 Yeah, so hello everyone. This is the final talk for today from Adam Shia about enrich your service mess with Assembly and I'll be sharing the recordings Over here. Yeah, so Adam Shia in the chat if you have any questions or Suggestions or any comments you can just reach out to him or ask in the Q&A session in the chat box Hi, everybody, and thank you for joining this session my name is Adam Shia and Happy to be here talking at that coffee. Yes, I would be talking today about service service communication and web assembly So let's start sir first thing first Believe it about myself My name is Adam Shia. I'm the field engineer at solo Tio. It's a company specialized in APA getaways and service mesh Basically everything that this service service communication is our domain Please reach me out on Twitter Email or just my LinkedIn if you you know want to have a chat or you guys have any questions Okay, so as I said today, we're going to be talking about web assembly and Service to service communication right how to extend and hence your mesh So if you guys are familiar with the envoy we're gonna start be talking about it a little bit just as an introduction then we're gonna be talking about actually web assembly and Then we'll be talking about is to that is based on envoy and web assembly we're gonna go to a demo and at the end we're gonna talk about the future of Basically web assembly plus and we're in this case So yeah, let's start first That's just a quick reminder here about and boy So and boy is really famous now in the cloud native domain API getaway It's used everywhere either from service service type of communication for example in the service mesh Istio Upmash Others use it for their data plane or it can be used as an ingress getaway You know securing your edge traffic if a client for example calls your service That one, you know, we can see this you again in their ingress getaway Solo we have a product called to edge based on envoy And many others use it as an ingress type getaway And for itself is HTTP to First it's highly extendable. It has a lot of great features like great limiting traffic shifting traffic shadowing and Many more and this is why it's actually, you know, it's great for cloud the cloud native work Plus it's kind of lightweight. So it's really fits well with the sidecar type approach Now if you guys are familiar a little bit with envoy the way Extend your Envoy is using basically building your own C++ filters. So That's from the beginning of envoy the way to extend Envoy to add your custom filters or custom behavior that you want to add You will have to build your own filter. So that can be a hard process, especially if you're not Familiar with the technology obviously C++ and you also need to be able to build the product Build actually envoy be able to ship it to maintain it and then so many other things So basically building a filter in envoy was not a trivial thing And this is why we're actually been talking today, this is we'll be talking about the WESM integration and how this simplifies so But before jumping into this we need to talk about obviously WESM so here again, that just basically the way you actually customize Envoy so Envoy itself is think about it as you know a Middleware type approach where you have multiple filters, right? So you have your request hitting Envoy internally you have multiple filters and then it goes to the destination so To customize it again to customize or add one filter to the filter chain You'll have to build your C++ filter bake it within Envoy and deploy Envoy And think about if you want to just you know add dynamically a filter That's not possible. You'll have to basically change your Envoy and create a new deployment and go through some canary type rollouts or anything, you know, especially if it's in the production That's can be you know impacting your traffic. You will need basically to to have a Not you can't have a dynamic type approach to add a simple feature, right? Here it comes the WESM integration with Envoy so first web assembly comes from this simple idea of How can I write Something in any language Compile it to something super efficient and be able to run it on the client side So that's the initial thinking. Hey, I want to be able to run a process Efficiently on the client side for example type browser and I want I want to be able to create it in any language, right? For example, it's gonna be a game a processing graph manipulation anything From there we started thinking, okay, so if wasn't It's super efficient in our client side. Why not use that beyond so on the server side, right? I want to be able to create some behavior Completely with the language that I mastering that for example Java or Actually C++ go JavaScript and so on I want to be able to create my own custom Behavior or basically a back-end code and compile it into a WESM Module that is super efficient and be able to run them on the back end So that was the first step to where we are here today with Envoy, so that was the intermediate step and from there at Envoy Start thinking, okay, so if we have this technology to be able to run Something super efficiently on the back end and I can write it in any language Why not use it basically on the filter chain? So any developer can just write own customization add it to Envoy and that's how extent it can stand actually Envoy Behavior right to add security or transformation anything so the way it works in Envoy again, we have you know Envoy has Filter filters and we have a filter chain. So we have multiple filters until destination now We have a wasm filter. So the wasm filter is basically You can think about it as the VM that's running actually your your your wasm modules And it allows you to add your custom filters dynamically to Envoy. So you can write a specific filter to add a header manipulate the body of the request or anything you want add it dynamically to Envoy and that will extend your feature there either at the edge or between services Okay, so this is the integration between Envoy and WebAssembly Now Because Istio I'm taking an example here of