 Hello everybody, my name is Kat Cosgrove and welcome to another episode of the Road to KubeCon. Before we get going, I am forced to remind everyone that this is an official CNCF livestream and as such all of us, including you, Twitch Chat, are beholden to the CNCF Code of Conduct, which pretty much just boils down to be nice to each other and don't say anything that's gonna make anybody else uncomfortable. Thank you, because I can see the Twitch Chat and I will ban you like super fast. So please be chill. Thank you. My name is Kat Cosgrove. I am here with Ralph and Stu and we are here to talk about WebAssembly, which includes the Wasm Day co-located event at KubeCon coming up in four days. It's four days from now, right Ralph? Wasm Day? Yes, Thursday. Four working days. Four working days until the co-located event and we also have Stu with us to talk about WebAssembly as an actual user. We brought a case study. Isn't that fun? Make sure that if you are not currently following the Twitch channel to please follow us on Twitch. There's a little like heart button. You can just click. It doesn't cost you anything. Please do that because we were given a goal for a certain number of followers to have by KubeCon and we're really really close and It would be cool if we hit it. Thank you. Anyway Ralph, Stu, why don't you tell me who you are? I'm Ralph Scolacci. I'm officially a program manager at Azure Core Compute and on the upstream team, which is basically we do the upstream work necessarily necessary to support not only the upstream stuff that we use in our services like Kubernetes and so forth, but also other developer and operational tooling So I used to be the PM for Helm if you're in the Kubernetes space. I'm no longer Bridget Chroma does that. She's fantastic But that's the realm I'm in and where I work Hi, I'm Stuart Harris or Stu One of the founders of Red Badger, which is a consultancy in London in the UK we work with Bluechips basically to help them with their digital product transformation So we have clients in the financial services industry big banks like HSBC in Santander in the retail industry like Nando's and Tesco, etc and in various other sectors as well and We help our clients transform basically so we we do it by Getting in there on the ground and building product digital product with them And leaving a legacy and helping them helping them move product fast Rad Thank you So can y'all tell me like what what web assembly is and why this is useful? Stu, let me start because I want to give the kind of the high-level Version and then I'm really interested as a user and people And somebody who works with people who are using this now be interested in how you explain it Because the two may not be the same. I mean said a web assembly is a specification in W3C for a stack-based virtual machine What does that kind of mean? It's a basically it's a virtual machine. So metaphorically you could think Like a virtual machine, but also things like jvms and stuff like this there's a sort of a family of virtual machines That you can think of the web assembly is part of but what makes it different is because it's a w3c spec It can be implemented in any number of languages There are a wide array of run times available so you can choose your type of runtime for your particular situation For example, I'm I'm curious about Stu's usage in his work But also Not just the run times but the languages in which the modules are From which the modules compile can be Any number of things so there's wide array of languages Because that's the case and because the runtime and can be very small and the modules are binaries really not Environments like we think of containers as being a whole environment, right? Not just the program but also the file system underneath and things like this They can be extremely small in addition to be Architecture agnostic operating system agnostic things like that. So they have a lot more flexibility in the true cloud native sense So if you think containers They're binaries instead and they run absolutely everywhere Containers go a lot of places but not absolutely everywhere How small is a high level way of looking at it? Huh? How small are we talking here? Like how? You can get I know there are run times down less than three megabytes And your binaries can drop extremely uh to extremely small sizes So for example, you can have fully functional services with a binary that's you know 100 kb to a megabyte depending on what your workload is Whereas the same workload when it brings the environment with it Right, which is typical in containers. You often will just x copy and use scratch or something like this But even so it'll it'll be much larger than that and that doesn't include the run time So you've got docker if you've got container d or whatever might be those things are a little bit more substantial And now the only other thing that's important about web assembly Is that it also has a by default deny security stance Which means that you can't actually move anything across the module sandbox boundary the vm boundary Without it being considered untrusted. And so the host has complete control That's only important because in the container world and in the in the kubernetes world We go to a lot of effort and all distributions everywhere To sort of plug all the holes and make sure that it's denied by default except for that one bit of functionality So it actually has to reverse security assumptions by default as containers do Now that's the way I I talk about now. I'm really interested in Yeah, so you're a user. So how what how do you describe web assembly? I think that was a great description of it Ralph. Well, brilliant. Um The the virtual you know the stack based virtual machine with linear memory that you talked about Is a conceptual machine. It's not like it's just a standard and and so Anything can