The Firecracker virtual machines offered here looks like exactly what I need, however I’m having some issues creating VMs from a Laravel application. Do I really need to connect to the internal network with wireguard or flyctl to access the API?
However, it is entirely possible I’m going about this the wrong way. So here is what I actually want to do. I have a zip file untrusted user code (PHP). I want to send that archive to some kind of container or virtual machine, that uses the PHP to compile some stuff using a predefined image, then zips the result and sends it back. I need to be able to trigger jobs through Laravel/PHP, and I need the jobs to run in a secure manner as again it’s untrusted arbitrary code being run.
Basically, I’m creating a Functions as a Service orchestrated by Laravel. If machines aren’t the right tool for the job, are there any other services here that could work better? Each job only takes about 30 seconds.
If you deploy your Laravel application onto the fly network, that application can access the machines API directly.
If you want to access the machines API from outside of the fly network (say from your development machine), you will either need to be running wireguard or to have a proxy in order to do so.
Based only on the two paragraph description of what you are trying to solve, yes machines were (and are!) being developed to address exactly this use case.
Awesome! Great to know I’m on the right track. I tried to distill what I’m trying to do into the shortest terms possible. I think what I will do then is to create a Fly.io Laravel microservice that hooks into the shared build queue of the main Laravel app to orchestrate machines that way.
Even if Rails is not your thing, it might be worth checking out the following to get an idea of what you can do: Machine API · Fly Docs. It even covers installing the flyctl executable on your deployed VM.