Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Proxy-Wasm: Wasmを利用したPlugin機構の開発
Search
mathetake
December 09, 2020
Technology
1.9k
3
Share
Proxy-Wasm: Wasmを利用したPlugin機構の開発
WebAssembly night #10
https://emsn.connpass.com/event/192221
mathetake
December 09, 2020
More Decks by mathetake
See All by mathetake
CGO-less Foreign Function Interface With WebAssembly
mathetake
4
910
WebAssemblyの現状と展望 ~言語ツールチェインからWASIまで~
mathetake
15
4.5k
Isolated multiple trust domain mTLS in Envoy and Istio
mathetake
2
1.3k
Wasmで広がるEnvoyとIstioの世界
mathetake
7
3.9k
Proxy-Wasm: エッジでのWasm研究開発最先端
mathetake
8
2.6k
Introduction to Flagger
mathetake
5
5.5k
Other Decks in Technology
See All in Technology
JICUG あなたのAI駆動開発パートナー IBM Bob を使ったアプリ開発
1ftseabass
PRO
0
100
A Harness for Behaviour: how to get AI to generate code that does what we intend, or "TDD in the age of AI"
xpmatteo
0
480
自作エディターをOSSにして分かった、一人に刺さる開発が世界を動かす理由
shinyasaita
1
450
イベントストーミングとKiroの仕様駆動開発で実現する要件の認識合わせプロセス
syobochim
7
820
Gradle×GitHub_ActionsでCI時間を約50%短縮 ジョブ分割の設計と落とし穴 / Cutting CI Time by ~50% with Gradle and GitHub Actions: Job-Splitting Design and Pitfalls
takatty
0
470
long-running-tasks
cipepser
2
420
【ハノーバーメッセ振り返りイベントat名古屋】データは集約からAI起点の収集に ~組織内・組織間でのデータ連携~
tanakaseiya
0
130
APIテストとは?
nagix
0
120
oracle-to-databricks-migration-with-llm-and-dbt
casek
0
300
AI時代の私の技術インプットとアウトプット術
tonkotsuboy_com
15
7.4k
基礎から解説!Icebergで紐解くSnowflake×Databricks連携の現在地
cm_yasuhara
0
350
AIガバナンス実践 - 生成AIコネクタのデータ漏洩リスクと実務対策
knishioka
0
110
Featured
See All Featured
Un-Boring Meetings
codingconduct
0
300
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
65
55k
Context Engineering - Making Every Token Count
addyosmani
9
910
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
470
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4.2k
Scaling GitHub
holman
464
140k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
750
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
2
380
Evolving SEO for Evolving Search Engines
ryanjones
0
210
GraphQLとの向き合い方2022年版
quramy
50
15k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
360
30k
What does AI have to do with Human Rights?
axbom
PRO
1
2.2k
Transcript
Takeshi Yoneda, Software Engineer, Tetrate.io WebAssembly Night #10 Proxy-Wasm: WasmΛར༻ͨ͠Pluginػߏͷ։ൃ
• Takeshi Yoneda (Ϛελέ) / Twitter, Github: @mathetake • Software
