Kubernetes isn't just containers
Kubernetes and containerd
- The kubelet on the node watches the API server for new tasks
- The kubelet is assigned a task
- The task is to run a container
- containerd pulls the required container image
- containerd instructs runc to create the container
- runc creates the required namespaces and cgroups etc.
- runc starts the container’s main process in the required namespace
- runc exits
- The shim becomes the container’s parent process
The importance of shims
Bringing Wasm to Kubernetes with runwasi
Peaking under the hood
Sooooo… running Wasm apps inside of container-like constructs gets you the security benefits of the Wasm sandbox and namespaces and cgroups.
runwasi pros and cons
Other WebAssembly/Wasm articles
If you liked this article, check out some of my other WebAssembly articles.
- WebAssembly: The future of cloud computing
- What is cloud native WebAssembly
- Getting started with Docker and Wasm
You can also subscribe to my Word on the cloud newsletter. It’s short and keeps you up-to-date with the best stuff going on around cloud native.