Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Proxy-Wasm: Wasmを利用したPlugin機構の開発

mathetake
December 09, 2020
Technology
3
1.2k

Proxy-Wasm: Wasmを利用したPlugin機構の開発

WebAssembly night #10 https://emsn.connpass.com/event/192221

mathetake

December 09, 2020
Tweet

More Decks by mathetake

See All by mathetake
CGO-less Foreign Function Interface With WebAssembly
mathetake
4
360
WebAssemblyの現状と展望 ~言語ツールチェインからWASIまで~
mathetake
14
3.4k
Isolated multiple trust domain mTLS in Envoy and Istio
mathetake
2
720
Wasmで広がるEnvoyとIstioの世界
mathetake
7
3.1k
Proxy-Wasm: エッジでのWasm研究開発最先端
mathetake
8
1.9k
Introduction to Flagger
mathetake
5
4.5k

Other Decks in Technology

See All in Technology
NGINXENG JP#2 - 2-NGINXの動作の詳細
hiropo20
1
150
03_ユーザビリティテスト
kouzoukaikaku
0
870
SSMパラメーターストアでクロススタック参照の罠を回避する
shuyakinjo
0
8k
書籍を書きました。 そう、VS Codeで。
takumanakagame
4
4.6k
02_プロトタイピングの進め方
kouzoukaikaku
0
900
JAWS-UG 横浜 #54 資料
takakuni
0
220
都市ARの作り方 PLATEAU ✖︎ Geospatial API
41h0_shiho
1
340
FlexScan HD2452Wの 後継を探して
tring
0
6.6k
Oracle Transaction Manager for Microservices Free 22.3 製品概要
oracle4engineer
PRO
5
120
Logbii(ログビー) 会社紹介
logbii
0
180
re:Invent2022 前後の Amazon EventBridge のアップデートを踏まえつつ、情シスの仕事をより楽しくしたい話。 / EventBridge for Information Systems Department
_kensh
2
810
最近のフレッツとIPv6の話
mattenn
0
100

Featured

See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
The Cult of Friendly URLs
andyhume
69
5.1k
BBQ
matthewcrist
75
8.1k
Docker and Python
trallard
30
1.9k
Large-scale JavaScript Application Architecture
addyosmani
499
110k
Clear Off the Table
cherdarchuk
79
290k
How To Stay Up To Date on Web Technology
chriscoyier
779
250k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
349
27k
Music & Morning Musume
bryan
37
4.7k
Producing Creativity
orderedlist
PRO
335
38k
Gamification - CAS2011
davidbonilla
75
4.1k
GitHub's CSS Performance
jonrohan
1020
430k

Transcript

  1. Takeshi Yoneda, Software Engineer, Tetrate.io WebAssembly Night #10 Proxy-Wasm: WasmΛར༻ͨ͠Pluginػߏͷ։ൃ

  2. • Takeshi Yoneda (Ϛελέ) / Twitter, Github: @mathetake • Software

    Engineer at Tetrate, California, US • “Paid” OSS dev: Envoy, Istio, Proxy-Wasm, Wasm, TinyGo • C++ committer of Proxy-Wasm project • Creator of Go SDK for Proxy-Wasm • Contributor/Member of V8, Envoy, TinyGo, Weaveworks/Flagger, etc. whoami

  3. 1. The current state of WebAssembly 2. Background: Envoy’s extensibility

    3. Proxy-Wasm: WebAssembly For Proxies 4. The Challenges and Future Agenda

  4. 1. The current state of WebAssembly

  5. • Stack-basedͳԾ૝Ϛγϯͱͦͷ࢓༷ • ݩʑ͸ϒϥ΢β(JS)ͷߴ଎Խ͕໨త • asm.js -> WebAssembly(Wasm)΁ͱਐԽ • ࢓༷ΛಡΊ͹෼͔Δ͕Ұݴ΋

    “host” ΁ͷཁٻ͕ͳ͍ • Portable, platform-agnostic • Run at near-native speed: ΊͬͪΌ଎͍(※࣮૷ʹΑΔ) • Security: ελοΫ͕ϓϩάϥϜ͔Βݟ͑ͳ͍ͱ͔ͦ͏͍͏ͷ WebAssembly 101

  6. • ༷ʑͳݴޠ͔ΒίϯύΠϧՄೳ: C, C++, Rust, Go(TinyGo), AssemblyScript • ౰ॳ͸js΁ͷ૊ΈࠐΈ͕લఏ: ͦΕͧΕͷݴޠ͕ಠࣗͷ

    “glue.js”Λ࣋ͭ • ίϯύΠϥڞ௨ͷ“Platform”λʔήοτ͕ͳ͍(͍΍, jsͳΜ͚ͩͲ͞, Έ͍ͨͳ) • VMͱͯ͠༏ल&ίϯύΠϥج൫΋͋Δͷʹ໪ମͳ͍ • ϒϥ΢βͷ֎Ͱ΋࢖͍͍ͨ WebAssembly 101