Engineer at Tetrate, California, US • “Paid” OSS dev: Envoy, Istio, Proxy-Wasm, Wasm, TinyGo • C++ committer of Proxy-Wasm project • Creator of Go SDK for Proxy-Wasm • Contributor/Member of V8, Envoy, TinyGo, Weaveworks/Flagger, etc. whoami
1. The current state of WebAssembly 2. Background: Envoy’s extensibility
3. Proxy-Wasm: WebAssembly For Proxies 4. The Challenges and Future Agenda
1. The current state of WebAssembly
• Stack-basedͳԾϚγϯͱͦͷ༷ • ݩʑϒϥβ(JS)ͷߴԽ͕త • asm.js -> WebAssembly(Wasm)ͱਐԽ • ༷ΛಡΊ͔Δ͕Ұݴ
“host” ͷཁٻ͕ͳ͍ • Portable, platform-agnostic • Run at near-native speed: ΊͬͪΌ͍(※࣮ʹΑΔ) • Security: ελοΫ͕ϓϩάϥϜ͔Βݟ͑ͳ͍ͱ͔ͦ͏͍͏ͷ WebAssembly 101
• ༷ʑͳݴޠ͔ΒίϯύΠϧՄೳ: C, C++, Rust, Go(TinyGo), AssemblyScript • ॳjsͷΈࠐΈ͕લఏ: ͦΕͧΕͷݴޠ͕ಠࣗͷ
“glue.js”Λ࣋ͭ • ίϯύΠϥڞ௨ͷ“Platform”λʔήοτ͕ͳ͍(͍, jsͳΜ͚ͩͲ͞, Έ͍ͨͳ) • VMͱͯ͠༏ल&ίϯύΠϥج൫͋Δͷʹମͳ͍ • ϒϥβͷ֎Ͱ͍͍ͨ WebAssembly 101
• Wasm <-> Hostͷ͠ํ(ΠϯλʔϑΣΠε)Λඪ४Խ͠·͠͠ΐ͏ • WasmͷίϯύΠϥͷ“platform”λʔήοτʹ͠Α͏ • WASI (WebAssembly System
Interface)ͷొ WebAssembly 101 https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/
• WASIΛ࣮ͨ͠ϥϯλΠϜ͕ొ • WAVM, Wasmtime, Wasmer, Lucet, ʑ • “ී௨ͷϓϩηε”ͱಉ͡Α͏ʹWasm͕ಈ͘Α͏ʹͳΔ
Wasm gets out of web browsers
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/pull/1373
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
Example: TinyGo’s WASI support
Example: TinyGo’s WASI support “clock_time_get” Λimport
Example: TinyGo’s WASI support “clock_time_get” Λimport Wasmtime WASI Implementation
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go
Example: TinyGo’s WASI support time.Nowͷ࣮ମ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go time.Nowͷ࣮ମ
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
Example: TinyGo’s WASI support Wasmtime Runtime͕࣮ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
• ݁ہABI (Wasm <-> Hostͷ͠ํ)ܾ͑͞ΊΕͳΜͰͰ͖Δ • ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ͍ͯ͠ΔΒ͍͠ •
Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers
• ݁ہABI (Wasm <-> Hostͷ͠ํ)ܾ͑͞ΊΕͳΜͰͰ͖Δ • ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ͍ͯ͠ΔΒ͍͠ •
Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers ࠓͷ͓
2. Background: Envoy’s extensibility
What is Envoy?
• “Cloud-native high-performance edge/middle/service proxy” • CNCF Graduated Project, Github
Star: 15,000+ • Written in C++ • αʔϏεϝογϡͷData planeͱͯ͠།Ұແೋͷଘࡏ What is Envoy?
• ϓϩΩγαʔόʔͳͷͰuse case͕ແݶ • EnvoyʹવϓϥάΠϯ(֦ு)ػߏ͕ଘࡏ • ֦ுͷྫ • ࣾಠࣗͷAuthn/Authz ػೳΛೖΕ͍ͨ
• ಛघͳϓϩτίϧΛѻ͍͍ͨ • MySQL, Redis, DynamoDB, etc. Envoy’s extensibility
Envoy’s extensibility
• Envoy੩తϦϯΫ͕લఏ • C++Ͱॻ͔ͳ͍ͱ͍͚ͳ͍ • มߋөͷͨΊʹશ࠶ىಈ͕ඞཁ • StableͳABI͕ܾ·͍ͬͯͳ͍ • ֦ுػೳΛՃ͢Δʹ
