search

microsoft / python-in-excel

Python in Microsoft Excel
MIT License
524 stars 36 forks source link

Support proprietary python packages #7

Open MarcSkovMadsen opened 1 year ago

MarcSkovMadsen commented 1 year ago

My team develops proprietary Python packages that provides smooth access to data and models.

In order to really use Python in Excel we would need the ability to install these (from Azure Artifacts Feeds).

MarcSkovMadsen commented 1 year ago

If we could run the Python in Excel backend service inside our own docker containers on our own AKS using the configuration (.yaml) we use for other workloads it would be a True game changer. Similarly to how you can run VS Code remotely inside your own docker container.

jflam commented 1 year ago

Thanks for the suggestion!

How important is being able to own the AKS cluster? Or would running in your own container be sufficient?

My knowledge may be out of date here, but once upon a time it was recommended that hostile code not be hosted in K8s in general because the head nodes are not hardened against the possibility of attacks from pods.

dhirschfeld commented 1 year ago

How important is being able to own the AKS cluster? Or would running in your own container be sufficient?

I'd say critical. Often you only have access to your data (storage/databases) and APIs from within your own VNet.

jflam commented 1 year ago

What if we enabled Azure Confidential Computing support in the containers? https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-containers. Trying to explore options available to us at the moment.

And yes, of course we would make it possible to join those confidential containers to a VNET under your control.

MarcSkovMadsen commented 1 year ago

Having access to databases, fileshares, blob storage, proprietary python packages etc. is. And that takes a lot of time to get access to. In an enterprise that quickly becomes a project taking months. Or that your not allowed to do or there are no resources for.

In my enterprise it is our enterprise strategy to run workloads on AKS. So it might not be possible to be allowed to run this anywhere else.

Furthermore getting access to databases, file shares and blob storage quickly becomes complicated in an enterprise. It quickly becomes a project that can take months. For example for on-prem we need kerberos authentication service to access databases. Also getting access to azure databases, fileshares, netapp fileshares, blob storage requires lots of configuration, secrets handling and knowledge.

This has already been solved for us on our own AKS and going through a project to get these things running in a separate setup would not be realistic. The complexity developing, maintaining and operating this setup would double. That is not realistic for us to handle.