A Technical Deep Dive in Webassembly for Kong Gateway

THE CLOUD NATIVE API PLATFORM Technical Deep Dive In Web Assembly for Kong Gateway Caio Ramos Casimiro | Vik Gamov Barcelona, Spain March 2023, THE CLOUD NATIVE API PLATFORM Kong Confidential

What are API Gateways Agenda — What you’ll learn Why Kong What is WasmX What is Proxy-Wasm How it all fits together in the Kong Gateway

WHAT IS API GATEWAY?

@gamussa | @thekonghq

WHY KONG?

Kong Gateway Today - 🌍 most 😍 API gateway - Thriving OSS community - 100% API/declarative config driven - Multi-🌥 and multi-protocol - 🚀 performance - Rich OOTB plugin ecosystem 2.7 (Dec) ●Secret Management P1 ●Consumer Groups ●KM OIDC Wizard 2.8 (Mar) ●FIPS-2 ●Secret management (Beta) 3.0 (Sep) ●Router optimization ●Plugin ordering ●Secret manager-GA 3.1 (Dec) ●SAML2 ●OAS validation ●AppDynamics 7

Nginx Architecture C10K problem Uses async socket apis (e.g., epoll) — Provides Event-based API for module extensions Overview HTTP Core gzip Stream Core Mail IMAP SSL/TLS realip Phases: geoip gRPC DAV HTTP Static … access content log …

Leverages OpenResty Kong Architecture Runs on LuaJIT — Exposes Nginx more conveniently Overview Router Admin API Balancer plugin plugin HTTP Core SSL/TLS gzip Stream Core HTTP/2 realip geoip LuaJIT VM plugin OpenResty HTTP Auth DAV SSL Preread … …

Plugin Development Kit (PDK) Extensibility in Kong — Types of plugins and supported languages Kong’s API for plugins

WasmX

WEBASSEMBLY FOR NGINX What is WasmX An Nginx module for embedding Wasm Developed by Kong Runs a Wasm VM inside Nginx Connects Nginx functionality to Wasm code Supports multiple VMs: Wasmtime, Wasmer, V8

A NEW BRICK How WasmX fits It is compiled into the Nginx binary HTTP Core Mail IMAP SSL/TLS gzip WasmX Stream Core realip geoip Wasm VM gRPC DAV HTTP Static … 13

A NEW BRICK How WasmX fits (and yes, you can run both!) HTTP Core Stream Core WasmX LuaJIT VM Wasm VM Mail IMAP SSL/TLS gzip OpenResty realip geoip gRPC DAV HTTP Static … 14

EXTENDING THE EXTENSIONS Running plugins and filters In build of Kong including WasmX, you can load Proxy-Wasm filters Router – HTTP Core SSL/TLS gzip Admin API Balancer Stream Core LuaJIT VM OpenResty WasmX HTTP Auth SSL Preread HTTP/2 realip Wasm VM geoip DAV plugin filter plugin filter plugin filter … … … 15

What is proxy-wasm Definition and purpose of proxy-wasm — Language-independent ABI Adoption by Envoy and implementation in WasmX

WEBASSEMBLY FOR PROXIES What is Proxy-Wasm A gateway-agnostic API for proxy filters Language-independent ABI for implementing proxy APIs (SDKs) Rust, Go, C++, AssemblyScript… An evolving specification Gateway-independent: Implemented in Envoy Being implemented in WasmX

Why proxy-wasm — Benefits of using proxywasm with WasmX Interoperability between Kong Gateway and Kuma, Kong Mesh Support for industry standards

AND NOW… Demo time! 20

WasmX embeds a Wasm VM To recap… — What we’ve learned WasmX implements Proxy-Wasm Kong Gateway runs both Wasm and Lua plugins

Tech Preview Availability We want your feedback! https://incubator.konghq.com