Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Proxy-Wasm: Wasmを利用したPlugin機構の開発

744a38d972036c3bd0bcdaddafdd5f26?s=47 mathetake
December 09, 2020
Technology
3
690

Proxy-Wasm: Wasmを利用したPlugin機構の開発

WebAssembly night #10 https://emsn.connpass.com/event/192221

744a38d972036c3bd0bcdaddafdd5f26?s=128

mathetake

December 09, 2020
Tweet

More Decks by mathetake

See All by mathetake
744a38d972036c3bd0bcdaddafdd5f26?s=48 mathetake
2
210
744a38d972036c3bd0bcdaddafdd5f26?s=48 mathetake
7
2.3k
744a38d972036c3bd0bcdaddafdd5f26?s=48 mathetake
8
1.4k
744a38d972036c3bd0bcdaddafdd5f26?s=48 mathetake
5
3.4k

Other Decks in Technology

See All in Technology
7975b9fd58c8945ae1c6b38747de7f28?s=48 line_developers_tw2
0
130
A4d5b3aae2e67f31b513c88c726514c2?s=48 smzksts
1
240
88dae28e3d082236f37db2f5c2db339d?s=48 keropiyo
0
250
9db5ad8f2c24b5cfaa9c9e09ca275af6?s=48 takasumasakazu
0
550
966e29b84ae7dbde170f66b0bc75b7a6?s=48 ishiayaya
PRO
1
230
F6d9eaeab301cb77b4b9d2b99a69eedc?s=48 hfu
0
130
98f8e6125c052c4ac3fcc94f97919371?s=48 evilsmile
0
280
8fb8810e5e06a997bc13831b9b51007f?s=48 keinuma
0
190
9df0566fad9c9ca3bf669917848878fe?s=48 i35_267
1
120
9e8bdaea0cc26ccf98270c870b9ad26a?s=48 hiyosi
0
150
275fa343348e7dd4f5f7abfe09bb19d4?s=48 nishiodens
0
290
8fa31051503b09846584c49cd53d2f80?s=48 asei
10
2.1k

Featured

See All Featured
Fe6b81005d1553accd6b2a28f6a2bef1?s=48 phodgson
89
4k
24fc194843a71f10949be18d5a692682?s=48 gr2m
85
11k
9375a9529679f1b42b567a640d775e7d?s=48 schacon
147
6.7k
462dad0dd24c568a32dcdb0ae895ae1b?s=48 rasmusluckow
318
19k
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1021
390k
245cee81a9c424266e5e401d844ea881?s=48 lara
172
9.8k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
262
11k
245cee81a9c424266e5e401d844ea881?s=48 lara
590
61k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
273
31k
B6a8f005f39d23ffc930508ac9da68b9?s=48 vanstee
118
4.9k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
259
24k
Eb8975af8e49e19e3dd6b6b84a542e26?s=48 qrush
285
19k

Transcript

  1. Takeshi Yoneda, Software Engineer, Tetrate.io WebAssembly Night #10 Proxy-Wasm: WasmΛར༻ͨ͠Pluginػߏͷ։ൃ

  2. • Takeshi Yoneda (Ϛελέ) / Twitter, Github: @mathetake • Software

    Engineer at Tetrate, California, US • “Paid” OSS dev: Envoy, Istio, Proxy-Wasm, Wasm, TinyGo • C++ committer of Proxy-Wasm project • Creator of Go SDK for Proxy-Wasm • Contributor/Member of V8, Envoy, TinyGo, Weaveworks/Flagger, etc. whoami

  3. 1. The current state of WebAssembly 2. Background: Envoy’s extensibility

    3. Proxy-Wasm: WebAssembly For Proxies 4. The Challenges and Future Agenda

  4. 1. The current state of WebAssembly

  5. • Stack-basedͳԾ૝Ϛγϯͱͦͷ࢓༷ • ݩʑ͸ϒϥ΢β(JS)ͷߴ଎Խ͕໨త • asm.js -> WebAssembly(Wasm)΁ͱਐԽ • ࢓༷ΛಡΊ͹෼͔Δ͕Ұݴ΋

