Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Proxy-Wasm: Wasmを利用したPlugin機構の開発

mathetake
December 09, 2020
Technology
3
1.7k

Proxy-Wasm: Wasmを利用したPlugin機構の開発

WebAssembly night #10 https://emsn.connpass.com/event/192221

mathetake

December 09, 2020
Tweet

More Decks by mathetake

See All by mathetake
CGO-less Foreign Function Interface With WebAssembly
mathetake
4
700
WebAssemblyの現状と展望 ~言語ツールチェインからWASIまで~
mathetake
15
4.1k
Isolated multiple trust domain mTLS in Envoy and Istio
mathetake
2
1.1k
Wasmで広がるEnvoyとIstioの世界
mathetake
7
3.7k
Proxy-Wasm: エッジでのWasm研究開発最先端
mathetake
8
2.4k
Introduction to Flagger
mathetake
5
5.2k

Other Decks in Technology

See All in Technology
私なりのAIのご紹介 [2024年版]
qt_luigi
1
120
Postman と API セキュリティ / Postman and API Security
yokawasa
0
200
バクラクのドキュメント解析技術と実データにおける課題 / layerx-ccc-winter-2024
shimacos
2
1k
どちらを使う?GitHub or Azure DevOps Ver. 24H2
kkamegawa
0
630
マルチプロダクト開発の現場でAWS Security Hubを1年以上運用して得た教訓
muziyoshiz
2
2.1k
KnowledgeBaseDocuments APIでベクトルインデックス管理を自動化する
iidaxs
1
250
ハイテク休憩
sat
PRO
2
120
CustomCopを使ってMongoidのコーディングルールを整えてみた
jinoketani
0
220
Snowflake女子会#3 Snowpipeの良さを5分で語るよ
lana2548
0
220
オプトインカメラ:UWB測位を応用したオプトイン型のカメラ計測
matthewlujp
0
170
AWS re:Invent 2024で発表された コードを書く開発者向け機能について
maruto
0
180
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
31k

Featured

See All Featured
How to Ace a Technical Interview
jacobian
276
23k
Optimizing for Happiness
mojombo
376
70k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.6k
Building a Scalable Design System with Sketch
lauravandoore
460
33k
Producing Creativity
orderedlist
PRO
341
39k
Faster Mobile Websites
deanohume
305
30k
Designing Experiences People Love
moore
138
23k
Being A Developer After 40
akosma
87
590k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
BBQ
matthewcrist
85
9.4k
Art, The Web, and Tiny UX
lynnandtonic
298
20k

Transcript

  1. Takeshi Yoneda, Software Engineer, Tetrate.io WebAssembly Night #10 Proxy-Wasm: WasmΛར༻ͨ͠Pluginػߏͷ։ൃ

  2. • Takeshi Yoneda (Ϛελέ) / Twitter, Github: @mathetake • Software

    Engineer at Tetrate, California, US • “Paid” OSS dev: Envoy, Istio, Proxy-Wasm, Wasm, TinyGo • C++ committer of Proxy-Wasm project • Creator of Go SDK for Proxy-Wasm • Contributor/Member of V8, Envoy, TinyGo, Weaveworks/Flagger, etc. whoami

  3. 1. The current state of WebAssembly 2. Background: Envoy’s extensibility

    3. Proxy-Wasm: WebAssembly For Proxies 4. The Challenges and Future Agenda

  4. 1. The current state of WebAssembly

  5. • Stack-basedͳԾ૝Ϛγϯͱͦͷ࢓༷ • ݩʑ͸ϒϥ΢β(JS)ͷߴ଎Խ͕໨త • asm.js -> WebAssembly(Wasm)΁ͱਐԽ • ࢓༷ΛಡΊ͹෼͔Δ͕Ұݴ΋

    “host” ΁ͷཁٻ͕ͳ͍ • Portable, platform-agnostic • Run at near-native speed: ΊͬͪΌ଎͍(※࣮૷ʹΑΔ) • Security: ελοΫ͕ϓϩάϥϜ͔Βݟ͑ͳ͍ͱ͔ͦ͏͍͏ͷ WebAssembly 101

  6. • ༷ʑͳݴޠ͔ΒίϯύΠϧՄೳ: C, C++, Rust, Go(TinyGo), AssemblyScript • ౰ॳ͸js΁ͷ૊ΈࠐΈ͕લఏ: ͦΕͧΕͷݴޠ͕ಠࣗͷ

    “glue.js”Λ࣋ͭ • ίϯύΠϥڞ௨ͷ“Platform”λʔήοτ͕ͳ͍(͍΍, jsͳΜ͚ͩͲ͞, Έ͍ͨͳ) • VMͱͯ͠༏ल&ίϯύΠϥج൫΋͋Δͷʹ໪ମͳ͍ • ϒϥ΢βͷ֎Ͱ΋࢖͍͍ͨ WebAssembly 101

