wasmtime
k3s
Our great sponsors
wasmtime | k3s | |
---|---|---|
172 | 291 | |
14,407 | 26,405 | |
2.8% | 1.7% | |
10.0 | 9.6 | |
6 days ago | 4 days ago | |
Rust | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wasmtime
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
Just a documentation change, fortunately:
https://github.com/bytecodealliance/wasmtime/commits?author=...
They've submitted little documentation tweaks to other projects, too, for example:
https://learn.microsoft.com/en-us/cpp/overview/whats-new-cpp...
I don't know whether this is a formerly-legitimate open source contributor who went rogue, or a deep-cover persona spreading innocuous-looking documentation changes around to other projects as a smokescreen.
-
Unlocking the Power of WebAssembly
WebAssembly is extremely portable. WebAssembly runs on: all major web browsers, V8 runtimes like Node.js, and independent Wasm runtimes like Wasmtime, Lucet, and Wasmer.
-
Howto: WASM runtimes in Docker / Colima
cpu: 4 disk: 60 memory: 12 arch: host hostname: colima autoActivate: true forwardAgent: false # I only tested this with 'docker', not 'containerd': runtime: docker kubernetes: enabled: false version: v1.24.3+k3s1 k3sArgs: [] network: address: true dns: [] dnsHosts: host.docker.internal: host.lima.internal # Added: # - containerd-snapshotter: true (meaning containerd will be used for pulling images) docker: features: buildkit: true containerd-snapshotter: true vmType: vz rosetta: true mountType: virtiofs mountInotify: false cpuType: host # This provisioning script installs build dependencies, WasmEdge and builds the WASM runtime shims for containerd. # NOTE: this takes a LOOONG time! provision: - mode: system script: | [ -f /etc/docker/daemon.json ] && echo "Already provisioned!" && exit 0 echo "Installing system updates:" apt-get update -y apt-get upgrade -y echo "Installing WasmEdge and runwasi build dependencies:" # NOTE: packages curl, git and python3 already installed: apt-get install -y make gcc build-essential pkgconf libtool libsystemd-dev libprotobuf-c-dev libcap-dev libseccomp-dev libyajl-dev libgcrypt20-dev go-md2man autoconf automake criu pkg-config libdbus-glib-1-dev libelf-dev libclang-dev libzstd-dev protobuf-compiler apt-get clean -y - mode: user script: | [ -f /etc/docker/daemon.json ] && echo "Already provisioned!" && exit 0 # # Setting vars for this script: # # Which WASM runtimes to install (wasmedge, wasmtime and wasmer are supported): WASM_RUNTIMES="wasmedge wasmtime wasmer" # # Location of the containerd config file: CONTAINERD_CONFIG="/etc/containerd/config.toml" # # Target location for the WASM runtimes and containerd shims ($TARGET/bin and $TARGET/lib): TARGET="/usr/local" # # Install rustup: # echo "Installing rustup for building runwasi:" curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --default-toolchain none -y source "$HOME/.cargo/env" # # Install selected WASM runtimes and containerd shims: # [[ -z "${WASM_RUNTIMES// /}" ]] && echo "No WASM runtimes selected - exiting!" && exit 0 git clone https://github.com/containerd/runwasi echo "Installing WASM runtimes and building containerd shims: ${WASM_RUNTIMES}:" sudo mkdir -p /etc/containerd/ containerd config default | sudo tee $CONTAINERD_CONFIG >/dev/null for runtimeName in $WASM_RUNTIMES; do case $runtimeName in wasmedge) echo "Installing WasmEdge:" curl -sSfL https://raw.githubusercontent.com/WasmEdge/WasmEdge/master/utils/install.sh | sudo bash -s -- -p $TARGET echo echo "`wasmedge -v` installed!" ;; wasmtime) echo "Installing wasmtime:" curl -sSfL https://wasmtime.dev/install.sh | bash sudo cp .wasmtime/bin/* ${TARGET}/bin/ rm -rf .wasmtime echo "`wasmtime -V` installed!" ;; wasmer) echo "Installing wasmer:" curl -sSfL https://get.wasmer.io | sh sudo cp .wasmer/bin/* ${TARGET}/bin/ sudo cp .wasmer/lib/* ${TARGET}/lib/ rm -rf .wasmer echo "`wasmer -V` installed!" ;; *) echo "ERROR: WASM