WebAssembly is a new format that is portable, small, fast to load, and web-compatible. WebAssembly is an ideal choice for application security sandbox solutions because of its high security, portability, efficiency, and lightweight capabilities. Today WebAssembly has received a lot of attention from the container, functional computing, and Internet of Things and edge computing communities. Read on to find out how WebAssembly is a technology and whether it can replace Docker.
This article is organized by KubeSphere community and shared by my Lightning Talk in KubeSphere 2020 Annual Meetup. Thank you very much KubeSphere community!
Good afternoon, everyone. My name is Michael Yuan, CEO of Second State. I am very happy to be here today at the KubeSphere 2020 Meetup.
background
This is a famous Twitter post that Docker founder Solomon Hykes posted in March 2019. He said that if WASM(WebAssembly) and WASI(WebAssembly System Interface) had existed back in 2008, he wouldn’t have needed to create Docker. He sees WebAssembly as the future of computing. The tweet had a big impact in the community and raised many questions. Because a lot of people think that WebAssembly can replace JavaScript in the browser and is for playing games. Why suddenly become something that can replace Docker on the server side? More than a year later, many people, including our company, have done a lot of research in this area.
Location of WebAssembly on the server
On the server side, we can generally divide containers, virtual machines, or runtime environments into three different levels of abstraction.
At the bottom is the hardware Hypervisor VM, or like AWS Firecracker, which is called microVMs and can directly deal with the hardware.
2. The next layer is called Application Containers, on top of which you can make Application containers like Docker. The Application Container is still at the operating system level, and you need to import the entire operating system.
3. The next layer is called High Level Language VMs, which starts with the Jvm. WebAssembly is then abstracted out at the operating system level. This is where WebAssembly is on the server side.
If WebAssembly could become a JVM-like language VM, we might be able to realize today what Java dreamed of more than two decades ago: a secure and highly abstract operating environment for developers on different operating systems, different hardware and software platforms.
WebAssembly vs. Docker
What is the relationship between WebAssembly and Docker? Why is WebAssembly likely to replace Docker? Here are some of the advantages WebAssembly has over Docker.
- WebAssembly is 100 times faster than Docker on cold starts
If you do serverless or container services, there is a lot of criticism of the problem is slow cold start. AWS has reserve instances. To keep hot defeats the purpose of having no servers. With Serverless, I wanted to pay by the millisecond, so NOW I have to pay by the day to Reserve first. WebAssembly has the great advantage of not having to boot the entire operating system, so it performs 100 times better than Docker on a cold boot.
- WebAssembly is 10%-50% faster than Docker in execution time
WebAssembly is a very simple virtual machine with no operating system, so it also performs 10%-50% faster than Docker at runtime.
- WebAssembly takes up less space
WebAssembly applications tend to be under 1MB, while Docker images often reach 100mb or 200MB.
- WebAssembly has a modern security model
The WebAssembly Security policy is capability-based Security, a Security control policy based on a given resource. We can provide different OS interfaces/resource permissions for each individual module instance. These operating system interfaces or resource permissions can be actively specified by the caller when each module is instantiated
- WebAssembly makes software more composable
There is currently a Serverless application architecture called JAMStack, and a JavaScript application may have 100 or even 1000 Serverless functions behind it. We need to combine these Serverless functions together. If we do it in containers, it’s a very heavy thing. Because you have to do it at the network or operating system level. With WebAssembly, however, you can combine these functions together with security control through a “nanoprocess.”
- WebAssembly seamlessly supports server application frameworks
Like Node.js, like Python
These are the advantages of WebAssembly.
WebAssembly and Rust
You can’t talk about WebAssembly without talking about Rust. Rust has been the most popular language for developers on Stack Overflow for the fifth year in a row and is poised to replace C.
Because WebAssembly is linked to LLVM, the front end can support 20 languages, but it does not support runtime languages such as Python and Java very well. It supports C++, Rust, and other languages well. So we see WebAssembly and Rust as a natural match, just like Java and JVM.
Rust improves developer productivity and memory security. WebAssembly improves runtime security and cross-platform execution. And they’re both high-performance and lightweight.
WebAssembly System Interface (WASI)
WASI is similar to Java’s JNI. WebAssembly, which has been a browser-only technology until now, is moving to the server this year. If you want to access file systems, threads, commands, standard libraries on the server, and so on, you have to go through WASI.
In addition, for example, a major application scenario of Serverless is AI reasoning, so the WebAssembly runtime needs to be able to use GPU, ASIC, TensorFlow, etc., which are added through WASI.
WebAssembly and Kubernetes combine
WebAssembly has high penetration in browsers but low penetration on the server side due to its poor scheduling capabilities and lack of DevOps solutions. At present, it is necessary to manage the process and manage resource allocation. So being able to combine WebAssembly and Kubernetes is a very cutting edge area.
One way to do this is to make WebAssembly OCI (Open Container Interface) compliant, and the other way is to write the SHIM API in containerd.
There are different people involved in this area, including ourselves, but it’s still very early in the project. We also hope that you will pay attention to the SSVM project and discuss with us how to do it better.
The link above, made by Aliyun, takes the second approach.
As mentioned above, the tweets released by the founder of Docker have caused great influence in the community and caused the dissatisfaction of many Docker fans. In an attempt to quell the grumbling, he sent out another tweet. A year and a half later, we realized that wasn’t the case at all. He should have changed the word Docker to Kubernetes.
Will WebAssembly replace Docker?
Even if WebAssembly can replace Docker, it won’t be soon. Docker has its own ecology and is not on the same level of abstraction as WebAssembly, so it’s not something that a new Runtime can replace anytime soon.
But there are areas where WebAssembly will have a lot of applications, both high-performance and lightweight, such as microservices, JAMStack, edge computing, and so on.
This is the GIthub address of our SSVM project. Welcome to communicate with us!