Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Proxy-Wasm: Wasmを利用したPlugin機構の開発
Search
mathetake
December 09, 2020
Technology
3
1.8k
Proxy-Wasm: Wasmを利用したPlugin機構の開発
WebAssembly night #10
https://emsn.connpass.com/event/192221
mathetake
December 09, 2020
Tweet
Share
More Decks by mathetake
See All by mathetake
CGO-less Foreign Function Interface With WebAssembly
mathetake
4
790
WebAssemblyの現状と展望 ~言語ツールチェインからWASIまで~
mathetake
15
4.3k
Isolated multiple trust domain mTLS in Envoy and Istio
mathetake
2
1.2k
Wasmで広がるEnvoyとIstioの世界
mathetake
7
3.8k
Proxy-Wasm: エッジでのWasm研究開発最先端
mathetake
8
2.5k
Introduction to Flagger
mathetake
5
5.3k
Other Decks in Technology
See All in Technology
Oracle Cloud Infrastructure:2025年6月度サービス・アップデート
oracle4engineer
PRO
2
310
AWS Organizations 新機能!マルチパーティ承認の紹介
yhana
1
210
高速なプロダクト開発を実現、創業期から掲げるエンタープライズアーキテクチャ
kawauso
1
120
Node-REDのFunctionノードでMCPサーバーの実装を試してみた / Node-RED × MCP 勉強会 vol.1
you
PRO
0
120
AI導入の理想と現実~コストと浸透〜
oprstchn
0
140
「Chatwork」の認証基盤の移行とログ活用によるプロダクト改善
kubell_hr
1
230
監視のこれまでとこれから/sakura monitoring seminar 2025
fujiwara3
11
4k
WordPressから ヘッドレスCMSへ! Storyblokへの移行プロセス
nyata
0
310
プロダクトエンジニアリング組織への歩み、その現在地 / Our journey to becoming a product engineering organization
hiro_torii
0
130
Delegating the chores of authenticating users to Keycloak
ahus1
0
130
Tech-Verse 2025 Global CTO Session
lycorptech_jp
PRO
0
1k
AI専用のリンターを作る #yumemi_patch
bengo4com
1
190
Featured
See All Featured
Intergalactic Javascript Robots from Outer Space
tanoku
271
27k
Site-Speed That Sticks
csswizardry
10
670
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Become a Pro
speakerdeck
PRO
28
5.4k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
281
13k
Scaling GitHub
holman
459
140k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Art, The Web, and Tiny UX
lynnandtonic
299
21k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
2.9k
Building Applications with DynamoDB
mza
95
6.5k
The Straight Up "How To Draw Better" Workshop
denniskardys
234
140k
Transcript
Takeshi Yoneda, Software Engineer, Tetrate.io WebAssembly Night #10 Proxy-Wasm: WasmΛར༻ͨ͠Pluginػߏͷ։ൃ
• Takeshi Yoneda (Ϛελέ) / Twitter, Github: @mathetake • Software
Engineer at Tetrate, California, US • “Paid” OSS dev: Envoy, Istio, Proxy-Wasm, Wasm, TinyGo • C++ committer of Proxy-Wasm project • Creator of Go SDK for Proxy-Wasm • Contributor/Member of V8, Envoy, TinyGo, Weaveworks/Flagger, etc. whoami
1. The current state of WebAssembly 2. Background: Envoy’s extensibility
3. Proxy-Wasm: WebAssembly For Proxies 4. The Challenges and Future Agenda