run in it. And the great thing about I think about web assembly is it's so Unopinionated about the types of languages that can be compiled to it And to run in it. So it's not like the jvm, which you know me You know only certain types of languages will fit in there and it's you know, it's got it's got a A whole bunch of code to let you do things Like the file system, for instance Web assembly doesn't doesn't have that. So it's a conceptual machine and An architecture agnostic like you like you mentioned So, I mean even to the point of end-in-ness. So, you know, whether whether the host is big end-in or little end-in doesn't matter So that that's great because that means now that For almost, I think possibly for the first time in history. We have a universal Target for any programming language that can run on any machine Anywhere so that's that portability Is absolutely vital. I think and this with the security aspects that you mentioned the deny by default, you know, you You can't do anything Literally, you can't do anything unless you You unless you've been given the code to do it and the and the permissions to do it So with things like web assembly system interface um You can provide very granular control to the system call level or whatever about what the The guest code can actually do and that's that's crucial with today's like supply chain You know the software supply chain, which I just can't get out of it like all of our clients and you know, we've done it ourselves so many times We we build an open source You know build a micro service with A ton of open source software if we have for building and for node j s for instance it might have so many um node modules like thousands potentially and you don't know what's hiding in there Oh, yeah, I can get nasty like really really really fast. I don't know what's hiding in there And yet, you know, that's that's the price that we will or today that we think we're willing to pay To be able to get that um that capability Whereas web assembly like, you know, if there is a rogue module in there It can't call home with all your data unless you've specifically given it permission to do so. So that that security the portability um is Amazing, I mean like literally anything from a raspberry pi or from a micro Controller all you know system on a chip or something all the way up to any cloud provider any any architecture It's all good. And that's amazing. That's phenomenal really That is pretty rad that it's it's that it's that versatile. Um, you have you we brought you here because You're our case study. So you have you have actually Uh done things in the real world for a real large client using web assembly Uh, what exactly did that achieve for you? I don't I don't know how much you can talk about that without like getting into like an NDA issue, but Uh, so what did you actually achieve? How much can you tell us? Yeah, so, I mean, I I think I can say that um, you know, we worked with one of europe's largest banks. Um On um helping them build a proof of concept and design a future state architecture for for platform for them to host applications That's multi cloud um because you know The bank in one country will be on azure the bank the same bank in another country will be on aws and then on another country they're on prem And they they have this really heterogeneous environment Um, and if a microservice is running in azure over here and in adress over here like connect the connectivity the firewall rules that You know, you know, how much work goes, you know, everybody in the organization basically gets involved in some capacity or other When you kind of join trying to join all these things up together. Um, and so what they needed was Something that effectively sits above all of those cloud providers or um on prem data centers That is a homogenous surface rather than all the heterogeneous different You know building kubernetes is the same everywhere, which is great. I mean, yeah, that's that's amazing but What's around the kubernetes is very different in azure or in aws or gcp um and so Somehow we need to kind of abstract ourselves away Above the cloud and almost use the use cloud. I think as a as a utility um And that's the holy grail that i'm looking for and and that i'm you know, we were helping um our clients Get to so like like and and it's probably a year out but but there are work we've built working proof of concepts today. Um, which are Well, i'm blowing in my opinion that is Really, i actually Usually i have like a bit on this show where i like i pretend i don't know what a project is. Um But but two days in a row i've got uh project that i actually don't know much about yesterday I i didn't actually know much about prometheus. I don't have to work with it much And uh today, I I know I came into this knowing very little about web assembly. So, uh, this is fun and educational for me genuinely as well It's not a bit today But uh Ralph does stew's Explanation of what web assembly is and how it's being used track with your expectations as Uh a maintainer Yeah, uh, it does but uh, of course, there's the the devil's always in the details and sort of you know Stu sort of put his finger on it when he's talking about Using cloud compute as a commodity for uh customers and business They actually don't want to care too much about where they run They you know, they want to make sure that the the workload runs and that's what we wanted out of kubernetes in fact shared tools Open source standards and so forth. Um give engineers and businesses communities anybody The ability to have this kind of power and build new things very very rapidly and have confidence about The entire environment in which they work And abstract away some of the important details that they nonetheless have to deal with so yeah That this is exactly the goal. It's it's the goal of kubernetes and containers