serverless
+  - containers
+---
+
+## Problem
+
+The clock of my Serverless Container is slowly drifting.
+
+## Cause
+
+The internal clock of a Serverless Container executed in a [Sandbox v1](/serverless-containers/reference-content/containers-sandbox/) environment is known to slowly drift over time, to reach a clock skew of approximately **two seconds** after 24 hours.
+
+## Solution
+
+[Update the sandbox environment](/serverless-containers/how-to/manage-a-container/#how-to-manage-a-container-deployment) of your Serverless Container to [Sandbox v2](/serverless-containers/reference-content/containers-sandbox/#sandbox-v2) to solve clock drift issues.

pages/serverless-containers/troubleshooting/index.mdx

@@ -69,3 +69,4 @@ categories:
 - [I cannot retrieve an external image for my container](/serverless-containers/troubleshooting/cannot-retrieve-external-image/)
 - [My container stopped working after a redeploy](/serverless-containers/troubleshooting/container-stopped-after-redeploy/)
 - [Tests fail on Serverless Containers](/serverless-containers/troubleshooting/tests-fail-on-container/)
+- [I am experiencing clock drift with my Serverless Containers](/serverless-containers/troubleshooting/container-clock-drift/)

pages/serverless-functions/concepts.mdx

@@ -153,8 +153,10 @@ The runtime is the execution environment of your function. Regarding Serverless
 ## Sandbox
 
 A sandbox is an isolation area for your function. Serverless Functions offer two sandboxing environments:
-- **v2** - Recommended for faster cold starts.
-- **v1** - Legacy sandboxing with a slower cold start, but fully supports Linux system call interface.
+- **v1** - Legacy sandboxing with slower cold starts, but fully supports Linux syscall interface.
+- **v2** - Recommended for faster cold starts, but only supports a selection of Linux syscalls.
+
+Refer to the [dedicated documentation](/serverless-functions/reference-content/functions-sandbox/) for more information on sandbox environments.
 
 ## Scale to zero
 

pages/serverless-functions/reference-content/functions-sandbox.mdx

@@ -0,0 +1,35 @@
+---
+meta:
+  title: Functions sandbox
+  description: Learn more about the sandboxing environments of Scaleway Serverless Functions.
+content:
+  h1: Functions sandbox
+  paragraph: Learn more about the sandboxing environments of Scaleway Serverless Functions.
+tags: functions sandbox sandboxing gvisor isolation mechanism serverless v1 v2 clock drift skew
+dates:
+  validation: 2025-03-13
+  posted: 2021-10-12
+categories:
+  - serverless
+  - functions
+---
+
+In the context of Scaleway Serverless Functions, a [Sandbox environment](/serverless-functions/concepts/#sandbox) is a critical security mechanism that isolates each function from others, ensuring that they operate in a secure and controlled space. Functions run in dedicated execution environments that prevent unauthorized access and potential interference between different resources.
+
+Scaleway Serverless Functions offers two sandbox environment options:
+
+- Sandbox v1 (legacy)
+- Sandbox v2 (recommended)
+
+## Sandbox v1
+
+Sandbox v1 is Serverless Functions' legacy sandboxing environment with slower [cold starts](/serverless-functions/concepts/#cold-start), but fully supports Linux system call interface.
+
+<Message type="important">
+Sandbox v1 is known to experience clock drift over time. A difference of approximately **two seconds** can be observed after 24 hours of uninterrupted execution. This issue especially affects long-running functions, whereas short-lived functions are much less impacted. Update to sandbox v2 to solve the issue.
+</Message>
+
+## Sandbox v2
+
+Sandbox v2 is a modern isolation environment that relies on [gVisor](https://gvisor.dev/). This option offers faster [cold starts](/serverless-functions/concepts/#cold-start), but only implements a selection of Linux syscalls.
+Refer to the [official gVisor documentation](https://gvisor.dev/docs/user_guide/compatibility/linux/amd64/) for a comprehensive list of supported syscalls.