What If... Kube-Apiserver Could be Extended Via WebAssembly?

WebAssembly can be used to enhance the Kubernetes control plane by allowing for the creation of custom policies and rules that can be compiled into WebAssembly and distributed using container registries. This can eliminate the need for external web book servers and improve performance.

• WebAssembly modules are placed inside their own sandbox, preventing interaction with other modules and access to the whole system
• WebAssembly can be used to run standalone applications and build plugin systems
• Dynamic admission controllers are a well-established mechanism in Kubernetes that can be used to evaluate incoming requests
• Keyboard and is an open-source project that uses WebAssembly to compile policies and rules written in regular programming languages or Rego
• WebAssembly can be used to extend the Kubernetes API server to allow for the creation of custom policies and rules without the need for external web book servers
• The performance of WebAssembly needs to be investigated further
• WebAssembly can also be useful in other areas of the Kubernetes ecosystem, such as cube ctl plugins

The speaker shared their idea of extending the Kubernetes API server to allow for the creation of custom policies and rules using WebAssembly. They believed that this could eliminate the need for external web book servers and improve performance. They also mentioned their open-source project, Keyboard and, which uses WebAssembly to compile policies and rules written in regular programming languages or Rego. The speaker encouraged a conversation around the usage of WebAssembly in core pieces of Kubernetes and other areas of the Kubernetes ecosystem.

Dynamic Admission Controllers are currently the only way to extend the Kubernetes API Server to implement security and conformance policies. They work great, but they also have drawbacks. How would it be to have a flexible way to extend the built-in admission controllers that doesn’t resort on Webhooks? This talk will show a prototype that leverages WebAssembly as a way to enrich the Kubernetes API Server capabilities. What if this is just the beginning of extending Kubernetes core pieces with WebAssembly? Do you want to join us in this experiment?Click here to view captioning/translation in the MeetingPlay platform!