With WasmEdge to New Shores Max Körbächer | Co-Founder & Cloud Native Advocate @ Liquid Reply
A presentation at WeAreDevelopers World Congress in June 2022 in Berlin, Germany by Max Körbächer
With WasmEdge to New Shores Max Körbächer | Co-Founder & Cloud Native Advocate @ Liquid Reply
Say hi! Max Körbächer - Co-Founder of Liquid Reply My work is all about Kubernetes Consultancy & Cloud Native Advisory Photo ● Former Enterprise Architect, yet design and build hyper converged infrastructures and cloud agnostic solutions ● Contributing to the Kubernetes release team, related K8s technologies and Co-Chair of the CNCF Environmental Sustainability Working Group mkoerbaecher mkoerbi
Docker has changed the game Docker/Container changed: ● ● ● ● ● the way we design and build applications caused a whole ecosystem with hundreds of open source systems to appear drive adoption from all kind of cloud provider changed the way we do automation pushed the development of an OCI standard Corporations using or planning to use container 93%
In Containers we trust in Kubernetes we build ● Kubernetes leverages container and got a defacto standard for container orchestration (also there are many other nice implementations) ● Kubernetes gets implemented and used everywhere (cloud, IaaS, on metal, on egde) - it simplifies a lot, but it also raises the complexity ● In Europe >= 90% organizations working with or on K8s - this is comparable to the usage of hypervisor (92%) src: https://www.cncf.io/wp-content/uploads/2022/02/CNCF-AR_FINAL-edits-15.2.21.pdf https://www.spiceworks.com/marketing/reports/state-of-virtualization/
Container & Kubernetes Both together has changed and influenced the ICT world massively A big bang for a total new market Boosting open source and a community driven development to new levels Changed the way we see infrastructure -> Infra as Apps Security, observability, any kind of extension is seen as a simple plug & play K8s abstracts away hypervisors, CSP and IaaS K8s create a knowledge voidness
What next?
src: https://twitter.com/solomonstre/status/1111004913222324225
What is WebAssembly (WASM)? Intermediate Layer Various programming languages and many different execution environments CPU & OS agnostic Secure Fast(er) Per default a WASM component is allowed to do nothing Drastically short startup time (x100 faster than a container) Encapsulated binary, no OS within, nothing to “hack” Micro footprint, measured in MB not GB
A new paradigm (?)
Where can WebAssembly be applied? *outside the Browser 🪢 🧩 Language Plugin Systems Interoperability 🖼 Embedded Sandboxing 🔗 📦 Blockchains Containerisation 🧮 Serverless Platforms Write that library once in a language of your choice; use in any language. Never trust third parties! Prevent yourself against bugs of third party libraries. Write Smart Contracts in a language of your choice. Universal Runtime, capability based security model. Minimal Startup time, maximal isolation. Figma Lichess.org Google Earth Adobe Photoshop Envoy / Istio Kubewarden MS Flight Simulator Minecraft RedPanda Firefox HTTP Servers CosmWasm eWASM Krustlet Hippo wasmCloud Lunatic WasmEdge Cloudflare Workers AWS Lambda Atmo (Suborbital) Fastly Compute@Edge
Example implementations Kubernetes Kubernetes API Server Node Krustlet replace Wasmtime require wasi WASM Module A Krustlet Kubernetes Stack require
Example implementations Kubernetes Kubernetes Kubernetes API Server Kubernetes API Server Node Node Kubelet Krustlet Wasmtime CRI Runtime Docker CRI-O container-d wasi WASM Module A Krustlet Kubernetes Stack … OCI Runtime crun runc Linux Container Images gVisor … WebAssembly app images The Container Eco-System co-run
Example implementations new platform Kubernetes Kubernetes Kubernetes API Server Kubernetes API Server Act or Act or Actor Node Node Kubelet Krustlet Wasmtime CRI Runtime Docker CRI-O container-d wasi WASM Module A Krustlet Kubernetes Stack wasmCloud Host Runtime Kubernetes wasmCloud Host Runtime - VM 🤝 Capabilit y Provider … OCI Runtime crun runc Linux Container Images gVisor … WebAssembly app images The Container Eco-System 🕸 Lattice …
