Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Proxy-Wasm: Wasmを利用したPlugin機構の開発
Search
mathetake
December 09, 2020
Technology
3
1.8k
Proxy-Wasm: Wasmを利用したPlugin機構の開発
WebAssembly night #10
https://emsn.connpass.com/event/192221
mathetake
December 09, 2020
Tweet
Share
More Decks by mathetake
See All by mathetake
CGO-less Foreign Function Interface With WebAssembly
mathetake
4
800
WebAssemblyの現状と展望 ~言語ツールチェインからWASIまで~
mathetake
15
4.3k
Isolated multiple trust domain mTLS in Envoy and Istio
mathetake
2
1.2k
Wasmで広がるEnvoyとIstioの世界
mathetake
7
3.8k
Proxy-Wasm: エッジでのWasm研究開発最先端
mathetake
8
2.5k
Introduction to Flagger
mathetake
5
5.3k
Other Decks in Technology
See All in Technology
Flutter向けPDFビューア、pdfrxのpdfium WASM対応について
espresso3389
0
130
「クラウドコスト絶対削減」を支える技術—FinOpsを超えた徹底的なクラウドコスト削減の実践論
delta_tech
4
150
開発生産性を測る前にやるべきこと - 組織改善の実践 / Before Measuring Dev Productivity
kaonavi
9
3.4k
怖くない!はじめてのClaude Code
shinya337
0
390
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
27k
SaaS型なのに自由度の高い本格CMSでサイト構築と運用のコスパ&タイパUP! MovableType.net の便利機能とユーザー事例のご紹介
masakah
0
110
面倒な作業はAIにおまかせ。Flutter開発をスマートに効率化
ruideengineer
0
240
生成AI時代の開発組織・技術・プロセス 〜 ログラスの挑戦と考察 〜
itohiro73
1
450
MUITにおける開発プロセスモダナイズの取り組みと開発生産性可視化の取り組みについて / Modernize the Development Process and Visualize Development Productivity at MUIT
muit
1
16k
20250707-AI活用の個人差を埋めるチームづくり
shnjtk
4
3.7k
事業成長の裏側:エンジニア組織と開発生産性の進化 / 20250703 Rinto Ikenoue
shift_evolve
PRO
2
20k
Delta airlines Customer®️ USA Contact Numbers: Complete 2025 Support Guide
deltahelp
0
520
Featured
See All Featured
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Building an army of robots
kneath
306
45k
Facilitating Awesome Meetings
lara
54
6.4k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.9k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
22k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Six Lessons from altMBA
skipperchong
28
3.9k
What's in a price? How to price your products and services
michaelherold
246
12k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
740
StorybookのUI Testing Handbookを読んだ
zakiyama
30
5.9k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
BBQ
matthewcrist
89
9.7k
Transcript
Takeshi Yoneda, Software Engineer, Tetrate.io WebAssembly Night #10 Proxy-Wasm: WasmΛར༻ͨ͠Pluginػߏͷ։ൃ
• Takeshi Yoneda (Ϛελέ) / Twitter, Github: @mathetake • Software
