Kevin Hoffman — Building a Containerless Future with WebAssembly

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Applause] so before I get started I just want to take a minute to mention how amazing it is that there's an entire room filled with people here for webassembly you know I've been waiting for a day like this for years so this is this is good stuff so I don't want to talk too much about myself I just want to put this up here to let you know that I have a very noticeable bias I am a back-end person UI's web browsers graphical interfaces those all occupy the same space in my mind as mythological creatures they don't exist they might somewhere but not for me i access the web through a bastion host and kernel that's so everything I'm going to talk about here is obviously back-end oriented browsers aren't real so why should we care about more of assembly in the context of the fictional concept of browsers again I've heard about this browser thing and web assembly has a bunch of benefits for the browser things like speed small footprint security developer productivity and things like being able to deploy and rapidly and continuous deployment all of these things are things that benefit us in the cloud as well we want our cloud workloads to be fast we want them to be small we want them to be secure for a number of different reasons we want to be able to verify that our workloads haven't been tampered with we want to be able to prove provenance chain of ownership things like that the memory sandbox and memory isolation works for us in the cloud and we also want developer productivity and continues to point so webassembly itself is small there are I'll demonstrate micro service that's running and it's compiled web assembly file is 2 Meg's without an optimization most of the work we do in the hosts runtime not in the wasm file it may or may not be a coincidence that I've lost 51 pounds since we I started learning web assembly true story thank you sir oh so you know you guys are just gonna completely mess up my rhythm but no seriously the applause is great thanks web assembly is secure so I don't know if anybody has heard about buffer overrun type of security exploits things like that are physically impossible inside a web assembly module wherever suddenly the specification allows us to have custom sections so we can put metadata directly inside a web assembly file things like hashes and signatures the host decides what the module can and can't do and again we have the isolated memory sandbox that can't leak or allow exfiltration of data that we don't want kind of a caveat here is that the web assembly format you've already seen is a well-known standard and so it can be easily disassembled so obviously despite all the security benefits don't put trade secrets and your compiled web assembly modules same reason we don't do that in JavaScript or we try not to web assembly is portable we've seen examples of this either running in the browser we've seen examples of webassembly running on IOT devices its OS agnostic platform agnostic my my personal agenda is that it doesn't require containers and of course it's only as portable as we make it so it's portable now the spec calls for it to be portable but as a community we can easily screw that up so we need to make sure that you know as we go forward we don't do anything that gets in the way of web assemblies portability and benefits web assembly is in theory polyglot we have languages that we can use the hosts as host runtimes for web assembly and we can write web assembly modules in nearly any language rest go quick show of hands does anybody use the language called zig yes excellent assembly script we saw a bunch of really amazing stuff there I put an asterisk next to go because goes current implementation assumes the existence of a JavaScript runtime which really bothers me because like I said front ends don't exist so like I said there's a number of different ways we can host web assembly outside the browser and that's done through a host runtime at the lowest level you have interpreters and compilers so you've got runtimes that will interpret the web assembly instructions and you have some that will just in time convert the web assembly into native code and you saw earlier there are ways to do a combination of both of those for various different optimizations we've got wasm time which is a hosts runtime from the Vike code alliance as mayor he saw a demo thousand three and you also saw the link to the the list of Awesome wasm rum two names the building on top of oh yeah building on top of the low-level runtimes we've built some open source projects the first one is W a PC or web assembly procedure calls and it is a layer on top of the low-level runtime that allows us to pass arbitrary payloads back and forth between the host runtime and web assembly and this gets us around the limitation that webassembly only supports numeric arguments and having to deal with that complexity on our own is difficult and pretty high friction and what we're trying to do is make things easier for developers to use webassembly kind of a subtle distinction but important to me is that in this contract for passing information back and forth between web assembly and the runtime host neither side is aware of the other side's memory allocation pattern so things like interface types and some of the other things like and scripting and if you're familiar with web and bind gen for rust they all work by allowing the host to allocate memory inside the guest or the guest to allocate memory inside the host which means that interaction is stateful and if it drops then you lose those pointers and W APC is designed to be stateless so there is no memory allocation I can go into detail on the contract later but and then there's also a set of tools around signing webassembly modules with JSON web tokens and embedding those directly in the module and I'll show some of that to and above that runtime is yet another layer and this one is called