as well So the interesting thing is that I often get asked like What is web assembly versus containers kind of thing and the answer is no, we're still running containers Um, they're fantastic things. It's just a web assembly Serial thing between no no no The proper way to look at this is we are engineers and so what we do is we try and find the right tool for the solution space Sure and kubernetes and absolutely brilliant and kube kube con and and Docker all of that stuff We are well aware of it and the so the question is what more what else can we do with kubernetes? What else can we do with open source and why is cloud native more than just containers? But containers are the critical workload You know package if you will and web assembly is just a little bit of a step in these other areas that allows people to Do a little bit more along with containers and kubernetes. Absolutely. I just saw something in the chat about Do we have a kubernetes runtime to run web assembly yet? And and the answer is um, we've got loads of them because um there's Web assembly in the browser and there's web assembly server side web assembly server side had Because it's such a simple specification. I guess in comparison to a lot of virtual machines um, there's a whole host of runtimes and they can all run inside um a container in a pod in kubernetes um quite happily and I think this this um this better together kind of story of like um, you know kubernetes as a as a as a base for running whether it's really lightweight web assembly um workloads is Is a killer combination And there's if I'll throw in one other thing too, isn't there there are Run tons of runtimes. Um, I actually there's a great awesome list. You can search for Awesome wasm runtimes and there's a fantastic list of like 50 or 60 runtimes because it's a specification, right? um, but in addition there's Various approaches have been have been able to be plugged into kubernetes because you can run a runtime Some very small inside a container and then run that whole thing in kubernetes So you can schedule that that's sort of the easy way And then there's actually the cncf project crosslet, which came originally out of my team That's such a cute. Did you name that who named that? No? I am I don't even want to name names because they'll probably fight over who actually chose that name In fact, it's a rust virtual cubelet that has a provider model. So only in the runtime you want And then attach the the cross the cubelet to your cluster And so that'll work anywhere, uh, you know, it'll want run on your little raspberry pi with the with k3d's It'll do micro kates or kind of whatever you you know happen to want Um, so that's another way, but there are also container dshim Efforts as well. So there's lots of interoperability at the cubelet level But there's embedded stuff too like envoy network filters and uh, kube warden, which also uses web assembly for its, you know, kind of internal embedded protection mechanism for arbitrary third-party code like network filters and stuff. So there's lots of ways it can integrate with kubernetes quite aside from the non kubernetes environments Yeah Absolutely and um, so I I I think crosslet's an amazing thing because um, You know, you could just you can designate a node within a kubernetes cluster as being able to schedule web assembly workloads Um in exactly the same way that it that any the other nodes would schedule um Container container workloads and that's that's a great concept um For our the proof of concept that I was talking about um earlier we we Went that route to start with the only Downside I guess is that you have to be able to Replace some of your nodes with crosslet nodes Rather than kubelet nodes and that and which is fine if you can do that We chose to run um a web assembly runtime called wasm cloud inside docker containers on kubernetes um And then the each so each pod would be a wasm cloud host and they connect via gnats And form a like a self healing lattice And so that's like a platform on top of a platform. I mean everyone's kubernetes Effectively was intended to be a platform for building platforms, right? um, and so, you know, it makes perfect sense to build um, effectively a higher level of abstraction on top using web assembly um And I and I think that's we'll we'll see a lot of that in the future Cool. Yeah, and I noticed in the chat that somebody's asking about using set comp to further clamp down syscalls, for example And the answer is it's just a runtime. You can use exactly the tools that you should expect to use um, and with web the web assembly specifically there's also a emerging specification called the system interface and various other amendments to the spec that allow you to Declare precisely and only what types and and calls go across the boundary, which means you can Completely control down to the call Exactly what happens from the host So that also allows you to do even As many things as set comp does but at a different at a different level Uh, yeah heads up to everybody else watching on twitch. You you can absolutely ask questions in the twitch chat We can all see it From from re-stream. So go ahead and ask away and I'll pop them up on stream as long as we have time We've got another about eight minutes left. So if you think you've got questions get them in now But uh Let me pull up this schedule for wasm day. Um, just so I can get another shill in for the co-located event Uh, thanks for being so responsive to chat. No problem. I love twitch chat Chat's great uh, I see It looks like more than one thing that's like uh edge or like iot Focused is that a super common use case for web assembly the the way I learned for context the way I learned kubernetes in the first place Was k3s. I had never touched kubernetes before I was trying to get k3s to run on a raspberry pi Three years ago before it was Super