A Technical Deep Dive in Webassembly for Kong Gateway

A presentation at Wasm IO in March 2023 in Barcelona, Spain by Viktor Gamov

Slide 1

Slide 1

THE CLOUD NATIVE API PLATFORM Technical Deep Dive In Web Assembly for Kong Gateway Caio Ramos Casimiro | Vik Gamov Barcelona, Spain March 2023, THE CLOUD NATIVE API PLATFORM Kong Confidential

Slide 2

Slide 2

What are API Gateways Agenda — What you’ll learn Why Kong What is WasmX What is Proxy-Wasm How it all fits together in the Kong Gateway

Slide 3

Slide 3

WHAT IS API GATEWAY?

Slide 4

Slide 4

@gamussa | @thekonghq

Slide 5

Slide 5

@gamussa | @thekonghq

Slide 6

Slide 6

WHY KONG?

Slide 7

Slide 7

Kong Gateway Today - 🌍 most 😍 API gateway - Thriving OSS community - 100% API/declarative config driven - Multi-🌥 and multi-protocol - 🚀 performance - Rich OOTB plugin ecosystem 2.7 (Dec) ●Secret Management P1 ●Consumer Groups ●KM OIDC Wizard 2.8 (Mar) ●FIPS-2 ●Secret management (Beta) 3.0 (Sep) ●Router optimization ●Plugin ordering ●Secret manager-GA 3.1 (Dec) ●SAML2 ●OAS validation ●AppDynamics 7

Slide 8

Slide 8

Nginx Architecture C10K problem Uses async socket apis (e.g., epoll) — Provides Event-based API for module extensions Overview HTTP Core gzip Stream Core Mail IMAP SSL/TLS realip Phases: geoip gRPC DAV HTTP Static … access content log …

Slide 9

Slide 9

Leverages OpenResty Kong Architecture Runs on LuaJIT — Exposes Nginx more conveniently Overview Router Admin API Balancer plugin plugin HTTP Core SSL/TLS gzip Stream Core HTTP/2 realip geoip LuaJIT VM plugin OpenResty HTTP Auth DAV SSL Preread … …

Slide 10

Slide 10

Plugin Development Kit (PDK) Extensibility in Kong — Types of plugins and supported languages Kong’s API for plugins

Slide 11

Slide 11

WasmX

Slide 12

Slide 12

WEBASSEMBLY FOR NGINX What is WasmX An Nginx module for embedding Wasm Developed by Kong Runs a Wasm VM inside Nginx Connects Nginx functionality to Wasm code Supports multiple VMs: Wasmtime, Wasmer, V8

Slide 13

Slide 13

A NEW BRICK How WasmX fits It is compiled into the Nginx binary HTTP Core Mail IMAP SSL/TLS gzip WasmX Stream Core realip geoip Wasm VM gRPC DAV HTTP Static … 13

Slide 14

Slide 14

A NEW BRICK How WasmX fits (and yes, you can run both!) HTTP Core Stream Core WasmX LuaJIT VM Wasm VM Mail IMAP SSL/TLS gzip OpenResty realip geoip gRPC DAV HTTP Static … 14

Slide 15

Slide 15

EXTENDING THE EXTENSIONS Running plugins and filters In build of Kong including WasmX, you can load Proxy-Wasm filters Router – HTTP Core SSL/TLS gzip Admin API Balancer Stream Core LuaJIT VM OpenResty WasmX HTTP Auth SSL Preread HTTP/2 realip Wasm VM geoip DAV plugin filter plugin filter plugin filter … … … 15

Slide 16

Slide 16

Slide 17

Slide 17

What is proxy-wasm Definition and purpose of proxy-wasm — Language-independent ABI Adoption by Envoy and implementation in WasmX

Slide 18

Slide 18

WEBASSEMBLY FOR PROXIES What is Proxy-Wasm A gateway-agnostic API for proxy filters Language-independent ABI for implementing proxy APIs (SDKs) Rust, Go, C++, AssemblyScript… An evolving specification Gateway-independent: Implemented in Envoy Being implemented in WasmX

Slide 19

Slide 19

Why proxy-wasm — Benefits of using proxywasm with WasmX Interoperability between Kong Gateway and Kuma, Kong Mesh Support for industry standards

Slide 20

Slide 20

AND NOW… Demo time! 20

Slide 21

Slide 21

WasmX embeds a Wasm VM To recap… — What we’ve learned WasmX implements Proxy-Wasm Kong Gateway runs both Wasm and Lua plugins

Slide 22

Slide 22

Tech Preview Availability We want your feedback! https://incubator.konghq.com