Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Proxy-Wasm: Wasmを利用したPlugin機構の開発
Search
mathetake
December 09, 2020
Technology
3
1.8k
Proxy-Wasm: Wasmを利用したPlugin機構の開発
WebAssembly night #10
https://emsn.connpass.com/event/192221
mathetake
December 09, 2020
Tweet
Share
More Decks by mathetake
See All by mathetake
CGO-less Foreign Function Interface With WebAssembly
mathetake
4
790
WebAssemblyの現状と展望 ~言語ツールチェインからWASIまで~
mathetake
15
4.3k
Isolated multiple trust domain mTLS in Envoy and Istio
mathetake
2
1.2k
Wasmで広がるEnvoyとIstioの世界
mathetake
7
3.8k
Proxy-Wasm: エッジでのWasm研究開発最先端
mathetake
8
2.5k
Introduction to Flagger
mathetake
5
5.3k
Other Decks in Technology
See All in Technology
Clineを含めたAIエージェントを 大規模組織に導入し、投資対効果を考える / Introducing AI agents into your organization
i35_267
4
1.6k
Oracle Audit Vault and Database Firewall 20 概要
oracle4engineer
PRO
3
1.7k
250627 関西Ruby会議08 前夜祭 RejectKaigi「DJ on Ruby Ver.0.1」
msykd
PRO
2
270
2年でここまで成長!AWSで育てたAI Slack botの軌跡
iwamot
PRO
4
700
第9回情シス転職ミートアップ_テックタッチ株式会社
forester3003
0
230
2025-06-26_Lightning_Talk_for_Lightning_Talks
_hashimo2
2
100
Snowflake Summit 2025全体振り返り / Snowflake Summit 2025 Overall Review
mtpooh
2
400
より良いプロダクトの開発を目指して - 情報を中心としたプロダクト開発 #phpcon #phpcon2025
bengo4com
1
3.1k
Prox Industries株式会社 会社紹介資料
proxindustries
0
290
Javaで作る RAGを活用した Q&Aアプリケーション
recruitengineers
PRO
1
110
生成AI時代の開発組織・技術・プロセス 〜 ログラスの挑戦と考察 〜
itohiro73
0
140
プロダクトエンジニアリング組織への歩み、その現在地 / Our journey to becoming a product engineering organization
hiro_torii
0
130
Featured
See All Featured
4 Signs Your Business is Dying
shpigford
184
22k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
Designing for Performance
lara
609
69k
How to Ace a Technical Interview
jacobian
277
23k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.1k
Stop Working from a Prison Cell
hatefulcrawdad
270
20k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
138
34k
Gamification - CAS2011
davidbonilla
81
5.3k
Automating Front-end Workflow
addyosmani
1370
200k
Into the Great Unknown - MozCon
thekraken
39
1.9k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
22k
Transcript
Takeshi Yoneda, Software Engineer, Tetrate.io WebAssembly Night #10 Proxy-Wasm: WasmΛར༻ͨ͠Pluginػߏͷ։ൃ
• Takeshi Yoneda (Ϛελέ) / Twitter, Github: @mathetake • Software
Engineer at Tetrate, California, US • “Paid” OSS dev: Envoy, Istio, Proxy-Wasm, Wasm, TinyGo • C++ committer of Proxy-Wasm project • Creator of Go SDK for Proxy-Wasm • Contributor/Member of V8, Envoy, TinyGo, Weaveworks/Flagger, etc. whoami