robust So I I that is the wrong way to learn kubernetes people like that's 100 percent the wrong way to learn kubernetes It was way more difficult than it needed to be It was very fun, but it's the wrong way to learn kubernetes. So, um Is is web assembly uh any Different trying to run it on the edge Or is it like functionally the same process regardless of the hardware you're putting it on? Exactly the same and I think that's that's the Fuck yeah That's the killer feature Running web assembly nodes And and for my cluster of raspberry pi is all just sitting there and it's I mean it's astonishing Well, it in and it goes a little bit more than that too We'll show you know at kubecon, you know, one of the demos i'll be doing is showing web assembly running Uh on aks. So this is big hyperscale service, right? Like as amazon or like google or anything like that I'm going to run the same application on my pine phone my linux pine. Oh, that's that's And that is the kind of portability that containers also bring but with a little bit smaller spread And web assemblies because they're smaller and go at it a different way can just go all kinds of crazy places That's okay. Uh, we we like dm me the the time of that because i'll go check it out I'm here on monday. So just dm me and i'll i'll go Okay, um, we've got another question from the chat. Uh, do any of them deploy to secure enclaves? It would be amazing to have kubernetes scheduled Wasm to an enclave Yes, you can do that. All right, i'm done Yeah, no kidding I'll say yes to the tough question and then move move No, the answer is yes, and the reason is there's nothing special about enclaves. This is just an api Um, and you can do that a couple of ways One of the ways you may wish to look into there was there is a project that was in the confidential computing consortium from mainly from red hat called enclave which, uh, actually Does or the direction is to go and do that with workloads in web assembly But you know, uh, the way that stu was talking about his work with the banks Actually putting wasm cloud inside a container and then just scheduling it normally like a container Right, you can actually take the whole web assembly and execute it inside a Te a trusted execution environment So Those things can be done and they have been demonstrated. It's doable. There isn't a uniform system or a project other than one or two that Are sort of going that direction. So look at those things and and see how cool it is and jump in and help out brand It's crazy, isn't it because it because it can go anywhere. It will go anywhere. I mean It's gonna go everywhere. I mean web browser tabs, um, raspberry pies Yeah, I mean the interesting thing is called web assembly because if you've heard of it It may have been in the context of you can run Fast complex c code in a browser kind of thing right because that's where it was born But it actually has general properties and you can just run it anywhere There is a Comment about enclaves have with limitations The answer like no fork Right now there's no threading like node originally And so no fork is no problem So not to be like aggressively online and also show my age A little bit, but does this I know that you I know you're older than me Ralph but but I'm I'm of a generation where a question is frequently But can it run doom? So Does this make it easier to run doom in places where doom otherwise wouldn't Yes Okay, thank you. Not only does it run doom but windows 95 runs in the browser You can just run that anywhere. Oh easy. Thank you then. Okay. I mean I Running on my calculator. So from microsoft's point of view. No one wants to run windows 95 No, no, yes But the last time I touched windows 95 was actually not that long ago It was like stunning. It was like 2000 I mean, I okay. I say not that long ago, but you know how time gets weird as you age It was 2009 But the video store I worked at was still running windows 95 on their rental computer and I had to upgrade it It was a nightmare anyway We have one more question search wasm doom On your favorite search engine, which might be google and guess what you'll come up with about 52 different versions of it Incredible good. I mean, that's all I need to know to Understand whether or not a product is actually viable and useful for me It is strangely enough Some of the web assembly functionality that you wouldn't think of right out of the brain like here's steward and we're talking in the context of kubernetes and all this kind of stuff But they're amazing flexible uses that are out there. So microsoft flight simulator strangely enough Now uses as their mod sound box. So you're going to do a mod You're going to make a this third party code and they don't want at you to bring down the whole system That would have been a dll in the standard microsoft world, you know Now they just take a web assembly you compile a web assembly and then they they run that so that's the way they do mods um, another example is um And these are all microsoft examples because i'm from microsoft and i discovered them spanking around excel That weird thing that everybody knows how to use um has some very complex c code from the client version from 1985 and They instead of trying to port that to the online version And this has to do with building lambda functions inside cells, which is relatively complex work Uh, they just compiled the c code from 1985 into a web assembly and dropped it in the web Okay, that kind of slaps It's amazing and now that Ignore the excel part or the flights of me, but that's how flexible it is Okay cool rad Uh now that the use cases for it can get goofy. I'm considerably more interested in I love dumb goofy shit. So this is uh getting goofy, but I do want to make one thing clear These are early days. So stew. How was the dev experience? Did wasm cloud help you out a little bit or did you try different