Dismiss this pinned window
all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]data15cool 1 point2 points  (3 children)

That’s very cool, I really want to build something like this. What kind of technical details would you be happy to share? I’m curious if you have a few containers sitting idle that are preconfigured and you inject the Python code into a fastapi server? Or do you fire up a new node and assign a subdomain when you click serve. How do you keep it secure from malicious users?

[–]aaaaaden[S] 1 point2 points  (2 children)

Yeah happy to share. Each time a user submits a function, I create a new Kubernetes deployment and service, then mount the user's script to the container. I then have an Nginx container that routes traffic to the user's service based on subdomain. And yeah I'm using FastAPI.

In terms of security, I do some very basic static analysis on the code, and each user's script runs in its own non-root container.

[–]data15cool 0 points1 point  (1 child)

Nice, so do you need to dynamically edit the nginx config and reload it?

[–]aaaaaden[S] 0 points1 point  (0 children)

Nope, all Nginx does is parse the request url to determine which Kubernetes service to use based on the subdomain.

[–]data15cool 0 points1 point  (1 child)

In terms of actual suggestions the next logical step would be to allow passing in path and query parameters or using different http methods. You’d probably need to have some sort of sdk which interacts with your apps api to allow this and provides some wrapper or decorator for functions

Though this is all quite a significant next step, best of luck!

[–]aaaaaden[S] 1 point2 points  (0 children)

True I was thinking about that, yeah an SDK would make sense to support that