BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Containerd Adds Support for a New Container Type: Wasm Containers

Containerd Adds Support for a New Container Type: Wasm Containers

Recently, the runwasi project, with contributions from Microsoft, Docker, and Second State, officially joined containerd. This enables containerd to support a new container type: Wasm (or WebAssembly) containers. The containerd project is one of the most widely used container runtimes. It has been the default container runtime in Kubernetes since 2021. Even Docker, the original and most popular container development tool, is switching its underlying container runtime to containerd. Since its inception, containerd has only supported one type of container: the Linux container.

Wasm containers are OCI-compliant containers that can be built, shared, and stored using standard container tools. However, inside the Wasm container, there are no Linux libraries. The container image typically contains just a compiled Wasm bytecode file, which makes the Wasm container much smaller, much faster to startup, more secure, and more portable than equivalent Linux containers. The runwasi shim for containerd unpacks and executes the Wasm file in the container using Wasmtime and WasmEdge. The example below shows how containerd’s ctr CLI pulls a Wasm image from a repository and then runs it in runwasi’s WasmEdge runtime.

$ sudo ctr run --rm \
    --runtime=io.containerd.wasmedge.v1 \    ghcr.io/containerd/runwasi/wasi-demo-app:latest \ (http://ghcr.io/containerd/runwasi/wasi-demo-app:latest) 
    testwasm /wasi-demo-app.wasm echo 'hello'

hello
exiting

In the real world, containerd is typically embedded into other container management tools, such as Docker and Kubernetes. Docker + wasm is built on runwasi, and it enables Docker Desktop to build, share, and run Wasm containers. The Docker command below pulls a Wasm container image for Python, and then starts a REPL for users to run Python scripts. A typical Linux container image for Python is 1GB+, while the Wasm container image for Python, developed by VMware’s Wasm Labs, is only 6.8MB. See more awesome-docker-compose example with Wasm containers.

docker run --rm \
  -i \
  --runtime=io.containerd.wasmedge.v1 \
  --platform=wasm32/wasi \
  ghcr.io/vmware-labs/python-wasm:3.11.1-latest \
  -i
  
Python 3.11.1 (tags/v3.11.1:a7a450f, Jan 27 2023, 11:37:16) ...  on wasi
Type "help", "copyright", "credits" or "license" for more information.
>>> print("Hello " + str.upper("WasmEdge"))
Hello WASMEDGE

With multiple container runtimes to choose from, container tools now leverage containerd to run Linux and Wasm containers side-by-side in the same network.

Source: Introducing the Docker+Wasm Technical Preview

Besides Docker, Kubernetes ecosystem projects, such as k3s, have also started integrating runwasi into their embedded containerd runtimes. Microsoft’s Azure Kubernetes Service (AKS) uses runwasi to create a Wasm node pool and then run the Wasm workload (preview).

With crun-based approaches, pioneered by Red Hat and WasmEdge, developers have many deployment options for Wasm containers in the cloud.

The runwasi project was originally created by Microsoft and written in Rust. Developers can participate in and contribute to the runwasi open-source project under Apache 2.0 through GitHub.

About the Author

BT