wasmtime icon indicating copy to clipboard operation
wasmtime copied to clipboard

Published 20 hours ago verified publisher icon bytecodealliance

OCI-compatible proposal for wrappering wasmtime

Open leonwanghui opened this issue 6 years ago • 12 comments

Hi all, recently I found an experiment project called containerd-wasm developed by containerd team, and I believe it's a fantanstic idea to combine container management layer (such like Docker and Kubernetes) with wasm runtime.

But for now this project is at very early stage, to make the idea of integrating wasmtime with containerd seamlessly, I pulled an issue https://github.com/dmcgowan/containerd-wasm/issues/2 to improve the portability and performance of this solution.

With this improvement, we can leverage the container ecosystem (ease of use, widely adopted) and wasm runtime through OCI runtime specification.

Any thoughts?

leonwanghui avatar Sep 21 '19 03:09 leonwanghui

In the meantime, I've also been working on distributing WebAssembly modules with OCI registries - https://github.com/engineerd/wasm-to-oci

(There's also support for integrity checks with TUF in a pull request).

I'd be happy to chat about this if anyone is interested.

radu-matei avatar Nov 27 '19 18:11 radu-matei

@leonwanghui just found that project too and have been working on getting it working again - planning to use the wasmer go bindings though: https://github.com/wasmerio/go-ext-wasm

should make the implementation simpler as they'll be no need to shell out to another binary. Not sure if that was a design decision, but since they'll be a mutliple shim instances I can't see an issue with that.

dippynark avatar Mar 29 '20 15:03 dippynark

Microsoft's Krustlet project might be a better approach, depending on details of your use case.

If that doesn't work, note that we'll have Go bindings for Wasmtime soon, too.

tschneidereit avatar Mar 29 '20 16:03 tschneidereit

@tschneidereit that looks really cool - would like to have an integration with the upstream kubelet too which yeah the wasmtime bindings would help with for sure, but that projects looks like a good alternative.

Have had some trouble today understanding how the sandbox container fits into the picture - it seems the shim is expected to support running the pause container, which does not match too well with running wasm with go bindings, but am going to carry on with it

dippynark avatar Mar 30 '20 02:03 dippynark

@dippynark Feel free to drop in on our Krustlet project. I think we are going to start holding public Zoom meetings in the next few weeks, since we've gotten to this point where we are doing lots and lots of one-off calls that would better be served by a community dev chat sorta thing.

We did a CRI implementation as well, and started work on a containerd shim, but hit up against design trade-offs that we did not like. So we went back to implementing a kubelet that viewed WASM as its first-class runtime. There has been some talk about attempting to re-visit CRI (and maybe do a CRI v2) to make it less OCI/Docker-centric (it makes really strong assumptions about the runtime). But that is probably a 2+ year project. Krustlet is, for us, a chance to try to solve the problem today.

Since @radu-matei wrote his post last November, we've also been pretty successful storing WASM modules in at least some OCI registries. That route is looking promising.

technosophos avatar Mar 30 '20 18:03 technosophos

I think we are going to start holding public Zoom meetings in the next few weeks, since we've gotten to this point where we are doing lots and lots of one-off calls that would better be served by a community dev chat sorta thing.

We are starting to next week! We have the link and time in the README

thomastaylor312 avatar Mar 30 '20 19:03 thomastaylor312

@technosophos that could be good, will see next week - would be interested in hearing what the design tradeoffs were?

I've made some progress building on top the existing project, I have just got it running Docker containers like this using a wasm runtime like this. I guess some difficulties will come trying to implement things like exec.

dippynark avatar Mar 30 '20 22:03 dippynark

Sorry, the links you left above are broken @dippynark, and I could not read them. @thomastaylor312 is definitely the best resource with whom to discuss this, though.

technosophos avatar Apr 02 '20 18:04 technosophos

@technosophos fixed

dippynark avatar Apr 02 '20 20:04 dippynark

Hi Team,

If I read the issue correctly I am working on similar feature for crun (OCI-runtime) which already supports wasmedge and wasmer and following PR adds supports for wasmtime handler in crun: https://github.com/containers/crun/pull/963 feel free to give it a try :)

Edit: Small doc which shows how to use this feature on kubernetes setup https://github.com/containers/crun/blob/main/docs/wasm-wasi-on-kubernetes.md

Thanks

flouthoc avatar Jul 11 '22 11:07 flouthoc

Any updates?

jwcesign avatar Mar 22 '24 08:03 jwcesign

@jwcesign There is a group of us from the CNCF Wasm WG that is nearing completion of a spec definition for this. You can find meeting notes here and the working doc here

thomastaylor312 avatar Mar 25 '24 17:03 thomastaylor312