1. The current state of WebAssembly 2. Background: Envoy’s extensibility
3. Proxy-Wasm: WebAssembly For Proxies 4. The Challenges and Future Agenda
1. The current state of WebAssembly
• Stack-basedͳԾϚγϯͱͦͷ༷ • ݩʑϒϥβ(JS)ͷߴԽ͕త • asm.js -> WebAssembly(Wasm)ͱਐԽ • ༷ΛಡΊ͔Δ͕Ұݴ
“host” ͷཁٻ͕ͳ͍ • Portable, platform-agnostic • Run at near-native speed: ΊͬͪΌ͍(※࣮ʹΑΔ) • Security: ελοΫ͕ϓϩάϥϜ͔Βݟ͑ͳ͍ͱ͔ͦ͏͍͏ͷ WebAssembly 101
• ༷ʑͳݴޠ͔ΒίϯύΠϧՄೳ: C, C++, Rust, Go(TinyGo), AssemblyScript • ॳjsͷΈࠐΈ͕લఏ: ͦΕͧΕͷݴޠ͕ಠࣗͷ
“glue.js”Λ࣋ͭ • ίϯύΠϥڞ௨ͷ“Platform”λʔήοτ͕ͳ͍(͍, jsͳΜ͚ͩͲ͞, Έ͍ͨͳ) • VMͱͯ͠༏ल&ίϯύΠϥج൫͋Δͷʹମͳ͍ • ϒϥβͷ֎Ͱ͍͍ͨ WebAssembly 101
• Wasm <-> Hostͷ͠ํ(ΠϯλʔϑΣΠε)Λඪ४Խ͠·͠͠ΐ͏ • WasmͷίϯύΠϥͷ“platform”λʔήοτʹ͠Α͏ • WASI (WebAssembly System
Interface)ͷొ WebAssembly 101 https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/
• WASIΛ࣮ͨ͠ϥϯλΠϜ͕ొ • WAVM, Wasmtime, Wasmer, Lucet, ʑ • “ී௨ͷϓϩηε”ͱಉ͡Α͏ʹWasm͕ಈ͘Α͏ʹͳΔ
Wasm gets out of web browsers
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/pull/1373
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
Example: TinyGo’s WASI support
Example: TinyGo’s WASI support “clock_time_get” Λimport
Example: TinyGo’s WASI support “clock_time_get” Λimport Wasmtime WASI Implementation
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go
Example: TinyGo’s WASI support time.Nowͷ࣮ମ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go time.Nowͷ࣮ମ
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
Example: TinyGo’s WASI support Wasmtime Runtime͕࣮ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
• ݁ہABI (Wasm <-> Hostͷ͠ํ)ܾ͑͞ΊΕͳΜͰͰ͖Δ • ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ͍ͯ͠ΔΒ͍͠ •
Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers
• ݁ہABI (Wasm <-> Hostͷ͠ํ)ܾ͑͞ΊΕͳΜͰͰ͖Δ • ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ͍ͯ͠ΔΒ͍͠ •
Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers ࠓͷ͓
2. Background: Envoy’s extensibility
What is Envoy?
• “Cloud-native high-performance edge/middle/service proxy” • CNCF Graduated Project, Github
Star: 15,000+ • Written in C++ • αʔϏεϝογϡͷData planeͱͯ͠།Ұແೋͷଘࡏ What is Envoy?
• ϓϩΩγαʔόʔͳͷͰuse case͕ແݶ • EnvoyʹવϓϥάΠϯ(֦ு)ػߏ͕ଘࡏ • ֦ுͷྫ • ࣾಠࣗͷAuthn/Authz ػೳΛೖΕ͍ͨ
• ಛघͳϓϩτίϧΛѻ͍͍ͨ • MySQL, Redis, DynamoDB, etc. Envoy’s extensibility
Envoy’s extensibility
• Envoy੩తϦϯΫ͕લఏ • C++Ͱॻ͔ͳ͍ͱ͍͚ͳ͍ • มߋөͷͨΊʹશ࠶ىಈ͕ඞཁ • StableͳABI͕ܾ·͍ͬͯͳ͍ • ֦ுػೳΛՃ͢Δʹ
