$30 off During Our Annual Pro Sale. View Details »

Why should I care about WebAssembly

Why should I care about WebAssembly

longer version of the talk given at DevOps Meetup singapore 2022 https://www.meetup.com/devops-singapore/

Adrian Cole

August 10, 2022

More Decks by Adrian Cole

Other Decks in Technology


  1. 1 Why should I care about WebAssembly? Adrian Cole OSS

  2. “WebAssembly was invented to beat JavaScript in terms of performance

    and naming confusion. 2
  3. WebAssembly in the browser is controlled by javascript 3 javascript

    html css webassembly VM module module WebAssembly is JavaScript’s buddy code in another language!
  4. WebAssembly’s core specification is usable outside the browser 4 golang

    runtime module WebAssembly can be your buddy, too! code in another language! WASI module wazero.io
  5. WebAssembly is often an implementation detail of plugins 5 thing

    binary Using WebAssembly might look more like this.. plugin code in another language! thing SDK plugin.wasm thing yaml
  6. Hype check! Only the core is a Web Standard. Interop

    and good execution require more. Coding for WebAssembly is not easy, even in your favorite language! WebAssembly is not the only way to do extensibility or fast startup 6 "WebAssembly aims to execute at native speed", but your mileage will vary WebAssembly is not a "write once, run anywhere" panacea
  7. Missing links.. things about WebAssembly not everyone gets 7

  8. WebAssembly is Web Biased WebAssembly is a Web standard. Two

    of its specs are around browser use. Features are acceptable if used by at least two browsers. Its virtual stack machine and bytecode formats are used outside the browser. 8
  9. WebAssembly is not Assembly WebAssembly defines a virtual stack machine

    with instructions similar to real hardware. Common hardware are register machines, not stack machines, and their assembly code is architecture specific. 9
  10. A WebAssembly Module is a library or application binary 10

    • Wasm is bytecode, not a package or image format • WebAssembly is a compile target for a possibly constrained language • WebAssembly has no standard library programming WebAssembly is different
  11. WebAssembly is a sandbox, architecture that cooperates with its host

    via shared memory, globals and functions 11 • no capabilities besides number crunching, more more is often needed • WASI are function imports for I/O, time, random numbers, ENV, etc • When acting like an entrypoint, it is using WASI WebAssembly is a coprocessor
  12. See also.. things like WebAssembly you already know 12

  13. 13 • Oracle JCP • Dominates the backend • Language

    bias. Ex field instructions • Other languages share object model, GC, stdlib • W3C Working Group • Dominates the browser • Hardware bias. Ex SIMD instructions • Other languages bring their own object model, GC, stlib Virtual Stack Machines
  14. 14 • Images built with Dockerfile instructions • OS-layer host

    • containers shouldn’t see their host • Binaries built by language compiler • Application-layer host • wasm often use host hooks Sandboxes
  15. 15 • commodity integration • maybe testable • latency causing,

    can cause outages • hit the ground running • deep integration • testable • low latency, can handle partitions • experts only Remote APIs (Webhooks, gRPC, OpenAPI, etc.)
  16. Examples in practice A couple ways WebAssembly is used in

    Cloud Native architecture 16
  17. Add your own library code to envoy or another proxy

    without custom builds • alternative to DSLs and custom builds to manipulate HTTP • istio (go) configures and distribute proxy-plugins • envoy is the wasm runtime (v8 c++) • ABI is proxy-wasm 17 HTTP Proxy Extension envoyproxy.io v8.dev github.com/proxy-wasm/spec
  18. Implement your own admission policies or re-use those made by

    others. 18 • kubewarden validates incoming k8s requests with wasm • controller (go) integrates with k8s and configures • policy evaluation rust+wasmtime. • ABI is based on waPC k8s dynamic admission controller kubewarden.io wasmtime.dev wapc.io
  19. Extend a security scanner without changing its code 19 •

    Trivy modules allow custom vulnerability detection, or custom severities. • Trivy (go) downloads (OCI), configures and executes policy modules • wazero is the runtime vulnerability and misconfiguration scanner aquasecurity.github.io/trivy wazero.io
  20. Why do we care? The title of this presentation is

    about this, right?! 20
  21. Serverless, Service Mesh, Event Driven • Wasm can decouple language

    support from “official lists” • Extend your service mesh control and data plane • Is fast start a game changer? 21
  22. Developer tools, Delivery, Observability & Monitoring • Programming in WebAssembly

    is more constrained than a natural language. What do you do about it? • How do you plan to distribute or sign wasm? • Do you know what’s happening inside the Wasm? 22
  23. DevOps and Production • Can you share a model between

    frontend and backend? • How does compiling to wasm effect your pipeline? • Host functions and cooperation can create coupling 23
  24. There’s a place for you to start learning about WebAssembly

    relevantly 24 • Mesh already uses wasm, so you can practice • Many projects use an SDK approach to enable success • WebAssembly has a vibrant Spec and OSS ecosystem Closing thoughts
  25. None