Getty Images/iStockphoto
WasmCloud makes strides with Wasm component model
After a stall in 2023, this year's WASI Preview 2 pushed server-side WebAssembly forward, turning heads at companies such as American Express -- but it's far from mainstream use.
A milestone update for server-side WebAssembly earlier this year has broadened its adoption among enterprises and advanced related open source projects, though it remains a bleeding-edge technology for most companies.
WebAssembly (Wasm) was originally used in web browsers to run applications on local machines, but a group within W3C five years ago put together the WebAssembly System Interface (WASI) to be used in server-side applications. Server-side WebAssembly requires special code compilation, and support for this in popular programming languages is still evolving. Once compiled, however, Wasm can support workloads in multiple languages and on numerous infrastructure types without requiring an application rewrite.
WebAssembly code is sandboxed by default, or limited in what memory resources it can access, which has potentially compelling cybersecurity implications. Based on its potential, startups and projects such as Second State and WasmEdge, Fermyon and Spin, and Cosmonic and wasmCloud emerged in 2021 and 2022. All featured server-side Wasm support integrated with containerized and function as a service (FaaS) workloads orchestrated with Kubernetes.
In January, version 0.2 of WASI became generally available, introducing a new Wasm component model -- standardized plugin interfaces for running cloud-native apps on Wasm. Thanks to this milestone and a growing contributor base, the wasmCloud project moved from the Cloud Native Computing Foundation's early sandbox to the incubation stage on Nov. 12.
The Wasm component model caught the eye of platform engineers at American Express, who had begun to build their own Wasm components to support an internal FaaS developer platform. They hoped that Wasm could pack more functions into the same infrastructure while maintaining security boundaries between workloads, make it easier to support multiple programming languages and speed up cold starts for functions by replacing containers.
Ritesh RaiStaff engineer, American Express
"The WebAssembly component model enables us to do that, along with providing some additional features like composition and reuse," said Ritesh Rai, a staff engineer at the credit card issuer based in New York City, during a presentation at the WasmCon colocated event at KubeCon + CloudNativeCon North America on Nov. 11. "[But] we realized that we needed to build a lot of core ecosystem components for Wasm. ... That's when we started looking out for open source projects."
Enter wasmCloud, which gave Amex platform engineers a leg up with community-maintained components to support topology-agnostic functions, prebuilt capability providers and dynamic linking between components.
"Where WebAssembly is at this point in time, we know that we cannot ... just take any code and compile it to WebAssembly and run it efficiently," Rai said. "For example, if I have to write some code that interacts with a relational database ... I would choose to write it as a native binary, [while] my function code ... could still be compiled to WebAssembly. Dynamic linking with capability providers allows my function code to interact with this native binary code in a seamless manner."
As the technology matures, these capability providers can be swapped out with Wasm components without disrupting developers, Rai said. American Express doesn't have wasmCloud deployed in production yet, but plans to soon, according to Rai's co-presenter, Vamsi Sanagavarapu, vice president of engineering at American Express, during a question-and-answer session after the WasmCon presentation.
Wasm component model feeds community updates
Another server-side WebAssembly vendor, Fermyon, reached a milestone Nov. 11 with the generally available release of version 3.0 of its Spin open source project. Spin is a framework for running event-driven microservices applications with Wasm components, and a corresponding SpinKube project provides a Kubernetes operator for Spin.
Version 3.0, which uses the Wasm component model, includes selective deployments -- a way for platform engineers to repackage Wasm components into different microservices configurations without disrupting developer workflows. These microservices can then communicate with one another from different infrastructure devices, such as edge or IoT nodes and Kubernetes clusters in a data center.
"Once the developer delivers that package, the application never gets recompiled, never gets unpacked and broken into separate [pieces]," said Matt Butcher, CEO of Fermyon, in an interview with TechTarget Editorial before WasmCon. "It's really just a configuration file ... that allows the application to break into whatever set of constituent parts the operations team thinks it should."
Another new Spin feature called component dependencies logically groups related Wasm components together under a developer's application while enabling platform engineers to swap them out, setting the stage for a kind of polyglot package manager for Wasm, Butcher said. Spin 3.0 includes integrations with observability tools such as OpenTelemetry, Prometheus and Jaeger, as well as an upstream runtime for Wasm that improves JavaScript and TypeScript performance.
Red Hat OpenShift and MicroShift support the Spin project, along with the Azure Kubernetes Service and SUSE's Rancher. But Red Hat officials said the technology remains nascent, during a KubeCon press prebriefing.
"[Adoption] is still very early-stage," said Shobhan Lakkapragada, director of product for edge computing at Red Hat, during the prebriefing. "A lot of the discussions that I'm having with customers and partners is [focused on] building applications, supporting them, modernizing them to containers and Kubernetes. ... I'm getting some inquiries about support for WebAssembly, but I wouldn't say it's mainstream yet."
WASI makes progress, but market awaits maturity
Another WASI update slated to ship as an alpha release this quarter, version 0.3, will refine WASI's support for asynchronous operations, including streaming operations. One wasmCloud maintainer and early adopter said this update will be key for improved software supply chain security in Wasm apps.
"Once we have streams that are bidirectional, it'll be a lot easier to implement web crypto[graphy]," said Colin Murphy, a senior software engineer at Adobe, in an interview with TechTarget Editorial during KubeCon. "For my team, which is the Content Authenticity Initiative ... we have to validate cryptographic signatures and then sign manifests with provenance data, so that's a crucial thing for us."
Server-side Wasm appeared poised for takeoff already in late 2022, but encountered challenges in 2023, including being drowned out by generative AI hype, said Larry Carvalho, an analyst at Robust Cloud.
"Now, inference workloads running on the edge are gaining interest, and Wasm can play a role in workload efficiency [there]," Carvalho said. "[But] many enterprises seek battle-tested, fully supported solutions with extensive tooling and libraries ... [and] integrating Wasm into existing infrastructure and workflows can be complex."
Beth Pariseau, senior news writer for TechTarget Editorial, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.