    “host” ΁ͷཁٻ͕ͳ͍ • Portable, platform-agnostic • Run at near-native speed: ΊͬͪΌ଎͍(※࣮૷ʹΑΔ) • Security: ελοΫ͕ϓϩάϥϜ͔Βݟ͑ͳ͍ͱ͔ͦ͏͍͏ͷ WebAssembly 101

  6. • ༷ʑͳݴޠ͔ΒίϯύΠϧՄೳ: C, C++, Rust, Go(TinyGo), AssemblyScript • ౰ॳ͸js΁ͷ૊ΈࠐΈ͕લఏ: ͦΕͧΕͷݴޠ͕ಠࣗͷ

    “glue.js”Λ࣋ͭ • ίϯύΠϥڞ௨ͷ“Platform”λʔήοτ͕ͳ͍(͍΍, jsͳΜ͚ͩͲ͞, Έ͍ͨͳ) • VMͱͯ͠༏ल&ίϯύΠϥج൫΋͋Δͷʹ໪ମͳ͍ • ϒϥ΢βͷ֎Ͱ΋࢖͍͍ͨ WebAssembly 101

  7. • Wasm <-> Hostͷ࿩͠ํ(ΠϯλʔϑΣΠε)Λඪ४Խ͠·͠͠ΐ͏ • Wasm΁ͷίϯύΠϥͷ“platform”λʔήοτʹ͠Α͏ • WASI (WebAssembly System

    Interface)ͷొ৔ WebAssembly 101 https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/

  8. • WASIΛ࣮૷ͨ͠ϥϯλΠϜ͕ొ৔ • WAVM, Wasmtime, Wasmer, Lucet, ౳ʑ • “ී௨ͷϓϩηε”ͱಉ͡Α͏ʹWasm͕ಈ͘Α͏ʹͳΔ

    Wasm gets out of web browsers

  9. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/pull/1373

  10. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔ Wasm: Host functions

  11. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  12. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  13. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  14. Example: TinyGo’s WASI support

  15. Example: TinyGo’s WASI support “clock_time_get” Λimport

  16. Example: TinyGo’s WASI support “clock_time_get” Λimport Wasmtime WASI Implementation

  17. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go

  18. Example: TinyGo’s WASI support time.Nowͷ࣮ମ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go

  19. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go time.Nowͷ࣮ମ

  20. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  21. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  22. Example: TinyGo’s WASI support Wasmtime Runtime͕࣮૷ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  23. • ݁ہABI (Wasm <-> Hostͷ࿩͠ํ)ܾ͑͞ΊΕ͹ͳΜͰ΋Ͱ͖Δ • ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔͍ͯ͠ΔΒ͍͠ •

    Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers

  24. • ݁ہABI (Wasm <-> Hostͷ࿩͠ํ)ܾ͑͞ΊΕ͹ͳΜͰ΋Ͱ͖Δ • ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔͍ͯ͠ΔΒ͍͠ •

    Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers ࠓ೔ͷ͓࿩

  25. 2. Background: Envoy’s extensibility

  26. What is Envoy?

  27. • “Cloud-native high-performance edge/middle/service proxy” • CNCF Graduated Project, Github

    Star: 15,000+ • Written in C++ • αʔϏεϝογϡͷData planeͱͯ͠།Ұແೋͷଘࡏ What is Envoy?