  7. • Wasm <-> Hostͷ࿩͠ํ(ΠϯλʔϑΣΠε)Λඪ४Խ͠·͠͠ΐ͏ • Wasm΁ͷίϯύΠϥͷ“platform”λʔήοτʹ͠Α͏ • WASI (WebAssembly System

    Interface)ͷొ৔ WebAssembly 101 https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/

  8. • WASIΛ࣮૷ͨ͠ϥϯλΠϜ͕ొ৔ • WAVM, Wasmtime, Wasmer, Lucet, ౳ʑ • “ී௨ͷϓϩηε”ͱಉ͡Α͏ʹWasm͕ಈ͘Α͏ʹͳΔ

    Wasm gets out of web browsers

  9. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/pull/1373

  10. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔ Wasm: Host functions

  11. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  12. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  13. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  14. Example: TinyGo’s WASI support

  15. Example: TinyGo’s WASI support “clock_time_get” Λimport

  16. Example: TinyGo’s WASI support “clock_time_get” Λimport Wasmtime WASI Implementation

  17. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go

  18. Example: TinyGo’s WASI support time.Nowͷ࣮ମ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go

  19. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go time.Nowͷ࣮ମ

  20. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  21. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  22. Example: TinyGo’s WASI support Wasmtime Runtime͕࣮૷ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  23. • ݁ہABI (Wasm <-> Hostͷ࿩͠ํ)ܾ͑͞ΊΕ͹ͳΜͰ΋Ͱ͖Δ • ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔͍ͯ͠ΔΒ͍͠ •

    Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers

  24. • ݁ہABI (Wasm <-> Hostͷ࿩͠ํ)ܾ͑͞ΊΕ͹ͳΜͰ΋Ͱ͖Δ • ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔͍ͯ͠ΔΒ͍͠ •

    Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers ࠓ೔ͷ͓࿩

  25. 2. Background: Envoy’s extensibility

  26. What is Envoy?

  27. • “Cloud-native high-performance edge/middle/service proxy” • CNCF Graduated Project, Github

    Star: 15,000+ • Written in C++ • αʔϏεϝογϡͷData planeͱͯ͠།Ұແೋͷଘࡏ What is Envoy?

  28. • ϓϩΩγαʔόʔͳͷͰuse case͕ແݶ • Envoyʹ͸౰વϓϥάΠϯ(֦ு)ػߏ͕ଘࡏ • ֦ுͷྫ • ࣾ಺ಠࣗͷAuthn/Authz ػೳΛೖΕ͍ͨ

    • ಛघͳϓϩτίϧΛѻ͍͍ͨ • MySQL, Redis, DynamoDB, etc. Envoy’s extensibility

  29. Envoy’s extensibility

  30. • Envoy͸੩తϦϯΫ͕લఏ • C++Ͱॻ͔ͳ͍ͱ͍͚ͳ͍ • มߋ൓өͷͨΊʹશ୆࠶ىಈ͕ඞཁ • StableͳABI͕ܾ·͍ͬͯͳ͍ • ֦ுػೳΛ௥Ճ͢Δʹ͸

    1. Upstream΁Ϛʔδ͢Δ —> ಛघ(private)ͳϢʔεέʔε͸ෆՄ 2. ಠࣗϏϧυΛ͢Δ —> upstream΁ͷ௥ै͕େม Envoy’s extensibility

  31. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  32. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  33. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  34. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  35. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility
  36. None

  37. • ϓϥάΠϯ = WasmͷόΠφϦͱͯ͠Envoyʹ഑෍ • Envoy <-> Wasmͷ࿩͠ํ(ABI)Λstableʹ͠Α͏ • ͢΂ͯͷ՝୊ΛΫϦΞ

    • ೚ҙͷݴޠ, ಈతload, ηΩϡΞ, stableͳABI Extending Envoy with Wasm ಠࣗͷABI

  38. • ͦ΋ͦ΋ϓϩΩγαʔόͷ֦ு༻API͸ීวతͳ΋ͷͳ͸ͣ • ྫ: Http Header/Body/Trailerʹରͯ͠◦◦͢Δ, tcpίωΫγϣϯʹରͯ͠xx͢Δ • Envoy͔Β੾Γ཭ͤΔͷͰ͸ʁ =>