1. UpstreamϚʔδ͢Δ —> ಛघ(private)ͳϢʔεέʔεෆՄ 2. ಠࣗϏϧυΛ͢Δ —> upstreamͷै͕େม Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
None
• ϓϥάΠϯ = WasmͷόΠφϦͱͯ͠Envoyʹ • Envoy <-> Wasmͷ͠ํ(ABI)Λstableʹ͠Α͏ • ͯ͢ͷ՝ΛΫϦΞ
• ҙͷݴޠ, ಈతload, ηΩϡΞ, stableͳABI Extending Envoy with Wasm ಠࣗͷABI
• ͦͦϓϩΩγαʔόͷ֦ு༻APIීวతͳͷͳͣ • ྫ: Http Header/Body/Trailerʹରͯ͠◦◦͢Δ, tcpίωΫγϣϯʹରͯ͠xx͢Δ • Envoy͔ΒΓͤΔͷͰʁ =>
Proxy-Wasmͱ͍͏Envoy͔Βಠཱͨ͠ϓϩδΣΫτʹ Extending Envoy with Wasm
3. Proxy-Wasm: WebAssembly For Proxies
• https://github.com/proxy-wasm • ϓϩΩγαʔόͷ֦ுػߏͷͨΊͷABIͱSDKͷ։ൃͷͨΊͷϓϩδΣΫτ • ։ൃ࣮࣭తʹEnvoyίϛϡχςΟ • LinkerdMosnͳͲ΄͔ͷϓϩΩγք۾ࢀೖͷؾ Proxy-Wasm: WebAssembly
for Proxies
• ̐ͭͷݴޠͷSDK͕͋Γ, ؆୯ʹcompatibleͳWasmͷίϯύΠϧ͕Մೳ • C++, Rust, Go(TinyGO), AssemblyScript • Hostͷެ࣮ࣜC++ͷΈ
• https://github.com/proxy-wasm/proxy-wasm-cpp-host • VMͱͯ͠ Wasmtime(wasm-c-api), V8(wasm-c-api), WAVM͕ݱঢ়ར༻Մೳ • Envoy, Apache Traffic Server(PoC)͜ͷެ࣮ࣜΛϥΠϒϥϦͱͯ͠͏ Proxy-Wasm: WebAssembly for Proxies
• Spec: https://github.com/proxy-wasm/spec • WasmͷϓϩΩγαʔόͷABI(͠ํ)ΛఆΊͨͷ • (proxy-wasm-cpp-host࣮v0.2.1ʹͳͬͯΔ͕, spec͕ߋ৽͞Ε͍ͯͳ͍…) Proxy-Wasm specification
Proxy-Wasm specification: Example 1. ϩΪϯάͷͨΊʹ “Wasm͔Β”ݺͿؔ
Proxy-Wasm specification: Example 1. proxy_logͷ࣮ in ϗετ https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/exports.cc#L854-L864
Proxy-Wasm specification: Example 1. proxy_logͷ࣮Λظ https://github.com/proxy-wasm/proxy-wasm-rust-sdk/blob/master/src/hostcalls.rs#L20-L32
Proxy-Wasm specification: Example 2. ίωΫγϣϯཱ֬࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ Tcp data͕౸ண࣌, ϗετ͔ΒݺΕΔ
“Wasm”ͷؔ
Proxy-Wasm specification: Example 2. http request header౸ண࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ http
request body͕౸ண࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ
Proxy-Wasm specification: Example 2. SDKͰ࣮ & export https://github.com/tetratelabs/proxy-wasm-go-sdk/blob/main/proxywasm/abi_l7.go#L21-L40
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-hostͷ onResponseHeadersΛݺͿ
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-hostͷ onResponseHeadersΛݺͿ “Wasm”ͷproxy_on_request_headers
• 1 VM / (Plugin, Worker Thread) • Nativeͷ֦ுͷதͰproxy-wasm- cpp-hostΛ༻
• 1ͷؒ “envoy-wasm”ͱ͍͏ forkઌͰ։ൃ • 10݄ʹupstreamϚʔδ͞Εͨ Proxy-Wasm in Envoy
• 2ͭͷDeployͷํ๏ • EnvoyͷϑΝΠϧγες ϜʹWasmΛஔ͍ͯ, ىಈ ࣌ʹϩʔυ • xDSͱݺΕΔಠࣗͷಈ తconfigurationͷϓϩτ
ίϧͰRuntimeͰΓସ ͑Δ Proxy-Wasm in Envoy
Proxy-Wasm in Envoy
Proxy-Wasm in Envoy
Proxy-Wasm in Mosn
Proxy-Wasm in Linkerd?
