Is Rust a great language for building Kubernetes ecosystem

Transcript

1. @deepu105
   @oktaDev
   Is Rust a great language
   for building the
   Kubernetes ecosystem?
   Deepu K Sasidharan
   @deepu105 | deepu.tech
   

   View Slide

2. @deepu105
   @oktaDev
   Deepu K Sasidharan
   JHipster co-lead, Java Champion
   Creator of KDash, JDL Studio
   Developer Advocate @ Okta
   OSS aficionado, author, speaker, polyglot dev
   @deepu105
   deepu.tech
   deepu105
   

   View Slide

3. @deepu105
   @oktaDev
   What is KDash?
   

   View Slide

4. @deepu105
   @oktaDev
   KDash
   ● A simple terminal dashboard for Kubernetes
   ● Provides resource views, Node metrics, logs and common view features
   ● Resources utilizations for nodes, pods and namespaces based on metrics
   server.
   ● Context switching
   ● Easy full keyboard navigation and themes
   https://github.com/kdash-rs/kdash
   

   View Slide

5. @deepu105
   @oktaDev
   KDash - Context overview
   

   View Slide

6. @deepu105
   @oktaDev
   KDash - Utilization metrics
   

   View Slide

7. @deepu105
   @oktaDev
   Why did I build another
   Kubernetes dashboard?
   

   View Slide

8. @deepu105
   @oktaDev
   Why another dashboard
   Kdash is obviously inspired by k9s, so why build another dashboard?
   ● User experience: I wanted the stuff that is most used easily available and a
   workflow suitable for daily use
   ● Better navigation: I wanted a better overview and keyboard shortcuts for
   everything
   ● Better metrics: I wanted to see better resource metrics for the cluster
   ● PoC for Rust tooling: I wanted to build something useful in Rust for the k8s
   space
   ● Speed: While Go based tooling can be almost as fast, I wanted to build
   something faster and efficient with Rust. Why not?
   ○ KDash uses way less memory/cpu than k9s and even Kubectl watch
   

   View Slide

9. @deepu105
   @oktaDev
   Why Rust? Why not GoLang?
   

   View Slide

10. @deepu105
    @oktaDev
    Rust = High level general purpose language
    ● Multi-paradigm, ideal for functional, imperative and even OOP
    ● Modern tooling
    ● Ideal for systems programming, embedded, web servers and more
    ● Memory safe
    ● Concurrent
    ● No garbage collection
    ● Performance focused
    ● Most loved language in Stack Overflow survey for 6 years in a row
    

    View Slide

11. @deepu105
    @oktaDev
    Safe programming
    Programming Safety = Memory safety + Type safety + Thread safety
    

    View Slide

12. @deepu105
    @oktaDev
    ● About 70% of all CVEs at Microsoft are memory safety issues
    ● Two-thirds of Linux kernel vulnerabilities come from memory
    safety issues
    ● An Apple study found that 60-70% of vulnerabilities in iOS and
    macOS are memory safety vulnerabilities
    ● Google estimated that 90% of Android vulnerabilities are
    memory safety issues
    ● 70% of all Chrome security bugs are memory safety issues
    ● An analysis of 0-days that were discovered being exploited in
    the wild found that more than 80% of the exploited
    vulnerabilities were memory safety issues
    ● Some of the most popular security issues of all time are
    memory safety issues
    ○ Slammer worm, WannaCry, Trident exploit, HeartBleed, Stagefright, Ghost
    CVE galore from memory safety issues
    

    View Slide

13. @deepu105
    @oktaDev
    Security issues from thread safety
    ● Information loss caused by a thread overwriting information from another
    ○ Pointer corruption that allows privilege escalation or remote execution
    ● Integrity loss due to information from multiple threads being interlaced
    ○ The best-known attack of this type is called a TOCTOU (time of check to
    time of use) attack caused by race conditions
    

    View Slide

14. @deepu105
    @oktaDev
    Security issues from type safety
    ● Low level exploits are possible in languages that are not type safe.
    ● Type safety is important for memory safety as type safety issues can lead to
    memory safety issues
    "For comparison, last week we caught a significant race condition in another Kubernetes-related
    project we maintain called Helm (written in Go) that has been there for a year or more, and which
    passed the race checker for Go. That error would never have escaped the Rust compiler, preventing
    the bug from ever existing in the first place." – Microsoft team
    

    View Slide

15. @deepu105
    @oktaDev
    Zero cost abstractions
    “What you don’t use, you don’t pay for. And further: What you do use, you couldn’t
    hand code any better.”
    – Bjarne Stroustrup
    ● Your programming style or paradigm does not affect performance
    ● Number of abstractions does not affect performance as the compiler always
    translates your code to the best possible machine code
    ● You could not get more performance from hand written optimizations
    ● In-built abstractions are often more performant than hand written code
    ● Compiler produces identical assembly code for almost all variations
    

    View Slide

16. @deepu105
    @oktaDev
    Zero cost abstractions
    

    View Slide

17. @deepu105
    @oktaDev
    Tooling and community
    ● Hands down, one of the best compilers out there and great backward compatibility
    ● One of the best tooling you can find in terms of features and developer experience. Cargo is one
    stop shop for Rust tooling, build, compilation, formatting, linting, and so on
    ● One of the best documentation, which is shipped with the tooling
    ● A very diverse and vibrant community
    ○ Community formed from other languages hence bringing in best of many
    ○ Very welcoming and helpful
    ○ Rapidly maturing ecosystem with growing number of libraries and use cases
    ○ Has a forum which is used more than stack overflow for Rust
    ● Big names like Google, Apple, Microsoft, Amazon and Facebook are already behind rust and
    investing it.
    ● It’s on path to become the second supported language in Linux development.
    ● Use case has already extended to embedded, web assembly, kubernetes, web development, game
    development and even client side
    ● It’s only a matter of time until you can do any use case in Rust
    