    Proxy-Wasmͱ͍͏Envoy͔Βಠཱͨ͠ϓϩδΣΫτʹ Extending Envoy with Wasm

  39. 3. Proxy-Wasm: WebAssembly For Proxies

  40. • https://github.com/proxy-wasm • ϓϩΩγαʔόͷ֦ுػߏͷͨΊͷABIͱSDK౳ͷ։ൃͷͨΊͷϓϩδΣΫτ • ։ൃ͸࣮࣭తʹ͸EnvoyίϛϡχςΟ • Linkerd΍MosnͳͲ΄͔ͷϓϩΩγք۾΋ࢀೖͷؾ഑ Proxy-Wasm: WebAssembly

    for Proxies

  41. • ̐ͭͷݴޠͷSDK͕͋Γ, ؆୯ʹcompatibleͳWasm΁ͷίϯύΠϧ͕Մೳ • C++, Rust, Go(TinyGO), AssemblyScript • Hostͷެ࣮ࣜ૷͸C++ͷΈ

    • https://github.com/proxy-wasm/proxy-wasm-cpp-host • VMͱͯ͠ Wasmtime(wasm-c-api), V8(wasm-c-api), WAVM͕ݱঢ়ར༻Մೳ • Envoy, Apache Traffic Server(PoC)౳͸͜ͷެ࣮ࣜ૷ΛϥΠϒϥϦͱͯ͠࢖͏ Proxy-Wasm: WebAssembly for Proxies

  42. • Spec: https://github.com/proxy-wasm/spec • WasmͷϓϩΩγαʔόͷABI(࿩͠ํ)ΛఆΊͨ΋ͷ • (proxy-wasm-cpp-host࣮૷͸v0.2.1ʹͳͬͯΔ͕, spec͕ߋ৽͞Ε͍ͯͳ͍…) Proxy-Wasm specification

  43. Proxy-Wasm specification: Example 1. ϩΪϯάͷͨΊʹ “Wasm͔Β”ݺͿؔ਺

  44. Proxy-Wasm specification: Example 1. proxy_logͷ࣮૷ in ϗετ https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/exports.cc#L854-L864

  45. Proxy-Wasm specification: Example 1. proxy_logͷ࣮૷Λظ଴ https://github.com/proxy-wasm/proxy-wasm-rust-sdk/blob/master/src/hostcalls.rs#L20-L32

  46. Proxy-Wasm specification: Example 2. ίωΫγϣϯཱ֬࣌, ϗετ͔Βݺ͹ΕΔ “Wasm”಺ͷؔ਺ Tcp data͕౸ண࣌, ϗετ͔Βݺ͹ΕΔ

    “Wasm”಺ͷؔ਺

  47. Proxy-Wasm specification: Example 2. http request header౸ண࣌, ϗετ͔Βݺ͹ΕΔ “Wasm಺”ͷؔ਺ http

    request body͕౸ண࣌, ϗετ͔Βݺ͹ΕΔ “Wasm಺”ͷؔ਺

  48. Proxy-Wasm specification: Example 2. SDK಺Ͱ࣮૷ & export https://github.com/tetratelabs/proxy-wasm-go-sdk/blob/main/proxywasm/abi_l7.go#L21-L40

  49. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319

  50. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-host಺ͷ onResponseHeadersΛݺͿ

  51. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-host಺ͷ onResponseHeadersΛݺͿ “Wasm಺”ͷproxy_on_request_headers

  52. • 1 VM / (Plugin, Worker Thread) • Nativeͷ֦ுͷதͰproxy-wasm- cpp-hostΛ࢖༻

    • 1೥൒΋ͷؒ “envoy-wasm”ͱ͍͏ forkઌͰ։ൃ • 10݄ʹupstream΁Ϛʔδ͞Εͨ Proxy-Wasm in Envoy

  53. • 2ͭͷDeployͷํ๏ • EnvoyͷϑΝΠϧγες ϜʹWasmΛஔ͍ͯ, ىಈ ࣌ʹϩʔυ • xDSͱݺ͹ΕΔಠࣗͷಈ తconfigurationͷϓϩτ

    ίϧͰRuntimeͰ੾Γସ ͑Δ Proxy-Wasm in Envoy

  54. Proxy-Wasm in Envoy

  55. Proxy-Wasm in Envoy

  56. Proxy-Wasm in Mosn

  57. Proxy-Wasm in Linkerd?

  58. 4. The Challenges and Future

  59. • ೚ҙͷϓϩάϥϜ͔ΒͲ͏ͷΑ͏ʹϗετΛकΔ͔? • Proxyαʔό͸ϛογϣϯΫϦςΟΧϧͳιϑτ΢ΣΞ • ςετ͸ॻ͍ͯ΋ॻ͍ͯ΋ॻ͖͖Εͳ͍ • I/F͕ηΩϡΞͱ͸͍͑ɺಛఆͷύεͰΫϥογϡ͢Δ͜ͱ΋͋Δ Challenges in

