bartlomieju
commented
2 years ago Have you seen https://deno.land/std@0.138.0/wasi ?
Open sunw31 opened 2 years ago
bartlomieju
commented
2 years ago Have you seen https://deno.land/std@0.138.0/wasi ?
https://landscape.cncf.io/wasm
It feels like if you want to replace Docker with Wasm + WASI, and how to implement the execution resource limit and monitoring of the Wasm module is a difficult problem. Docker containers are based on cgroup and namespace implementations, plus a single-process model, which is inherently lightweight. One way to think of is to put the execution of wasm modules into a separate thread, and the system resources are controlled by cgroup2, which is more granular, but there are restrictions on the version of Linux. File resource isolation, on the other hand, can only be handled by the host itself, and Wasm VM can only perform environment isolation. In this case, docker Image provides the advantage of "strong environmental consistency", but WASI provides the advantage of system call portability independent of the kernel and instruction set architecture. In the end, there is no simple replacement method at all, and the only way to change is from the development mode, application execution mode, deployment mode, and even debugging methods. Moreover, this replaceability must also be coupled with specific business areas, after all, wasm + WASI can not completely replace all the capabilities of Docker. Considering the replacement cost and ROI, there is a long way to go.