1. The current state of WebAssembly
• Stack-basedͳԾϚγϯͱͦͷ༷ • ݩʑϒϥβ(JS)ͷߴԽ͕త • asm.js -> WebAssembly(Wasm)ͱਐԽ • ༷ΛಡΊ͔Δ͕Ұݴ
“host” ͷཁٻ͕ͳ͍ • Portable, platform-agnostic • Run at near-native speed: ΊͬͪΌ͍(※࣮ʹΑΔ) • Security: ελοΫ͕ϓϩάϥϜ͔Βݟ͑ͳ͍ͱ͔ͦ͏͍͏ͷ WebAssembly 101
• ༷ʑͳݴޠ͔ΒίϯύΠϧՄೳ: C, C++, Rust, Go(TinyGo), AssemblyScript • ॳjsͷΈࠐΈ͕લఏ: ͦΕͧΕͷݴޠ͕ಠࣗͷ
“glue.js”Λ࣋ͭ • ίϯύΠϥڞ௨ͷ“Platform”λʔήοτ͕ͳ͍(͍, jsͳΜ͚ͩͲ͞, Έ͍ͨͳ) • VMͱͯ͠༏ल&ίϯύΠϥج൫͋Δͷʹମͳ͍ • ϒϥβͷ֎Ͱ͍͍ͨ WebAssembly 101
• Wasm <-> Hostͷ͠ํ(ΠϯλʔϑΣΠε)Λඪ४Խ͠·͠͠ΐ͏ • WasmͷίϯύΠϥͷ“platform”λʔήοτʹ͠Α͏ • WASI (WebAssembly System
Interface)ͷొ WebAssembly 101 https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/
• WASIΛ࣮ͨ͠ϥϯλΠϜ͕ొ • WAVM, Wasmtime, Wasmer, Lucet, ʑ • “ී௨ͷϓϩηε”ͱಉ͡Α͏ʹWasm͕ಈ͘Α͏ʹͳΔ
Wasm gets out of web browsers
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/pull/1373
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
• Q. Կނ͜Μͳ͜ͱ͕Ͱ͖Δͷ͔: A. ༷ॻΛݟΑ͏ Wasm: Host functions
Example: TinyGo’s WASI support
Example: TinyGo’s WASI support “clock_time_get” Λimport
Example: TinyGo’s WASI support “clock_time_get” Λimport Wasmtime WASI Implementation
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go
Example: TinyGo’s WASI support time.Nowͷ࣮ମ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime.go time.Nowͷ࣮ମ
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
Example: TinyGo’s WASI support https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
Example: TinyGo’s WASI support Wasmtime Runtime͕࣮ https://github.com/tinygo-org/tinygo/blob/release/src/runtime/runtime_wasm_wasi.go ticks nanotime time.Now
• ݁ہABI (Wasm <-> Hostͷ͠ํ)ܾ͑͞ΊΕͳΜͰͰ͖Δ • ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ͍ͯ͠ΔΒ͍͠ •
Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers
• ݁ہABI (Wasm <-> Hostͷ͠ํ)ܾ͑͞ΊΕͳΜͰͰ͖Δ • ҙͷΞϓϦͷதͰVMΛಈָ͔͍ͯ͜͠͠ͱ͕Ͱ͖ͦ͏ʂ • WASIʹݶΒ༷ͣʑͳABI͕ొ͍ͯ͠ΔΒ͍͠ •
Blockchain༻ͷABI • k8s֦ு༻ͷABI • Proxyαʔό༻ͷABI Wasm gets out of web browsers ࠓͷ͓
2. Background: Envoy’s extensibility
What is Envoy?
• “Cloud-native high-performance edge/middle/service proxy” • CNCF Graduated Project, Github
Star: 15,000+ • Written in C++ • αʔϏεϝογϡͷData planeͱͯ͠།Ұແೋͷଘࡏ What is Envoy?
• ϓϩΩγαʔόʔͳͷͰuse case͕ແݶ • EnvoyʹવϓϥάΠϯ(֦ு)ػߏ͕ଘࡏ • ֦ுͷྫ • ࣾಠࣗͷAuthn/Authz ػೳΛೖΕ͍ͨ
• ಛघͳϓϩτίϧΛѻ͍͍ͨ • MySQL, Redis, DynamoDB, etc. Envoy’s extensibility
Envoy’s extensibility
• Envoy੩తϦϯΫ͕લఏ • C++Ͱॻ͔ͳ͍ͱ͍͚ͳ͍ • มߋөͷͨΊʹશ࠶ىಈ͕ඞཁ • StableͳABI͕ܾ·͍ͬͯͳ͍ • ֦ுػೳΛՃ͢Δʹ
1. UpstreamϚʔδ͢Δ —> ಛघ(private)ͳϢʔεέʔεෆՄ 2. ಠࣗϏϧυΛ͢Δ —> upstreamͷै͕େม Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
