Ola from windmill.dev which has some overlap but is focused on enterprise and self-hosted infra.
We have exactly the same issues for the cloud and ended up securing everything through nsjail and the deno run sandboxing. I admire that you're willing to allow unauthentified users to run computations. Do you guys have timeout ? How do you ensure resource isolation? We use kubernetes for resource isolation, and we use both timeouts and quotas where each second a background process will kill the job if the user/job is over it. Let me know if you guys are up to chat at some point and congrats on the very nice UX.
Windmill is very cool! Reminds me a bit of pipedream.com too, but it's cool that you guys are open-source and self-hostable.
Yeah we have a timeout, but will likely need to continue to add restrictions as we scale and get more abuse. We are mostly relying on deno's workers to isolate user code, but will probably add additional process isolation soon, and dedicated private resources for serious customers one day.
Would love to chat & share tips! Email me? steve@val.town
Sounds like we need a support group for founders of companies that let users run any code in the cloud. We have our own bitcoin mining war stories. I am sure Amjad from Repl.it will join.
We have exactly the same issues for the cloud and ended up securing everything through nsjail and the deno run sandboxing. I admire that you're willing to allow unauthentified users to run computations. Do you guys have timeout ? How do you ensure resource isolation? We use kubernetes for resource isolation, and we use both timeouts and quotas where each second a background process will kill the job if the user/job is over it. Let me know if you guys are up to chat at some point and congrats on the very nice UX.