1. UpstreamϚʔδ͢Δ —> ಛघ(private)ͳϢʔεέʔεෆՄ 2. ಠࣗϏϧυΛ͢Δ —> upstreamͷै͕େม Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
None
• ϓϥάΠϯ = WasmͷόΠφϦͱͯ͠Envoyʹ • Envoy <-> Wasmͷ͠ํ(ABI)Λstableʹ͠Α͏ • ͯ͢ͷ՝ΛΫϦΞ
• ҙͷݴޠ, ಈతload, ηΩϡΞ, stableͳABI Extending Envoy with Wasm ಠࣗͷABI
• ͦͦϓϩΩγαʔόͷ֦ு༻APIීวతͳͷͳͣ • ྫ: Http Header/Body/Trailerʹରͯ͠◦◦͢Δ, tcpίωΫγϣϯʹରͯ͠xx͢Δ • Envoy͔ΒΓͤΔͷͰʁ =>
Proxy-Wasmͱ͍͏Envoy͔Βಠཱͨ͠ϓϩδΣΫτʹ Extending Envoy with Wasm
3. Proxy-Wasm: WebAssembly For Proxies
• https://github.com/proxy-wasm • ϓϩΩγαʔόͷ֦ுػߏͷͨΊͷABIͱSDKͷ։ൃͷͨΊͷϓϩδΣΫτ • ։ൃ࣮࣭తʹEnvoyίϛϡχςΟ • LinkerdMosnͳͲ΄͔ͷϓϩΩγք۾ࢀೖͷؾ Proxy-Wasm: WebAssembly
for Proxies
• ̐ͭͷݴޠͷSDK͕͋Γ, ؆୯ʹcompatibleͳWasmͷίϯύΠϧ͕Մೳ • C++, Rust, Go(TinyGO), AssemblyScript • Hostͷެ࣮ࣜC++ͷΈ
• https://github.com/proxy-wasm/proxy-wasm-cpp-host • VMͱͯ͠ Wasmtime(wasm-c-api), V8(wasm-c-api), WAVM͕ݱঢ়ར༻Մೳ • Envoy, Apache Traffic Server(PoC)͜ͷެ࣮ࣜΛϥΠϒϥϦͱͯ͠͏ Proxy-Wasm: WebAssembly for Proxies
• Spec: https://github.com/proxy-wasm/spec • WasmͷϓϩΩγαʔόͷABI(͠ํ)ΛఆΊͨͷ • (proxy-wasm-cpp-host࣮v0.2.1ʹͳͬͯΔ͕, spec͕ߋ৽͞Ε͍ͯͳ͍…) Proxy-Wasm specification
Proxy-Wasm specification: Example 1. ϩΪϯάͷͨΊʹ “Wasm͔Β”ݺͿؔ
Proxy-Wasm specification: Example 1. proxy_logͷ࣮ in ϗετ https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/exports.cc#L854-L864
Proxy-Wasm specification: Example 1. proxy_logͷ࣮Λظ https://github.com/proxy-wasm/proxy-wasm-rust-sdk/blob/master/src/hostcalls.rs#L20-L32
Proxy-Wasm specification: Example 2. ίωΫγϣϯཱ֬࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ Tcp data͕౸ண࣌, ϗετ͔ΒݺΕΔ
“Wasm”ͷؔ
Proxy-Wasm specification: Example 2. http request header౸ண࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ http
request body͕౸ண࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ
Proxy-Wasm specification: Example 2. SDKͰ࣮ & export https://github.com/tetratelabs/proxy-wasm-go-sdk/blob/main/proxywasm/abi_l7.go#L21-L40
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-hostͷ onResponseHeadersΛݺͿ
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-hostͷ onResponseHeadersΛݺͿ “Wasm”ͷproxy_on_request_headers
• 1 VM / (Plugin, Worker Thread) • Nativeͷ֦ுͷதͰproxy-wasm- cpp-hostΛ༻
• 1ͷؒ “envoy-wasm”ͱ͍͏ forkઌͰ։ൃ • 10݄ʹupstreamϚʔδ͞Εͨ Proxy-Wasm in Envoy
• 2ͭͷDeployͷํ๏ • EnvoyͷϑΝΠϧγες ϜʹWasmΛஔ͍ͯ, ىಈ ࣌ʹϩʔυ • xDSͱݺΕΔಠࣗͷಈ తconfigurationͷϓϩτ
ίϧͰRuntimeͰΓସ ͑Δ Proxy-Wasm in Envoy
Proxy-Wasm in Envoy
Proxy-Wasm in Envoy
Proxy-Wasm in Mosn
Proxy-Wasm in Linkerd?