runtime $runtimeName is not supported!" exit 1 ;; esac cd runwasi echo "Building containerd-shim-${runtimeName}:" cargo build -p containerd-shim-${runtimeName} --release echo "Installing containerd-shim-${runtimeName}-v1:" sudo install ./target/release/containerd-shim-${runtimeName}-v1 ${TARGET}/bin sudo ln -sf ${TARGET}/bin/containerd-shim-${runtimeName}-v1 ${TARGET}/bin/containerd-shim-${runtimeName}d-v1 sudo ln -sf ${TARGET}/bin/containerd-shim-${runtimeName}-v1 ${TARGET}/bin/containerd-${runtimeName}d echo "containerd-shim-${runtimeName} installed." cd .. echo "[plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.${runtimeName}]" | sudo tee -a $CONTAINERD_CONFIG >/dev/null echo " runtime_type = \"io.containerd.${runtimeName}.v1\"" | sudo tee -a $CONTAINERD_CONFIG >/dev/null done echo "containerd WASM runtimes and shims installed." # # Restart the systemctl services to pick up the installed shims. # NOTE: We need to 'stop' docker because at this point the actual daemon.json config is not yet provisioned: # echo "Restarting/reloading docker/containerd services:" sudo systemctl daemon-reload sudo systemctl restart containerd sudo systemctl stop docker sshConfig: true mounts: [] env: {}
-
MotorOS: a Rust-first operating system for x64 VMs
When you say wasm container, you mean something like wasmtime that provides a non-browser wasm runtime?
https://github.com/bytecodealliance/wasmtime
-
Lightweight Containers With Docker and WebAssembly
We can't run this directly from the command line unless we install some runtime like wasmtime:
-
Prettier $20k Bounty was Claimed
The roadmap I linked above. The WASI folks have done a poor job at communicating, no doubt, but I'm surprised someone like yourself literally building a competitor spec isn't following what they are doing closely.
Just for you I did some googling: see here[0] for the current status of WASI threads overall, or here[1] and here[2] for what they are up to with WASI in general. In this PR[3] you can see they enabled threads (atomic instructions and shared memory, not thread creation) by default in wasmtime. And in this[4] repository you can see they are actively developing the thread creation API and have it as their #1 priority.
If folks want to use WASIX as a quick and dirty hack to compile existing programs, then by all means, have at it! I can see that being a technical win. Just know that your WASIX program isn't going to run natively in wasmtime (arguably the best WASM runtime today), nor will it run in browsers, because they're not going to expose WASIX - they're going to go with the standards instead. so far you're the only person I've met that thinks exposing POSIX fork() to WASM is a good idea, seemingly because it just lets you build existing apps 'without modification'.
Comical you accuse me of being polarizing, while pushing for your world with two competing WASI standards, two competing thread creation APIs, and a split WASM ecosystem overall.
[0] https://github.com/bytecodealliance/jco/issues/247#issuecomm...
[1] https://bytecodealliance.org/articles/wasmtime-and-cranelift...
[2] https://bytecodealliance.org/articles/webassembly-the-update...
[3] https://github.com/bytecodealliance/wasmtime/pull/7285
[4] https://github.com/WebAssembly/shared-everything-threads
-
Spin 2.0 – open-source tool for building and running WASM apps
Thanks for the question!
Spin could definitely run in more places than what we have pre-built binaries for. Specifically, we could run on all platforms Wasmtime supports today (https://github.com/bytecodealliance/wasmtime/releases/tag/v1...), including RISC and S390X, for example.
And while we have been experimenting a bit with running Spin on RISC, we haven't really had the bandwidth or requirement to build a production build for those yet.
Are you interested in a specific operating system or CPU architecture? Would love to understand your scenario.