a service service communication Let's take an example of actually Istio right Istio is based on Envoy. So if you think about Istio itself We have a control plane where it's basically You know a set of your control plane side where you can push configuration like let's say I want to add some new routing So you have some configuration that you push that the control plane that stands it Transform it to something that the data plane stands and that's how you basically do the routing or or someone so if you think about it, you'll have so you have your control plane here and Then you have your data plane and data plane itself is Envoy. So if Envoy itself supports wasm right so By extension in Istio we can use wasm to Enforce new policies or to customize our service to service communication Great. So From the control plane side. So we have multiple components here again and data plane is Envoy. So now let's see how basically we can extend At Istio with with the wasm filter, right? So that's basically what you're trying to achieve today Let's say I have multiple Services, right that's I have on my cluster. I basically have a service mesh there You know, I have like Envoy's deployed with every single workload and and that's you know, Istio basically securing like doing MTLS or some sort of Traffic policies and so on now. Let's add an extra layer there to add Security or transformation and so on using wasm Right. So the way we can do that is to you know have our technology to build a web assembly filter, you know using web assembly obviously and then you have the user experience because Today as of today the way to deploy a wasm filter into Envoy is not trivial Even with Istio, there's a proposal there to add some easy way of doing it But there is nothing out of the box to do this in Istio, right or Envoy So this is why we started thinking about this at Solitaire and we have Toolings that are open source to basically allow you to create your own filter and deploy it to your Workload either Istio workload Either an Envoy one, right? So the way it works is that think about it as a Docker Type expert. So your first what you should do is to write your own filter, right? We're using the language two mastering for example C++ or we'll go To extend your mesh For example, adding a transformation or manipulating data so on then build it right into a wasm module Then we package it into an OCI image like basically how Docker works, right? Now when you have your OCI image, you can push it to an OCI type compliant registry for example Docker registry is an OCI compliant registry and so many others Once you deploy your image there, you can basically Use tooling like for example have was me. I'm going to showcase later that will pull this image from your OCI registry and deploy it into your workload and that's how we extend That's how we extend your service mesh and a service service communication Without this kind of tooling it gets pretty complicated Because today as of today if you want to actually extend Istio or Envoy to load your Wasm filter what you have to do is to modify basically the configuration of Envoy to basically point to an HTTP File or something locally which is the wasm module and load it dynamically, right? So it gets pretty tricky there and the easiest way of Handling this is to have a process that basically package Everything publish it and where you can pull it and add it to your issue deployment dynamically, right? I'm going to see this a little bit later in the demo. Let's Start so what I have right now is deployment of Istio in a cluster and I have The booking for a demo application installed there Okay, so the booking for demo application. It's just a set of microservices. Let's are Representing basically a demo application and what we are going to do here is to extend Let's say the service service communication here to add a specific header, right? But this is basically just a demo but think about it as if you want to add let's say HMAG signatures or you want to add custom header security header or remove some sensitive data or think about Manipulating traffic for example do another layer of custom Traffic shadowing or someone there's so many possibilities there. Okay Okay, so Let's look at our cluster If I look at all the services I have deployed right now What I have is a set of Demo applications, right? So that's the one the booking for application there And then I have Istio installed again, right? And I see that every single pod here Has a sidecar injected the way Istio works to have a sidecar like Android within every single pod And that's what you're gonna do right now is to extend the data plane of one of the services to add a custom filter Okay Right now to do this So let's do a call to one of the services and see how it reacts So I'm calling one of the services, right and I see basically some headers that I'm receiving there Let's add a custom header. Okay. That's a simple scenario there adding a custom header to do this let's create a custom filter and We're gonna use was me for that was me is Basically an open source tool that you can install today That will work with your Istio deployment Where you basically install was me And then we're gonna see how how we're gonna use it, right? So Here I have was me already installed. I'm gonna do in its right to initialize a new filter Repository I have to pass what language I want to use in this case. I want to use tiny go Basically, it's going Yeah forgot to put dodges to say here and then I'm gonna say, okay, I want it for Istio Now I have my filter here. So I have this couple files here. That's what basically actually That is my filter here. I'm gonna modify the main Well, so here here it is so Here it is if you if we look at basically The filter here is super simple You have to override some functions to add your custom behavior in this case here What I want to do is to add a custom Response header to my services And what I'm gonna do here is just use Let's say the fcom.us as Heather name and it will have a value. Hello And that's pretty much it now once I built this Nice and once I