Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Proxy-Wasm: Wasmを利用したPlugin機構の開発
Search
mathetake
December 09, 2020
Technology
1.9k
3
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Proxy-Wasm: Wasmを利用したPlugin機構の開発
WebAssembly night #10
https://emsn.connpass.com/event/192221
mathetake
December 09, 2020
More Decks by mathetake
See All by mathetake
CGO-less Foreign Function Interface With WebAssembly
mathetake
4
910
WebAssemblyの現状と展望 ~言語ツールチェインからWASIまで~
mathetake
15
4.5k
Isolated multiple trust domain mTLS in Envoy and Istio
mathetake
2
1.3k
Wasmで広がるEnvoyとIstioの世界
mathetake
7
3.9k
Proxy-Wasm: エッジでのWasm研究開発最先端
mathetake
8
2.7k
Introduction to Flagger
mathetake
5
5.5k
Other Decks in Technology
See All in Technology
AI駆動開発を通して感じた、 AI時代のデザイナーの役割変化
whisaiyo
3
2.1k
Agent Skills設計で柔軟性と硬さのバランスが難しい話
nassy20
0
130
フィジカル版Github Onshapeの紹介
shiba_8ro
0
240
2026TECHFRESH畢業分享會 - Lightning Talk - 資料也要 CI/CD? 用 Airbyte 自動化資料同步
line_developers_tw
PRO
0
1k
Oracle AI Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
6
2k
【Cyber-sec+】経営層を"動かす"ための考え方
hssh2_bin
0
180
Bucharest Tech Week 2026 - Reinventing testing practices in the AI era
edeandrea
PRO
1
160
失敗を経て、Harness Engineering で 大切にしたいことを考える / Learning from Failure: What Matters in Harness Engineering
bitkey
PRO
1
370
エラーバジェットのアラートのタイミングを考える.pdf
kairim0
0
150
作って終わりにしない タイミーのセマンティックレイヤー育成の現在地
chanyou0311
4
2.4k
NAB Show 2026 動画技術関連レポート / NAB Show 2026 Report
cyberagentdevelopers
PRO
0
200
2026TECHFRESH畢業分享會 - 原生還是跨平台? App 開發踩坑實錄
line_developers_tw
PRO
0
1k
Featured
See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
75
12k
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
4 Signs Your Business is Dying
shpigford
187
22k
Accessibility Awareness
sabderemane
1
140
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
250
New Earth Scene 8
popppiees
3
2.3k
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
410
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
200
Rebuilding a faster, lazier Slack
samanthasiow
85
9.5k
Designing Experiences People Love
moore
143
24k
Designing for Performance
lara
611
70k
The Cost Of JavaScript in 2023
addyosmani
55
10k
Transcript
Takeshi Yoneda, Software Engineer, Tetrate.io WebAssembly Night #10 Proxy-Wasm: WasmΛར༻ͨ͠Pluginػߏͷ։ൃ
• Takeshi Yoneda (Ϛελέ) / Twitter, Github: @mathetake • Software
