Takeshi Yoneda, Software Engineer, Tetrate.io Infra Study Meetup #8 ʮΠϯϑϥͱݚڀ։ൃʯ Proxy-Wasm: ΤοδͰͷWasmݚڀ։ൃ࠷ઌ୺

• Takeshi Yoneda (Ϛελέ) / Twitter, Github: @mathetake • Software Engineer at Tetrate, California, US • “Paid” OSS dev: Envoy, Istio, Proxy-Wasm, Wasm, TinyGo • C++ committer of Proxy-Wasm project • Creator of Go SDK for Proxy-Wasm • Contributor/Member of Chromium/V8, Envoy, TinyGo, Weaveworks/Flagger, etc. whoami

1. The current state of WebAssembly 2. Background: Envoy’s extensibility 3. Proxy-Wasm: WebAssembly For Proxies Agenda

1. The current state of WebAssembly

• Stack-basedͳԾ૝Ϛγϯͱͦͷ࢓༷ • ݩʑ͸ϒϥ΢β(JS)ͷߴ଎Խ͕໨త • asm.js -> WebAssembly(Wasm)΁ͱਐԽ • ࢓༷ΛಡΊ͹෼͔Δ͕Ұݴ΋ “host” ΁ͷཁٻ͕ͳ͍ • Portable, platform-agnostic • Run at near-native speed: ΊͬͪΌ଎͍(※࣮૷ʹΑΔ) • Security: ελοΫ͕ϓϩάϥϜ͔Βݟ͑ͳ͍ͱ͔ͦ͏͍͏ͷ WebAssembly 101

• ༷ʑͳݴޠ͔ΒίϯύΠϧՄೳ: C, C++, Rust, Go(TinyGo), AssemblyScript • ౰ॳ͸js΁ͷ૊ΈࠐΈ͕લఏ: ͦΕͧΕͷݴޠ͕ಠࣗͷ “glue.js”Λ࣋ͭ • ίϯύΠϥڞ௨ͷ“Platform”λʔήοτ͕ͳ͍(͍΍, jsͳΜ͚ͩͲ͞, Έ͍ͨͳ) • VMͱͯ͠༏ल&ίϯύΠϥج൫΋͋Δͷʹ໪ମͳ͍ -> ϒϥ΢βͷ֎Ͱ΋࢖͍͍ͨ • Wasm͔ΒݺͿsystem callͷ࢓༷ΛܾΊ·͠ΐ͏ • WASI (WebAssembly System Interface)ͷొ৔ • ͍ͭʹWasm͸ϒϥ΢βͷ֎΁ WebAssembly 101

• WASIΛ࣮૷ͨ͠ϥϯλΠϜ͕ొ৔͠, ϒϥ΢βͷ֎ͰWasm͕ಈ͘Α͏ʹͳΔ • WAVM, Wasmtime, Wasmer, Lucet, V8 (wasm-c-apiܦ༝), ౳ʑ • ABIܾ͑͞ΊΕ͹, ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔͍ͯ͠ΔΒ͍͠ • Blockchain্Ͱಈ͘VM, Proxyαʔό಺Ͱಈ͘VM, etc. Wasm gets out of web browsers

• WASIΛ࣮૷ͨ͠ϥϯλΠϜ͕ొ৔͠, ϒϥ΢βͷ֎ͰWasm͕ಈ͘Α͏ʹͳΔ • WAVM, Wasmtime, Wasmer, Lucet, V8 (wasm-c-apiܦ༝), ౳ʑ • ABIܾ͑͞ΊΕ͹, ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔͍ͯ͠ΔΒ͍͠ • Blockchain্Ͱಈ͘VM, Proxyαʔό಺Ͱಈ͘VM, etc. Wasm gets out of web browsers ࠓ೔ͷ͓࿩

2. Background: Envoy’s extensibility

• “Cloud-native high-performance edge/middle/service proxy” • CNCF Graduated Project, Github Star: 15,000+ • Written in C++ • αʔϏεϝογϡͷData planeͱͯ͠།Ұແೋͷଘࡏ What is Envoy?

