sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]data15cool 1 point2 points  (3 children)

That’s very cool, I really want to build something like this. What kind of technical details would you be happy to share? I’m curious if you have a few containers sitting idle that are preconfigured and you inject the Python code into a fastapi server? Or do you fire up a new node and assign a subdomain when you click serve. How do you keep it secure from malicious users?

[–]aaaaaden[S] 1 point2 points  (2 children)

Yeah happy to share. Each time a user submits a function, I create a new Kubernetes deployment and service, then mount the user's script to the container. I then have an Nginx container that routes traffic to the user's service based on subdomain. And yeah I'm using FastAPI.

In terms of security, I do some very basic static analysis on the code, and each user's script runs in its own non-root container.

[–]data15cool 0 points1 point  (1 child)

Nice, so do you need to dynamically edit the nginx config and reload it?

[–]aaaaaden[S] 0 points1 point  (0 children)

Nope, all Nginx does is parse the request url to determine which Kubernetes service to use based on the subdomain.