1 Why should I care about WebAssembly? Adrian Cole OSS Engineer

“WebAssembly was invented to beat JavaScript in terms of performance and naming confusion. 2

WebAssembly in the browser is controlled by javascript 3 javascript html css webassembly VM module module WebAssembly is JavaScript’s buddy code in another language!

WebAssembly’s core specification is usable outside the browser 4 golang runtime module WebAssembly can be your buddy, too! code in another language! WASI module wazero.io

WebAssembly is often an implementation detail of plugins 5 thing binary Using WebAssembly might look more like this.. plugin code in another language! thing SDK plugin.wasm thing yaml

Hype check! Only the core is a Web Standard. Interop and good execution require more. Coding for WebAssembly is not easy, even in your favorite language! WebAssembly is not the only way to do extensibility or fast startup 6 "WebAssembly aims to execute at native speed", but your mileage will vary WebAssembly is not a "write once, run anywhere" panacea

Missing links.. things about WebAssembly not everyone gets 7

WebAssembly is Web Biased WebAssembly is a Web standard. Two of its specs are around browser use. Features are acceptable if used by at least two browsers. Its virtual stack machine and bytecode formats are used outside the browser. 8

WebAssembly is not Assembly WebAssembly defines a virtual stack machine with instructions similar to real hardware. Common hardware are register machines, not stack machines, and their assembly code is architecture specific. 9

A WebAssembly Module is a library or application binary 10 ● Wasm is bytecode, not a package or image format ● WebAssembly is a compile target for a possibly constrained language ● WebAssembly has no standard library programming WebAssembly is different

WebAssembly is a sandbox, architecture that cooperates with its host via shared memory, globals and functions 11 ● no capabilities besides number crunching, more more is often needed ● WASI are function imports for I/O, time, random numbers, ENV, etc ● When acting like an entrypoint, it is using WASI WebAssembly is a coprocessor

See also.. things like WebAssembly you already know 12

13 ● Oracle JCP ● Dominates the backend ● Language bias. Ex field instructions ● Other languages share object model, GC, stdlib ● W3C Working Group ● Dominates the browser ● Hardware bias. Ex SIMD instructions ● Other languages bring their own object model, GC, stlib Virtual Stack Machines

14 ● Images built with Dockerfile instructions ● OS-layer host ● containers shouldn’t see their host ● Binaries built by language compiler ● Application-layer host ● wasm often use host hooks Sandboxes

15 ● commodity integration ● maybe testable ● latency causing, can cause outages ● hit the ground running ● deep integration ● testable ● low latency, can handle partitions ● experts only Remote APIs (Webhooks, gRPC, OpenAPI, etc.)

Examples in practice A couple ways WebAssembly is used in Cloud Native architecture 16

Add your own library code to envoy or another proxy without custom builds ● alternative to DSLs and custom builds to manipulate HTTP ● istio (go) configures and distribute proxy-plugins ● envoy is the wasm runtime (v8 c++) ● ABI is proxy-wasm 17 HTTP Proxy Extension envoyproxy.io v8.dev github.com/proxy-wasm/spec

Implement your own admission policies or re-use those made by others. 18 ● kubewarden validates incoming k8s requests with wasm ● controller (go) integrates with k8s and configures ● policy evaluation rust+wasmtime. ● ABI is based on waPC k8s dynamic admission controller kubewarden.io wasmtime.dev wapc.io

Extend a security scanner without changing its code 19 ● Trivy modules allow custom vulnerability detection, or custom severities. ● Trivy (go) downloads (OCI), configures and executes policy modules ● wazero is the runtime vulnerability and misconfiguration scanner aquasecurity.github.io/trivy wazero.io

Why do we care? The title of this presentation is about this, right?! 20

Serverless, Service Mesh, Event Driven ● Wasm can decouple language support from “official lists” ● Extend your service mesh control and data plane ● Is fast start a game changer? 21

Developer tools, Delivery, Observability & Monitoring ● Programming in WebAssembly is more constrained than a natural language. What do you do about it? ● How do you plan to distribute or sign wasm? ● Do you know what’s happening inside the Wasm? 22

DevOps and Production ● Can you share a model between frontend and backend? ● How does compiling to wasm effect your pipeline? ● Host functions and cooperation can create coupling 23

There’s a place for you to start learning about WebAssembly relevantly 24 ● Mesh already uses wasm, so you can practice ● Many projects use an SDK approach to enable success ● WebAssembly has a vibrant Spec and OSS ecosystem Closing thoughts

No content