I think the great use case for WASM is extending istio service mesh. If you need some very specific customization in terms of routing, rate limiting, security etc. to be added to Envoy, WASM is the way to go.
Judging by the information I found in the web (not tested it yet, though), WASM is already integrated in containers/kubernetes world: WASM modules can be packaged as OCI images and run by containerd with runwasi runtime plugin. Kubernetes already have support for arbitrary RuntimeClasses, so there must be no big dial to run WASM pods alongside with classic ones (based on runc runtime). On the other hand, same runtime plugin system can also made traditional containers more secure the same way as WASI - by inserting protective runtime layer between binary and OS kernel, as gVisor (runcs runtime plugin) does. Finally, can't say that typical container images needed more than two OS/arch variants: Linux/amd64 (includes Intel) and Linux/arm64. All containers I've seen on Windows was run in Docker Desktop, which is just VM with Linux inside :) Heard about native Windows containers, but never seen these in practice.
Yeah, you are correct. Wasm, via runwasi, runs quite well in Kubernetes. The kwasm project helps install this. Azure AKS actually supports this out of the box if you enable the feature. And thanks to the OCI artifacts spec, we actually package Wasm apps directly as OCI images now.
@mattbutcher8614 yeah. Azure is doing great on that front. They are the first major provider to offer wasm in kubernetes. There are some issues with it but i can see it becoming GA very soon.
Currently experimenting with web apps using kotlin and jetpack compose! I wouldn't say I'm too impressed but there is a huge potential especially now that the compose is not optimised for wasm but it already seem fast.
Thanks diving into this topic. I've been wanting to learn more about this buzzword I keep hearing, and I now feel much better informed about the subject, and whether it's worth consideration for my projects in the future.
WASM is relevant if i.e. you want native performance in a browser, that's where it shines: 3D graphics rendering written in i.e. C++ directly in Chrome or similar.
Great talk thanks I am using nomad and work in past with k3s. Can you please share your expression nomad I dont understand your crititic at last point.
In the past i would answer by comparing kubernetes with nomad and docker swarm. Such comparisons are not useful any more mostly because nomad and swarm are dead ends. Industry did not pick them up. Docker gave up on swarm and only hashicorp works on nomad. On the other hand, almost every vendor is investing heavily on kubernetes. It is the winner and the only one widely supported. It will be eventually replaced by something else, that that will not be nomad or swarm but something based on different ideas. Until then, kubernetes is the only bet one can make.
I know its not the same as wasm, but I am very interested in wasmclouds nat overlay network. I think the concept that an optimized m2m messaging protocol could make a lot of sense for distributed microservices applications. Some of the examples I have seen of messaging performance are extremely powerful, and the features you get as a result from a networking perspective are pretty magical. Regardless of the merits of these claims. the big problem is apps need to be written specifically for wasmcloud which of course doesnt invalidate it, just makes the addressable market much smaller as it can only be considered with new apps or drastic refactorings. Perhaps my biggest question with this is should we be more aggressive in exploring alternative network tech for microservice-to-microservice comms whether it be wasmcloud or maybe changing app code further to build m2m messaging around primitive nats constructs, or aside from nats, just given the radical performance deltas it has for certain messaging use cases, should we be focusing more on other alternative network approaches whatever they may be as clearly there seems potential to unlock some big benefits.
Hey Art, Liam from CNCF wasmCloud; over the last year we have been investing in pure wasm standards - we migrated the core to the Bytecode Alliance Wasmtime runtime, have full support for WebAssembly Components, and have been migrating to WIT. This both lowers the bar for entry and brings wasmCloud inline with the greater wasm ecosystem. Drop by our Slack or wasmCloud Wednesdays and say hi!
I’d love to see K8s supporting Wasm runtimes sometime in this decade, but knowing how K8s progress on major changes, I’m not holding my breath. I have seen articles of successful adoption of Wasm runtimes in HashiCorp Nomad with little effort.
wasm might ne a hype that will end soon , but it opens up to a lot of possibilities or wasm like systems but imo, if we strip down linux it can be as good as wasm without adding new wasm ish
It does. Containerd has a shim called "runwasi" that can execute several types of WebAssembly apps. The kwasm project has installers for several different Kubernetes distributions. Fermyon and Microsoft do a lot of open source work on this.
I think the K8 and containers are more flexible in terms of customizations... WASM seems to be acting like an API (but not exactly, I know) and can also be make part of a Container...
native compiled code will always be faster than wasm. wasm runs in a virtual machine, so it is java lite. it will be faster than python or javascript - so use it if your existing codebase is written as such and want a performance gain - especially if you have no idea how to package a container. but if your product is performance oriented you've already probably written it in an appropriate language, and it will be 2x-12x+ faster than wasm as a architecture native binary. Wirth's law: software is getting slower more rapidly than hardware is becoming faster.
