Orchestration layer design; authentication, container management.

Sunday, October 27, 2024

It's Sunday and I don't have much time, so today I would like to think about how I'm going to set up the orchestration layer.

I'll now have two apps

Orchestrator

deployed at the front, exposed to the clients
authenticate users
start, set up, and stop containers
keep track of active containers and route users to their containers

Driver

deployed inside the container
run commands
change step

How will I handle authentication? I would definitely like to support OAuth with at least GitHub and Google providers, but also simple email + password with confirmation. I would like to use some managed service that can easily integrate with both my next js app and the backend. If possible, I would like to avoid managing auth at all. Worst case scenario, I deploy my own Keycloak or something.

How will I start and stop containers? How fast is starting them with docker? Actually, let's not worry about performance at all in this stage. Keeping track of started containers should be easy enough on a single machine. Routing will be more complicated, as I've never done that before. Do I even need routing? Can I simply start a container, and return the address to the client? Then, the client can talk directly to the container, without going through the orchestrator? Can this be done by kubernetes? How big will the overhead be? Can I use Kubernetes with firacracker later down the line? Can I use a managed solution like AWS Fargate? How expensive would that be? I'll have to do much more research