    Proxy-Wasm

  60. • ύϑΥʔϚϯεͷ໰୊ • Near-nativeͱ͸͍͑΍ͬͺΓগ͠஗͍ • GC෇͖ͷݴޠ͸Proxy-Wasm޲͚ͷGCΞϧΰϦζϜΛ։ൃ͠ͳ͍ͱ ͍͚ͳ͍? Challenges in Proxy-Wasm

  61. • αϙʔτݴޠ, ͦ͜·Ͱଟ͘ͳ͍Α͏ͳ….? • WasmͷΤίγεςϜࣗମ͕·ͩະख़ Challenges in Proxy-Wasm

  62. • V8, WAVM, WasmtimeΛಉ࣌ʹlink͠Α͏ͱͨ͠Βsymbol͕িಥ • libunwind, wasm-c-api, GDB JIT interface

    Challenges in Proxy-Wasm

  63. • ABI͕Envoyͷ࣮૷ʹ͍ͩͿد͍ͬͯΔ(౰ͨΓલͱ͍͑͹౰ͨΓલ…) • 1VM͕ෳ਺ͷϦΫΤετΛࡹ͘ͱ͍͏ઃܭ • V8 / WAVMͷoverhead͕എܠ • 1VM

    = 1 requestͱ͍͏Ϟσϧͷ৔߹ʹෆཁͳઃఆ͕͍͔ͭ͋͘Δ Challenges in Proxy-Wasm

  64. • RuntimeͲΕબ΂͹ྑ͍ͷ͔໰୊ • (Runtimeͷ)Compile, (Wasm)ͷCompile, ࣮ߦ଎౓ͷτϨʔυΦϑ Challenges in Proxy-Wasm

  65. • ·ͩ·ͩEarly days (Join us!): server-side Wasmͷ੒ޭྫͱͳΓ͍ͨ • EnvoyҎ֎ͷProxyʹΑΔαϙʔτ Future

    of Proxy-Wasm

  66. • BytecodeAllienceೖΓ…? • ࣮ࡍProxy-Wasm͸͋ΔछͷWASIͷ֦ுͰ͋Δ • Pre-Proposal phaseͱͯ͠WASIͷProposalʹ͍Δ • https://github.com/WebAssembly/WASI/blob/master/docs/ Proposals.md

    Future of Proxy-Wasm

  67. Future of Proxy-Wasm https://stackoverflow.com/questions/60969344/what-is-the-relationship-between-wasi-and-proxy-wasm

  68. • OCI-compilantͳartifact imageͱͯ͠WasmͷόΠφϦΛ֨ೲ • docker pullͱಉ͡Α͏ʹ֦ுػೳΛϩʔυ • ͜Ε͸Proxy-Wasmʹݶͬͨ࿩Ͱ͸ͳ͍ • https://github.com/deislabs/krustlet

    : k8s্Ͱίϯςφͱͯ͠WasmΛಈ͔͢project • https://github.com/deislabs/oras: OCI Registry As Storage • ๭͔ࣾΒ“Proxy-Wasm༻” OCI Spec͕ఏҊ͞Ε͍ͯΔ͕…(ࣾձੑϑΟϧλʔ) Future of Proxy-Wasm

  69. • Proxy-Wasm = WasmΛ࢖ͬͨϓϩΩγαʔόͷ֦ுػߏͷඪ४ԽϓϩδΣΫτ • WasmΛαʔό಺Ͱಈ͔ͯ͠ΠϕϯτຖʹWasm΁࿩͔͚͠Δ • ·ͩ·ͩearly days •

    Wasm/WASIͱڞʹ೔ʑਐԽ͍ͯ͠Δ • Envoy slackͷ #envoy-wasmͱ͍͏νϟϯωϧ͕Ұ൪ϝϯςφʹ͍ۙ ·ͱΊ

  70. • Service Meshͷ࣮૷ͷࠐΈೖͬͨ࿩ • Envoyͷ֦ுͷਏ͞͸IstioଆͰڧ͍Ϟνϕʔγϣϯ͕͋ͬͨ͜ͱ • IstioଆͰطʹproductionͰ࢖ΘΕ͍ͯΔ͜ͱ • ֤SDKͷ࣮૷ͷਏ͞ͷ࿩ •

    Rust͸Wasmͷத΁ͷreentrant call͕ෳ਺ͷmutable borrowΛੜΜͰࢮ͵ͱ͔ • GoͷWASIαϙʔτ͸Ұੜདྷͳ͍ؾ͕͢Δͱ͔ͦ͏͍͏࿩ • V8ઌੜͱͷϝϞϦϦʔΫ֨ಆ೔ه • Rustͷίʔυ͕ॳΊͯEnvoyʹlink͞ΕΔ·Ͱͷي੻(ۤস) • GetEnvoy Extension Toolkit౳ͷ։ൃπʔϧ ࠓ೔࿩ͤ(͞)ͳ͔ͬͨ͜ͱ

  71. We are hiring! https://www.tetrate.io/careers/