►
Description
Validate, verify, and transform a request using WASM using the Saaras EnRoute Kubernetes Ingress API Gateway.
A
Hello,
hello,
everyone
and
welcome
to
cloud
native
live
where
we
dive
into
the
code
behind
cloud
native.
I'm
taylor
dolezal,
head
of
ecosystem
at
the
cncf,
where
I
work
closely
with
teams
as
they
navigate
their
cloud
native
journey.
Every
week
we
bring
a
new
set
of
presenters
to
showcase
how
to
work
with
cloud
native
technologies.
A
A
This
is
an
official
live
stream
of
the
cncf
and,
as
such
is
subject
to
the
cncf
code
of
conduct.
Please
do
not
add
anything
to
the
chat
or
questions
that
would
be
in
violation
of
that
code
of
conduct.
Basically,
please
be
respectful
to
all
of
your
fellow
participants
and
presenters
and
with
that
I'd
love
to
to
hand
it
over
to
you
chintin
to
kick
off
today's
presentation
with
that.
Please
take
it
away.
B
Thank
you,
taylor
for
the
introduction,
hi
everyone
I'm
really
happy
to
be
here,
and
it's
really
amazing
the
how
the
cncf
ecosystem
and
exceptional
programs,
especially
the
live
streaming
sessions.
I've
really
enjoyed
it
in
the
past.
So
I
hope
to
provide
you
with
an
engaging
session
today
and
you
know
provide
more
details
on
what
we
are
doing
and
I
hope
you
find
it
exciting.
B
So
we'll
start
off
with
that,
my
name
is
chintan
tucker
and
I'm
the
founder
at
a
company
called
sas
and
we
have
an
ingress
controller
api
gateway
built
on
ony
proxy.
Now,
one
of
the
key
things
that
we
differentiate
on
is
a
simplicity.
Simplicity
might
sound
simple,
but
it
is
extremely
difficult
to
get
it
right.
B
So
what
we
have
made
it
made,
what
we
have
done
is
we
have
made
it
extremely
simple
for
the
developer
to
run
and
extend
functionality
at
ingress
and
today,
we'll
touch
upon
some
aspects
of
that.
Today's
session
is
going
to
be
how
a
developer
can
run
an
ingress
very
easily
and,
at
the
same
time
extend
it
using
web
assembly
I'll
the
what
we
are
going
to
talk
about
today.
A
very
high
level
outline
can
also
be
found
on
the
website.
B
So
we
just
this
article
out
and
the
plan
for
today
is
that
how
do
we
use
basm
to
validate
bank
transformer
request?
So
essentially,
when
a
developer,
installs
and
grass
and
wants
to
extend
it,
you
don't
have
to
get
expensive,
plugins,
custom,
plugins
or
a
gateway
that
does
enterprise
plugins.
B
You
can
just
run
web
assembly
and
totally
customize
it
according
to
your
needs,
in
a
language
of
your
choice,
so
web
assembly
is
extremely
powerful
in
that
it
provides
the
flexibility
to
use
a
language
of
your
choice,
but
at
the
same
time,
the
web
assembly,
runtime,
is
extremely
efficient
to
you
know,
run
all
this
code,
so
we'll
just
go
over
at
high
level
of
what
this
talk
is
about
and
then
we'll
dive
into
the
code
as
to
how
today
we
are
doing
all
of
these
things.
B
So
so,
essentially,
android
is
a
kubernetes
ingress,
api
gateway
and
it
can
also
run
outside
kubernetes.
But
if
you
run
it
at
kubernetes
ingress,
you
can
perform
validation,
verification
and
transformation
of
your
request.
So
validation
of
your
request
means
validating
the
json
schema
or
the
xml
schema.
B
You
could
validate
your
query,
which
might
be
a
graphql
coming
in
or
you
could
validate
if
you're,
integrating
with
a
cdn
on
the
edge
you
could
validate.