  28. • ϓϩΩγαʔόʔͳͷͰuse case͕ແݶ • Envoyʹ͸౰વϓϥάΠϯ(֦ு)ػߏ͕ଘࡏ • ֦ுͷྫ • ࣾ಺ಠࣗͷAuthn/Authz ػೳΛೖΕ͍ͨ

    • ಛघͳϓϩτίϧΛѻ͍͍ͨ • MySQL, Redis, DynamoDB, etc. Envoy’s extensibility

  29. Envoy’s extensibility

  30. • Envoy͸੩తϦϯΫ͕લఏ • C++Ͱॻ͔ͳ͍ͱ͍͚ͳ͍ • มߋ൓өͷͨΊʹશ୆࠶ىಈ͕ඞཁ • StableͳABI͕ܾ·͍ͬͯͳ͍ • ֦ுػೳΛ௥Ճ͢Δʹ͸

    1. Upstream΁Ϛʔδ͢Δ —> ಛघ(private)ͳϢʔεέʔε͸ෆՄ 2. ಠࣗϏϧυΛ͢Δ —> upstream΁ͷ௥ै͕େม Envoy’s extensibility

  31. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  32. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  33. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  34. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  35. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility
  36. None

  37. • ϓϥάΠϯ = WasmͷόΠφϦͱͯ͠Envoyʹ഑෍ • Envoy <-> Wasmͷ࿩͠ํ(ABI)Λstableʹ͠Α͏ • ͢΂ͯͷ՝୊ΛΫϦΞ

    • ೚ҙͷݴޠ, ಈతload, ηΩϡΞ, stableͳABI Extending Envoy with Wasm ಠࣗͷABI

  38. • ͦ΋ͦ΋ϓϩΩγαʔόͷ֦ு༻API͸ීวతͳ΋ͷͳ͸ͣ • ྫ: Http Header/Body/Trailerʹରͯ͠◦◦͢Δ, tcpίωΫγϣϯʹରͯ͠xx͢Δ • Envoy͔Β੾Γ཭ͤΔͷͰ͸ʁ =>

    Proxy-Wasmͱ͍͏Envoy͔Βಠཱͨ͠ϓϩδΣΫτʹ Extending Envoy with Wasm

  39. 3. Proxy-Wasm: WebAssembly For Proxies

  40. • https://github.com/proxy-wasm • ϓϩΩγαʔόͷ֦ுػߏͷͨΊͷABIͱSDK౳ͷ։ൃͷͨΊͷϓϩδΣΫτ • ։ൃ͸࣮࣭తʹ͸EnvoyίϛϡχςΟ • Linkerd΍MosnͳͲ΄͔ͷϓϩΩγք۾΋ࢀೖͷؾ഑ Proxy-Wasm: WebAssembly

    for Proxies

  41. • ̐ͭͷݴޠͷSDK͕͋Γ, ؆୯ʹcompatibleͳWasm΁ͷίϯύΠϧ͕Մೳ • C++, Rust, Go(TinyGO), AssemblyScript • Hostͷެ࣮ࣜ૷͸C++ͷΈ

    • https://github.com/proxy-wasm/proxy-wasm-cpp-host • VMͱͯ͠ Wasmtime(wasm-c-api), V8(wasm-c-api), WAVM͕ݱঢ়ར༻Մೳ • Envoy, Apache Traffic Server(PoC)౳͸͜ͷެ࣮ࣜ૷ΛϥΠϒϥϦͱͯ͠࢖͏ Proxy-Wasm: WebAssembly for Proxies

  42. • Spec: https://github.com/proxy-wasm/spec • WasmͷϓϩΩγαʔόͷABI(࿩͠ํ)ΛఆΊͨ΋ͷ • (proxy-wasm-cpp-host࣮૷͸v0.2.1ʹͳͬͯΔ͕, spec͕ߋ৽͞Ε͍ͯͳ͍…) Proxy-Wasm specification

  43. Proxy-Wasm specification: Example 1. ϩΪϯάͷͨΊʹ “Wasm͔Β”ݺͿؔ਺

  44. Proxy-Wasm specification: Example 1. proxy_logͷ࣮૷ in ϗετ https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/exports.cc#L854-L864