Engineer at Tetrate, California, US • “Paid” OSS dev: Envoy, Istio, Proxy-Wasm, Wasm, TinyGo • C++ committer of Proxy-Wasm project • Creator of Go SDK for Proxy-Wasm • Contributor/Member of V8, Envoy, TinyGo, Weaveworks/Flagger, etc. whoami
1. The current state of WebAssembly 2. Background: Envoy’s extensibility
3. Proxy-Wasm: WebAssembly For Proxies 4. The Challenges and Future Agenda
1. The current state of WebAssembly
• Stack-basedͳԾϚγϯͱͦͷ༷ • ݩʑϒϥβ(JS)ͷߴԽ͕త • asm.js -> WebAssembly(Wasm)ͱਐԽ • ༷ΛಡΊ͔Δ͕Ұݴ
“host” ͷཁٻ͕ͳ͍ • Portable, platform-agnostic • Run at near-native speed: ΊͬͪΌ͍(※࣮ʹΑΔ) • Security: ελοΫ͕ϓϩάϥϜ͔Βݟ͑ͳ͍ͱ͔ͦ͏͍͏ͷ WebAssembly 101
• ༷ʑͳݴޠ͔ΒίϯύΠϧՄೳ: C, C++, Rust, Go(TinyGo), AssemblyScript • ॳjsͷΈࠐΈ͕લఏ: ͦΕͧΕͷݴޠ͕ಠࣗͷ
“glue.js”Λ࣋ͭ • ίϯύΠϥڞ௨ͷ“Platform”λʔήοτ͕ͳ͍(͍, jsͳΜ͚ͩͲ͞, Έ͍ͨͳ) • VMͱͯ͠༏ल&ίϯύΠϥج൫͋Δͷʹମͳ͍ • ϒϥβͷ֎Ͱ͍͍ͨ WebAssembly 101
• Wasm <-> Hostͷ͠ํ(ΠϯλʔϑΣΠε)Λඪ४Խ͠·͠͠ΐ͏ • WasmͷίϯύΠϥͷ“platform”λʔήοτʹ͠Α͏ • WASI (WebAssembly System
Interface)ͷొ WebAssembly 101 https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/
• WASIΛ࣮ͨ͠ϥϯλΠϜ͕ొ • WAVM, Wasmtime, Wasmer, Lucet, ʑ • “ී௨ͷϓϩηε”ͱಉ͡Α͏ʹWasm͕ಈ͘Α͏ʹͳΔ
Wasm gets out of web browsers
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/pull/1373
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
Example: TinyGo’s WASI support
Example: TinyGo’s WASI support “clock_time_get” Λimport
Example: TinyGo’s WASI support “clock_time_get” Λimport Wasmtime WASI Implementation
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go
Example: TinyGo’s WASI support time.Nowͷ࣮ମ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go time.Nowͷ࣮ମ
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
Example: TinyGo’s WASI support Wasmtime Runtime͕࣮ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
• ݁ہABI (Wasm <-> Hostͷ͠ํ)ܾ͑͞ΊΕͳΜͰͰ͖Δ • ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ͍ͯ͠ΔΒ͍͠ •
Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers
• ݁ہABI (Wasm <-> Hostͷ͠ํ)ܾ͑͞ΊΕͳΜͰͰ͖Δ • ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ͍ͯ͠ΔΒ͍͠ •
Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers ࠓͷ͓
2. Background: Envoy’s extensibility
What is Envoy?
• “Cloud-native high-performance edge/middle/service proxy” • CNCF Graduated Project, Github
Star: 15,000+ • Written in C++ • αʔϏεϝογϡͷData planeͱͯ͠།Ұແೋͷଘࡏ What is Envoy?
• ϓϩΩγαʔόʔͳͷͰuse case͕ແݶ • EnvoyʹવϓϥάΠϯ(֦ு)ػߏ͕ଘࡏ • ֦ுͷྫ • ࣾಠࣗͷAuthn/Authz ػೳΛೖΕ͍ͨ
• ಛघͳϓϩτίϧΛѻ͍͍ͨ • MySQL, Redis, DynamoDB, etc. Envoy’s extensibility
Envoy’s extensibility
• Envoy੩తϦϯΫ͕લఏ • C++Ͱॻ͔ͳ͍ͱ͍͚ͳ͍ • มߋөͷͨΊʹશ࠶ىಈ͕ඞཁ • StableͳABI͕ܾ·͍ͬͯͳ͍ • ֦ுػೳΛՃ͢Δʹ