wrote this I need to build it and For that I'm gonna use What's me bill? Okay, so Spilled and I give it a name so We have to give it basically do the same way you build a dog image You have to give it like a tag and Then after we're gonna use that time for to push it. So here. Let's say let's call it deaf com Right, that's pretty much it think about this looker, right? I build it I'm gonna take some time to build the filter and once it's built now we can just push it to WebAssembly hub, which is Kind of the same Docker experience you have An OCA image, but you can push it to a private repository. Let's say within your Company, you don't expose all the images. You can just bootstrap like a docker Look at docker type container registry and image registry and you can just push your Filter there so Now let's do let's make push and Give it the tag of the image we used here. Let's push it Okay, so let's see what's happened here You just a tag issue okay, so I Think I had the image before Maybe this is why but let's say Let's say I I pushed my image now. That's fine. I have it pushed. That's great Let's check web assembly hub, right? So what was in the hub you can just go and create an account for you Here I have my account already I can check all the images I have pushed and I here is seated the dafconf image that they just pushed right now, right? 31 seconds ago. That's the one that they just pushed Which is basically the wasn't filter. I'm gonna use into my issue deploy Great now I have this pushed What I'm gonna do is to deploy right so I think I called it Dev Conf and I think this is the tag That's pretty much it so this behind the scene will create your Envoy filters the way basically it works today is show to deploy Wasm filter create like a an Envoy filter the Envoy filter is the wasm extension Part configuration and then that needs to point to your wasm module, right? So the way it works here. We basically package we load the image from the registry. We mounted on your service and then we create the Envoy filter to point to that Minery And that's what basically was me Is doing now Another thing we can also customize Where we want to push these filters, right? I mean deploy them You can deploy them on all your workloads or on a specific tag Let's say only a specific application or a specific version of the application, right? In this use case. I just deploy it everywhere Okay, now that this is deployed Let's do a curl again There you go. So we did a call right now To our service and the see that we have the extra header, right? That we just added to our filter. It's an easy way of extending your mesh That's the simplest way of adding basically a new feature or new behavior between services and Again, that's to was me and simplify a lot the way you deploy You deploy any any new filters to your service service Basic to your service mesh now in term of what's going to happen in the future with was me and Service matches in general. I'll talk about is here itself. There's a proposal there to have an API Where it actually does quite exactly what was me does. So you have a Docker image Yeah, that contain your OCI, but this is actually that it's missing the part where you push it to a OCI registry but to actually have a Docker container containing your wasm filter and then you have some You know CRD to deploy it's going to take that image and deploy it to your workloads and point some confusion there now So that's that's coming in in one of the newest newer version off of East Joe So that's basically the the short term kind of new feature does come in in the SEO But there's other things like for example here at solo We have something we call we call glue match that supports multiple clusters Thank you. If you have let's say a hundred clusters, right? And you have multiple services across multiple clusters, but you want to customize let's say service service one and cluster one talking to service F in or G or whatever in in cluster 99 right, so To have cross cluster communication Modification to wasm. We have something called again glue match and using the CLI like Mesh CL wasm You can deploy this filter across multiple clusters to achieve to achieve this extension Not only within the same cluster but across multiple clusters so this was an Easy introduction. I hope to what you can do with wasm and envoy That's an example here was with this to but think about it That will probably work with every single Envoy type deployment, right and boy itself just need some configuration to point somewhere to load the wasm filter Yeah, so it's really powerful. It's dynamic. It doesn't require Work loads to be your started or or anything like that It's It's a great way to customize service mesh because obviously you don't want to write a C++ Complicated filter and maintain it and build it with base all and all that Have only like having only a specific wasm filter doing exactly what you need is the best way to extend your service application With that, thank you for joining this session. I was a pleasure talking here I've gone for you as again if you guys have any questions or just one chat Wish me out on Twitter or on LinkedIn. I'll be happy to have a conversation and thank you all if you have any questions I'm here Thank you very much and I'm for this wonderful talk and demo We I do not see any questions in the Q&A section at the moment, but you can reach out to him and the In the this breakout room link and also his Twitter or LinkedIn account So if you have any questions, so Adam, you want to say something? Yes, thank you all for for joining the session. Obviously if you guys have any questions after all I'm happy to answer them either on Twitter or LinkedIn. You can find me easily and thank you for inviting me All right, thank you very much Adam. It was wonderful presentation and great demo actually. Yeah, thank you So we are at the end of today's Schedule for deaf comps so tomorrow also is a great line of talks are there a great presentations are there so looking forward to that for tomorrow and Yeah, signing off for today. See you all tomorrow. Stay safe. Stay