  45. Proxy-Wasm specification: Example 1. proxy_logͷ࣮૷Λظ଴ https://github.com/proxy-wasm/proxy-wasm-rust-sdk/blob/master/src/hostcalls.rs#L20-L32

  46. Proxy-Wasm specification: Example 2. ίωΫγϣϯཱ֬࣌, ϗετ͔Βݺ͹ΕΔ “Wasm”಺ͷؔ਺ Tcp data͕౸ண࣌, ϗετ͔Βݺ͹ΕΔ

    “Wasm”಺ͷؔ਺

  47. Proxy-Wasm specification: Example 2. http request header౸ண࣌, ϗετ͔Βݺ͹ΕΔ “Wasm಺”ͷؔ਺ http

    request body͕౸ண࣌, ϗετ͔Βݺ͹ΕΔ “Wasm಺”ͷؔ਺

  48. Proxy-Wasm specification: Example 2. SDK಺Ͱ࣮૷ & export https://github.com/tetratelabs/proxy-wasm-go-sdk/blob/main/proxywasm/abi_l7.go#L21-L40

  49. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319

  50. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-host಺ͷ onResponseHeadersΛݺͿ

  51. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-host಺ͷ onResponseHeadersΛݺͿ “Wasm಺”ͷproxy_on_request_headers

  52. • 1 VM / (Plugin, Worker Thread) • Nativeͷ֦ுͷதͰproxy-wasm- cpp-hostΛ࢖༻

    • 1೥൒΋ͷؒ “envoy-wasm”ͱ͍͏ forkઌͰ։ൃ • 10݄ʹupstream΁Ϛʔδ͞Εͨ Proxy-Wasm in Envoy

  53. • 2ͭͷDeployͷํ๏ • EnvoyͷϑΝΠϧγες ϜʹWasmΛஔ͍ͯ, ىಈ ࣌ʹϩʔυ • xDSͱݺ͹ΕΔಠࣗͷಈ తconfigurationͷϓϩτ

    ίϧͰRuntimeͰ੾Γସ ͑Δ Proxy-Wasm in Envoy

  54. Proxy-Wasm in Envoy

  55. Proxy-Wasm in Envoy

  56. Proxy-Wasm in Mosn

  57. Proxy-Wasm in Linkerd?

  58. 4. The Challenges and Future

  59. • ೚ҙͷϓϩάϥϜ͔ΒͲ͏ͷΑ͏ʹϗετΛकΔ͔? • Proxyαʔό͸ϛογϣϯΫϦςΟΧϧͳιϑτ΢ΣΞ • ςετ͸ॻ͍ͯ΋ॻ͍ͯ΋ॻ͖͖Εͳ͍ • I/F͕ηΩϡΞͱ͸͍͑ɺಛఆͷύεͰΫϥογϡ͢Δ͜ͱ΋͋Δ Challenges in

    Proxy-Wasm

  60. • ύϑΥʔϚϯεͷ໰୊ • Near-nativeͱ͸͍͑΍ͬͺΓগ͠஗͍ • GC෇͖ͷݴޠ͸Proxy-Wasm޲͚ͷGCΞϧΰϦζϜΛ։ൃ͠ͳ͍ͱ ͍͚ͳ͍? Challenges in Proxy-Wasm

  61. • αϙʔτݴޠ, ͦ͜·Ͱଟ͘ͳ͍Α͏ͳ….? • WasmͷΤίγεςϜࣗମ͕·ͩະख़ Challenges in Proxy-Wasm

  62. • V8, WAVM, WasmtimeΛಉ࣌ʹlink͠Α͏ͱͨ͠Βsymbol͕িಥ • libunwind, wasm-c-api, GDB JIT interface

    Challenges in Proxy-Wasm

  63. • ABI͕Envoyͷ࣮૷ʹ͍ͩͿد͍ͬͯΔ(౰ͨΓલͱ͍͑͹౰ͨΓલ…) • 1VM͕ෳ਺ͷϦΫΤετΛࡹ͘ͱ͍͏ઃܭ • V8 / WAVMͷoverhead͕എܠ • 1VM

