storkit: create 408_spike_fly_io_machines_api_integration_for_multi_tenant_storkit_saas
This commit is contained in:
dave
+15
-4
@@ -6,19 +6,30 @@ name: "Fly.io Machines API integration for multi-tenant storkit SaaS"
|
||||
|
||||
## Question
|
||||
|
||||
Build and test the Rust integration for Fly.io Machines API: create/start/stop/destroy machines per tenant, attach volumes, inject secrets, and implement the JWT auth reverse proxy with WebSocket support.
|
||||
Can we build a working Rust integration that creates and manages per-tenant Fly.io Machines, attaches volumes, injects Claude credentials, and proxies JWT-authenticated HTTP/WebSocket traffic to the right machine?
|
||||
|
||||
## Hypothesis
|
||||
|
||||
- TBD
|
||||
A thin Rust service using `reqwest` for the Machines API and `axum` for the reverse proxy is sufficient. No heavyweight orchestration framework needed.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Fly.io account with API token (set `FLY_API_TOKEN` env var)
|
||||
- Spike 407 findings reviewed
|
||||
|
||||
## Timebox
|
||||
|
||||
- TBD
|
||||
4 hours
|
||||
|
||||
## Investigation Plan
|
||||
|
||||
- TBD
|
||||
- [ ] Create a minimal Rust crate in `spikes/fly_machines/` — do not touch production code
|
||||
- [ ] Implement machine lifecycle: create, start, stop, destroy via Fly Machines REST API using `reqwest`
|
||||
- [ ] Test attaching a persistent volume to a machine and verify it persists across stop/start
|
||||
- [ ] Test secret injection — pass a dummy `credentials.json` as a Fly secret and verify it's readable inside the machine
|
||||
- [ ] Sketch the auth proxy: JWT validation → machine lookup → reverse proxy to machine's private IP; verify WebSocket proxying works
|
||||
- [ ] Measure actual cold start time for a minimal storkit container image
|
||||
- [ ] Document any API quirks, rate limits, or sharp edges discovered during testing
|
||||
|
||||
## Findings
|
||||
|
||||
|
||||
Reference in New Issue
Block a user