I'm interested in ways to run applications both during development and in production. Docker checks only one of those two boxes and, honestly, I'm not sure there is a good use case for running WASM in Docker locally. I'm more interested in the other way around; how to run WASM in production with local execution being a bonus?
@@DevOpsToolkit Since it runs in Kubernetes via runwasi, the workflow we use with Docker is to do some local dev there, and then deploy. But there is interesting stuff going on with tools like Docker Compose that should, longer term, make it possible to seamlessly test in Desktop and deploy to Kubernetes or other platforms.
I admit that I wasn't aware of SIF containers. What are they? P.S. TH-cam does not allow links in comments but if you can send me as a private message on LinkedIn or Twitter, I'll be happy to learn about them.
ChatGPT 4 says: SIF (Singularity Image Format) Containers Designed for Singularity, a container platform focused on scientific and high-performance computing (HPC) environments. SIF containers encapsulate the environment in a single file, enhancing portability and security. They support encryption, signing, and verification of containers for secure distribution. Ideal for compute-driven tasks, ensuring reproducibility across various computing environments. Less overhead and complexity compared to traditional Docker/OCI containers, beneficial in HPC contexts. (From glancing through the sylabs website this seems generally accurate)
@@orterves SIF was conceived for HPC and the most popular application nowadays is to pre-train, finetune and run inference in LLMs. However there is so much more to it. Because SIF is working much closer to the kernel it does bring performance gains that are unmatched and this made companies like Coreweave to develop microsservice framework for SLURM they call it SUNK. If you have a curiosity there is this awesome book: Foster and Gannon, “Cloud Computing for Science and Engineering”, MIT Press 2017
to me that is one of the most exciting parts, its like what if we could reinvent the jvm with everything we know today, what if there actually was a truly universal systems interface (1) and (2) it was imbued with the best knowledge we have learned to date and (3) the new component model is amazing and bakes inversion of control into the spec in a really elegant way as it should have always been and not a java afterthought!
Are you using WASM? If you are, what are the use-cases where it shines?
I'm placing my bets on wasm Kubernetes clusters. I did a PoC and the only thing lacking is tooling. I hope it will start changing soon.
@filipeandujar that's my opinion as well. If we could leverage kubernetes ecosystem with WASM, that could be a winner.
I think the great use case for WASM is extending istio service mesh. If you need some very specific customization in terms of routing, rate limiting, security etc. to be added to Envoy, WASM is the way to go.
Judging by the information I found in the web (not tested it yet, though), WASM is already integrated in containers/kubernetes world: WASM modules can be packaged as OCI images and run by containerd with runwasi runtime plugin. Kubernetes already have support for arbitrary RuntimeClasses, so there must be no big dial to run WASM pods alongside with classic ones (based on runc runtime).
On the other hand, same runtime plugin system can also made traditional containers more secure the same way as WASI - by inserting protective runtime layer between binary and OS kernel, as gVisor (runcs runtime plugin) does.
Finally, can't say that typical container images needed more than two OS/arch variants: Linux/amd64 (includes Intel) and Linux/arm64. All containers I've seen on Windows was run in Docker Desktop, which is just VM with Linux inside :) Heard about native Windows containers, but never seen these in practice.
Yeah, you are correct. Wasm, via runwasi, runs quite well in Kubernetes. The kwasm project helps install this. Azure AKS actually supports this out of the box if you enable the feature. And thanks to the OCI artifacts spec, we actually package Wasm apps directly as OCI images now.
@mattbutcher8614 yeah. Azure is doing great on that front. They are the first major provider to offer wasm in kubernetes. There are some issues with it but i can see it becoming GA very soon.
Thanks for another great video! It looks definitively promising, will see about it.
Bright future ahead for WASM, sometimes waiting for its maturity is the best thing we can do for a technology. Great video as always.
Currently experimenting with web apps using kotlin and jetpack compose! I wouldn't say I'm too impressed but there is a huge potential especially now that the compose is not optimised for wasm but it already seem fast.
Thanks diving into this topic. I've been wanting to learn more about this buzzword I keep hearing, and I now feel much better informed about the subject, and whether it's worth consideration for my projects in the future.
WASM is relevant if i.e. you want native performance in a browser, that's where it shines: 3D graphics rendering written in i.e. C++ directly in Chrome or similar.
Great talk thanks
I am using nomad and work in past with k3s.
Can you please share your expression nomad I dont understand your crititic at last point.
In the past i would answer by comparing kubernetes with nomad and docker swarm. Such comparisons are not useful any more mostly because nomad and swarm are dead ends. Industry did not pick them up. Docker gave up on swarm and only hashicorp works on nomad. On the other hand, almost every vendor is investing heavily on kubernetes. It is the winner and the only one widely supported. It will be eventually replaced by something else, that that will not be nomad or swarm but something based on different ideas. Until then, kubernetes is the only bet one can make.
