Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CRI-O's WASM Adventure: Challenges, Strategies,...

Sohan Kunkerkar
April 11, 2024
Technology
0
42

CRI-O's WASM Adventure: Challenges, Strategies, and What Lies Ahead

Many years our two heroes CRI-O (a lightweight container runtime for Kubernetes) and WebAssembly spent apart, honing their strengths for the adventure to come. Join us in this talk, as we tell a tale describing the reasons why WASM support is essential for CRI-O, the challenges faced during its integration, such as runc's lack of support for WASM and the complexity of assigning the correct runtime to a pod, and the strategies employed to overcome these challenges. Additionally, we will outline our vision for the future of this integration such as handling WASM workload as container images and loading WASM plugins directly into CRI-O instead of NRI and how it will revolutionize the capabilities of CRI-O and Kubernetes. This talk is designed for developers, operators, weary travelers, and anyone interested in the intersection of Kubernetes, CRI-O, and WebAssembly

Sohan Kunkerkar

April 11, 2024
Tweet

More Decks by Sohan Kunkerkar

See All by Sohan Kunkerkar
Navigating the cgroup Transition: Bridging the Gap Between Kubernetes and User Expectations
sohankunkerkar
0
5
CRI-O Features for Fun and Profit
sohankunkerkar
0
3
CRI-O Odyssey: Exploring New Frontiers in Container Runtimes
sohankunkerkar
0
9

Other Decks in Technology

See All in Technology
AGIについてChatGPTに聞いてみた
blueb
0
130
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
170
複雑なState管理からの脱却
sansantech
PRO
1
140
Platform Engineering for Software Developers and Architects
syntasso
1
510
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
430
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
280
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
360
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
180
CysharpのOSS群から見るModern C#の現在地
neuecc
1
3.1k
B2B SaaSから見た最近のC#/.NETの進化
sansantech
PRO
0
680
【若手エンジニア応援LT会】ソフトウェアを学んできた私がインフラエンジニアを目指した理由
kazushi_ohata
0
150
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
7
2.6k

Featured

See All Featured
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
Automating Front-end Workflow
addyosmani
1366
200k
Statistics for Hackers
jakevdp
796
220k
Speed Design
sergeychernyshev
24
610
Building Applications with DynamoDB
mza
90
6.1k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
The Language of Interfaces
destraynor
154
24k
A better future with KSS
kneath
238
17k
A designer walks into a library…
pauljervisheath
203
24k

Transcript

  1. Sohan Kunkerkar & Peter Hunt CRI-O's WASM Adventure: Challenges, Strategies,

    and What Lies Ahead A journey into integrating WebAssembly support in CRI-O and Kubernetes

  2. Contents • Brief Introduction to CRI-O and WASM • Unlocking

    the Potential With WASM • The Roadblocks We Faced • Overcoming Challenges • Demos • Future Work • Closing Remarks and Questions

  3. Introduction • CRI-O ◦ Lightweight and Focused ◦ Native Kubernetes

    Integration ◦ Security Emphasis • WASM ◦ Language Agnostic ◦ Efficient Execution ◦ Sandboxed Environment • Coming Together for This Adventure

  4. Unlocking the Potential with WASM • Cross-Platform Execution ◦ Single

    binary for multiple OS and architectures • Efficient and Near-Native Performance ◦ Low disk footprint ◦ Minimal startup time • Secure Execution Environment ◦ Module signing for code integrity and authenticity ◦ Runtime security controls independent of host OS user privilege ◦ Secured execution environments with controlled memory access. Image source: https://www.freepik.com/free-vector/open-padlock-concept-illustration_82647715.htm

  5. Benefits of WASM Support in CRI-O • Edge Computing Agility

    ◦ Enables cross-architecture, lightweight deployments • Dynamic Scaling ◦ Low disk footprint and rapid startup time • Security-Enhanced Microservices: ◦ Provides module signing and runtime security controls • Polyglot Microservices Architecture ◦ Enables polyglot programming for language flexibility

  6. Roadblocks • No native support for WASM in runc ◦

    https://github.com/opencontainers/runc/is sues/3271 • Alternative solution: crun with Image annotation ◦ Requires adding an annotation (module.wasm.image/variant=compat-s mart) to an image ◦ This mechanism involves propagating OCI image annotations to the runtime

  7. Roadblocks • Choosing the right runtime class ◦ Uncertainty about

    the image platform, posing a significant hurdle to automatic runtime assignment.

  8. Strategies • Treat images with the wasi/wasm as WASM by

    default • Introduction to platform_runtime_paths to the RuntimeConfig • https://github.com/cri-o/cri-o/pull/7180

  9. Demos

  10. Run WASM workloads using CRI-O in Kubernetes

  11. Future Work https://i.pinimg.com/736x/0e/e9/53/0ee9530fec754e01f46c48d8ed2c3dd0.jpg

  12. Future Work Plugins: • Supporting plugins and wiring additional data

    ◦ https://github.com/sohankunkerkar/cri-o/tree/wasm-poc-2 ◦ https://github.com/containers/crun/pull/1432 ◦ Allows more meaningful work ◦ Two buzzwords in one (WASM + AI) ◦ Subject to change

  13. Running AI models in Kubernetes with CRI-O

  14. Future Work Optimize WASM handling: • Handling WASM artifacts as

    Container images ◦ https://github.com/cri-o/cri-o/issues/7492 ◦ No need to pack into a scratch image!

  15. Future Work Optimize WASM handling: • Handling WASM artifacts as

    Container images ◦ https://github.com/cri-o/cri-o/issues/7492 ◦ No need to pack into a scratch image! • Direct integration of WASM plugins into CRI-O ◦ https://github.com/cri-o/cri-o/issues/7277 ◦ Optimize out crun?

  16. Quick Aside: NRI • Node Resource Interface ◦ Common framework

    for extending OCI-compatible runtimes ◦ Supported by containerd and CRI-O ◦ https://github.com/containerd/nri/

  17. Quick Aside: NRI https://static.sched.com/hosted_files/kccncna2022/cc/KubeCon-NA-2022-NRI-presentation.pdf

  18. Future Work Extend WASM Investment: • WASM plugins loaded instead

    of NRI ◦ https://github.com/cri-o/cri-o/issues/7277 • No RPC, no external process, just plugins!

  19. Future Work https://static.sched.com/hosted_files/kccncna2022/cc/KubeCon-NA-2022-NRI-presentation.pdf

  20. Future Work

  21. Conclusion

  22. Closing Remarks and Questions Github Slack

  23. References • https://github.com/cri-o/cri-o • https://www.redhat.com/en/blog/webassembly-wasm-and-open shift-a-powerful-duo-for-modern-applications • https://github.com/WasmEdge/WasmEdge • https://medium.com/@seifeddinerajhi/wasm-and-kubernetes-a-

    new-era-of-cloud-native-application-deployment-b3c59b39f64 • https://arxiv.org/pdf/2305.00600.pdf

  24. Closing Remarks and Questions Thank you!

  25. None