Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Wasmで広がるEnvoyとIstioの世界

mathetake
March 25, 2021

 Wasmで広がるEnvoyとIstioの世界

Kubernetes Meetup Tokyo #40 https://k8sjp.connpass.com/event/206303/

mathetake

March 25, 2021
Tweet

More Decks by mathetake

Other Decks in Programming

Transcript

  1. • Takeshi Yoneda (Ϛελέ) / Twitter, Github: @mathetake • Software

    Engineer at Tetrate.io • “Paid” OSS dev: Envoy, Istio, Proxy-Wasm, TinyGo • C++ committer of Proxy-Wasm project • Creator of Go SDK for Proxy-Wasm • Contributor of V8 whoami
  2. 1. Introduction to WebAssembly 2. Background: Envoy’s extensibility 3. Proxy-Wasm:

    WebAssembly For Proxies 4. Proxy-Wasm in Istio 5. Challenges and Future Agenda
  3. • Stack-basedͳԾ૝Ϛγϯͱͦͷ࢓༷ • ݩʑ͸ϒϥ΢β(JS)ͷߴ଎Խ͕໨త • asm.js -> WebAssembly(Wasm)΁ͱਐԽ • ࢓༷ΛಡΊ͹෼͔Δ͕Ұݴ΋

    “host” ΁ͷཁٻ͕ͳ͍ • Portable, Platform-agnostic, Open-ended • Run at near-native speed: ΊͬͪΌ଎͍(※࣮૷ʹΑΔ) • Security: ελοΫ͕ϓϩάϥϜ͔Βݟ͑ͳ͍ͱ͔ͦ͏͍͏ͷ WebAssembly 101
  4. • ༷ʑͳݴޠ͔ΒίϯύΠϧՄೳ: C, C++, Rust, Go(TinyGo), AssemblyScript • ౰ॳ͸js΁ͷ૊ΈࠐΈ͕લఏ: ͦΕͧΕͷݴޠ͕ಠࣗͷ

    “glue.js”Λ࣋ͭ • ίϯύΠϥڞ௨ͷ“Platform”λʔήοτ͕ͳ͍(͍΍, jsͳΜ͚ͩͲ͞, Έ͍ͨͳ) • VMͱͯ͠༏ल&ίϯύΠϥج൫΋͋Δͷʹ໪ମͳ͍ • ϒϥ΢βͷ֎Ͱ΋࢖͍͍ͨ WebAssembly 101
  5. • Wasm <-> Host OSͷ࿩͠ํ(ΠϯλʔϑΣΠε)=SystemcallΛඪ४Խ͠·͠ΐ͏ • Wasm΁ͷίϯύΠϥͷ“platform”λʔήοτʹ͠Α͏ • WASI (WebAssembly

    System Interface)ͷొ৔ WebAssembly 101 https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/
  6. • WASI = Wasmͷ࢓༷ʹ͋Δ “host function” Λsystem call޲͚ʹඪ४Խͨ͠΋ͷ • ݁ہABI

    (Wasm <-> Hostͷ࿩͠ํ)ܾ͑͞ΊΕ͹ͳΜͰ΋Ͱ͖Δ • ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔ • Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI(Proxy-Wasm) Wasm gets out of web browsers WASI ABI Linux / Darwin / Windows / … Wasm Virtual Machine
  7. • WASI = Wasmͷ࢓༷ʹ͋Δ “host function” Λsystem call޲͚ʹඪ४Խͨ͠΋ͷ • ݁ہABI

    (Wasm <-> Hostͷ࿩͠ํ)ܾ͑͞ΊΕ͹ͳΜͰ΋Ͱ͖Δ • ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔ • Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI(Proxy-Wasm) Wasm gets out of web browsers Proxy-Wasm ABI Envoy / Nginx / ATS / … Wasm Virtual Machine
  8. • “Cloud-native high-performance edge/middle/service proxy” • CNCF Graduated Project, Github

    Star: 16,000+ • Written in C++ • αʔϏεϝογϡͷData planeͱͯ͠།Ұແೋͷଘࡏ What is Envoy?
  9. • Envoy͸੩తϦϯΫ͕લఏ • C++Ͱॻ͔ͳ͍ͱ͍͚ͳ͍ • มߋ൓өͷͨΊʹશ୆࠶ىಈ͕ඞཁ • StableͳABI͕ܾ·͍ͬͯͳ͍ • ֦ுػೳΛ௥Ճ͢Δʹ͸

    1. Upstream΁Ϛʔδ͢Δ —> ಛघ(private)ͳϢʔεέʔε͸ෆՄ 2. ಠࣗϏϧυΛ͢Δ —> upstream΁ͷ௥ै͕େม(಺෦ͷAPI͕unstable) Envoy’s extensibility
  10. • ϓϥάΠϯ = WasmͷόΠφϦͱͯ͠Envoyʹ഑෍ • Envoyͷ“தͰ” WasmͷVMΛಈ͔͢ • Envoy <->

