Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CRI-O's WASM Adventure: Challenges, Strategies,...

Sohan Kunkerkar
April 11, 2024
Technology
0
40

CRI-O's WASM Adventure: Challenges, Strategies, and What Lies Ahead

Many years our two heroes CRI-O (a lightweight container runtime for Kubernetes) and WebAssembly spent apart, honing their strengths for the adventure to come. Join us in this talk, as we tell a tale describing the reasons why WASM support is essential for CRI-O, the challenges faced during its integration, such as runc's lack of support for WASM and the complexity of assigning the correct runtime to a pod, and the strategies employed to overcome these challenges. Additionally, we will outline our vision for the future of this integration such as handling WASM workload as container images and loading WASM plugins directly into CRI-O instead of NRI and how it will revolutionize the capabilities of CRI-O and Kubernetes. This talk is designed for developers, operators, weary travelers, and anyone interested in the intersection of Kubernetes, CRI-O, and WebAssembly

Sohan Kunkerkar

April 11, 2024
Tweet

More Decks by Sohan Kunkerkar

See All by Sohan Kunkerkar
CRI-O Odyssey: Exploring New Frontiers in Container Runtimes
sohankunkerkar
0
9

Other Decks in Technology

See All in Technology
プロダクトエンジニアが活躍する環境を作りたくて 事業責任者になった話 ~プロダクトエンジニアの行き着く先~
gimupop
1
510
【技術書典17】OpenFOAM(自宅で極める流体解析)2次元円柱まわりの流れ
kamakiri1225
0
250
「視座」の上げ方が成人発達理論にわかりやすくまとまってた / think_ perspective_hidden_dimensions
shuzon
2
13k
10分でわかるfreeeのQA
freee
1
3.4k
AWS CodePipelineでコンテナアプリをデプロイした際に、古いイメージを自動で削除する
smt7174
1
130
事業者間調整の行間を読む 調整の具体事例
sugiim
0
2k
使えそうで使われないCloudHSM
maikamibayashi
1
250
Platform Engineering ことはじめ
oracle4engineer
PRO
7
590
いろんなものと両立する Kaggleの向き合い方
go5paopao
1
260
Observability を実現するためにアセットを活用しよう(AWS 秋の Observability 祭り ~明日使えるアセット祭り~ )
tsujiba
0
110
Vueで Webコンポーネントを作って Reactで使う / 20241030-cloudsign-vuefes_after_night
bengo4com
4
2.5k
フルカイテン株式会社 採用資料
fullkaiten
0
39k

Featured

See All Featured
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Build The Right Thing And Hit Your Dates
maggiecrowley
32
2.4k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Designing on Purpose - Digital PM Summit 2013
jponch
115
6.9k
Typedesign – Prime Four
hannesfritz
39
2.4k
4 Signs Your Business is Dying
shpigford
180
21k
Teambox: Starting and Learning
jrom
132
8.7k
Making the Leap to Tech Lead
cromwellryan
133
8.9k

Transcript

  1. Sohan Kunkerkar & Peter Hunt CRI-O's WASM Adventure: Challenges, Strategies,

    and What Lies Ahead A journey into integrating WebAssembly support in CRI-O and Kubernetes

  2. Contents • Brief Introduction to CRI-O and WASM • Unlocking

    the Potential With WASM • The Roadblocks We Faced • Overcoming Challenges • Demos • Future Work • Closing Remarks and Questions

  3. Introduction • CRI-O ◦ Lightweight and Focused ◦ Native Kubernetes

    Integration ◦ Security Emphasis • WASM ◦ Language Agnostic ◦ Efficient Execution ◦ Sandboxed Environment • Coming Together for This Adventure

  4. Unlocking the Potential with WASM • Cross-Platform Execution ◦ Single

    binary for multiple OS and architectures • Efficient and Near-Native Performance ◦ Low disk footprint ◦ Minimal startup time • Secure Execution Environment ◦ Module signing for code integrity and authenticity ◦ Runtime security controls independent of host OS user privilege ◦ Secured execution environments with controlled memory access. Image source: https://www.freepik.com/free-vector/open-padlock-concept-illustration_82647715.htm

  5. Benefits of WASM Support in CRI-O • Edge Computing Agility

    ◦ Enables cross-architecture, lightweight deployments • Dynamic Scaling ◦ Low disk footprint and rapid startup time • Security-Enhanced Microservices: ◦ Provides module signing and runtime security controls • Polyglot Microservices Architecture ◦ Enables polyglot programming for language flexibility

  6. Roadblocks • No native support for WASM in runc ◦

    https://github.com/opencontainers/runc/is sues/3271 • Alternative solution: crun with Image annotation ◦ Requires adding an annotation (module.wasm.image/variant=compat-s mart) to an image ◦ This mechanism involves propagating OCI image annotations to the runtime

  7. Roadblocks • Choosing the right runtime class ◦ Uncertainty about

    the image platform, posing a significant hurdle to automatic runtime assignment.

  8. Strategies • Treat images with the wasi/wasm as WASM by

    default • Introduction to platform_runtime_paths to the RuntimeConfig • https://github.com/cri-o/cri-o/pull/7180

  9. Demos

  10. Run WASM workloads using CRI-O in Kubernetes

  11. Future Work https://i.pinimg.com/736x/0e/e9/53/0ee9530fec754e01f46c48d8ed2c3dd0.jpg

  12. Future Work Plugins: • Supporting plugins and wiring additional data

    ◦ https://github.com/sohankunkerkar/cri-o/tree/wasm-poc-2 ◦ https://github.com/containers/crun/pull/1432 ◦ Allows more meaningful work ◦ Two buzzwords in one (WASM + AI) ◦ Subject to change

  13. Running AI models in Kubernetes with CRI-O

  14. Future Work Optimize WASM handling: • Handling WASM artifacts as

    Container images ◦ https://github.com/cri-o/cri-o/issues/7492 ◦ No need to pack into a scratch image!

  15. Future Work Optimize WASM handling: • Handling WASM artifacts as

    Container images ◦ https://github.com/cri-o/cri-o/issues/7492 ◦ No need to pack into a scratch image! • Direct integration of WASM plugins into CRI-O ◦ https://github.com/cri-o/cri-o/issues/7277 ◦ Optimize out crun?

  16. Quick Aside: NRI • Node Resource Interface ◦ Common framework

    for extending OCI-compatible runtimes ◦ Supported by containerd and CRI-O ◦ https://github.com/containerd/nri/

  17. Quick Aside: NRI https://static.sched.com/hosted_files/kccncna2022/cc/KubeCon-NA-2022-NRI-presentation.pdf

  18. Future Work Extend WASM Investment: • WASM plugins loaded instead

    of NRI ◦ https://github.com/cri-o/cri-o/issues/7277 • No RPC, no external process, just plugins!

  19. Future Work https://static.sched.com/hosted_files/kccncna2022/cc/KubeCon-NA-2022-NRI-presentation.pdf

  20. Future Work

  21. Conclusion

  22. Closing Remarks and Questions Github Slack

  23. References • https://github.com/cri-o/cri-o • https://www.redhat.com/en/blog/webassembly-wasm-and-open shift-a-powerful-duo-for-modern-applications • https://github.com/WasmEdge/WasmEdge • https://medium.com/@seifeddinerajhi/wasm-and-kubernetes-a-

    new-era-of-cloud-native-application-deployment-b3c59b39f64 • https://arxiv.org/pdf/2305.00600.pdf

  24. Closing Remarks and Questions Thank you!

  25. None