We have the following scenario: In our application, after users log in they are able to SSH into their own virtual environment. These environments should be completely isolated from each other and don't have to be stateful.
Our goal is to have a full isolated containerized environment for each active user (run a docker image to simulate a user's environment every time the user wants to SSH).
We had two ideas to achieve this
The first idea was to have a microservice called "container manager". Every time a user would want to SSH into her environment the container manager would look into the DB to see what pods are available. If none are available (= all are used by other users) the manager would dynamically deploy a new pod using kubernetes-client-go. After the pod is deployed, it would save into the DB that it's "free". The problem with this solution is that the traffic from the client must be routed to a specific pod. I'm not sure if this is achievable since pods are ephemeral by design. How would the routing work?
Another option is to have a single microservice that runs a docker container every time a user wants to SSH into her environment and then kill the process after the user signs out. Problem with this is (a) running docker inside docker and (b) have multiple processes running in a single microservice
Is there a better design so we don't have to have binding "one pod:one user" and have multiple isolated environments on a single pod? What would be the ideal Kubernetes architecture to achieve this? Or maybe Kubernetes isn't the right tool for such a scenario?