Engineer at Tetrate, California, US • “Paid” OSS dev: Envoy, Istio, Proxy-Wasm, Wasm, TinyGo • C++ committer of Proxy-Wasm project • Creator of Go SDK for Proxy-Wasm • Contributor/Member of V8, Envoy, TinyGo, Weaveworks/Flagger, etc. whoami
1. The current state of WebAssembly 2. Background: Envoy’s extensibility
3. Proxy-Wasm: WebAssembly For Proxies 4. The Challenges and Future Agenda
1. The current state of WebAssembly
• Stack-basedͳԾϚγϯͱͦͷ༷ • ݩʑϒϥβ(JS)ͷߴԽ͕త • asm.js -> WebAssembly(Wasm)ͱਐԽ • ༷ΛಡΊ͔Δ͕Ұݴ
“host” ͷཁٻ͕ͳ͍ • Portable, platform-agnostic • Run at near-native speed: ΊͬͪΌ͍(※࣮ʹΑΔ) • Security: ελοΫ͕ϓϩάϥϜ͔Βݟ͑ͳ͍ͱ͔ͦ͏͍͏ͷ WebAssembly 101
• ༷ʑͳݴޠ͔ΒίϯύΠϧՄೳ: C, C++, Rust, Go(TinyGo), AssemblyScript • ॳjsͷΈࠐΈ͕લఏ: ͦΕͧΕͷݴޠ͕ಠࣗͷ
“glue.js”Λ࣋ͭ • ίϯύΠϥڞ௨ͷ“Platform”λʔήοτ͕ͳ͍(͍, jsͳΜ͚ͩͲ͞, Έ͍ͨͳ) • VMͱͯ͠༏ल&ίϯύΠϥج൫͋Δͷʹମͳ͍ • ϒϥβͷ֎Ͱ͍͍ͨ WebAssembly 101
• Wasm <-> Hostͷ͠ํ(ΠϯλʔϑΣΠε)Λඪ४Խ͠·͠͠ΐ͏ • WasmͷίϯύΠϥͷ“platform”λʔήοτʹ͠Α͏ • WASI (WebAssembly System
Interface)ͷొ WebAssembly 101 https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/
• WASIΛ࣮ͨ͠ϥϯλΠϜ͕ొ • WAVM, Wasmtime, Wasmer, Lucet, ʑ • “ී௨ͷϓϩηε”ͱಉ͡Α͏ʹWasm͕ಈ͘Α͏ʹͳΔ
Wasm gets out of web browsers
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/pull/1373
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
Example: TinyGo’s WASI support
Example: TinyGo’s WASI support “clock_time_get” Λimport
Example: TinyGo’s WASI support “clock_time_get” Λimport Wasmtime WASI Implementation
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go
Example: TinyGo’s WASI support time.Nowͷ࣮ମ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go time.Nowͷ࣮ମ
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
Example: TinyGo’s WASI support Wasmtime Runtime͕࣮ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
• ݁ہABI (Wasm <-> Hostͷ͠ํ)ܾ͑͞ΊΕͳΜͰͰ͖Δ • ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ͍ͯ͠ΔΒ͍͠ •
Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers
• ݁ہABI (Wasm <-> Hostͷ͠ํ)ܾ͑͞ΊΕͳΜͰͰ͖Δ • ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ͍ͯ͠ΔΒ͍͠ •
Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers ࠓͷ͓
2. Background: Envoy’s extensibility
What is Envoy?
• “Cloud-native high-performance edge/middle/service proxy” • CNCF Graduated Project, Github
Star: 15,000+ • Written in C++ • αʔϏεϝογϡͷData planeͱͯ͠།Ұແೋͷଘࡏ What is Envoy?
• ϓϩΩγαʔόʔͳͷͰuse case͕ແݶ • EnvoyʹવϓϥάΠϯ(֦ு)ػߏ͕ଘࡏ • ֦ுͷྫ • ࣾಠࣗͷAuthn/Authz ػೳΛೖΕ͍ͨ
• ಛघͳϓϩτίϧΛѻ͍͍ͨ • MySQL, Redis, DynamoDB, etc. Envoy’s extensibility
Envoy’s extensibility
• Envoy੩తϦϯΫ͕લఏ • C++Ͱॻ͔ͳ͍ͱ͍͚ͳ͍ • มߋөͷͨΊʹશ࠶ىಈ͕ඞཁ • StableͳABI͕ܾ·͍ͬͯͳ͍ • ֦ுػೳΛՃ͢Δʹ
