Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Proxy-Wasm: Wasmを利用したPlugin機構の開発

mathetake
December 09, 2020
Technology
3
1.7k

Proxy-Wasm: Wasmを利用したPlugin機構の開発

WebAssembly night #10 https://emsn.connpass.com/event/192221

mathetake

December 09, 2020
Tweet

More Decks by mathetake

See All by mathetake
CGO-less Foreign Function Interface With WebAssembly
mathetake
4
750
WebAssemblyの現状と展望 ~言語ツールチェインからWASIまで~
mathetake
15
4.2k
Isolated multiple trust domain mTLS in Envoy and Istio
mathetake
2
1.2k
Wasmで広がるEnvoyとIstioの世界
mathetake
7
3.7k
Proxy-Wasm: エッジでのWasm研究開発最先端
mathetake
8
2.4k
Introduction to Flagger
mathetake
5
5.2k

Other Decks in Technology

See All in Technology
20250326_管理ツールの権限管理で改善したこと
sasata299
1
610
20250328_RubyKaigiで出会い鯛_____RubyKaigiから始まったはじめてのOSSコントリビュート.pdf
mterada1228
0
420
17年のQA経験が導いたスクラムマスターへの道 / 17 Years in QA to Scrum Master
toma_sm
0
510
こんなデータマートは嫌だ。どんな? / waiwai-data-meetup-202504
shuntak
3
580
React Server Componentは 何を解決し何を解決しないのか / What do React Server Components solve, and what do they not solve?
kaminashi
6
1.3k
やさしいMCP入門
minorun365
PRO
135
78k
デザインシステムのレガシーコンポーネントを刷新した話/Design System Legacy Renewal
kaonavi
0
130
Re:VIEWで書いた「Compose で Android の edge-to-edge に対応する」をRoo Codeで発表資料にしてもらった
tomoya0x00
0
240
AWSエンジニアがSAPのデータ抽出してみた
mayumi_hirano
0
110
お問い合わせ対応の改善取り組みとその進め方
masartz
1
590
NLP2025 参加報告会 / NLP2025
sansan_randd
3
250
AIエージェント開発における「攻めの品質改善」と「守りの品質保証」 / 2024.04.09 GPU UNITE 新年会 2025
smiyawaki0820
0
220

Featured

See All Featured
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
118
51k
Side Projects
sachag
452
42k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
25k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
102
19k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.6k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
40
2.1k
Practical Orchestrator
shlominoach
186
10k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Six Lessons from altMBA
skipperchong
27
3.7k

Transcript

  1. Takeshi Yoneda, Software Engineer, Tetrate.io WebAssembly Night #10 Proxy-Wasm: WasmΛར༻ͨ͠Pluginػߏͷ։ൃ

  2. • Takeshi Yoneda (Ϛελέ) / Twitter, Github: @mathetake • Software

    Engineer at Tetrate, California, US • “Paid” OSS dev: Envoy, Istio, Proxy-Wasm, Wasm, TinyGo • C++ committer of Proxy-Wasm project • Creator of Go SDK for Proxy-Wasm • Contributor/Member of V8, Envoy, TinyGo, Weaveworks/Flagger, etc. whoami

  3. 1. The current state of WebAssembly 2. Background: Envoy’s extensibility

    3. Proxy-Wasm: WebAssembly For Proxies 4. The Challenges and Future Agenda

  4. 1. The current state of WebAssembly

  5. • Stack-basedͳԾ૝Ϛγϯͱͦͷ࢓༷ • ݩʑ͸ϒϥ΢β(JS)ͷߴ଎Խ͕໨త • asm.js -> WebAssembly(Wasm)΁ͱਐԽ • ࢓༷ΛಡΊ͹෼͔Δ͕Ұݴ΋