    View Slide

18. @deepu105
    @oktaDev
    Rust can be the ideal general
    purpose language
    

    View Slide

19. @deepu105
    @oktaDev
    High level vs Low level language
    High level language
    ● Human oriented
    ● Easier to read
    ● Portable
    ● Need to be compiled to
    machine code
    ● Not as efficient as a low
    level language
    ● Provides features like
    memory management,
    abstractions and so on
    Low level language
    ● Machine oriented
    ● Harder to read
    ● Hardware specific
    ● Can be understood by machines
    ● Fast and efficient
    ● No fancy features
    

    View Slide

20. @deepu105
    @oktaDev
    High level language compromise
    ● Safety
    ● Speed
    ● Abstractions
    Pick two
    

    View Slide

21. @deepu105
    @oktaDev
    High level language compromise
    ● Safety
    ● Speed
    ● Abstractions
    With Rust we can get all three. Hence Rust is a high level language with
    performance and memory efficiency closest to a low level language. The only
    tradeoff you will make with Rust is the learning curve.
    

    View Slide

22. @deepu105
    @oktaDev
    Performance, Memory and power
    From the research paper “Energy Efficiency across Programming Languages”
    

    View Slide

23. @deepu105
    @oktaDev
    “Rust, not Firefox, is Mozilla’s greatest
    industry contribution”
    – TechRepublic
    

    View Slide

24. @deepu105
    @oktaDev
    Use cases and Ecosystem
    

    View Slide

25. @deepu105
    @oktaDev
    WebAssembly
    ● WebAssembly System Interface (WASI) makes it possible to run Wasm workloads in
    Kubernetes
    ○ Still quite new and has a lot of rough edges
    ○ Could be the future of containerless Kubernetes.
    ● Rust has one of the best tooling and ecosystem for WASM making it an ideal language to
    build WASI workloads for Kubernetes as well.
    ● Wasmtime (a JIT-style standalone runtime) makes it possible to run Wasm outside of a
    browser and it is written in Rust.
    ● WasmEdge is another runtime focused on microservices built using C++ and Rust.
    ● WasmCloud is another runtime focusing on distributed actors and is written in Rust.
    ● Krustlet is a Kubelet written in Rust and can run WASM OCI workloads in Kubernetes.
    https://developer.okta.com/blog/2022/01/28/webassembly-on-kubernetes-with-rust
    

    View Slide

26. @deepu105
    @oktaDev
    In cluster tools
    ● Proxies/Sidecars/ServiceMesh
    ○ Speed, safety and efficiency of Rust makes it the best choice for proxies and
    sidecars
    ○ Linkerd proxy is written in Rust
    ● K8s Operators
    ○ Rust’s asynchronous programming model is a perfect match for building high
    performance/throughput/parallel operators
    ○ Light on resource usage and footprint and less code to write
    ● Log aggregation/Monitoring/eBPF
    ○ Ideal for low footprint observability/tracing
    ○ Redbpf: A Rust eBPF toolchain already exists
    

    View Slide

27. @deepu105
    @oktaDev
    User space tools
    ● KDash: uses very minimal resources compared even to kubectl
    ● Kubie: K8s context switching and prompt modification for shell
    ● kubectl-view-allocations: kubectl plugin to list allocations
    ● Click: Command Line Interactive Controller for Kubernetes
    

    View Slide

28. @deepu105
    @oktaDev
    Notable Libraries
    ● kube-rs: Kubernetes client for Rust
    ● K8s-openapi: Rust bindings for Kubernetes API
    ● kubert: Rust Kubernetes runtime helpers
    ● Roperator: Write kubernetes operator in Rust with minimal code
    ● Rusoto: Rust SDK for AWS
    ● aws-sdk-rust: Rust SDK for AWS
    ● Prometheus-parser: parse and validate Prometheus query expressions
    

    View Slide

29. @deepu105
    @oktaDev
    KDash architecture
    

    View Slide

30. @deepu105
    @oktaDev
    Major Libraries used
    ● tui-rs: Library to build rich terminal user interfaces and dashboards
    ● Crossterm: Terminal manipulation library
    ● Tokio: An event-driven, non-blocking async I/O platform
    ● kube-rs (k8s-openapi, Openssl): Kubernetes client for Rust
    ● kubectl-view-allocations: Library to fetch resource allocations for k8s
    ● clap: Command line argument parser
    ● rust-clipboard: cross-platform library for OS-level clipboard management
    ● duct.rs: Library for running child processes
    ● Serde: Serialization and deserialization library
    

    View Slide

31. @deepu105
    @oktaDev
    Data architecture
    ● Event driven
    ○ Async I/O using dedicated channels
    ● Multi threaded
    ○ Single data-store using ARC + Mutex
    ○ Separate threads for UI, streams, network and CMD
    ● Non-blocking UI
    ○ Only bottleneck is network I/O with kube-api-server
    

    View Slide

32. @deepu105
    @oktaDev
    Challenges
    

    View Slide

33. @deepu105
    @oktaDev
    Challenges
    ● Log streaming was blocking due to how the kube-rs lib works
    ○ Solution: Seperate thread for log streaming with tokio-streams
    ○ Some quirks exists and needs to be investigated and fixed
    ● UI was blocking and not very smooth
    ○ Solution: Seperate thread for network calls and event driven I/O
    ● Kube-rs version updates are coupled to another library used
    ○ No proper solution yet
    

    View Slide

34. @deepu105
    @oktaDev
    Thank You
    Deepu K Sasidharan
    @deepu105 | deepu.tech
    https://deepu.tech/tags#rust
    

    View Slide