1. UpstreamϚʔδ͢Δ —> ಛघ(private)ͳϢʔεέʔεෆՄ 2. ಠࣗϏϧυΛ͢Δ —> upstreamͷै͕େม Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
None
• ϓϥάΠϯ = WasmͷόΠφϦͱͯ͠Envoyʹ • Envoy <-> Wasmͷ͠ํ(ABI)Λstableʹ͠Α͏ • ͯ͢ͷ՝ΛΫϦΞ
• ҙͷݴޠ, ಈతload, ηΩϡΞ, stableͳABI Extending Envoy with Wasm ಠࣗͷABI
• ͦͦϓϩΩγαʔόͷ֦ு༻APIීวతͳͷͳͣ • ྫ: Http Header/Body/Trailerʹରͯ͠◦◦͢Δ, tcpίωΫγϣϯʹରͯ͠xx͢Δ • Envoy͔ΒΓͤΔͷͰʁ =>
Proxy-Wasmͱ͍͏Envoy͔Βಠཱͨ͠ϓϩδΣΫτʹ Extending Envoy with Wasm
3. Proxy-Wasm: WebAssembly For Proxies
• https://github.com/proxy-wasm • ϓϩΩγαʔόͷ֦ுػߏͷͨΊͷABIͱSDKͷ։ൃͷͨΊͷϓϩδΣΫτ • ։ൃ࣮࣭తʹEnvoyίϛϡχςΟ • LinkerdMosnͳͲ΄͔ͷϓϩΩγք۾ࢀೖͷؾ Proxy-Wasm: WebAssembly
for Proxies
• ̐ͭͷݴޠͷSDK͕͋Γ, ؆୯ʹcompatibleͳWasmͷίϯύΠϧ͕Մೳ • C++, Rust, Go(TinyGO), AssemblyScript • Hostͷެ࣮ࣜC++ͷΈ
• https://github.com/proxy-wasm/proxy-wasm-cpp-host • VMͱͯ͠ Wasmtime(wasm-c-api), V8(wasm-c-api), WAVM͕ݱঢ়ར༻Մೳ • Envoy, Apache Traffic Server(PoC)͜ͷެ࣮ࣜΛϥΠϒϥϦͱͯ͠͏ Proxy-Wasm: WebAssembly for Proxies
• Spec: https://github.com/proxy-wasm/spec • WasmͷϓϩΩγαʔόͷABI(͠ํ)ΛఆΊͨͷ • (proxy-wasm-cpp-host࣮v0.2.1ʹͳͬͯΔ͕, spec͕ߋ৽͞Ε͍ͯͳ͍…) Proxy-Wasm specification
Proxy-Wasm specification: Example 1. ϩΪϯάͷͨΊʹ “Wasm͔Β”ݺͿؔ
Proxy-Wasm specification: Example 1. proxy_logͷ࣮ in ϗετ https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/exports.cc#L854-L864
Proxy-Wasm specification: Example 1. proxy_logͷ࣮Λظ https://github.com/proxy-wasm/proxy-wasm-rust-sdk/blob/master/src/hostcalls.rs#L20-L32
Proxy-Wasm specification: Example 2. ίωΫγϣϯཱ֬࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ Tcp data͕౸ண࣌, ϗετ͔ΒݺΕΔ
“Wasm”ͷؔ
Proxy-Wasm specification: Example 2. http request header౸ண࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ http
request body͕౸ண࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ
Proxy-Wasm specification: Example 2. SDKͰ࣮ & export https://github.com/tetratelabs/proxy-wasm-go-sdk/blob/main/proxywasm/abi_l7.go#L21-L40
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-hostͷ onResponseHeadersΛݺͿ
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-hostͷ onResponseHeadersΛݺͿ “Wasm”ͷproxy_on_request_headers
• 1 VM / (Plugin, Worker Thread) • Nativeͷ֦ுͷதͰproxy-wasm- cpp-hostΛ༻
• 1ͷؒ “envoy-wasm”ͱ͍͏ forkઌͰ։ൃ • 10݄ʹupstreamϚʔδ͞Εͨ Proxy-Wasm in Envoy
• 2ͭͷDeployͷํ๏ • EnvoyͷϑΝΠϧγες ϜʹWasmΛஔ͍ͯ, ىಈ ࣌ʹϩʔυ • xDSͱݺΕΔಠࣗͷಈ తconfigurationͷϓϩτ
ίϧͰRuntimeͰΓସ ͑Δ Proxy-Wasm in Envoy
Proxy-Wasm in Envoy
Proxy-Wasm in Envoy
Proxy-Wasm in Mosn
Proxy-Wasm in Linkerd?