Example implementations Kubernetes Kubernetes Kubernetes API Server Kubernetes API Server Act or Act or Actor Node Node Kubelet Krustlet Wasmtime CRI Runtime Docker CRI-O container-d wasi WASM Module A Krustlet Kubernetes Stack wasmCloud Host Runtime Kubernetes wasmCloud Host Runtime - VM 🤝 Capabilit y Provider … OCI Runtime crun runc Linux Container Images gVisor … WebAssembly app images The Container Eco-System 🕸 Lattice …
Let’s think about the WASM potentials based on WasmEdge ● Especially targets the integration in various Kubernetes distributions, CRI runtimes as well as OCI runtimes therefore a good match to run WASM side by side with classic containers Kubernetes Kubernetes API Server Node ● Runs also stand alone for modern web apps, to host serverless functions and being “embedded” in any kind of edge device. Kubelet CRI Runtime Docker CRI-O container-d … OCI Runtime ● It leverages all advantages of WASM and bring it into a strong ecosystem without being inversive crun runc Linux Container Images gVisor … WebAssembly app images The Container Eco-System
WasmEdge Integrating with existing tooling, and more … Kubernetes ● Especially targets the integration in various Kubernetes distributions, CRI runtimes as well as OCI runtimes - therefore a good match to run WASM side by side with classic containers Kubernetes API Server Node Kubelet ● Runs also stand alone for modern web apps, to host serverless functions and being “embedded” in any kind of edge device. CRI Runtime Docker CRI-O container-d … OCI Runtime crun runc Linux Container Images gVisor … WebAssembly app images The Container Eco-System based on: https://wasmedge.org/book/en/kubernetes.html
WasmEdge Solution Approach WasmEdge is different on the image level. Rather than having a container image with a OS, the WASM image is build from scratch. In addition, the container requires a “wasm.image” annotation, to let crun and containerd know that it use WasmEdge. This approach allows to use WASM within the Kubernetes context, and utilize the existing ecosystem. *http server wasm image within a docker file *a wasm container requires the wasm image annotation
Demo
WasmEdge Solution Approach Advantages Considerations ➕ WasmEdge can run alongside your standard ➖ Additional tools for image annotation are required (at the moment) containers ➖ For some use cases you need another SDK ➕ Build and deployment spec are nearly the ➖ It can lead to confusion that you can use same as for a normal pod WasmEdge in very different scenarios and each of ➕ Supports different CRI, OCI and K8s distros them has to be developed differently ➕ Can use existing K8s ecosystem ➕ Runs by itself on edge, serverless or browser WasmEdge would be the best choice to extend your currently orchestration without deep cutting changes
WASM can extend Container Docker-like container WebAssembly OK Great Resource footprint Poor Great Isolation OK Great Safety OK Great Portability OK Great Security OK Great Language and framework choice Great OK (yet) Ease of use Great OK (yet) Manageability Great Great Performance
1 3 5 WebAssembly’s potential is beyond the browser WASM will not substitute containers & K8s, but extend it The developer experience of/for WASM will be the game changer 2 WASM enables use cases that are not possible with container & K8s 4 WASM lacks harmonization and makes it difficult for programming languages to adapt
Containers for lifting, WASM for re-creating Go with the Container flow Build with WASM for the future Containers will stay and drastically increase in usage over the next years. But for future developments WASM might be in many cases a better choice. 🧸 Simple to use 🍀 Big eco-system ⚡ Consistently fast 🔬 Small 📱 Language support 👶 “1st born” effect 🌍 Universal ♻ Reusable We believe that WASM & Container will go along side by side