    Wasmͷ࿩͠ํ(ABI)Λstableʹ͠Α͏ • ͢΂ͯͷ՝୊ΛΫϦΞ • ೚ҙͷݴޠ, ಈతload, ηΩϡΞ, stableͳABI Extending Envoy with Wasm ಠࣗͷABI
  11. • ̐ͭͷݴޠͷSDK͕͋Γ, ؆୯ʹcompatibleͳWasm΁ͷίϯύΠϧ͕Մೳ • C++, Rust, Go, AssemblyScript • Hostͷެ࣮ࣜ૷͸C++ͷΈ

    • https://github.com/proxy-wasm/proxy-wasm-cpp-host • VMͱͯ͠ Wasmtime, V8, WAVM͕ݱঢ়ར༻Մೳ • Envoy, Apache Traffic Server(PoC)౳͸͜ͷެ࣮ࣜ૷ΛϥΠϒϥϦͱͯ͠࢖͏ Proxy-Wasm: WebAssembly for Proxies
  12. • 1 VM / (Plugin, Worker Thread) • Nativeͷ֦ுͷதͰproxy-wasm- cpp-hostΛ࢖༻

    • 1೥൒΋ͷؒ “envoy-wasm”ͱ͍͏ forkઌͰ։ൃ • 2020/10ʹupstream΁merge • v1.17ͰॳͷstableϦϦʔε Proxy-Wasm in Envoy: Impl. model
  13. • ࣮͸͜ΕΒͷϓϥάΠϯ͸ਖ਼֬ʹ͸σϑΥϧτͰ͸“Wasm”Ͱಈ͍͍ͯͳ͍ • Proxy-WasmͷABIΛ༻͍ͯ͸͍Δ͕NativeʹCompile & Envoyʹstatic link • NullVmͱզʑ͕ݺΜͰ͍Δ࢓૊Έ •

    EnvoyͷWasm Extension͕·ͩalphaεςʔλεͳͨΊ • ҰํͰɺWasmͱͯ͠΋ίϯύΠϧՄೳͳΑ͏ʹίʔυ͕ॻ͔Ε͍ͯΔ • ͍ۙকདྷ(v1.10~)σϑΥϧτͰWasm VM಺ͰϓϥάΠϯ͕ಈ͘Α͏ʹͳΔ͸ͣ Istio: official plugins in Proxy-Wasm
  14. • ݱঢ়Istio (Istio-agent)͸, http(s)Ͱserving͞ΕͨWasmόΠφϦͷΈLoadՄ • OCI-imageͱͯ͠WasmͷbinaryΛOCI registryʹ֨ೲ͢ΔྲྀΕ͕͋Δ • https://github.com/engineerd/wasm-to-oci •

    https://github.com/solo-io/wasm-image-spec • Proxy-Wasm༻ͷOCI-image specΛIstio Wasm-SIG಺Ͱࡦఆத: ΄΅ݻ·ͬͨ • ͍ۙকདྷOCI registryʹpush͞ΕͨWasmΛIstio͕αϙʔτ͢ΔΑ͏ʹͳΔ • (࣮૷͸๻ͷTODOͰ͢…) How to deploy plugins in Istio: Delivery
  15. Future of Workflow of Istio Wasm plugins Build Push OCI-registries

    k apply -f wasm.yaml Image: hoge.com/my-plugin:v1.10 config: …
  16. • ςετͱσόά͕͔ͳΓਏ͍ • ςετͷͨΊʹEnvoyΛಈ͔͢…? • Go SDKͰ͸EnvoyͷΤϛϡϨʔλΛGoͰॻ͍ͯ, nativeίϯύΠϧ Ͱςετ: ݶք͕͋Δ

    • WasmଆʹdebugͷͨΊͷ࢓༷͕ͳ͍ͷͰ, ֤ݴޠ͝ͱʹ৭ʑ • LLVMϕʔεͷݴޠͳΒDWARF͕όΠφϦʹೖͬͯΔͷͰ৭ʑͰ͖ Δ͕Proxy-Wasm HostଆͰະ࣮૷(Ջ͕͋ͬͨΒ΍Δ) • Stack trace͕औΓͮΒ͍(Ϣʔβʔۭ͔ؒΒ͸stack͸ݟΕͳ͍ͷͰ) Challenges in Proxy-Wasm
  17. Future of Cloud Native Wasm 2015 2019/03 2020/03 WASIͷొ৔ WASMͷొ৔

    Proxy-Wasmͷొ৔ 2013/03 asm.jsͷొ৔ 2020/04 Krustletͷొ৔ 202x/yy ????
  18. • Wasm͸ηΩϡΞͰportableͳόΠφϦϑΥʔϚοτ+Ծ૝Ϛγϯͷ࢓༷ • CNCF͕༧ଌ͢ΔΑ͏ʹ, ༷ʑͳ৔໘Ͱར༻͕૿͖͑ͯͦ͏ • Cloud Native Wasm DayͷτʔΫΛݟΔͱಈ޲͕ݟ͑ͯ͘Δ?

    • Proxy-WasmʹΑΓEnvoy/Istio͕WasmͰ֦ுͰ͖ΔΑ͏ͳੈք͕طʹདྷ͍ͯΔ • Isito͚ͩͰͳ͘, େاۀ͕طʹproductionͰಈ͔͍ͯ͠Δ • ·ͩ·ͩൃల్্Ͱ͕͢, 2021೥தʹ͸͔ͳΓ੒ख़͢ΔݟࠐΈ ·ͱΊ