privat
commented
8 years ago docker in a docker
A solution could be to run a sub-docker to execute binaries.
- docker-in-docker is complex and have a lot of issues according to Google
- firing too much parallel docker can cause us to DOS ourself.
distinct worker that process jobs in a queue
Another approach could be to have a single distinct service in the host that:
- picks a job in /out
- compiles it
- runs it in a docker
This seems to be quite safe if the process is outside any docker and does a single job at a time. The unclear part is how to communicate between the web server and the job-worker.
Find a way to execute compiled binary in a sandboxed environment isolated from the webserver.