    “host” ΁ͷཁٻ͕ͳ͍ • Portable, platform-agnostic • Run at near-native speed: ΊͬͪΌ଎͍(※࣮૷ʹΑΔ) • Security: ελοΫ͕ϓϩάϥϜ͔Βݟ͑ͳ͍ͱ͔ͦ͏͍͏ͷ WebAssembly 101

  6. • ༷ʑͳݴޠ͔ΒίϯύΠϧՄೳ: C, C++, Rust, Go(TinyGo), AssemblyScript • ౰ॳ͸js΁ͷ૊ΈࠐΈ͕લఏ: ͦΕͧΕͷݴޠ͕ಠࣗͷ

    “glue.js”Λ࣋ͭ • ίϯύΠϥڞ௨ͷ“Platform”λʔήοτ͕ͳ͍(͍΍, jsͳΜ͚ͩͲ͞, Έ͍ͨͳ) • VMͱͯ͠༏ल&ίϯύΠϥج൫΋͋Δͷʹ໪ମͳ͍ • ϒϥ΢βͷ֎Ͱ΋࢖͍͍ͨ WebAssembly 101

  7. • Wasm <-> Hostͷ࿩͠ํ(ΠϯλʔϑΣΠε)Λඪ४Խ͠·͠͠ΐ͏ • Wasm΁ͷίϯύΠϥͷ“platform”λʔήοτʹ͠Α͏ • WASI (WebAssembly System

    Interface)ͷొ৔ WebAssembly 101 https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/

  8. • WASIΛ࣮૷ͨ͠ϥϯλΠϜ͕ొ৔ • WAVM, Wasmtime, Wasmer, Lucet, ౳ʑ • “ී௨ͷϓϩηε”ͱಉ͡Α͏ʹWasm͕ಈ͘Α͏ʹͳΔ

    Wasm gets out of web browsers

  9. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/pull/1373

  10. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔ Wasm: Host functions

  11. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  12. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  13. • Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ࢓༷ॻΛݟΑ͏ Wasm: Host functions

  14. Example: TinyGo’s WASI support

  15. Example: TinyGo’s WASI support “clock_time_get” Λimport

  16. Example: TinyGo’s WASI support “clock_time_get” Λimport Wasmtime WASI Implementation

  17. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go

  18. Example: TinyGo’s WASI support time.Nowͷ࣮ମ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go

  19. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go time.Nowͷ࣮ମ

  20. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  21. Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  22. Example: TinyGo’s WASI support Wasmtime Runtime͕࣮૷ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now

  23. • ݁ہABI (Wasm <-> Hostͷ࿩͠ํ)ܾ͑͞ΊΕ͹ͳΜͰ΋Ͱ͖Δ • ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔͍ͯ͠ΔΒ͍͠ •

    Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers

  24. • ݁ہABI (Wasm <-> Hostͷ࿩͠ํ)ܾ͑͞ΊΕ͹ͳΜͰ΋Ͱ͖Δ • ೚ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ৔͍ͯ͠ΔΒ͍͠ •

    Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers ࠓ೔ͷ͓࿩

  25. 2. Background: Envoy’s extensibility

  26. What is Envoy?

  27. • “Cloud-native high-performance edge/middle/service proxy” • CNCF Graduated Project, Github

    Star: 15,000+ • Written in C++ • αʔϏεϝογϡͷData planeͱͯ͠།Ұແೋͷଘࡏ What is Envoy?

  28. • ϓϩΩγαʔόʔͳͷͰuse case͕ແݶ • Envoyʹ͸౰વϓϥάΠϯ(֦ு)ػߏ͕ଘࡏ • ֦ுͷྫ • ࣾ಺ಠࣗͷAuthn/Authz ػೳΛೖΕ͍ͨ

    • ಛघͳϓϩτίϧΛѻ͍͍ͨ • MySQL, Redis, DynamoDB, etc. Envoy’s extensibility

  29. Envoy’s extensibility

  30. • Envoy͸੩తϦϯΫ͕લఏ • C++Ͱॻ͔ͳ͍ͱ͍͚ͳ͍ • มߋ൓өͷͨΊʹશ୆࠶ىಈ͕ඞཁ • StableͳABI͕ܾ·͍ͬͯͳ͍ • ֦ுػೳΛ௥Ճ͢Δʹ͸