  7. • Wasm <-> Hostͷ࿩͠ํ(ΠϯλʔϑΣΠε)Λඪ४Խ͠·͠͠ΐ͏ • Wasm΁ͷίϯύΠϥͷ“platform”λʔήοτʹ͠Α͏ • WASI (WebAssembly System

    Interface)ͷొ৔ WebAssembly 101 https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/

  8. • WASIΛ࣮૷ͨ͠ϥϯλΠϜ͕ొ৔ • WAVM, Wasmtime, Wasmer, Lucet, ౳ʑ • “ී௨ͷϓϩηε”ͱಉ͡Α͏ʹWasm͕ಈ͘Α͏ʹͳΔ

    Wasm gets out of web browsers

  9. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/pull/1373

  10. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔ Wasm: Host functions

  11. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  12. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  13. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  14. Example: TinyGo’s WASI support

  15. Example: TinyGo’s WASI support “clock_time_get” Λimport

  16. Example: TinyGo’s WASI support “clock_time_get” Λimport Wasmtime WASI Implementation

  17. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go

  18. Example: TinyGo’s WASI support time.Nowͷ࣮ମ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go

  19. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go time.Nowͷ࣮ମ

  20. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  21. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  22. Example: TinyGo’s WASI support Wasmtime Runtime͕࣮૷ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  23. • ݁ہABI (Wasm <-> Hostͷ࿩͠ํ)ܾ͑͞ΊΕ͹ͳΜͰ΋Ͱ͖Δ • ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔͍ͯ͠ΔΒ͍͠ •

    Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers

  24. • ݁ہABI (Wasm <-> Hostͷ࿩͠ํ)ܾ͑͞ΊΕ͹ͳΜͰ΋Ͱ͖Δ • ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔͍ͯ͠ΔΒ͍͠ •

    Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers ࠓ೔ͷ͓࿩

  25. 2. Background: Envoy’s extensibility

  26. What is Envoy?

  27. • “Cloud-native high-performance edge/middle/service proxy” • CNCF Graduated Project, Github

    Star: 15,000+ • Written in C++ • αʔϏεϝογϡͷData planeͱͯ͠།Ұແೋͷଘࡏ What is Envoy?

  28. • ϓϩΩγαʔόʔͳͷͰuse case͕ແݶ • Envoyʹ͸౰વϓϥάΠϯ(֦ு)ػߏ͕ଘࡏ • ֦ுͷྫ • ࣾ಺ಠࣗͷAuthn/Authz ػೳΛೖΕ͍ͨ

    • ಛघͳϓϩτίϧΛѻ͍͍ͨ • MySQL, Redis, DynamoDB, etc. Envoy’s extensibility

  29. Envoy’s extensibility

  30. • Envoy͸੩తϦϯΫ͕લఏ • C++Ͱॻ͔ͳ͍ͱ͍͚ͳ͍ • มߋ൓өͷͨΊʹશ୆࠶ىಈ͕ඞཁ • StableͳABI͕ܾ·͍ͬͯͳ͍ • ֦ுػೳΛ௥Ճ͢Δʹ͸

    1. Upstream΁Ϛʔδ͢Δ —> ಛघ(private)ͳϢʔεέʔε͸ෆՄ 2. ಠࣗϏϧυΛ͢Δ —> upstream΁ͷ௥ै͕େม Envoy’s extensibility

  31. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  32. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  33. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  34. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  35. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility
  36. None

  37. • ϓϥάΠϯ = WasmͷόΠφϦͱͯ͠Envoyʹ഑෍ • Envoy <-> Wasmͷ࿩͠ํ(ABI)Λstableʹ͠Α͏ • ͢΂ͯͷ՝୊ΛΫϦΞ

    • ೚ҙͷݴޠ, ಈతload, ηΩϡΞ, stableͳABI Extending Envoy with Wasm ಠࣗͷABI

  38. • ͦ΋ͦ΋ϓϩΩγαʔόͷ֦ு༻API͸ීวతͳ΋ͷͳ͸ͣ • ྫ: Http Header/Body/Trailerʹରͯ͠◦◦͢Δ, tcpίωΫγϣϯʹରͯ͠xx͢Δ • Envoy͔Β੾Γ཭ͤΔͷͰ͸ʁ =>