4. The Challenges and Future
• ҙͷϓϩάϥϜ͔ΒͲ͏ͷΑ͏ʹϗετΛकΔ͔? • ProxyαʔόϛογϣϯΫϦςΟΧϧͳιϑτΣΞ • ςετॻ͍ͯॻ͍ͯॻ͖͖Εͳ͍ • I/F͕ηΩϡΞͱ͍͑ɺಛఆͷύεͰΫϥογϡ͢Δ͜ͱ͋Δ Challenges in
Proxy-Wasm
• ύϑΥʔϚϯεͷ • Near-nativeͱ͍͑ͬͺΓগ͍͠ • GC͖ͷݴޠProxy-Wasm͚ͷGCΞϧΰϦζϜΛ։ൃ͠ͳ͍ͱ ͍͚ͳ͍? Challenges in Proxy-Wasm
• αϙʔτݴޠ, ͦ͜·Ͱଟ͘ͳ͍Α͏ͳ….? • WasmͷΤίγεςϜࣗମ͕·ͩະख़ Challenges in Proxy-Wasm
• V8, WAVM, WasmtimeΛಉ࣌ʹlink͠Α͏ͱͨ͠Βsymbol͕িಥ • libunwind, wasm-c-api, GDB JIT interface
Challenges in Proxy-Wasm
• ABI͕Envoyͷ࣮ʹ͍ͩͿد͍ͬͯΔ(ͨΓલͱ͍͑ͨΓલ…) • 1VM͕ෳͷϦΫΤετΛࡹ͘ͱ͍͏ઃܭ • V8 / WAVMͷoverhead͕എܠ • 1VM
= 1 requestͱ͍͏Ϟσϧͷ߹ʹෆཁͳઃఆ͕͍͔ͭ͋͘Δ Challenges in Proxy-Wasm
• RuntimeͲΕબྑ͍ͷ͔ • (Runtimeͷ)Compile, (Wasm)ͷCompile, ࣮ߦͷτϨʔυΦϑ Challenges in Proxy-Wasm
• ·ͩ·ͩEarly days (Join us!): server-side WasmͷޭྫͱͳΓ͍ͨ • EnvoyҎ֎ͷProxyʹΑΔαϙʔτ Future
of Proxy-Wasm
• BytecodeAllienceೖΓ…? • ࣮ࡍProxy-Wasm͋ΔछͷWASIͷ֦ுͰ͋Δ • Pre-Proposal phaseͱͯ͠WASIͷProposalʹ͍Δ • https://github.com/WebAssembly/WASI/blob/master/docs/ Proposals.md
Future of Proxy-Wasm
Future of Proxy-Wasm https://stackoverflow.com/questions/60969344/what-is-the-relationship-between-wasi-and-proxy-wasm
• OCI-compilantͳartifact imageͱͯ͠WasmͷόΠφϦΛ֨ೲ • docker pullͱಉ͡Α͏ʹ֦ுػೳΛϩʔυ • ͜ΕProxy-WasmʹݶͬͨͰͳ͍ • https://github.com/deislabs/krustlet
: k8s্Ͱίϯςφͱͯ͠WasmΛಈ͔͢project • https://github.com/deislabs/oras: OCI Registry As Storage • ͔ࣾΒ“Proxy-Wasm༻” OCI Spec͕ఏҊ͞Ε͍ͯΔ͕…(ࣾձੑϑΟϧλʔ) Future of Proxy-Wasm
• Proxy-Wasm = WasmΛͬͨϓϩΩγαʔόͷ֦ுػߏͷඪ४ԽϓϩδΣΫτ • WasmΛαʔόͰಈ͔ͯ͠ΠϕϯτຖʹWasm͔͚͠Δ • ·ͩ·ͩearly days •
Wasm/WASIͱڞʹʑਐԽ͍ͯ͠Δ • Envoy slackͷ #envoy-wasmͱ͍͏νϟϯωϧ͕Ұ൪ϝϯςφʹ͍ۙ ·ͱΊ
• Service Meshͷ࣮ͷࠐΈೖͬͨ • Envoyͷ֦ுͷਏ͞IstioଆͰڧ͍Ϟνϕʔγϣϯ͕͋ͬͨ͜ͱ • IstioଆͰطʹproductionͰΘΕ͍ͯΔ͜ͱ • ֤SDKͷ࣮ͷਏ͞ͷ •
RustWasmͷதͷreentrant call͕ෳͷmutable borrowΛੜΜͰࢮ͵ͱ͔ • GoͷWASIαϙʔτҰੜདྷͳ͍ؾ͕͢Δͱ͔ͦ͏͍͏ • V8ઌੜͱͷϝϞϦϦʔΫ֨ಆه • Rustͷίʔυ͕ॳΊͯEnvoyʹlink͞ΕΔ·Ͱͷي(ۤস) • GetEnvoy Extension Toolkitͷ։ൃπʔϧ ࠓͤ(͞)ͳ͔ͬͨ͜ͱ
We are hiring! https://www.tetrate.io/careers/
mathetake
i35_267
oracle4engineer
msykd
iwamot
forester3003
_hashimo2
mtpooh
bengo4com
proxindustries
recruitengineers
itohiro73
.jpg){kind=avatar}
hiro_torii
shpigford
marcelosomers
kastner
lara
jacobian
marcduiker
hatefulcrawdad
eileencodes
davidbonilla
addyosmani
thekraken
caitiem20