If
the
cdn
headers
look
right,
if
you
know
the
metadata
that
you're
expecting
from
cdn
is
right,
there
are
no
loops,
you
could
do
security
and
identity
kind
of
validation.
Of
course
you
could
also
do
data
and
governance
kind
of
things,
but
the
idea
here
is
the
flexibility
provided
by
programmability.
A
B
Essentially,
let
you
do
any
of
these
things.
Of
course,
one
of
the
very
key
aspects
is
open
api,
so
organizations
that
first
do
an
api
contract.
You
know
if
you
have
an
open
api
spec,
you
could
even
validate
that
and
you
could
just
take
it
to
the
next
level
by
implementing
your
own
custom.
B
Validations
to
you
know,
tweak
it
and
again
we'll
go
more
into
the
code
aspects
and
how
you
know
the
web
assembly
is
integrated,
how
it
plays
a
role
over
there,
and
you
know
how
you
can
easily
achieve
this.
So
the
idea
is
like
you:
shouldn't,
have
jump
a
lot
of
hoops,
so
typically
anything
and
everything
in
our
route
can
be
done
using
one
command,
and
once
you
execute
that
command
it
sets
it
up
and
you
can
just
customize
it.
B
B
You
could
find
some
signatures.
If
you
wanted
to
so
essentially
any
verification
code,
you
wanted
to
run
in
an
intermediate
ingress
gateway.
You
could
do
that
and
eventually
say
you
want
to
transform
a
request.
A
transformation
may
involve
running
ss
accessory
for
an
xml
to
perform
transformations
fairly
standard
use
case
you
could
want
to.
You
know,
remove
some
sensitive
information,
so
you
could
essentially
pass
a
request
and
remove
sensitive
information
from
that
some
form
of
data
loss
prevention
or
any
kind
of
custom
request
transformation.
B
So
so
that's
more
or
less
the
power
of
web
assembly.
It
essentially
opens
it
up
completely
to
you
know,
run
your
own
custom
logic
and
run
your
own.
You
know
business
centric,
use
case
and
ingress
in
a
language
of
your
choice.
B
All
right
moving
on,
if
there
are
any
questions,
I'm
happy
to
answer
otherwise
I'll.
Just
move
on
with
this.
B
Okay,
so
what
today
we'll
cover
is
we
are
going
to
you
know
at
a
high
level.
You
know
understand
how
the
vasm
support
looks
like
in
android
install
an
example.
Workload
make
the
service
externally
available,
create
assembly
filter,
so
unroot
very
closely
follows
the
envoy
filter
architecture,
and
what
we
have
realized
is.
It
makes
extremely
simple,
so
you
don't
have
to
learn.
Two
different
pieces
of
software
envoy
is
fairly
popular
graduated
cncf
project,
and
when
you
look
at
envoy,
you
go
okay.
B
How
do
I
enable
this
filter?
How
do
I
run
with
you
know
the
following
things
in
on
voice?
So
what
we
have
said
is
you
don't
need
to
learn
an
external
ingress
gateway
or
the
abstractions
over
there,
and
what
we
have
done
is
like.
We
have
made
it
a
declarative,
so
you
could
just
say:
okay,
these
are
the
three
filters
I
need
to
enable
and
they'll
just
work
for
onward,
so
android
sort
of
forms,
a
very
lightweight
shim
and
makes
it
extremely
simple
to
run
the
ingress
api
gateway.
B
So
what
we'll
do
is
we'll
create
a
web
assembly
filter
again
envoy.
Has
a
web
assembly
filter
plugin
so
we'll
just
enable
that
using
the
android
shim
and
then
what
we'll
do
is
we'll
run
our
custom
code.
So
there
is
some
detail
here
in
how
the
web
assembly
interacts
with
the
code.
So
web
assembly
has
a
proxy
vasm
interface
so
I'll
quickly.
