|
|
|
|
|
|
by sgslo
1832 days ago
|
|
|
An operator might be overkill. I used a K8S cluster to run untrusted code. User code was executed inside of a container running as a job, rather than a naked pod or deployment. To monitor/track/handle abuse, I used a sidecar container running alongside the user's container. The real challenge around running user's code isn't running code, per se. Instead, it is storage! I was never able to come up with a good solution for allowing users to create a very large number of files, such as the number of files created by creating a React app. |
|
|