
Krustlet, the WebAssembly Kubelet - dankohn1
https://deislabs.io/posts/introducing-krustlet/
======
jacques_chester
Really cool and I think there will be more innovation to come in the form of
kubelet implementations.

> _We took this time to prove that we could achieve something that seemed
> incredibly difficult a few months ago: writing projects against the
> Kubernetes API in languages other than Go_

Is this a comment on the API, or ecosystem, or does it convey a change in
personal understanding?

I mean ... I don't _like_ client-go. Each version is superglued to particular
API versions which effectively imposes release forks on downstream consumers.
An unexpectedly large amount of magic is hidden in it. And I just don't like
code generation, as a rule.

But I don't see the Kubernetes API, the thing you can talk raw HTTP to, in
itself, as super hard. I have a (private) codebase where I was able to
recreate a proxy server from the OpenAPI spec that's good enough to fool
kubectl. And I can just as easily poke it with curl and figure out what it
does.

~~~
alexeldeib
I get the feeling of magic. Seems like a lot of your pain points are around
versioning and code gen. any chance you've seen
[https://godoc.org/sigs.k8s.io/controller-
runtime/pkg/client](https://godoc.org/sigs.k8s.io/controller-
runtime/pkg/client) or other dynamic clients that make life a bit easier?

------
ampdepolymerase
Glad to see Deis still alive. The developer tools/cloud devops field doesn't
pay but it is important to have smaller players like Deis and Flynn around
otherwise we would all be forced to suck from the teats of the AWS-GOOG-MSFT
oligopoly.

~~~
jacques_chester
I direct your attention to the footer of the page, which says:

"Deis Labs: Open Source from Microsoft Azure."

My experience of working with fiendish teat-touting oligopolists is that the
folks at the coalface are just folks. Google engineers: just folks. Microsoft
engineers: just folks. IBM, Red Hat, SAP, Heroku/Salesforce, VMware: all just
folks.

Most of the nonsense comes from upper managements, so far as I am able to
determine.

~~~
ampdepolymerase
I missed the acquisition, this is a tragedy for open source but I suppose it
is great for the Deis team.

Is [https://flynn.io/](https://flynn.io/) still alive?

~~~
jacques_chester
They're still very active and now much more insulated from the danger of their
employer running out of money and thereafter being scattered to the four
winds. Maybe it's not a tragedy.

------
haolez
What are the limitations? For example: if I have a Python script that makes
some HTTPS requests, will this runtime provide to my compiled binary
everything it needs to perform this task?

~~~
bacongobbler
Hi! Krustlet maintainer here.

The idea behind the project is to run WebAssembly modules in Kubernetes. You
would have to compile your Python script to WebAssembly before it could be
executed.

If your WebAssembly module complies with the WebAssembly System Interface,
Krustlet can run it.

It's important to note that the WASI standard and wasmtime are still under
heavy development. There are some key features (like networking) that are
currently missing, but will be made available in future updates.

~~~
zxcmx
Maybe a dumb question, but can I run Krustlet in the browser? (maybe via
browser WASI polyfill?). Does this mean you could assemble ad-hoc clusters
using volunteer browsers? Not saying one _should_, but could you?

~~~
lioeters
> assemble ad-hoc clusters using volunteer browsers

It sounds far-fetched, but I think it may eventually become practical with
WASM and WebRTC, to use peer-to-peer networking for distributed computing.

Closest example in that direction, I've heard of malicious WASM payloads that
mine cryptocurrencies:

Persistent drive-by cryptomining coming to a browser near you (2017)

[https://blog.malwarebytes.com/cybercrime/2017/11/persistent-...](https://blog.malwarebytes.com/cybercrime/2017/11/persistent-
drive-by-cryptomining-coming-to-a-browser-near-you/)

I'm optimistic that people will find socially beneficial application of this
idea.

------
antpls
Another way to run WASM in Kubernetes would be to use Lucet (from Fastly)
inside a Firecracker microvm, managed by Kubernetes with something like Weave
Ignite

~~~
bacongobbler
That's neat. Do you have a project or a demonstration showing how this can be
done, or is this all just hypothetical?

------
outside1234
Why do you continue to use Deis Labs instead of Microsoft?

------
tbern02
why is this needed..?

~~~
icebraining
Seems to me that it's potentially safer to run untrusted WebAssembly
applications than native Linux binaries, since the format is designed to run
in browsers without pre-approval by the user and/or reviewers. So you could
run a service published by a third-party on your own Kubernetes cluster
alongside your own apps.