4. The Challenges and Future
• ҙͷϓϩάϥϜ͔ΒͲ͏ͷΑ͏ʹϗετΛकΔ͔? • ProxyαʔόϛογϣϯΫϦςΟΧϧͳιϑτΣΞ • ςετॻ͍ͯॻ͍ͯॻ͖͖Εͳ͍ • I/F͕ηΩϡΞͱ͍͑ɺಛఆͷύεͰΫϥογϡ͢Δ͜ͱ͋Δ Challenges in
Proxy-Wasm
• ύϑΥʔϚϯεͷ • Near-nativeͱ͍͑ͬͺΓগ͍͠ • GC͖ͷݴޠProxy-Wasm͚ͷGCΞϧΰϦζϜΛ։ൃ͠ͳ͍ͱ ͍͚ͳ͍? Challenges in Proxy-Wasm
• αϙʔτݴޠ, ͦ͜·Ͱଟ͘ͳ͍Α͏ͳ….? • WasmͷΤίγεςϜࣗମ͕·ͩະख़ Challenges in Proxy-Wasm
• V8, WAVM, WasmtimeΛಉ࣌ʹlink͠Α͏ͱͨ͠Βsymbol͕িಥ • libunwind, wasm-c-api, GDB JIT interface
Challenges in Proxy-Wasm
• ABI͕Envoyͷ࣮ʹ͍ͩͿد͍ͬͯΔ(ͨΓલͱ͍͑ͨΓલ…) • 1VM͕ෳͷϦΫΤετΛࡹ͘ͱ͍͏ઃܭ • V8 / WAVMͷoverhead͕എܠ • 1VM
= 1 requestͱ͍͏Ϟσϧͷ߹ʹෆཁͳઃఆ͕͍͔ͭ͋͘Δ Challenges in Proxy-Wasm
• RuntimeͲΕબྑ͍ͷ͔ • (Runtimeͷ)Compile, (Wasm)ͷCompile, ࣮ߦͷτϨʔυΦϑ Challenges in Proxy-Wasm
• ·ͩ·ͩEarly days (Join us!): server-side WasmͷޭྫͱͳΓ͍ͨ • EnvoyҎ֎ͷProxyʹΑΔαϙʔτ Future
of Proxy-Wasm
• BytecodeAllienceೖΓ…? • ࣮ࡍProxy-Wasm͋ΔछͷWASIͷ֦ுͰ͋Δ • Pre-Proposal phaseͱͯ͠WASIͷProposalʹ͍Δ • https://github.com/WebAssembly/WASI/blob/master/docs/ Proposals.md
Future of Proxy-Wasm
Future of Proxy-Wasm https://stackoverflow.com/questions/60969344/what-is-the-relationship-between-wasi-and-proxy-wasm
• OCI-compilantͳartifact imageͱͯ͠WasmͷόΠφϦΛ֨ೲ • docker pullͱಉ͡Α͏ʹ֦ுػೳΛϩʔυ • ͜ΕProxy-WasmʹݶͬͨͰͳ͍ • https://github.com/deislabs/krustlet
: k8s্Ͱίϯςφͱͯ͠WasmΛಈ͔͢project • https://github.com/deislabs/oras: OCI Registry As Storage • ͔ࣾΒ“Proxy-Wasm༻” OCI Spec͕ఏҊ͞Ε͍ͯΔ͕…(ࣾձੑϑΟϧλʔ) Future of Proxy-Wasm
• Proxy-Wasm = WasmΛͬͨϓϩΩγαʔόͷ֦ுػߏͷඪ४ԽϓϩδΣΫτ • WasmΛαʔόͰಈ͔ͯ͠ΠϕϯτຖʹWasm͔͚͠Δ • ·ͩ·ͩearly days •
Wasm/WASIͱڞʹʑਐԽ͍ͯ͠Δ • Envoy slackͷ #envoy-wasmͱ͍͏νϟϯωϧ͕Ұ൪ϝϯςφʹ͍ۙ ·ͱΊ
• Service Meshͷ࣮ͷࠐΈೖͬͨ • Envoyͷ֦ுͷਏ͞IstioଆͰڧ͍Ϟνϕʔγϣϯ͕͋ͬͨ͜ͱ • IstioଆͰطʹproductionͰΘΕ͍ͯΔ͜ͱ • ֤SDKͷ࣮ͷਏ͞ͷ •
RustWasmͷதͷreentrant call͕ෳͷmutable borrowΛੜΜͰࢮ͵ͱ͔ • GoͷWASIαϙʔτҰੜདྷͳ͍ؾ͕͢Δͱ͔ͦ͏͍͏ • V8ઌੜͱͷϝϞϦϦʔΫ֨ಆه • Rustͷίʔυ͕ॳΊͯEnvoyʹlink͞ΕΔ·Ͱͷي(ۤস) • GetEnvoy Extension Toolkitͷ։ൃπʔϧ ࠓͤ(͞)ͳ͔ͬͨ͜ͱ
We are hiring! https://www.tetrate.io/careers/
mathetake
espresso3389
delta_tech
kaonavi
shinya337
safie_recruit
masakah
ruideengineer
itohiro73
muit
shnjtk
shift_evolve
deltahelp
lauravandoore
kneath
lara
tammyeverts
caitiem20
morganepeng
skipperchong
michaelherold
addyosmani
zakiyama
scottboms
matthewcrist
