Podman with WebAssembly
 Toru Komatsu(@utam0k)

2 Preferred Networks, Inc. 社内向けオンプレML基盤の開発‧運⽤ OSS Activities as My Hobby Maintainer opencontainers/runtime-spec containers/youki Reviwer containerd/runwasi CNCF Ambassador Fall 2023 @utam0k Toru Komatsu

3 Preferred Networks, Inc. 社内向けオンプレML基盤の開発‧運⽤ OSS Activities as My Hobby Maintainer opencontainers/runtime-spec containers/youki Reviwer containerd/runwasi CNCF Ambassador Fall 2023 @utam0k Toru Komatsu

Podman with WebAssembly


Let’s try anyway 5 00

Preparing for hello world in WebAssembly
 $ cargo new hello && cd hello $ cargo build --target wasm32-wasi $ cp target/wasm32-wasi/debug/hello.wasm .

Preparing for a hello world in WebAssembly
 $ cargo new hello && cd hello $ cargo build --target wasm32-wasi $ cp target/wasm32-wasi/debug/hello.wasm . $ file hello.wasm hello.wasm: WebAssembly (wasm) binary module version 0x1 (MVP) $ ./hello.wasm zsh: exec format error: ./hello.wasm $ wasmedge hello.wasm Hello, world!

Preparing Dockerfile
 $ cargo new hello && cd hello $ cargo build --target wasm32-wasi $ cp target/wasm32-wasi/debug/hello.wasm . $ file hello.wasm hello.wasm: WebAssembly (wasm) binary module version 0x1 (MVP) $ ./hello.wasm zsh: exec format error: ./hello.wasm $ wasmedge hello.wasm Hello, world! $ cat Dockerfile FROM scratch COPY hello.wasm / ENTRYPOINT ["/hello.wasm"]

Building container images for Wasm
 $ buildah build --annotation "module.wasm.image/variant=compat" -t hello-wasm . STEP 1/3: FROM scratch … snip … Successfully tagged localhost/hello-wasm:latest ca9fbef8860afe406c2ca37841f05c0def1ad23dde427fd06b2d5dda979cb58f

Run
 $ buildah build --annotation "module.wasm.image/variant=compat" -t hello-wasm . STEP 1/3: FROM scratch … snip … Successfully tagged localhost/hello-wasm:latest ca9fbef8860afe406c2ca37841f05c0def1ad23dde427fd06b2d5dda979cb58f $ podman run -it localhost/hello-wasm:latest Hello, world!

Check if Podman Supports Wasm Execution
 $ podman info | grep -A 9 ociRuntime ociRuntime: name: crun package: 'crun: /usr/bin/crun' path: /usr/bin/crun version: |- crun version 1.11.2.0.0.0.9-e079 commit: e079a879a3f37b33d2a0f33289adc8902c144fb8 rundir: /run/crun spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +WASM:wasmedge +YAJL $ # If your environment doesn’t meet, please refer to https://wasmedge.org/docs/develop/deploy/oci-runtime/crun/#prerequisites

Spoiler - ネタバレ -
 $ cat Dockerfile FROM docker.io/wasmedge/slim:0.13.5 COPY hello.wasm / ENTRYPOINT ["wasmedge", "/hello.wasm"]

Spoiler - ネタバレ -
 $ cat Dockerfile FROM docker.io/wasmedge/slim:0.13.5 COPY hello.wasm / ENTRYPOINT ["wasmedge", "/hello.wasm"] $ buildah build -t hello-wasmedge . STEP 1/3: FROM docker.io/wasmedge/slim:0.13.5 … snip … Successfully tagged localhost/hello-wasmedge:latest f1afe57d5771f82467ea4f23857dc6622faecba8d54fec335e97a06974c9be6e $ podman run -it --rm localhost/hello-wasmedge:latest Hello, world!

WebAssembly in Container 14 01

Linux etc…
 Container Runtime High-Level Low-Level OCI Runtime Spec Typical Workflow of Container Execution
 15

Linux etc..
 Container Runtime Low-Level OCI Runtime Spec Workflow of Podman Execution
 16

Linux etc..
 Container Runtime Low-Level OCI Runtime Spec Default Low-Level Runtime of Podman
 17

Linux etc..
 Container Runtime Low-Level OCI Runtime Spec Workflow of Executing Wasm in Podman
 18

History of WebAssembly Support in Low-Level Runtime 19 off-topic

WasmEdge Actively Begins Engagement in Low-Level Runtime Development crun second-state/crunw#6 Nov 8, 2021 containers/cun#774#6 Nov 8, 2021 youki WasmEdge/WasmEdge#664 Nov 19, 2021 containers/youki#548e#664 Dec 20, 2021 runwasi Jan 23, 2022 ~

Announcement of the Collaboration between runwasi and youki at KubeDay Japan, Dec 7, 2022 WebAssembly on Kubernetes runwasi Successfully Integrates with youki Apr 22, 2023 containerd/runwasi#78 Annoucement Docker + WebAssembly Oct 24, 2022 ← Now!

Linux etc..
 Container Runtime Low-Level OCI Runtime Spec Workflow of Executing Wasm in Podman
 22

Linux etc..
 Container Runtime Low-Level OCI Runtime Spec Low-Level CRs Capable of Executing Wasm
 23

Summery 24 03

$ cat Dockerfile FROM scratch COPY hello.wasm / ENTRYPOINT ["/hello.wasm"] $ buildah build --annotation "module.wasm.image/variant=compat" -t hello-wasm . STEP 1/3: FROM scratch … snip … Successfully tagged localhost/hello-wasm:latest ca9fbef8860afe406c2ca37841f05c0def1ad23dde427fd06b2d5dda979cb58f $ podman run -it localhost/hello-wasm:latest Hello, world!

$ cat Dockerfile FROM scratch COPY hello.wasm / ENTRYPOINT ["/hello.wasm"] $ buildah build --annotation "module.wasm.image/variant=compat" -t hello-wasm . STEP 1/3: FROM scratch … snip … Successfully tagged localhost/hello-wasm:latest ca9fbef8860afe406c2ca37841f05c0def1ad23dde427fd06b2d5dda979cb58f $ podman run -it localhost/hello-wasm:latest Hello, world! $ cat Dockerfile FROM docker.io/wasmedge/slim:0.13.5 COPY hello.wasm / ENTRYPOINT ["wasmedge", "/hello.wasm"] $ sudo podman run -it --rm localhost/hello-wasmedge:latest Hello, world!

Cutting-Edge of WebAssembly Containers
 Mixing Containers and Wasm Containers within a Kubernetes Pod ● containerd/runwasi#64 ● For Example, Sidecars Facilitating Easy Handling of Wasm with Images (OCI Artifacts) Support for Arbitrary Entry Point in WebAssembly ● containerd/runwasi#102 [WIP] Definition and Support of Media Types for Wasm ● containerd/containerd#8699 ● bytecodealliance/registry#87

Thanks, any questions?