    Proxy-Wasmͱ͍͏Envoy͔Βಠཱͨ͠ϓϩδΣΫτʹ Extending Envoy with Wasm

  39. 3. Proxy-Wasm: WebAssembly For Proxies

  40. • https://github.com/proxy-wasm • ϓϩΩγαʔόͷ֦ுػߏͷͨΊͷABIͱSDK౳ͷ։ൃͷͨΊͷϓϩδΣΫτ • ։ൃ͸࣮࣭తʹ͸EnvoyίϛϡχςΟ • Linkerd΍MosnͳͲ΄͔ͷϓϩΩγք۾΋ࢀೖͷؾ഑ Proxy-Wasm: WebAssembly

    for Proxies

  41. • ̐ͭͷݴޠͷSDK͕͋Γ, ؆୯ʹcompatibleͳWasm΁ͷίϯύΠϧ͕Մೳ • C++, Rust, Go(TinyGO), AssemblyScript • Hostͷެ࣮ࣜ૷͸C++ͷΈ

    • https://github.com/proxy-wasm/proxy-wasm-cpp-host • VMͱͯ͠ Wasmtime(wasm-c-api), V8(wasm-c-api), WAVM͕ݱঢ়ར༻Մೳ • Envoy, Apache Traffic Server(PoC)౳͸͜ͷެ࣮ࣜ૷ΛϥΠϒϥϦͱͯ͠࢖͏ Proxy-Wasm: WebAssembly for Proxies

  42. • Spec: https://github.com/proxy-wasm/spec • WasmͷϓϩΩγαʔόͷABI(࿩͠ํ)ΛఆΊͨ΋ͷ • (proxy-wasm-cpp-host࣮૷͸v0.2.1ʹͳͬͯΔ͕, spec͕ߋ৽͞Ε͍ͯͳ͍…) Proxy-Wasm specification

  43. Proxy-Wasm specification: Example 1. ϩΪϯάͷͨΊʹ “Wasm͔Β”ݺͿؔ਺

  44. Proxy-Wasm specification: Example 1. proxy_logͷ࣮૷ in ϗετ https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/exports.cc#L854-L864

  45. Proxy-Wasm specification: Example 1. proxy_logͷ࣮૷Λظ଴ https://github.com/proxy-wasm/proxy-wasm-rust-sdk/blob/master/src/hostcalls.rs#L20-L32

  46. Proxy-Wasm specification: Example 2. ίωΫγϣϯཱ֬࣌, ϗετ͔Βݺ͹ΕΔ “Wasm”಺ͷؔ਺ Tcp data͕౸ண࣌, ϗετ͔Βݺ͹ΕΔ

    “Wasm”಺ͷؔ਺

  47. Proxy-Wasm specification: Example 2. http request header౸ண࣌, ϗετ͔Βݺ͹ΕΔ “Wasm಺”ͷؔ਺ http

    request body͕౸ண࣌, ϗετ͔Βݺ͹ΕΔ “Wasm಺”ͷؔ਺

  48. Proxy-Wasm specification: Example 2. SDK಺Ͱ࣮૷ & export https://github.com/tetratelabs/proxy-wasm-go-sdk/blob/main/proxywasm/abi_l7.go#L21-L40

  49. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319

  50. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-host಺ͷ onResponseHeadersΛݺͿ

  51. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-host಺ͷ onResponseHeadersΛݺͿ “Wasm಺”ͷproxy_on_request_headers

  52. • 1 VM / (Plugin, Worker Thread) • Nativeͷ֦ுͷதͰproxy-wasm- cpp-hostΛ࢖༻

    • 1೥൒΋ͷؒ “envoy-wasm”ͱ͍͏ forkઌͰ։ൃ • 10݄ʹupstream΁Ϛʔδ͞Εͨ Proxy-Wasm in Envoy

  53. • 2ͭͷDeployͷํ๏ • EnvoyͷϑΝΠϧγες ϜʹWasmΛஔ͍ͯ, ىಈ ࣌ʹϩʔυ • xDSͱݺ͹ΕΔಠࣗͷಈ తconfigurationͷϓϩτ

    ίϧͰRuntimeͰ੾Γସ ͑Δ Proxy-Wasm in Envoy

  54. Proxy-Wasm in Envoy

  55. Proxy-Wasm in Envoy

  56. Proxy-Wasm in Mosn

  57. Proxy-Wasm in Linkerd?

  58. 4. The Challenges and Future

  59. • ೚ҙͷϓϩάϥϜ͔ΒͲ͏ͷΑ͏ʹϗετΛकΔ͔? • Proxyαʔό͸ϛογϣϯΫϦςΟΧϧͳιϑτ΢ΣΞ • ςετ͸ॻ͍ͯ΋ॻ͍ͯ΋ॻ͖͖Εͳ͍ • I/F͕ηΩϡΞͱ͸͍͑ɺಛఆͷύεͰΫϥογϡ͢Δ͜ͱ΋͋Δ Challenges in

    Proxy-Wasm

  60. • ύϑΥʔϚϯεͷ໰୊ • Near-nativeͱ͸͍͑΍ͬͺΓগ͠஗͍ • GC෇͖ͷݴޠ͸Proxy-Wasm޲͚ͷGCΞϧΰϦζϜΛ։ൃ͠ͳ͍ͱ ͍͚ͳ͍? Challenges in Proxy-Wasm