    1. Upstream΁Ϛʔδ͢Δ —> ಛघ(private)ͳϢʔεέʔε͸ෆՄ 2. ಠࣗϏϧυΛ͢Δ —> upstream΁ͷ௥ै͕େม Envoy’s extensibility

  31. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  32. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  33. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  34. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility

  35. • ղܾ͍ͨ͠՝୊͸ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳ਺ݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυ͸ඞཁͳ͍ • Security-awareͳ࢓༷

    Envoy’s extensibility
  36. None

  37. • ϓϥάΠϯ = WasmͷόΠφϦͱͯ͠Envoyʹ഑෍ • Envoy <-> Wasmͷ࿩͠ํ(ABI)Λstableʹ͠Α͏ • ͢΂ͯͷ՝୊ΛΫϦΞ

    • ೚ҙͷݴޠ, ಈతload, ηΩϡΞ, stableͳABI Extending Envoy with Wasm ಠࣗͷABI

  38. • ͦ΋ͦ΋ϓϩΩγαʔόͷ֦ு༻API͸ීวతͳ΋ͷͳ͸ͣ • ྫ: Http Header/Body/Trailerʹରͯ͠◦◦͢Δ, tcpίωΫγϣϯʹରͯ͠xx͢Δ • Envoy͔Β੾Γ཭ͤΔͷͰ͸ʁ =>

    Proxy-Wasmͱ͍͏Envoy͔Βಠཱͨ͠ϓϩδΣΫτʹ Extending Envoy with Wasm

  39. 3. Proxy-Wasm: WebAssembly For Proxies

  40. • https://github.com/proxy-wasm • ϓϩΩγαʔόͷ֦ுػߏͷͨΊͷABIͱSDK౳ͷ։ൃͷͨΊͷϓϩδΣΫτ • ։ൃ͸࣮࣭తʹ͸EnvoyίϛϡχςΟ • Linkerd΍MosnͳͲ΄͔ͷϓϩΩγք۾΋ࢀೖͷؾ഑ Proxy-Wasm: WebAssembly

    for Proxies

  41. • ̐ͭͷݴޠͷSDK͕͋Γ, ؆୯ʹcompatibleͳWasm΁ͷίϯύΠϧ͕Մೳ • C++, Rust, Go(TinyGO), AssemblyScript • Hostͷެ࣮ࣜ૷͸C++ͷΈ

    • https://github.com/proxy-wasm/proxy-wasm-cpp-host • VMͱͯ͠ Wasmtime(wasm-c-api), V8(wasm-c-api), WAVM͕ݱঢ়ར༻Մೳ • Envoy, Apache Traffic Server(PoC)౳͸͜ͷެ࣮ࣜ૷ΛϥΠϒϥϦͱͯ͠࢖͏ Proxy-Wasm: WebAssembly for Proxies

  42. • Spec: https://github.com/proxy-wasm/spec • WasmͷϓϩΩγαʔόͷABI(࿩͠ํ)ΛఆΊͨ΋ͷ • (proxy-wasm-cpp-host࣮૷͸v0.2.1ʹͳͬͯΔ͕, spec͕ߋ৽͞Ε͍ͯͳ͍…) Proxy-Wasm specification

  43. Proxy-Wasm specification: Example 1. ϩΪϯάͷͨΊʹ “Wasm͔Β”ݺͿؔ਺

  44. Proxy-Wasm specification: Example 1. proxy_logͷ࣮૷ in ϗετ https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/exports.cc#L854-L864

  45. Proxy-Wasm specification: Example 1. proxy_logͷ࣮૷Λظ଴ https://github.com/proxy-wasm/proxy-wasm-rust-sdk/blob/master/src/hostcalls.rs#L20-L32