• ղܾ͍ͨ͠՝ҎԼͷ௨Γ • ಈతʹϓϥάΠϯͷload͕Ͱ͖Δ • ෳݴޠͷαϙʔτ • EnvoyࣗମͷಠࣗϏϧυඞཁͳ͍ • Security-awareͳ༷
Envoy’s extensibility
None
• ϓϥάΠϯ = WasmͷόΠφϦͱͯ͠Envoyʹ • Envoy <-> Wasmͷ͠ํ(ABI)Λstableʹ͠Α͏ • ͯ͢ͷ՝ΛΫϦΞ
• ҙͷݴޠ, ಈతload, ηΩϡΞ, stableͳABI Extending Envoy with Wasm ಠࣗͷABI
• ͦͦϓϩΩγαʔόͷ֦ு༻APIීวతͳͷͳͣ • ྫ: Http Header/Body/Trailerʹରͯ͠◦◦͢Δ, tcpίωΫγϣϯʹରͯ͠xx͢Δ • Envoy͔ΒΓͤΔͷͰʁ =>
Proxy-Wasmͱ͍͏Envoy͔Βಠཱͨ͠ϓϩδΣΫτʹ Extending Envoy with Wasm
3. Proxy-Wasm: WebAssembly For Proxies
• https://github.com/proxy-wasm • ϓϩΩγαʔόͷ֦ுػߏͷͨΊͷABIͱSDKͷ։ൃͷͨΊͷϓϩδΣΫτ • ։ൃ࣮࣭తʹEnvoyίϛϡχςΟ • LinkerdMosnͳͲ΄͔ͷϓϩΩγք۾ࢀೖͷؾ Proxy-Wasm: WebAssembly
for Proxies
• ̐ͭͷݴޠͷSDK͕͋Γ, ؆୯ʹcompatibleͳWasmͷίϯύΠϧ͕Մೳ • C++, Rust, Go(TinyGO), AssemblyScript • Hostͷެ࣮ࣜC++ͷΈ
• https://github.com/proxy-wasm/proxy-wasm-cpp-host • VMͱͯ͠ Wasmtime(wasm-c-api), V8(wasm-c-api), WAVM͕ݱঢ়ར༻Մೳ • Envoy, Apache Traffic Server(PoC)͜ͷެ࣮ࣜΛϥΠϒϥϦͱͯ͠͏ Proxy-Wasm: WebAssembly for Proxies
• Spec: https://github.com/proxy-wasm/spec • WasmͷϓϩΩγαʔόͷABI(͠ํ)ΛఆΊͨͷ • (proxy-wasm-cpp-host࣮v0.2.1ʹͳͬͯΔ͕, spec͕ߋ৽͞Ε͍ͯͳ͍…) Proxy-Wasm specification
Proxy-Wasm specification: Example 1. ϩΪϯάͷͨΊʹ “Wasm͔Β”ݺͿؔ
Proxy-Wasm specification: Example 1. proxy_logͷ࣮ in ϗετ https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/exports.cc#L854-L864
Proxy-Wasm specification: Example 1. proxy_logͷ࣮Λظ https://github.com/proxy-wasm/proxy-wasm-rust-sdk/blob/master/src/hostcalls.rs#L20-L32
Proxy-Wasm specification: Example 2. ίωΫγϣϯཱ֬࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ Tcp data͕౸ண࣌, ϗετ͔ΒݺΕΔ
“Wasm”ͷؔ
Proxy-Wasm specification: Example 2. http request header౸ண࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ http
request body͕౸ண࣌, ϗετ͔ΒݺΕΔ “Wasm”ͷؔ
Proxy-Wasm specification: Example 2. SDKͰ࣮ & export https://github.com/tetratelabs/proxy-wasm-go-sdk/blob/main/proxywasm/abi_l7.go#L21-L40
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-hostͷ onResponseHeadersΛݺͿ
Proxy-Wasm specification: Example 2. EnvoyͷEventϧʔϓ https://github.com/envoyproxy/envoy/blob/master/source/extensions/common/wasm/context.cc#L1577-L1587 https://github.com/proxy-wasm/proxy-wasm-cpp-host/blob/master/src/context.cc#L308-L319 proxy-wasm-cpp-hostͷ onResponseHeadersΛݺͿ “Wasm”ͷproxy_on_request_headers
• 1 VM / (Plugin, Worker Thread) • Nativeͷ֦ுͷதͰproxy-wasm- cpp-hostΛ༻
• 1ͷؒ “envoy-wasm”ͱ͍͏ forkઌͰ։ൃ • 10݄ʹupstreamϚʔδ͞Εͨ Proxy-Wasm in Envoy
• 2ͭͷDeployͷํ๏ • EnvoyͷϑΝΠϧγες ϜʹWasmΛஔ͍ͯ, ىಈ ࣌ʹϩʔυ • xDSͱݺΕΔಠࣗͷಈ తconfigurationͷϓϩτ
ίϧͰRuntimeͰΓସ ͑Δ Proxy-Wasm in Envoy
Proxy-Wasm in Envoy
Proxy-Wasm in Envoy
Proxy-Wasm in Mosn
Proxy-Wasm in Linkerd?