-
Dave Cutler: The Secret History of Microsoft Windows [video]
> I used to think we'd eventually get to capability based security, but now I see we'll always be stuck with application permission flags, the almost worthless bastard cousin, instead.
My hope is that WASI will introduce capability based security to the mainstream on non-mobile computers [0] - it might just take some time for them to get it right. (And hopefully no half-baked status-quo-reinforcing regressive single—runtime-backed alternatives win in the meantime.)
[0]: https://github.com/bytecodealliance/wasmtime/blob/main/docs/...
-
Requiem for a Stringref
WasmTime finished finished the RFC for the implementation details in June: https://github.com/bytecodealliance/wasmtime/issues/5032
-
Should You Be Scared of Unix Signals?
[3]: https://github.com/bytecodealliance/wasmtime/pull/2611
k3s
-
Linux fu: getting started with systemd
For self-hosting I've found https://k3s.io to be really good from the SUSE people. Works on basically any Linux distro and makes self-hosting k8s not miserable.
-
Nix is a better Docker image builder than Docker's image builder
Yes it’s going to depend on which k8s distribution you’re using. We have work in-progress for k3s to natively support nix-snapshotter: https://github.com/k3s-io/k3s/pull/9319
For other distributions, nix-snapshotter works with official containerd releases so it’s just a matter of toml configuration and a systemd unit for nix-snapshotter.
We run Kubernetes outside of NixOS, but yes the NixOS modules provided by the nix-snapshotter certainly make it simple.
-
15 Options To Build A Kubernetes Playground (with Pros and Cons)
K3S: is a lightweight distribution of Kubernetes that is designed for resource-constrained environments. It is an excellent option for running Kubernetes on a virtual machine or cloud server.
- FLaNK 25 December 2023
-
K3s Traefik Ingress - configured for your homelab!
I recently purchased a used Lenovo M900 Think Centre (i7 with 32GB RAM) from eBay to expand my mini-homelab, which was just a single Synology DS218+ plugged into my ISP's router (yuck!). Since I've been spending a big chunk of time at work playing around with Kubernetes, I figured that I'd put my skills to the test and run a k3s node on the new server. While I was familiar with k3s before starting this project, I'd never actually run it before, opting for tools like kind (and minikube before that) to run small test clusters for my local development work.
- Best way to deploy K8s to single VPS for dev environment
-
Single docker compose stack on multiple hosts. But how?
Kubernetes - k3s distribution
-
Building a no-code Helm UI with Windmill - Part 1
I’ve created a local cluster with K3S and installing Windmill could not be simpler with just one chart to configure, which already has sane defaults to get started. For this demo we will also configure workers to passthrough environment variables to our scripts so that they have access to the Kubernetes API server for later.
-
Highly scalable Minecraft cluster
You should be familiar with Kubernetes and have set up a Kubernetes cluster. I recommend k3s.
-
K3s – Lightweight Kubernetes
K3s' go.mod[0] is insane.
[0] https://github.com/k3s-io/k3s/blob/master/go.mod
What are some alternatives?
wasmer - 🚀 The leading Wasm Runtime supporting WASIX, WASI and Emscripten
k0s - k0s - The Zero Friction Kubernetes
SSVM - WasmEdge is a lightweight, high-performance, and extensible WebAssembly runtime for cloud native, edge, and decentralized applications. It powers serverless apps, embedded functions, microservices, smart contracts, and IoT devices.
kubespray - Deploy a Production Ready Kubernetes Cluster
quickjs-emscripten - Safely execute untrusted Javascript in your Javascript, and execute synchronous code that uses async functions
Nomad - Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.
wasm3 - 🚀 A fast WebAssembly interpreter and the most universal WASM runtime
microk8s - MicroK8s is a small, fast, single-package Kubernetes for datacenters and the edge.
wasm-bindgen - Facilitating high-level interactions between Wasm modules and JavaScript
Docker Compose - Define and run multi-container applications with Docker
wasm-pack - 📦✨ your favorite rust -> wasm workflow tool!
k9s - 🐶 Kubernetes CLI To Manage Your Clusters In Style!