wax or webassembly secure capabilities connector and what we've done with this one is essentially taken the concept of a web assembly module and applied it to the concept of a factor systems and so we want developers to build web services or micro services and functions as pure business logic compiled into a web assembly module that is secured and signed and then dynamically bound to capabilities so take away all the boilerplate that we normally spend with our non-functional requirements like message brokers HTTP key value stores all that stuff and dynamically bind it so we can leverage the portability and small size of the web assembly modules and again I'll get into some demos of that soon one I just want to go through the list here right now the host and guest parts are all written in rust once go becomes more compliant with the web assembly spec we'll have a go SDK for that as well so let's take a look at the web assembly ecosystem again out of the browser so one of my favorite quotes is if I have seen further it is by standing on the shoulders of giants and one thing that we have to deal with as a young community is that there just isn't that much out there there isn't that much tooling and if there is it's not all that mature we're missing things like documentation training things like that and so in order to stand on the shoulders of giants one thing that we often have to do is build our own shoulders so if there isn't tooling we have to build it in order to make these products work so the things that I'm going to talk about are things like out of browser runtimes and and tooling but we also as a community need to work on things like education documentation developer experience things like that so the most important part of this presentation is these demos I'm going to take a walk through the the different tiers that I talked about so the first one is the core web assembly runtime and then we'll talk about W APC and how to do essentially remote procedure calls with web assembly and then I'll talk about and then I'll show a demo of running web assembly modules as services in the cloud is that everybody can see that again like I said this is my UI so so the first thing I want to do is quick show of hands has anybody seen the done programming with the low-level webassembly text format that is awesome that is the first room where more than one hand has gone up it makes me but yeah it's all downhill from here this is so we compiled one of these into a wasm file and we can use a number of different runtimes to invoke in order to exercise this webassembly module I'll see if I can remember the syntax offhand since math is not my specialty we'll go with two and two and we get four so like I said this is the this is a low-level and kind of the reason why I wanted to cover this is because this is what webassembly core gives us this is what the spec gives us and this is what the basic tooling gives us everything above this is something that we have either had to write ourselves or rely on someone else to write so I've got a couple of demos here for W a PC and like I said this is a contract between the host runtime and a web assembly module that allows the host Ron time to make calls into the web assembly module and the web assembly module to make calls to the host run time so that that bi-directional contract and again it's without explicit memory allocation yeah that's not right so in here we're but we're going to load our web assembly file and we'll use the W APC library to create a W APC host and we have a call function which invokes an operation with an arbitrary blob of bytes and so in this case I'm just sending in a string and again this is important because webassembly doesn't support string parameters so if you use things like interface types then it will dynamically convert strings but again that uses the explicit knowledge of allocation that I wanted to avoid here so I think there's definitely situations where you might want both but having those long-running pointers is something that just sort of creeps me out and when running in the cloud and so we have call and then we have a callback which allows the web assembly module to invoke rust code or any code on the host so we'll see if I can I'm sorry about the environment variable I forgot to set that earlier so it did as we expected it to thank God I'm so glad my demos worked so what happened was the host made a call in to the web assembly module and in response the web assembly module made a call to the host and we got all that out foot here and so again this is one of those building blocks where now that we have the ability to send and receive opaque binary blobs the next step is to assign some meaning to those binary blobs and then provides some sort of framework that we can use to build cloud native services in web assembly so that's what I'm going to show next so running in this window what I have is a mask webassembly secure capabilities connector and it's the last time I'm going to say that that host is running and if you built services in the cloud before this should look pretty familiar it's just a bunch of UI so this service is running and what is no I don't want to close what's what's running in there is a web assembly module called kV counter and that module receives a request a get request over HTTP increments a counter atomically stored in a key value store and then returns that value in adjacent payload and that type of activity sounds simple and easy to do but of course once we get down into the details we have all these non-functional requirements that we normally have to deal with the HTTP server talking to the key value store all these things that are boilerplate that have nothing to do with our business logic and my hypothesis is that we can use webassembly to get rid of all that boilerplate so I can I'm just gonna try and find the example code here real quick there it is so this is the entire source code for the KB counter we receive a message one of the mishandle requests