I know its not the same as wasm, but I am very interested in wasmclouds nat overlay network. I think the concept that an optimized m2m messaging protocol could make a lot of sense for distributed microservices applications. Some of the examples I have seen of messaging performance are extremely powerful, and the features you get as a result from a networking perspective are pretty magical. Regardless of the merits of these claims. the big problem is apps need to be written specifically for wasmcloud which of course doesnt invalidate it, just makes the addressable market much smaller as it can only be considered with new apps or drastic refactorings. Perhaps my biggest question with this is should we be more aggressive in exploring alternative network tech for microservice-to-microservice comms whether it be wasmcloud or maybe changing app code further to build m2m messaging around primitive nats constructs, or aside from nats, just given the radical performance deltas it has for certain messaging use cases, should we be focusing more on other alternative network approaches whatever they may be as clearly there seems potential to unlock some big benefits.
Hey Art, Liam from CNCF wasmCloud; over the last year we have been investing in pure wasm standards - we migrated the core to the Bytecode Alliance Wasmtime runtime, have full support for WebAssembly Components, and have been migrating to WIT. This both lowers the bar for entry and brings wasmCloud inline with the greater wasm ecosystem. Drop by our Slack or wasmCloud Wednesdays and say hi!
I’d love to see K8s supporting Wasm runtimes sometime in this decade, but knowing how K8s progress on major changes, I’m not holding my breath. I have seen articles of successful adoption of Wasm runtimes in HashiCorp Nomad with little effort.
wasm might ne a hype that will end soon , but it opens up to a lot of possibilities or wasm like systems
but imo, if we strip down linux it can be as good as wasm without adding new wasm ish
It does. Containerd has a shim called "runwasi" that can execute several types of WebAssembly apps. The kwasm project has installers for several different Kubernetes distributions. Fermyon and Microsoft do a lot of open source work on this.
Before 3:29, the idea of Flash was what WASM could have been!
In my experience crossbuilding containers can take a long time and compiling them once to WASM and run them managed on Kubernetes is a nice choice
I think the K8 and containers are more flexible in terms of customizations...
WASM seems to be acting like an API (but not exactly, I know) and can also be make part of a Container...
native compiled code will always be faster than wasm. wasm runs in a virtual machine, so it is java lite. it will be faster than python or javascript - so use it if your existing codebase is written as such and want a performance gain - especially if you have no idea how to package a container. but if your product is performance oriented you've already probably written it in an appropriate language, and it will be 2x-12x+ faster than wasm as a architecture native binary.
Wirth's law: software is getting slower more rapidly than hardware is becoming faster.
It might be interesting to look into WASM on docker
I'm interested in ways to run applications both during development and in production. Docker checks only one of those two boxes and, honestly, I'm not sure there is a good use case for running WASM in Docker locally. I'm more interested in the other way around; how to run WASM in production with local execution being a bonus?
@@DevOpsToolkit Since it runs in Kubernetes via runwasi, the workflow we use with Docker is to do some local dev there, and then deploy. But there is interesting stuff going on with tools like Docker Compose that should, longer term, make it possible to seamlessly test in Desktop and deploy to Kubernetes or other platforms.
Wasm is wawesome 🎉❤
So the main takeaway is, I should move to Liechtenstein
... or Luxembough.
You are only considering one type of container standard,the OCI. You are ingnoring SIF containers
I admit that I wasn't aware of SIF containers. What are they?
P.S. TH-cam does not allow links in comments but if you can send me as a private message on LinkedIn or Twitter, I'll be happy to learn about them.
ChatGPT 4 says: SIF (Singularity Image Format) Containers
Designed for Singularity, a container platform focused on scientific and high-performance computing (HPC) environments.
SIF containers encapsulate the environment in a single file, enhancing portability and security.
They support encryption, signing, and verification of containers for secure distribution.
Ideal for compute-driven tasks, ensuring reproducibility across various computing environments.
Less overhead and complexity compared to traditional Docker/OCI containers, beneficial in HPC contexts.
(From glancing through the sylabs website this seems generally accurate)
@@orterves SIF was conceived for HPC and the most popular application nowadays is to pre-train, finetune and run inference in LLMs. However there is so much more to it.
Because SIF is working much closer to the kernel it does bring performance gains that are unmatched and this made companies like Coreweave to develop microsservice framework for SLURM they call it SUNK.
If you have a curiosity there is this awesome book:
Foster and Gannon, “Cloud Computing for Science and Engineering”, MIT Press 2017
Java implemts the same idea. The pendulum has swung back.
to me that is one of the most exciting parts, its like what if we could reinvent the jvm with everything we know today, what if there actually was a truly universal systems interface (1) and (2) it was imbued with the best knowledge we have learned to date and (3) the new component model is amazing and bakes inversion of control into the spec in a really elegant way as it should have always been and not a java afterthought!
Computing goes in cycles, but each revolution is tighter and smoother than the last.