    = 1 requestͱ͍͏Ϟσϧͷ৔߹ʹෆཁͳઃఆ͕͍͔ͭ͋͘Δ Challenges in Proxy-Wasm

  64. • RuntimeͲΕબ΂͹ྑ͍ͷ͔໰୊ • (Runtimeͷ)Compile, (Wasm)ͷCompile, ࣮ߦ଎౓ͷτϨʔυΦϑ Challenges in Proxy-Wasm

  65. • ·ͩ·ͩEarly days (Join us!): server-side Wasmͷ੒ޭྫͱͳΓ͍ͨ • EnvoyҎ֎ͷProxyʹΑΔαϙʔτ Future

    of Proxy-Wasm

  66. • BytecodeAllienceೖΓ…? • ࣮ࡍProxy-Wasm͸͋ΔछͷWASIͷ֦ுͰ͋Δ • Pre-Proposal phaseͱͯ͠WASIͷProposalʹ͍Δ • https://github.com/WebAssembly/WASI/blob/master/docs/ Proposals.md

    Future of Proxy-Wasm

  67. Future of Proxy-Wasm https://stackoverflow.com/questions/60969344/what-is-the-relationship-between-wasi-and-proxy-wasm

  68. • OCI-compilantͳartifact imageͱͯ͠WasmͷόΠφϦΛ֨ೲ • docker pullͱಉ͡Α͏ʹ֦ுػೳΛϩʔυ • ͜Ε͸Proxy-Wasmʹݶͬͨ࿩Ͱ͸ͳ͍ • https://github.com/deislabs/krustlet

    : k8s্Ͱίϯςφͱͯ͠WasmΛಈ͔͢project • https://github.com/deislabs/oras: OCI Registry As Storage • ๭͔ࣾΒ“Proxy-Wasm༻” OCI Spec͕ఏҊ͞Ε͍ͯΔ͕…(ࣾձੑϑΟϧλʔ) Future of Proxy-Wasm

  69. • Proxy-Wasm = WasmΛ࢖ͬͨϓϩΩγαʔόͷ֦ுػߏͷඪ४ԽϓϩδΣΫτ • WasmΛαʔό಺Ͱಈ͔ͯ͠ΠϕϯτຖʹWasm΁࿩͔͚͠Δ • ·ͩ·ͩearly days •

    Wasm/WASIͱڞʹ೔ʑਐԽ͍ͯ͠Δ • Envoy slackͷ #envoy-wasmͱ͍͏νϟϯωϧ͕Ұ൪ϝϯςφʹ͍ۙ ·ͱΊ

  70. • Service Meshͷ࣮૷ͷࠐΈೖͬͨ࿩ • Envoyͷ֦ுͷਏ͞͸IstioଆͰڧ͍Ϟνϕʔγϣϯ͕͋ͬͨ͜ͱ • IstioଆͰطʹproductionͰ࢖ΘΕ͍ͯΔ͜ͱ • ֤SDKͷ࣮૷ͷਏ͞ͷ࿩ •

    Rust͸Wasmͷத΁ͷreentrant call͕ෳ਺ͷmutable borrowΛੜΜͰࢮ͵ͱ͔ • GoͷWASIαϙʔτ͸Ұੜདྷͳ͍ؾ͕͢Δͱ͔ͦ͏͍͏࿩ • V8ઌੜͱͷϝϞϦϦʔΫ֨ಆ೔ه • Rustͷίʔυ͕ॳΊͯEnvoyʹlink͞ΕΔ·Ͱͷي੻(ۤস) • GetEnvoy Extension Toolkit౳ͷ։ൃπʔϧ ࠓ೔࿩ͤ(͞)ͳ͔ͬͨ͜ͱ

  71. We are hiring! https://www.tetrate.io/careers/