things first before you got there? Well, I mean I think it's actually surprisingly good for the for how young The technology is so, um, I love rust. It's one, you know an amazing Programming language and the toolchain for that is exceptionally good and As smooth as you like for web assembly and this is becoming setting a new standard really for the quality of the developer experience in terms of targeting web assembly as a compile target um, zeg grain rust, you know, all of these new languages have an exceptionally good developer experience in that space. So um compiling your application or your program to run um in a web assembly run time It is it is fairly straightforward. I think I mean I think stew's lying It's hard I think stew found a good happy path for himself. Yeah Well, I I definitely did find the happy path deliberate, you know, y'all should fight about it. That's out Let's schedule another half hour. Can we? Yeah all right I mean we can keep going if nobody has a hard stop for a little bit But we are we are technically at time and should start wrapping up. There is another show coming on, uh, after that needs to, uh, queue up So we can't keep going for too much longer. Well, I'll just say this, uh stew I'm thrilled that you have found a relatively good experience and the languages that you were interested in There are some Problems, I think everybody should know so they don't get too excited too fast and then run into a brick wall Like container ecosystem. There are a lot of languages don't yet support exactly what you want And there are limitations to the specifications like there's no threading yet Uh, or rather there's limited versions of threading and things like gc and stuff like this don't exist yet Their proposals they'll come But so if you're expecting interpreted languages inside the module Well, they don't have the apis to do the interpret a memory management things like this so those will be A little harder to get running yet Um, and some of the dev tools around that are going to be a little bit bumpy depending on your language rust is great Um, you know, if you're doing javascript or one of the javascript engines, right like this fantastic and so forth um python Works in wasm, but guess what you got to do you got to drop by all of python inside wasm Which is doable, but a little harry not well Something that stew Yeah, stew is going to want a big check to help you do that for example. It's not a It's not an easy thing So just to be aware that there are some easier paths Which is fantastic and there are other paths that still need to be still need to be built But everybody's help is Is welcome. It's all upstream. This is all open-source work, which is fantastic and i'm thrilled to be a cube con and talk more about it It's great actually that that it's it's becoming Like the almost like the first thing that modern languages are doing is making sure they can target over assembly There's there's the future the future is there And you know new languages need to be there Which is great well Do y'all have any parting words before we For a wrap up and close it out so the next show can come on Well, I just I did see a question about performance and you know, it is near native, which I think is um, it's incredibly important It's because it's a binary format. It's just like, you know, it's executing at native speed um and the start at time 50 microseconds mentioned there like there's a future there for Serverless, you know with to completely banish the whole startup that we see today with Um with this serverless platform. So, you know, I think it's it's got a lot of potential. We haven't even seen the beginning of it yet Yeah, I think that's true and and there are so many places to not only start and contribute Um, you can look at the the awesome list choose a language choose a run time that you're interested in You have skills in already so you don't have to do that learning curve Um, there's a couple of uh scaffolding Tools, we built a kind of a yeoman scaffolding thing called yo wasm So you can if you want to just scaffold out and have a look at how it might work and Warner a couple of your languages. That's something you can do their online tools the bytecode alliance has a A good set of tools that you can dig into if you want to collaborate on some upstream Engines but almost all of the engines like wasm cloud wasmer Wasm edge from second state. There's a whole bunch of them that are small companies and all of their work is Um open source as well. So all places are great places to start Jump in Because this is a time where everything you do is in a tremendous addition to everybody else's stuff Yeah, absolutely. It's a lot of fun as well And you can run doom on it, I guess and you can run doom on it We'll send the best i'll send the best link to you. Thank you Well, thank you so much to both of you. Uh, you have been a pleasure. You've both been informative and entertaining Which is uh, always always nice. You make it you make it easy You make it very easy to to interview you and uh twitch chat Thank you for being here, especially the people that had questions and the people were Helping answer questions a bit in the twitch chat Uh, stay tuned. We do have another show coming up. Uh next, um, I believe it will be pop interviewing prionka Who is the gm? She is the gm, right? She's a gm of the cncf. So, um pop is going to interview the big kahuna I'm sure that'll be interesting too. Um register for wasm day Come to kubekan virtual or in person get a vaccine Um come say hi to me at kubekan. I'll be there ralph will be there So come come wave at us I'm gonna be in London, unfortunately, but um, I will get together and we will mock you just You know virtually yeah, exactly. Yeah, I love that. Thanks so much. Yeah, thank you Thank you very much. It's been great. Of course See y'all later Bye twitch