• ϓϩΩγαʔόʔͳͷͰuse case͕ແݶ -> ϓϥάΠϯ(֦ு)ػߏ͕ଘࡏ • C++Ͱॻ͔ͳ͍ͱ͍͚ͳ͍ • ੩తϦϯΫ͠ͳ͍ͱ͍͚ͳ͍: ࣗ෼ͰΞΠπΛϏϧυ͠ͳ͍ͱ͍͚ͳ͍ • ϓϥάΠϯͷߋ৽, upstream΁ͷ௥ैͷͨͼʹrebuild, ࠶ىಈ • ສਓ޲͚Ͱ͸ͳ͍͠ਏ͍ • ಈత͔ͭηΩϡΞ͔ͭෳ਺ݴޠͰ֦ு͍ͨ͠ Envoy’s extensibility

3. Proxy-wasm: WebAssembly For Proxies

• WasmͷVMΛEnvoyͷதͰಈ͔ͯ͠WasmͷϓϩάϥϜͰ֦ு͠Α͏ • Envoy/Wasm VMؒͷABI͚ܾͩΊΕ͹೚ҙͷݴޠͰ֦ுͰ͖Δʂ • ͔͠΋ηΩϡΞ, WasmͷVMͷ࠶ىಈࣗମ͸ϥϯλΠϜͰՄೳ • => ͢΂ͯͷ՝୊ΛΫϦΞ • ͦ΋ͦ΋ϓϩΩγαʔόͷ֦ுͳΜͯීวతͳ΋ͷͳ͸ͣ • => Proxy-Wasmͱ͍͏Envoyಠཱͨ͠ϓϩδΣΫτʹ Proxy-Wasm: WebAssembly for Proxies

• Proxy-Wasm: https://github.com/proxy-wasm orgͷ஀ੜ • ݱঢ়̐ͭͷݴޠͰProxy-Wasm compatibleͳWasm΁ͷίϯύΠϧ͕Մೳ: • C++, Rust, Go(TinyGO), AssemblyScript • ࠷৽όʔδϣϯ͸v0.2.1, ·ͩ·ͩൃల్্(Join us!) • Hostͷެ࣮ࣜ૷͸C++ͷΈ͕ͩ, Go੡ͷϓϩΩγmosnͰ։ൃ͕͞Ε͍ͯΔΒ͍͠ Proxy-Wasm: WebAssembly for Proxies

• Envoy͸Proxy-Wasm orgͰ։ൃ͞Ε͍ͯΔC++ͷϥΠϒϥϦΛ࢖༻ • 1 VM / (Plugin, Thread) ͱ͍͏ํࣜ • Tcp΍httpϦΫΤετͷΠϕϯτຖʹ VMʹ࿩͔͚֦ͯுػߏΛఏڙ • VMͱͯ͠͸ V8, WAVM, Wasmtime ͕࢖ΘΕ͍ͯΔ Proxy-Wasm in Envoy

• V8, WAVM, WasmtimeΛಉ࣌ʹlink͠Α͏ͱͨ͠Βsymbol͕িಥ • ͍͍ͩͨ૊Έࠐ·ΕͯΔCݴޠ੡ͷϥΠϒϥϦىҼ • ೚ҙͷϓϩάϥϜ͔ΒͲ͏ͷΑ͏ʹϗετΛकΔ͔? • ςετ͸ॻ͍ͯ΋ॻ͍ͯ΋ॻ͖͖Εͳ͍ • I/F͕ηΩϡΞͱ͸͍͑ɺಛఆͷύεͰΫϥογϡ͢Δ͜ͱ΋͋Δ • ύϑΥʔϚϯεͷ໰୊ • Near-nativeͱ͸͍͑΍ͬͺΓগ͠஗͍ • GC෇͖ͷݴޠ͸Proxy-Wasm޲͚ͷGCΞϧΰϦζϜΛ։ൃ͠ͳ͍ͱ͍͚ͳ͍? Challenges in Proxy-Wasm

• Wasm = ϒϥ΢βͱݴ͏࣌୅͸ऴΘΓ • ϋΠύϑΥʔϚϯε͔ͭηΩϡΞͳϓϥάΠϯػߏͷ։ൃ͕Մೳ • Proxy-WasmϓϩδΣΫτͰ͸࠷ઌ୺Ͱݚڀ։ൃΛਐΊ͍ͯ·͢ʂ • We are hiring! https://www.tetrate.io/careers/ ·ͱΊ