1. UpstreamϚʔδ͢Δ —> ಛघ(private)ͳϢʔεέʔεෆՄ 2. ಠࣗϏϧυΛ͢Δ —> upstreamͷै͕େม Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
None
• ϓϥάΠϯ = WasmͷόΠφϦͱͯ͠Envoyʹ • Envoy <-> Wasmͷ͠ํ(ABI)Λstableʹ͠Α͏ • ͯ͢ͷ՝ΛΫϦΞ
• ҙͷݴޠ, ಈతload, ηΩϡΞ, stableͳABI Extending Envoy with Wasm ಠࣗͷABI
• ͦͦϓϩΩγαʔόͷ֦ு༻APIීวతͳͷͳͣ • ྫ: Http Header/Body/Trailerʹରͯ͠◦◦͢Δ, tcpίωΫγϣϯʹରͯ͠xx͢Δ • Envoy͔ΒΓͤΔͷͰʁ =>
Proxy-Wasmͱ͍͏Envoy͔Βಠཱͨ͠ϓϩδΣΫτʹ Extending Envoy with Wasm
3. Proxy-Wasm: WebAssembly For Proxies
• https://github.com/proxy-wasm • ϓϩΩγαʔόͷ֦ுػߏͷͨΊͷABIͱSDKͷ։ൃͷͨΊͷϓϩδΣΫτ • ։ൃ࣮࣭తʹEnvoyίϛϡχςΟ • LinkerdMosnͳͲ΄͔ͷϓϩΩγք۾ࢀೖͷؾ Proxy-Wasm: WebAssembly
for Proxies
• ̐ͭͷݴޠͷSDK͕͋Γ, ؆୯ʹcompatibleͳWasmͷίϯύΠϧ͕Մೳ • C++, Rust, Go(TinyGO), AssemblyScript • Hostͷެ࣮ࣜC++ͷΈ
• https://github.com/proxy-wasm/proxy-wasm-cpp-host • VMͱͯ͠ Wasmtime(wasm-c-api), V8(wasm-c-api), WAVM͕ݱঢ়ར༻Մೳ • Envoy, Apache Traffic Server(PoC)͜ͷެ࣮ࣜΛϥΠϒϥϦͱͯ͠͏ Proxy-Wasm: WebAssembly for Proxies
• Spec: https://github.com/proxy-wasm/spec • WasmͷϓϩΩγαʔόͷABI(͠ํ)ΛఆΊͨͷ • (proxy-wasm-cpp-host࣮v0.2.1ʹͳͬͯΔ͕, spec͕ߋ৽͞Ε͍ͯͳ͍…) Proxy-Wasm specification
Proxy-Wasm specification: Example 1. ϩΪϯάͷͨΊʹ “Wasm͔Β”ݺͿؔ
Proxy-Wasm specification: Example 1. proxy_logͷ࣮ in ϗετ https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/exports.cc#L854-L864
Proxy-Wasm specification: Example 1. proxy_logͷ࣮Λظ https://github.com/proxy-wasm/proxy-wasm-rust-sdk/blob/master/src/hostcalls.rs#L20-L32
Proxy-Wasm specification: Example 2. ίωΫγϣϯཱ֬࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ Tcp data͕౸ண࣌, ϗετ͔ΒݺΕΔ
“Wasm”ͷؔ
Proxy-Wasm specification: Example 2. http request header౸ண࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ http
request body͕౸ண࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ
Proxy-Wasm specification: Example 2. SDKͰ࣮ & export https://github.com/tetratelabs/proxy-wasm-go-sdk/blob/main/proxywasm/abi_l7.go#L21-L40
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-hostͷ onResponseHeadersΛݺͿ
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-hostͷ onResponseHeadersΛݺͿ “Wasm”ͷproxy_on_request_headers
• 1 VM / (Plugin, Worker Thread) • Nativeͷ֦ுͷதͰproxy-wasm- cpp-hostΛ༻
• 1ͷؒ “envoy-wasm”ͱ͍͏ forkઌͰ։ൃ • 10݄ʹupstreamϚʔδ͞Εͨ Proxy-Wasm in Envoy
• 2ͭͷDeployͷํ๏ • EnvoyͷϑΝΠϧγες ϜʹWasmΛஔ͍ͯ, ىಈ ࣌ʹϩʔυ • xDSͱݺΕΔಠࣗͷಈ తconfigurationͷϓϩτ
ίϧͰRuntimeͰΓସ ͑Δ Proxy-Wasm in Envoy
Proxy-Wasm in Envoy
Proxy-Wasm in Envoy
Proxy-Wasm in Mosn
Proxy-Wasm in Linkerd?