4. The Challenges and Future
• ҙͷϓϩάϥϜ͔ΒͲ͏ͷΑ͏ʹϗετΛकΔ͔? • ProxyαʔόϛογϣϯΫϦςΟΧϧͳιϑτΣΞ • ςετॻ͍ͯॻ͍ͯॻ͖͖Εͳ͍ • I/F͕ηΩϡΞͱ͍͑ɺಛఆͷύεͰΫϥογϡ͢Δ͜ͱ͋Δ Challenges in
Proxy-Wasm
• ύϑΥʔϚϯεͷ • Near-nativeͱ͍͑ͬͺΓগ͍͠ • GC͖ͷݴޠProxy-Wasm͚ͷGCΞϧΰϦζϜΛ։ൃ͠ͳ͍ͱ ͍͚ͳ͍? Challenges in Proxy-Wasm
• αϙʔτݴޠ, ͦ͜·Ͱଟ͘ͳ͍Α͏ͳ….? • WasmͷΤίγεςϜࣗମ͕·ͩະख़ Challenges in Proxy-Wasm
• V8, WAVM, WasmtimeΛಉ࣌ʹlink͠Α͏ͱͨ͠Βsymbol͕িಥ • libunwind, wasm-c-api, GDB JIT interface
Challenges in Proxy-Wasm
• ABI͕Envoyͷ࣮ʹ͍ͩͿد͍ͬͯΔ(ͨΓલͱ͍͑ͨΓલ…) • 1VM͕ෳͷϦΫΤετΛࡹ͘ͱ͍͏ઃܭ • V8 / WAVMͷoverhead͕എܠ • 1VM
= 1 requestͱ͍͏Ϟσϧͷ߹ʹෆཁͳઃఆ͕͍͔ͭ͋͘Δ Challenges in Proxy-Wasm
• RuntimeͲΕબྑ͍ͷ͔ • (Runtimeͷ)Compile, (Wasm)ͷCompile, ࣮ߦͷτϨʔυΦϑ Challenges in Proxy-Wasm
• ·ͩ·ͩEarly days (Join us!): server-side WasmͷޭྫͱͳΓ͍ͨ • EnvoyҎ֎ͷProxyʹΑΔαϙʔτ Future
of Proxy-Wasm
• BytecodeAllienceೖΓ…? • ࣮ࡍProxy-Wasm͋ΔछͷWASIͷ֦ுͰ͋Δ • Pre-Proposal phaseͱͯ͠WASIͷProposalʹ͍Δ • https://github.com/WebAssembly/WASI/blob/master/docs/ Proposals.md
Future of Proxy-Wasm
Future of Proxy-Wasm https://stackoverflow.com/questions/60969344/what-is-the-relationship-between-wasi-and-proxy-wasm
• OCI-compilantͳartifact imageͱͯ͠WasmͷόΠφϦΛ֨ೲ • docker pullͱಉ͡Α͏ʹ֦ுػೳΛϩʔυ • ͜ΕProxy-WasmʹݶͬͨͰͳ͍ • https://github.com/deislabs/krustlet
: k8s্Ͱίϯςφͱͯ͠WasmΛಈ͔͢project • https://github.com/deislabs/oras: OCI Registry As Storage • ͔ࣾΒ“Proxy-Wasm༻” OCI Spec͕ఏҊ͞Ε͍ͯΔ͕…(ࣾձੑϑΟϧλʔ) Future of Proxy-Wasm
• Proxy-Wasm = WasmΛͬͨϓϩΩγαʔόͷ֦ுػߏͷඪ४ԽϓϩδΣΫτ • WasmΛαʔόͰಈ͔ͯ͠ΠϕϯτຖʹWasm͔͚͠Δ • ·ͩ·ͩearly days •
Wasm/WASIͱڞʹʑਐԽ͍ͯ͠Δ • Envoy slackͷ #envoy-wasmͱ͍͏νϟϯωϧ͕Ұ൪ϝϯςφʹ͍ۙ ·ͱΊ
• Service Meshͷ࣮ͷࠐΈೖͬͨ • Envoyͷ֦ுͷਏ͞IstioଆͰڧ͍Ϟνϕʔγϣϯ͕͋ͬͨ͜ͱ • IstioଆͰطʹproductionͰΘΕ͍ͯΔ͜ͱ • ֤SDKͷ࣮ͷਏ͞ͷ •
RustWasmͷதͷreentrant call͕ෳͷmutable borrowΛੜΜͰࢮ͵ͱ͔ • GoͷWASIαϙʔτҰੜདྷͳ͍ؾ͕͢Δͱ͔ͦ͏͍͏ • V8ઌੜͱͷϝϞϦϦʔΫ֨ಆه • Rustͷίʔυ͕ॳΊͯEnvoyʹlink͞ΕΔ·Ͱͷي(ۤস) • GetEnvoy Extension Toolkitͷ։ൃπʔϧ ࠓͤ(͞)ͳ͔ͬͨ͜ͱ
We are hiring! https://www.tetrate.io/careers/
mathetake
oracle4engineer
yhana
kawauso
you
oprstchn
kubell_hr
fujiwara3
nyata
.jpg){kind=avatar}
hiro_torii
ahus1
lycorptech_jp
bengo4com
tanoku
csswizardry
kastner
chriscoyier
speakerdeck
stephaniewalter
holman
sugarenia
lynnandtonic
eileencodes
mza
denniskardys