  46. Proxy-Wasm specification: Example 2. ίωΫγϣϯཱ֬࣌, ϗετ͔Βݺ͹ΕΔ “Wasm”಺ͷؔ਺ Tcp data͕౸ண࣌, ϗετ͔Βݺ͹ΕΔ

    “Wasm”಺ͷؔ਺

  47. Proxy-Wasm specification: Example 2. http request header౸ண࣌, ϗετ͔Βݺ͹ΕΔ “Wasm಺”ͷؔ਺ http

    request body͕౸ண࣌, ϗετ͔Βݺ͹ΕΔ “Wasm಺”ͷؔ਺

  48. Proxy-Wasm specification: Example 2. SDK಺Ͱ࣮૷ & export https://github.com/tetratelabs/proxy-wasm-go-sdk/blob/main/proxywasm/abi_l7.go#L21-L40

  49. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319

  50. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-host಺ͷ onResponseHeadersΛݺͿ

  51. Proxy-Wasm specification: Example 2. Envoy಺ͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-host಺ͷ onResponseHeadersΛݺͿ “Wasm಺”ͷproxy_on_request_headers

  52. • 1 VM / (Plugin, Worker Thread) • Nativeͷ֦ுͷதͰproxy-wasm- cpp-hostΛ࢖༻

    • 1೥൒΋ͷؒ “envoy-wasm”ͱ͍͏ forkઌͰ։ൃ • 10݄ʹupstream΁Ϛʔδ͞Εͨ Proxy-Wasm in Envoy

  53. • 2ͭͷDeployͷํ๏ • EnvoyͷϑΝΠϧγες ϜʹWasmΛஔ͍ͯ, ىಈ ࣌ʹϩʔυ • xDSͱݺ͹ΕΔಠࣗͷಈ తconfigurationͷϓϩτ

    ίϧͰRuntimeͰ੾Γସ ͑Δ Proxy-Wasm in Envoy

  54. Proxy-Wasm in Envoy

  55. Proxy-Wasm in Envoy

  56. Proxy-Wasm in Mosn

  57. Proxy-Wasm in Linkerd?

  58. 4. The Challenges and Future

  59. • ೚ҙͷϓϩάϥϜ͔ΒͲ͏ͷΑ͏ʹϗετΛकΔ͔? • Proxyαʔό͸ϛογϣϯΫϦςΟΧϧͳιϑτ΢ΣΞ • ςετ͸ॻ͍ͯ΋ॻ͍ͯ΋ॻ͖͖Εͳ͍ • I/F͕ηΩϡΞͱ͸͍͑ɺಛఆͷύεͰΫϥογϡ͢Δ͜ͱ΋͋Δ Challenges in

    Proxy-Wasm

  60. • ύϑΥʔϚϯεͷ໰୊ • Near-nativeͱ͸͍͑΍ͬͺΓগ͠஗͍ • GC෇͖ͷݴޠ͸Proxy-Wasm޲͚ͷGCΞϧΰϦζϜΛ։ൃ͠ͳ͍ͱ ͍͚ͳ͍? Challenges in Proxy-Wasm

  61. • αϙʔτݴޠ, ͦ͜·Ͱଟ͘ͳ͍Α͏ͳ….? • WasmͷΤίγεςϜࣗମ͕·ͩະख़ Challenges in Proxy-Wasm

  62. • V8, WAVM, WasmtimeΛಉ࣌ʹlink͠Α͏ͱͨ͠Βsymbol͕িಥ • libunwind, wasm-c-api, GDB JIT interface

    Challenges in Proxy-Wasm

  63. • ABI͕Envoyͷ࣮૷ʹ͍ͩͿد͍ͬͯΔ(౰ͨΓલͱ͍͑͹౰ͨΓલ…) • 1VM͕ෳ਺ͷϦΫΤετΛࡹ͘ͱ͍͏ઃܭ • V8 / WAVMͷoverhead͕എܠ • 1VM

