-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enable running WASM binaries with kwasm in constellation #3165
Comments
2 up-to-date video sources on kwasm: |
maybe this can be thought together with #2879 (of course only if this meets your safety requirements) edit: of course another topic fitting into the direction of "flexible any cloud" and its management, is the crossplane topic... |
Hi @hpvd, Thanks for considering Constellation for your WASM use case! As far as I understand, the node-installer works by modifying the containerd config in place and adding the kwasm-shim. That won't work on Constellation, because the containerd config file is on the immutable root partition. This choice is deliberate trading off flexibility for safety. You can find more information on the Edgeless docs. If it were possible to extend containerd safely, say with override fragments like for systemd, we could consider adding a config dir to the mutable state disk. I took note of that in our backlog, but imho a feature request for containerd would need to be filed first. Then the kwasm team would need to add Constellation to the known config locations in their install script. Cheers, Markus |
Use case
enable running WASM binaries
would help to drive security even further because of
Describe your solution
make constellation fully compatible to with kwasm operator to easily make it ready to run wasm binaries
https://github.com/KWasm/kwasm-operator
Many other standard (non cc) distributions already are compatible:
https://github.com/KWasm/kwasm-node-installer?tab=readme-ov-file#supported-kubernetes-distributions
Would you be willing to implement this feature?
The text was updated successfully, but these errors were encountered: