WebAssembly for the Backend: Craft Conference 2023
This was the longest presentation of WebAssembly for the backend. One part folks really liked was wzprof which allows you to profile WebAssembly and look at heat maps etc.
safely running 3rd party code. We’ll review non-browser use cases, in architecture order from high to low level. Integrations use wazero, but code run often isn’t Go. 3
to define ABI as protobuf services. 5 knqyf263/go-plugin gRPC Host Guest Decoupled with gRPC API Decoupled with WebAssembly Monolith Breaking the Monolith Service
tricky to change. For example, Envoy versions are tightly coupled to Istio versions. Dapr is a static binary, so cannot load custom libraries dynamically. 6
a contract between the host running wasm and the guest. It defines functions like an IDL. Dapr (golang) supports the http-wasm ABI, implementing the server side of an HttpHandler. Compatible middleware, compiled to wasm, can be replaced without changing Dapr 9
Middleware 3 Dapr Sidecar Request Response My Filter WebAssembly allows custom functionality in a static binary, based on an ABI contract http-wasm guest http-wasm host My Filter http-wasm/http-wasm-guest-tinygo v1.10
can be distributed as files or OCI images. Inline 3rd party dynamically instead of baking more into the build Avoid problems of remote deployment and availability.
for the intended OS + architecture. “FROM scratch” can reduce this to kernel+arch, but only for static binaries. Many applications require a base layer with dependencies like libc, complicating deployment 13
Container integration means pushing a WebAssembly Virtual Machine into the container runtime. For example, wasmer or wasmtime in crun. Some goals of wasm containers is re- use of Dockerfile and OCI registries
is called WASI. There are only 44 usable system calls in the de- facto wasip1 version, supported by most compilers. Don’t assume programs will compile to WASI, become smaller, or run more efficiently. Measure! 16
WASI is like a limited operating system. WebAssembly is integrated into an OCI runtime like crun OCI integration gives WebAssembly the benefits of Dockerfile
CGO 22 WebAssembly isn’t integrated like usual FFI, but it is safer. github.com/ncruces/go-sqlite3 Not C.CString Not unsafe.Pointer Dynamic not pre- defined in import “C”
config and analysis. Modules are installed locally or via OCI repository. 23 You can embed wasm or you can distribute it trivy.dev acme-cves.wasm acme-cves.go Tinygo Trivy SDK ghcr.io/acme
WASI can be used like a forked process. You can re-use foreign functions without the safety hazards. Apps can choose whether to leverage wasm internally, or expose it for plugins.
or at least need different flags. Don’t make assumptions from blogs. Develop, profile and benchmark! Be prepared for more work than usual, usually more technical.
Kubernetes Scheduler with wasm kubernetes-sigs/kube-scheduler-wasm-extension Dapr v1.11 handles events with wasm (output binding) dapr/dapr Buf v1.16 started an alpha feature for protobuf plugins in wasm bufbuild/buf
on gophers slack! 32 • WebAssembly impacts all layers of architecture • OCI Dockerfile is a natural fit for WASI binaries • Developers can use wasm instead of subprocesses or native libraries • WebAssembly is evolving, so proceed with caution. Here are some good talks: Wasmer Things: An Upside Down Guide To WebAssembly by Edoardo Vacchi CGO-less Foreign Function Interface With WebAssembly by Takeshi Yoneda