and the other one is a health check we do the health check because clouds need health checks and the code to increment the counter just calls an atomic add operation and then we return essentially we return a protobuf message that is then converted into a web result and what's important here is that none of these capabilities the key value store the HTTP server the health checking none of those are tightly coupled those are all dynamically bound to the web assembly module at runtime so that's the code that's running and so I can actually exercise that code from I don't know I don't know what this thing is it's a some sort of tool so here is the essentially a summary version of the code that we're writing so I hit the button and then execute it and if we look down here and the the real UI you can see that we we handled the web request sent the request into the web assembly module got an answer converted it to a web result and again the the web assembly module is blissfully unaware what the HTTP provider is and what the key values to our provider is and ordinarily that would be decent enough and we would go and start building our services with this but because we're using web assembly and because it's portable we have a number of things that we can do inside web assembly in the sort of the point that we cannot view in containers so the first thing I'm going to do is live swap the web assembly module that's running with another version without having to provision new resources and so in other words we get zero downtime deployment without a without having to provision new resources so now I have the second version in my web assembly module that was running and I don't know if you noticed the slight delay we didn't drop a request we just blocked and paused long enough to allow the swap to happen and the reason why that swap takes about a second is because I'm in debug mode you know obviously this would be faster in production so the other point is that the key value store is also dynamically bound to this module so the next thing here is I can remove the key value store from the hosts runtime and now I get an error but what happens here is that the host is up enough to be able to give me a decent error message so that you know my kubernetes cluster knows that I've failed a health check or if I have downstream circuit breakers those can all trigger with the appropriate response rather than having catastrophic failure and so what I've just done is swapped the rightest counter or the the Redis key value store with an in-memory one so the next time I make a request my value has gone back down to one so without taking the host down I can perform a live update of my business logic and I can perform a live swap of any of my capability providers and the reason why all of that dynamic abilities is possible at runtime is because of web assembly and the fact that I'm not using docker I mean I have nothing against docker I just think that there are some limits limits and harp on this point a bunch but there are limitations that we can leverage in webassembly and if we embrace those limitations and constraints then we get some of these features one of the other things I wanted to show was the security aspect of this so what you didn't see is there's I'm doing some security validation on the the web assembly module itself so so this tool is reading the embedded security token inside that web assembly module and you can see the public key of the issuer the public key of the web assembly module itself other token information like when it expires when it can be used the versioning information and most importantly the list of capabilities that this module is able to use so you can see that it's been provisioned to use the key value store and the HTTP server but if I even attempted to load this module at runtime and that module wanted to use the web server but it wasn't granted that permission it simply wouldn't be able to do so and so you know today with docker we go through an awful lot of Hoops in the environment itself to prevent our docker images from doing things that we don't want them to do but by embedding the security information inside these modules we can have that information go with our immutable deployment artifact and not be dependent on the environment that it's running in so I went through and showed the three different levels so we have the you know all-natural free-range webassembly which is the the core spec so sending in numbers and getting numbers back built on top of that we have web assembly procedure calls and so if that's the level of abstraction that you want to use then you can use just that open source project and there's already a couple of people that are using using it at that level and they don't want to use the higher level but then if you want to have your development teams be able to build secure verifiable services and functions and deploy them in the cloud then we have who have assembly secure capabilities connector so the basic thing that I want to make sure you know if there was one thing that you remembered from this presentation other than the fact that browsers don't exist is web assembly is the future of distributed computing that's that's not obviously that's not opinion that's objective fact I would like for people to get involved so like I said this is the first time I've ever seen a room filled with people that actually care about web assembly so we should take advantage of that and so you can take a look at byte code Alliance and figure out if there's a way you can contribute there all of the stuff that I demoed is available on github web assembly procedure calls masks and basically I just want people to start building amazing things outside the browser with web assembly it's all good [Applause]
Info
Channel: WebAssembly Summit
Views: 13,629
Rating: 4.9498749 out of 5
Keywords:
Id: vqBtoPJoQOE
Channel Id: undefined
Length: 26min 59sec (1619 seconds)
Published: Wed Feb 19 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.