4. The Challenges and Future
• ҙͷϓϩάϥϜ͔ΒͲ͏ͷΑ͏ʹϗετΛकΔ͔? • ProxyαʔόϛογϣϯΫϦςΟΧϧͳιϑτΣΞ • ςετॻ͍ͯॻ͍ͯॻ͖͖Εͳ͍ • I/F͕ηΩϡΞͱ͍͑ɺಛఆͷύεͰΫϥογϡ͢Δ͜ͱ͋Δ Challenges in
Proxy-Wasm
• ύϑΥʔϚϯεͷ • Near-nativeͱ͍͑ͬͺΓগ͍͠ • GC͖ͷݴޠProxy-Wasm͚ͷGCΞϧΰϦζϜΛ։ൃ͠ͳ͍ͱ ͍͚ͳ͍? Challenges in Proxy-Wasm
• αϙʔτݴޠ, ͦ͜·Ͱଟ͘ͳ͍Α͏ͳ….? • WasmͷΤίγεςϜࣗମ͕·ͩະख़ Challenges in Proxy-Wasm
• V8, WAVM, WasmtimeΛಉ࣌ʹlink͠Α͏ͱͨ͠Βsymbol͕িಥ • libunwind, wasm-c-api, GDB JIT interface
Challenges in Proxy-Wasm
• ABI͕Envoyͷ࣮ʹ͍ͩͿد͍ͬͯΔ(ͨΓલͱ͍͑ͨΓલ…) • 1VM͕ෳͷϦΫΤετΛࡹ͘ͱ͍͏ઃܭ • V8 / WAVMͷoverhead͕എܠ • 1VM
= 1 requestͱ͍͏Ϟσϧͷ߹ʹෆཁͳઃఆ͕͍͔ͭ͋͘Δ Challenges in Proxy-Wasm
• RuntimeͲΕબྑ͍ͷ͔ • (Runtimeͷ)Compile, (Wasm)ͷCompile, ࣮ߦͷτϨʔυΦϑ Challenges in Proxy-Wasm
• ·ͩ·ͩEarly days (Join us!): server-side WasmͷޭྫͱͳΓ͍ͨ • EnvoyҎ֎ͷProxyʹΑΔαϙʔτ Future
of Proxy-Wasm
• BytecodeAllienceೖΓ…? • ࣮ࡍProxy-Wasm͋ΔछͷWASIͷ֦ுͰ͋Δ • Pre-Proposal phaseͱͯ͠WASIͷProposalʹ͍Δ • https://github.com/WebAssembly/WASI/blob/master/docs/ Proposals.md
Future of Proxy-Wasm
Future of Proxy-Wasm https://stackoverflow.com/questions/60969344/what-is-the-relationship-between-wasi-and-proxy-wasm
• OCI-compilantͳartifact imageͱͯ͠WasmͷόΠφϦΛ֨ೲ • docker pullͱಉ͡Α͏ʹ֦ுػೳΛϩʔυ • ͜ΕProxy-WasmʹݶͬͨͰͳ͍ • https://github.com/deislabs/krustlet
: k8s্Ͱίϯςφͱͯ͠WasmΛಈ͔͢project • https://github.com/deislabs/oras: OCI Registry As Storage • ͔ࣾΒ“Proxy-Wasm༻” OCI Spec͕ఏҊ͞Ε͍ͯΔ͕…(ࣾձੑϑΟϧλʔ) Future of Proxy-Wasm
• Proxy-Wasm = WasmΛͬͨϓϩΩγαʔόͷ֦ுػߏͷඪ४ԽϓϩδΣΫτ • WasmΛαʔόͰಈ͔ͯ͠ΠϕϯτຖʹWasm͔͚͠Δ • ·ͩ·ͩearly days •
Wasm/WASIͱڞʹʑਐԽ͍ͯ͠Δ • Envoy slackͷ #envoy-wasmͱ͍͏νϟϯωϧ͕Ұ൪ϝϯςφʹ͍ۙ ·ͱΊ
• Service Meshͷ࣮ͷࠐΈೖͬͨ • Envoyͷ֦ுͷਏ͞IstioଆͰڧ͍Ϟνϕʔγϣϯ͕͋ͬͨ͜ͱ • IstioଆͰطʹproductionͰΘΕ͍ͯΔ͜ͱ • ֤SDKͷ࣮ͷਏ͞ͷ •
RustWasmͷதͷreentrant call͕ෳͷmutable borrowΛੜΜͰࢮ͵ͱ͔ • GoͷWASIαϙʔτҰੜདྷͳ͍ؾ͕͢Δͱ͔ͦ͏͍͏ • V8ઌੜͱͷϝϞϦϦʔΫ֨ಆه • Rustͷίʔυ͕ॳΊͯEnvoyʹlink͞ΕΔ·Ͱͷي(ۤস) • GetEnvoy Extension Toolkitͷ։ൃπʔϧ ࠓͤ(͞)ͳ͔ͬͨ͜ͱ
We are hiring! https://www.tetrate.io/careers/
mathetake
1ftseabass
xpmatteo
shinyasaita
syobochim
takatty
cipepser
tanakaseiya
nagix
casek
tonkotsuboy_com
cm_yasuhara
knishioka
codingconduct
soudai
addyosmani
marktimemedia
ipullrank
holman
nmsamuel
jct
ryanjones
quramy
bermonpainter
axbom
