I need an advice in building a website builder similar to bubble.io

7/31/2021

We are currently building a website builder similar to bubble.io, we will not be able to add all the features our users will need, so we want them to be able to extend the functions of their apps with JavaScript, we want to isolate each users website on a k8s container to prevent malicious JavaScript code from spreading. My question is are there better alternatives than using containers?

-- dmetrosoft
docker
kubernetes
performance
security

2 Answers

7/31/2021

Overall building this kind of product is not recommended. There is no security system available that is good enough to run arbitrary user code without extensive in-house expertise and full-time support staff. Don't enter this area lightly.

-- coderanger
Source: StackOverflow

7/31/2021

When it comes to isolation, physical machines are always the best. Followed by VMs and then containers.

However, it is not practical to have physical machines for each and every user. If you truly want to use Kubernetes then having separate VMs isn't practical either. So it leaves you with containers.

However, containers are running on the host machine and can be escaped from if not secured properly. Luckily, technology is advanced enough to be able to use the scaling advantages of containers and add additional security features to prevent those escapes. Container security is a big topic, too big explain everything in detail in one answer, so I won't be able to explain everything to you, however, I'll point out some things that may be interesting.

From what you described, here are some ideas what to look into:

  • Properly split your (customers) applications in separate namespaces and use NetworkPolicies to ensure these namespaces cannot interact with each other
  • Make use of PodSecurityPolicies to ensure that the creation of containers with unnecessary privileges is not possible
  • Secure the environment of your containers by using gVisor or kata containers
  • Use scanners to check code and images for possible vulnerabilities whenever your customer submits them (e.g. sonarqube, trivy, ...)

With all that being said, as you can see it is not an easy task to have that kind of a safe environment. So if possible, don't let people submit their own code that runs on your infrastructure. It is not impossible, but it takes a lot of time, cost and effort to secure these kind of environments properly. There are many things I skipped, simply because there is no end when it comes to security, so please be aware that there is never absolute security, not even when using physical machines.

-- F1ko
Source: StackOverflow