4. The Challenges and Future
• ҙͷϓϩάϥϜ͔ΒͲ͏ͷΑ͏ʹϗετΛकΔ͔? • ProxyαʔόϛογϣϯΫϦςΟΧϧͳιϑτΣΞ • ςετॻ͍ͯॻ͍ͯॻ͖͖Εͳ͍ • I/F͕ηΩϡΞͱ͍͑ɺಛఆͷύεͰΫϥογϡ͢Δ͜ͱ͋Δ Challenges in
Proxy-Wasm
• ύϑΥʔϚϯεͷ • Near-nativeͱ͍͑ͬͺΓগ͍͠ • GC͖ͷݴޠProxy-Wasm͚ͷGCΞϧΰϦζϜΛ։ൃ͠ͳ͍ͱ ͍͚ͳ͍? Challenges in Proxy-Wasm
• αϙʔτݴޠ, ͦ͜·Ͱଟ͘ͳ͍Α͏ͳ….? • WasmͷΤίγεςϜࣗମ͕·ͩະख़ Challenges in Proxy-Wasm
• V8, WAVM, WasmtimeΛಉ࣌ʹlink͠Α͏ͱͨ͠Βsymbol͕িಥ • libunwind, wasm-c-api, GDB JIT interface
Challenges in Proxy-Wasm
• ABI͕Envoyͷ࣮ʹ͍ͩͿد͍ͬͯΔ(ͨΓલͱ͍͑ͨΓલ…) • 1VM͕ෳͷϦΫΤετΛࡹ͘ͱ͍͏ઃܭ • V8 / WAVMͷoverhead͕എܠ • 1VM
= 1 requestͱ͍͏Ϟσϧͷ߹ʹෆཁͳઃఆ͕͍͔ͭ͋͘Δ Challenges in Proxy-Wasm
• RuntimeͲΕબྑ͍ͷ͔ • (Runtimeͷ)Compile, (Wasm)ͷCompile, ࣮ߦͷτϨʔυΦϑ Challenges in Proxy-Wasm
• ·ͩ·ͩEarly days (Join us!): server-side WasmͷޭྫͱͳΓ͍ͨ • EnvoyҎ֎ͷProxyʹΑΔαϙʔτ Future
of Proxy-Wasm
• BytecodeAllienceೖΓ…? • ࣮ࡍProxy-Wasm͋ΔछͷWASIͷ֦ுͰ͋Δ • Pre-Proposal phaseͱͯ͠WASIͷProposalʹ͍Δ • https://github.com/WebAssembly/WASI/blob/master/docs/ Proposals.md
Future of Proxy-Wasm
Future of Proxy-Wasm https://stackoverflow.com/questions/60969344/what-is-the-relationship-between-wasi-and-proxy-wasm
• OCI-compilantͳartifact imageͱͯ͠WasmͷόΠφϦΛ֨ೲ • docker pullͱಉ͡Α͏ʹ֦ுػೳΛϩʔυ • ͜ΕProxy-WasmʹݶͬͨͰͳ͍ • https://github.com/deislabs/krustlet
: k8s্Ͱίϯςφͱͯ͠WasmΛಈ͔͢project • https://github.com/deislabs/oras: OCI Registry As Storage • ͔ࣾΒ“Proxy-Wasm༻” OCI Spec͕ఏҊ͞Ε͍ͯΔ͕…(ࣾձੑϑΟϧλʔ) Future of Proxy-Wasm
• Proxy-Wasm = WasmΛͬͨϓϩΩγαʔόͷ֦ுػߏͷඪ४ԽϓϩδΣΫτ • WasmΛαʔόͰಈ͔ͯ͠ΠϕϯτຖʹWasm͔͚͠Δ • ·ͩ·ͩearly days •
Wasm/WASIͱڞʹʑਐԽ͍ͯ͠Δ • Envoy slackͷ #envoy-wasmͱ͍͏νϟϯωϧ͕Ұ൪ϝϯςφʹ͍ۙ ·ͱΊ
• Service Meshͷ࣮ͷࠐΈೖͬͨ • Envoyͷ֦ுͷਏ͞IstioଆͰڧ͍Ϟνϕʔγϣϯ͕͋ͬͨ͜ͱ • IstioଆͰطʹproductionͰΘΕ͍ͯΔ͜ͱ • ֤SDKͷ࣮ͷਏ͞ͷ •
RustWasmͷதͷreentrant call͕ෳͷmutable borrowΛੜΜͰࢮ͵ͱ͔ • GoͷWASIαϙʔτҰੜདྷͳ͍ؾ͕͢Δͱ͔ͦ͏͍͏ • V8ઌੜͱͷϝϞϦϦʔΫ֨ಆه • Rustͷίʔυ͕ॳΊͯEnvoyʹlink͞ΕΔ·Ͱͷي(ۤস) • GetEnvoy Extension Toolkitͷ։ൃπʔϧ ࠓͤ(͞)ͳ͔ͬͨ͜ͱ
We are hiring! https://www.tetrate.io/careers/
mathetake
whisaiyo
nassy20
shiba_8ro
line_developers_tw
oracle4engineer
hssh2_bin
edeandrea
bitkey
kairim0
chanyou0311
cyberagentdevelopers
sonatard
malarkey
shpigford
sabderemane
427marketing
popppiees
baasie
techseoconnect
samanthasiow
moore
lara
addyosmani