    = 1 requestͱ͍͏Ϟσϧͷ৔߹ʹෆཁͳઃఆ͕͍͔ͭ͋͘Δ Challenges in Proxy-Wasm

  64. • RuntimeͲΕબ΂͹ྑ͍ͷ͔໰୊ • (Runtimeͷ)Compile, (Wasm)ͷCompile, ࣮ߦ଎౓ͷτϨʔυΦϑ Challenges in Proxy-Wasm

  65. • ·ͩ·ͩEarly days (Join us!): server-side Wasmͷ੒ޭྫͱͳΓ͍ͨ • EnvoyҎ֎ͷProxyʹΑΔαϙʔτ Future

    of Proxy-Wasm

  66. • BytecodeAllienceೖΓ…? • ࣮ࡍProxy-Wasm͸͋ΔछͷWASIͷ֦ுͰ͋Δ • Pre-Proposal phaseͱͯ͠WASIͷProposalʹ͍Δ • https://github.com/WebAssembly/WASI/blob/master/docs/ Proposals.md

    Future of Proxy-Wasm

  67. Future of Proxy-Wasm https://stackoverflow.com/questions/60969344/what-is-the-relationship-between-wasi-and-proxy-wasm

  68. • OCI-compilantͳartifact imageͱͯ͠WasmͷόΠφϦΛ֨ೲ • docker pullͱಉ͡Α͏ʹ֦ுػೳΛϩʔυ • ͜Ε͸Proxy-Wasmʹݶͬͨ࿩Ͱ͸ͳ͍ • https://github.com/deislabs/krustlet

    : k8s্Ͱίϯςφͱͯ͠WasmΛಈ͔͢project • https://github.com/deislabs/oras: OCI Registry As Storage • ๭͔ࣾΒ“Proxy-Wasm༻” OCI Spec͕ఏҊ͞Ε͍ͯΔ͕…(ࣾձੑϑΟϧλʔ) Future of Proxy-Wasm

  69. • Proxy-Wasm = WasmΛ࢖ͬͨϓϩΩγαʔόͷ֦ுػߏͷඪ४ԽϓϩδΣΫτ • WasmΛαʔό಺Ͱಈ͔ͯ͠ΠϕϯτຖʹWasm΁࿩͔͚͠Δ • ·ͩ·ͩearly days •

    Wasm/WASIͱڞʹ೔ʑਐԽ͍ͯ͠Δ • Envoy slackͷ #envoy-wasmͱ͍͏νϟϯωϧ͕Ұ൪ϝϯςφʹ͍ۙ ·ͱΊ

  70. • Service Meshͷ࣮૷ͷࠐΈೖͬͨ࿩ • Envoyͷ֦ுͷਏ͞͸IstioଆͰڧ͍Ϟνϕʔγϣϯ͕͋ͬͨ͜ͱ • IstioଆͰطʹproductionͰ࢖ΘΕ͍ͯΔ͜ͱ • ֤SDKͷ࣮૷ͷਏ͞ͷ࿩ •

    Rust͸Wasmͷத΁ͷreentrant call͕ෳ਺ͷmutable borrowΛੜΜͰࢮ͵ͱ͔ • GoͷWASIαϙʔτ͸Ұੜདྷͳ͍ؾ͕͢Δͱ͔ͦ͏͍͏࿩ • V8ઌੜͱͷϝϞϦϦʔΫ֨ಆ೔ه • Rustͷίʔυ͕ॳΊͯEnvoyʹlink͞ΕΔ·Ͱͷي੻(ۤস) • GetEnvoy Extension Toolkit౳ͷ։ൃπʔϧ ࠓ೔࿩ͤ(͞)ͳ͔ͬͨ͜ͱ

  71. We are hiring! https://www.tetrate.io/careers/