  61. • αϙʔτݴޠ, ͦ͜·Ͱଟ͘ͳ͍Α͏ͳ….? • WasmͷΤίγεςϜࣗମ͕·ͩະख़ Challenges in Proxy-Wasm

  62. • V8, WAVM, WasmtimeΛಉ࣌ʹlink͠Α͏ͱͨ͠Βsymbol͕িಥ • libunwind, wasm-c-api, GDB JIT interface

    Challenges in Proxy-Wasm

  63. • ABI͕Envoyͷ࣮૷ʹ͍ͩͿد͍ͬͯΔ(౰ͨΓલͱ͍͑͹౰ͨΓલ…) • 1VM͕ෳ਺ͷϦΫΤετΛࡹ͘ͱ͍͏ઃܭ • V8 / WAVMͷoverhead͕എܠ • 1VM

    = 1 requestͱ͍͏Ϟσϧͷ৔߹ʹෆཁͳઃఆ͕͍͔ͭ͋͘Δ Challenges in Proxy-Wasm

  64. • RuntimeͲΕબ΂͹ྑ͍ͷ͔໰୊ • (Runtimeͷ)Compile, (Wasm)ͷCompile, ࣮ߦ଎౓ͷτϨʔυΦϑ Challenges in Proxy-Wasm

  65. • ·ͩ·ͩEarly days (Join us!): server-side Wasmͷ੒ޭྫͱͳΓ͍ͨ • EnvoyҎ֎ͷProxyʹΑΔαϙʔτ Future

    of Proxy-Wasm

  66. • BytecodeAllienceೖΓ…? • ࣮ࡍProxy-Wasm͸͋ΔछͷWASIͷ֦ுͰ͋Δ • Pre-Proposal phaseͱͯ͠WASIͷProposalʹ͍Δ • https://github.com/WebAssembly/WASI/blob/master/docs/ Proposals.md

    Future of Proxy-Wasm

  67. Future of Proxy-Wasm https://stackoverflow.com/questions/60969344/what-is-the-relationship-between-wasi-and-proxy-wasm

  68. • OCI-compilantͳartifact imageͱͯ͠WasmͷόΠφϦΛ֨ೲ • docker pullͱಉ͡Α͏ʹ֦ுػೳΛϩʔυ • ͜Ε͸Proxy-Wasmʹݶͬͨ࿩Ͱ͸ͳ͍ • https://github.com/deislabs/krustlet

    : k8s্Ͱίϯςφͱͯ͠WasmΛಈ͔͢project • https://github.com/deislabs/oras: OCI Registry As Storage • ๭͔ࣾΒ“Proxy-Wasm༻” OCI Spec͕ఏҊ͞Ε͍ͯΔ͕…(ࣾձੑϑΟϧλʔ) Future of Proxy-Wasm

  69. • Proxy-Wasm = WasmΛ࢖ͬͨϓϩΩγαʔόͷ֦ுػߏͷඪ४ԽϓϩδΣΫτ • WasmΛαʔό಺Ͱಈ͔ͯ͠ΠϕϯτຖʹWasm΁࿩͔͚͠Δ • ·ͩ·ͩearly days •

    Wasm/WASIͱڞʹ೔ʑਐԽ͍ͯ͠Δ • Envoy slackͷ #envoy-wasmͱ͍͏νϟϯωϧ͕Ұ൪ϝϯςφʹ͍ۙ ·ͱΊ

  70. • Service Meshͷ࣮૷ͷࠐΈೖͬͨ࿩ • Envoyͷ֦ுͷਏ͞͸IstioଆͰڧ͍Ϟνϕʔγϣϯ͕͋ͬͨ͜ͱ • IstioଆͰطʹproductionͰ࢖ΘΕ͍ͯΔ͜ͱ • ֤SDKͷ࣮૷ͷਏ͞ͷ࿩ •

    Rust͸Wasmͷத΁ͷreentrant call͕ෳ਺ͷmutable borrowΛੜΜͰࢮ͵ͱ͔ • GoͷWASIαϙʔτ͸Ұੜདྷͳ͍ؾ͕͢Δͱ͔ͦ͏͍͏࿩ • V8ઌੜͱͷϝϞϦϦʔΫ֨ಆ೔ه • Rustͷίʔυ͕ॳΊͯEnvoyʹlink͞ΕΔ·Ͱͷي੻(ۤস) • GetEnvoy Extension Toolkit౳ͷ։ൃπʔϧ ࠓ೔࿩ͤ(͞)ͳ͔ͬͨ͜ͱ

  71. We are hiring! https://www.tetrate.io/careers/