spec
distribution-spec
spec | distribution-spec | |
---|---|---|
8 | 55 | |
515 | 749 | |
2.1% | 3.6% | |
1.2 | 7.8 | |
7 days ago | 8 days ago | |
Go | ||
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
spec
-
Hardening Apache APISIX with the OWASP's Coraza and Core Ruleset
OWASP also provides Coraza, a port of ModSecurity available as a Go library. Coraza Proxy Wasm is built on top of Coraza and implements the proxy-wasm ABI, which specifies a set of Wasm interfaces for proxies. Finally, Apache APISIX offers proxy-wasm integration.
-
A "Tiny" APISIX Plugin
APISIX supports Wasm through the WebAssembly for Proxies (proxy-wasm) specification. APISIX is a host environment that implements the specification, and developers can use the SDKs available in multiple languages to create plugins.
-
Show HN: WebAssembly dev environment for Envoy Proxy
Hi HN!
For the past few weeks we've been working on Proximal - a workflow engine that lets you quickly iterate on WebAssembly extensions for Envoy Proxy[0] (or other proxies) right on your local machine: https://github.com/apoxy-dev/proximal
This work is based on Proxy-WASM[1] extension ABI for Envoy (and other proxies like APISIX and Mosn[2]) which allows you to execute WebAssembly code on every API request a la Cloudflare Workers. As part of our wider effort at https://apoxy.dev to improve API glue code we built an experimentation / development platform and hope you will find it useful!
On the technical side this project packs Envoy itself, Envoy controller, REST API (for controlling the controller =)), React SPA, and Temporal server/worker (for orchestration) - all baked into a single Go binary. You can find more on architecture and limitations in the repository README[4].
This project is pretty early stage and we would appreciate community feedback!
Previous HN discussions on this topic:
* https://news.ycombinator.com/item?id=36113542
* https://news.ycombinator.com/item?id=22582276
---
[0] https://www.envoyproxy.io/
[1] https://github.com/proxy-wasm/spec/blob/master/docs/WebAssem...
[2] https://apisix.apache.org/ https://mosn.io/
[3] https://github.com/apoxy-dev/proximal/blob/main/README.md#ar...
-
Hardening Drupal with WebAssembly
Wasm Labs dev here :)
In mod_wasm, there are some differences with a pure CGI implementation. When Apache boots, it loads the configuration and initializes the WasmVM. When a new HTTP request arrives, the VM is ready so you don't need to initialize a different process to manage it.
You still need to process the request and pass the data to the Wasm module. This step is done via STDIN through the WebAssembly System Interface (WASI) implementation [0]. The same happens in the opposite direction, as the module returns the data via STDOUT.
So, the CGI pattern is still there, but it doesn't require new processes and all the code runs in a sandbox.
However this is not the only way you can run a Wasm module. In this specific case, we use CGI via WASI. In other cases, you may compile a module to fulfill a specific API, like ProxyWasm [1] to create HTTP filters for proxies like Envoy.
- [0] https://wasi.dev/
- [1] https://github.com/proxy-wasm/spec
-
Rewriting the Apache APISIX response-rewrite plugin in Rust
proxy-wasm spec
-
Apache APISIX loves Rust! (and me too)
The team considered to solve the issue with C++ extensions, but discarded this approach as neither APIs nor ABIs were stable. Instead, they chose to provide a stable WebAssembly-based ABI. If you're interested in a more detailed background, you can read the whole piece on GitHub.
- Extending Envoy with WebAssembly Proxy Filters
- Spin โ WebAssembly Framework
distribution-spec
-
The transitory nature of MLOps: Advocating for DevOps/MLOps coalescence
Back in 2013, a little company called Docker made it really easy to start using containers to package up applications. A big key to their success was the OCI (you can learn about that here), an industry wide initiative to have standards around how we package up our applications. Because of OCI standards, we have hundreds (maybe thousands?) of tools that can be combined to manage and deploy applications. So why arenโt we using this for packaging up Notebooks and AI models as well? It would make deploying, sharing, and managing our models easier for everyone involved.
-
The Road To Kubernetes: How Older Technologies Add Up
Kubernetes on the backend used to utilize docker for much of its container runtime solutions. One of the modular features of Kubernetes is the ability to utilize a Container Runtime Interface or CRI. The problem was that Docker didn't really meet the spec properly and they had to maintain a shim to translate properly. Instead users could utilize the popular containerd or cri-o runtimes. These follow the Open Container Initiative or OCI's guidelines on container formats.
-
Coexistence of containers and Helm charts - OCI based registries
OCI stands for Open Container Initiative, and its goal as an organization is to define a specification for container formats and runtime.
-
Bazzite โ a Steam0S-like OCI image for desktop, living room, and handheld PCs
https://opencontainers.org/
Here is Containerfile from the repo: https://github.com/ublue-os/bazzite/blob/main/Containerfile
-
Distroless images using melange and apko
apko allows us to build OCI container images from .apk packages.
- OCI image from dockerfile
- Fat OCI images are a cultural problem
-
Progressive Delivery on AKS: A Step-by-Step Guide using Flagger with Istio and FluxCD
Flagger's load testing service can be installed via a Kustomization resource based on manifests packaged as an artifact in an Open Container Initiative (OCI) registry
-
Creating Kubernetes Cluster With CRI-O
CRI-O is a lightweight container runtime for Kubernetes. It is an implementation of Kubernetes CRI to use Open Container Initiative (OCI) compatible runtimes for running pods. It supports runc and Kata Containers as the container runtimes, but any OCI-compatible runtime can be integrated.
-
What is the current status of Docker and how far is it from getting ported?
So somebody else created runj (runj is an experimental, proof-of-concept OCI-compatible runtime for FreeBSD jails.) https://github.com/samuelkarp/runj
What are some alternatives?
spin - Spin is the open source developer tool for building and running serverless applications powered by WebAssembly.
jib - ๐ Build container images for your Java applications.
proxy-wasm-cpp-sdk - WebAssembly for Proxies (C++ SDK)
proxy-runtime
proxmox-lxc-idmapper - Proxmox unprivileged container/host uid/gid mapping syntax tool.
proxy-wasm-go-sdk - WebAssembly for Proxies (Go SDK)
appleprivacyletter - An open letter against Apple's new privacy-invasive client-side content scanning.
kwasm - Proof of concept React-ish UI library, powered by WebAssembly
dive - A tool for exploring each layer in a docker image
bartholomew - The Micro-CMS for WebAssembly and Spin