I’m working on a project where I need to run some untrusted user code and I think fly.io would be the way to go. The way it’s going to work in my head is:
-
A user registers a new function or updates the code of an existing one
-
One microservice takes care of taking the code and creating a docker image, which is then pushed to the fly.io image registry
-
Once the image is pushed, using Terraform, an app and machine(s) are created for the given function with the docker image from step 2
-
In the same org, I will have another app, which will act as a gateway/proxy. This will take invocation requests, check bearer tokens, deal with rate limiting, billing, etc. Once it’s checked over everything, it will make a request to the respective app using its .internal address and return the response.
This way, I’d avoid having every machine carry out the same business logic and I’d also avoid exposing them to the public internet.
However, there is a problem with this. Machines would be able to access each other, therefore, one function could invoke another. Considering these could be for different users, this raises privacy/security/compliance concerns.
Is there a way to control how apps can communicate through .internal addresses (i.e. let the gateway app be able to talk to all other apps, but other apps can only talk to the gateway)?
