Introduction
Docker and WebAssembly (Wasm) represent two pivotal technologies that have reshaped the software development landscape. In recent years, Wasm has gained significant popularity, prompting developers to explore its benefits within application stacks. As Wasm and Docker often work together closely, it’s important to understand their differences, synergies, and how they can collectively deliver consistent, efficient, and secure environments for deploying applications.
In this comprehensive article, we’ll delve into how Docker and Wasm complement each other, their individual advantages, and the promising future of using these technologies in tandem.
What’s Wasm?
WebAssembly (Wasm) is a compact binary instruction format governed by the World Wide Web Consortium (W3C). It serves as a portable compilation target for over 40 programming languages, including C/C++, C#, JavaScript, Go, and Rust. Essentially, Wasm is a bytecode format designed to run on a stack-based virtual machine.
Much like how Java can be compiled to Java bytecode and executed on the Java Virtual Machine (JVM), which can then be compiled to run on various architectures, a program can be compiled to Wasm bytecode and executed by a Wasm runtime. This runtime can be packaged to run on different architectures, such as Arm and x86.
What’s a Wasm Runtime?
Wasm runtimes bridge the gap between portable bytecode and the underlying hardware architecture. They provide APIs to communicate with the host environment and facilitate interoperability between different languages, such as JavaScript. At a high level, a Wasm runtime executes your bytecode through three semantic phases:
- Decoding: Processing the module to convert it to an internal representation.
- Validation: Checking to see that the decoded module is valid.
- Execution: Installing and invoking a valid module.
Some examples of Wasm runtimes include Spin, Wasmtime, WasmEdge, and Wasmer. Major browsers like Firefox and Chrome also use SpiderMonkey and V8, respectively.
Why Use Wasm?
To understand why you might want to integrate WebAssembly into your application stack, let’s explore its main benefits: security, performance, and versatility.
Security Without Sacrificing Performance
Wasm enables code to run at near-native speed within a secure, sandboxed environment, protecting systems from malicious software. This performance is achieved through just-in-time (JIT) compilation of WebAssembly bytecode directly into machine code, bypassing the need for transpiling into an intermediate format.
Wasm utilizes shared linear memory, a contiguous block of memory that simplifies data exchange between modules or between WebAssembly and JavaScript. This design allows efficient communication and enables developers to blend the flexibility of JavaScript with the robust performance of WebAssembly in a single application.
The security of this system is further enhanced by the host runtime environment’s design, which acts as a sandbox. It restricts the Wasm module from accessing anything outside the designated memory space and performing potentially dangerous operations like file system access, network requests, and system calls. WebAssembly’s requirement for explicit imports and exports to access host functionality adds another layer of control, ensuring a secure execution environment.
Use Case Versatility
WebAssembly is not limited to traditional web platforms. It’s also an excellent tool for server-side applications, edge computing, game development, and cloud/serverless computing. If performance, security, or target device resources are a concern, consider using this compact binary format.
Over the past few years, WebAssembly has become more prevalent on the server side thanks to the WebAssembly System Interface (WASI). WASI is a modular API for Wasm that provides access to operating system features like files, filesystems, and clocks.
Docker vs. Wasm: How Are They Related?
After reading about WebAssembly, you might wonder how Docker fits into the picture. Doesn’t WebAssembly handle sandboxing and portability? Let’s explore the relationship between Docker and Wasm.
Docker helps developers build, run, and share applications — including those that use Wasm. Docker and Wasm are complementary technologies, with Docker providing a smooth developer experience for building with Wasm and/or Linux containers.
Benefits of Using Docker and Wasm Together
Using Docker and Wasm together offers several benefits, including:
- Consistent Development Environments: Developers can use Docker to containerize their Wasm runtime environments. This approach ensures a consistent Wasm development and execution environment that works uniformly across various machines, from local development to production.
- Efficient Deployment: By packaging Wasm applications within Docker, developers can leverage efficient image management and distribution capabilities, making it easier to deploy and scale these applications across different environments.
- Security and Isolation: While Docker isolates applications at the operating system level, Wasm provides a sandboxed execution environment. Combined, these technologies offer a robust layered security model against many common vulnerabilities.
- Enhanced Performance: Developers can deploy Wasm applications in serverless architectures or as microservices using Docker containers, taking advantage of Wasm’s performance benefits in a scalable and manageable way.
How to Enable Wasm on Docker Desktop
f you’re interested in running WebAssembly containers, Docker has made it simple to get started. Support for Wasm workloads is now in beta, and you can enable it on Docker Desktop by checking the “Enable Wasm” option in the Features in Development tab under Settings.
Enabling Wasm in Docker Desktop
- Open Docker Desktop Settings: Navigate to the Features in Development tab.
- Check the “Enable Wasm” Option: Make sure you also have containerd image store support enabled.
After enabling Wasm in Docker Desktop, you’re ready to go. Docker supports various Wasm runtimes, including Spin, WasmEdge, and Wasmtime. Detailed documentation is available to help you run these applications.
How Docker Supports WebAssembly
To understand how Docker supports WebAssembly, let’s briefly review how the Docker Engine works. The Docker Engine builds on a higher-level container runtime called containerd. This runtime provides fundamental functionality to control the container lifecycle. Using a shim process, containerd can leverage runc (a low-level runtime) under the hood, allowing it to interact directly with the operating system to manage various aspects of containers.
Integrating Wasm Runtimes with Docker
One of the key strengths of this design is that anyone can write a shim to integrate other runtimes with containerd, including WebAssembly runtimes. As a result, you can plug and play with various Wasm runtimes in Docker, such as WasmEdge, Spin, and Wasmtime.
The Future of WebAssembly and Docker
WebAssembly is continuously evolving, and staying updated with ecosystem developments is crucial. One recent advancement is the new WebAssembly Component Model, which will impact shims for various container runtimes. At Docker, we are committed to simplifying the creation of Wasm containers and enhancing the developer experience.
In a famous 2019 tweet thread, Docker founder Solomon Hykes envisioned the future of cloud computing, where Docker runs Windows, Linux, and WebAssembly containers side by side. Given recent developments in the ecosystem, that future is now a reality.
Recent Advancements in Wasm and Docker
- WASI Preview 2: This launch rebased WASI on the component model type system and semantics, making it modular, fully virtualizable, and accessible to various source languages.
- SpinKube Open Source Project: Released by Fermyon, Microsoft, SUSE, LiquidReply, and others, SpinKube provides a straightforward path for deploying Wasm-based serverless functions into Kubernetes clusters. Developers can use SpinKube with Docker via k3s, a lightweight wrapper for running Rancher Lab’s minimal Kubernetes distribution. Docker Desktop includes the shim, enabling Kubernetes containers on your local machine.
Conclusion
In this article, we explored how Docker and Wasm work together and how to use Docker for Wasm workloads. We’re excited to see Wasm’s adoption grow in the coming years and will continue to enhance our support to meet developers both where they’re at and where they’re headed.
By marrying these two powerful technologies, developers can achieve unprecedented levels of performance, security, and versatility in their application deployments. Whether you’re building server-side applications, engaging in edge computing, or venturing into cloud/serverless architectures, leveraging Docker and Wasm together will empower you to create efficient and scalable solutions.