(no title)

I used a K8S cluster to run untrusted code. User code was executed inside of a container running as a job, rather than a naked pod or deployment. To monitor/track/handle abuse, I used a sidecar container running alongside the user's container.

The real challenge around running user's code isn't running code, per se. Instead, it is storage! I was never able to come up with a good solution for allowing users to create a very large number of files, such as the number of files created by creating a React app.