Merlijn Sebrechts

We created a prototype that runs Kubernetes operators in WebAssembly (wasm) and suspends them to disk when they are not used. This greatly reduces the memory overhead of the Kubernetes control plane. It also works towards a serverless k8s control plane where controllers scale to zero when not needed.

WebAssembly (wasm) is a binary format to run applications in lightweight virtual machines. Many compilers support wasm as a target next to arm and x86_64. The WebAssembly System Interface (WASI) is a standardized API for wasm apps to talk to the outside world. They’re the “System Calls” of the WebAssembly world.

Combining these two gives you a very lightweight but very secure way to isolate applications. Each wasm app runs in their own sandbox and the runtime decides what external resources it can access. Moreover, wasm apps start up lightning fast!

This proof of concepts builds on the initial work of Markus Thömmes and Francesco Guardiani, who introduced the idea of running Kubernetes controllers in WebAssembly. We ported this work to wasmtime and added the ability to unload controllers when they're not being used. Our results show controllers running in wasm use up to 68% less memory compared to containerd. Moreover, by unloading the controllers when they're not needed, the controllers use an additional 50% less memory.