B
But
we
can
talk
more
about
the
details
if
there
are
questions,
but
let's
run
through
the
basic
stuff
I'll
just
touch
up
on
a
few
things
here
and
there
and
then,
if
you
have
more
questions,
I'm
happy
to
go
over
in
more
details.
But
but
the
idea
is
like
web
assembly
is
a
runtime
that
runs
inside
web
browsers
and
online
proxy.
Now.
So
how
does
web
assembly
interact
with
your
program
so
that
or
a
proxy?
B
So
there
is
a
proxy
vasm
standard
or
specification
that
you
can
look
at
which
essentially
defines
how
web
assembly
talks
to
a
proxy
or
the
callbacks
between
web
assembly
and
proxy,
and
then
there
are
sdks
in
different
languages
like
we
are
going
to
use
the
golang
sdk
today
and
there
are
sdks
in
javascript.
B
There
are
sdks
in
python,
you
can
choose
a
language
and
an
sdk,
and
then
today
we
are
going
to
use
a
golang
sdk
which
essentially
compiles
the
go
program
into
web
assembly,
which
can
then
be
loaded
by
the
web
assembly
runtime.
So
the
code
is
going
to
perform
the
validation,
verification
and
transformation,
but
this
is
how
the
whole
thing
comes
together.
B
So
so
you
so
so
taking
a
step
back,
you
have
your
kubernetes
cluster.
You
have
your
ingress
service,
which
allows
the
north
south
traffic
to
traverse
into
the
cluster
inside
that
ingress.
You
run
envoy.
The
ony
is
a
web
assembly
filter.
The
web
assembly
filter
has
proxy
vasm
interface.
The
proxy
vasm
interface
talks
to
your
sdk
of
your
choice
in
your
language
golang
in
our
case
and
those
go
line.
Callbacks
invoke
our
code,
so
as
traffic
comes
in
the
code
gets
executed,
which,
which
is
custom
code
for
validation,
verification
and
transformation.
B
Okay,
okay,
so
moving
on.
I
hope
everyone
can
see
my
screen,
but
if
you
don't,
I
can
increase
the
font
size,
but
for
the
sake
of
this
session
we
go
into
the
installation.
B
B
B
So
so
this
is
the
getting
started
guide.
Of
course
I
mean
this
talks
about
how
to
install
android
using
hill
and
how
you
can
quickly
set
up,
and
then
there
are
sections
on
you
know
when
you
set
it
up
using
one
command.
You
know,
essentially,
what
are
the
different
pieces
that
are
getting
programmed
and
this
scope
relates
to
you
know
what
you
have
used
when
running
that
command.
B
So
you
could
say
I
want
to
enable
this
five
or
seven
filters
like
chart
or
l7
rate
limits
again
talking
about
rate
limits
on
route
for
android.
The
l7
rate
limit
function
is
completely
free.
It's
typically
a
paid
feature
in
every
single
other
place.
That.
A
B
B
The
getting
started
guide
covers
exposing
the
service
externally,
enabling
ssl
on
it
again
using
one
command.
So
typically,
if
you're
using
a
server
which
is
fairly
common,
I'm
not
sure
if
it
is
a
cncf
project
search
manager,
but
maybe
it
is.
But
but
the
idea
is
like
you
could
use
that.
So
so
we
won't
go
over
these
aspects,
but
we
already
have
an
instance
of
android
running
and
then
we
are
going
to
go
over
the
web
assembly
aspects
like
how
to
enable
web
assembly.
How
does
the
code
look
like?
B
How
do
we
comply
compile
that
web
assembly?
How
we
create
a
container
out
of
that
code?
How
that
container
gets
loaded,
how
the
web
assembly
plug-in
is
extracted
from
that
container
and
how
that
code
gets
loaded
into
the
runtime
and
executed?
So
those
are
the
pieces
that
we'll
cover,
but
this
is
sort
of
the
prerequisite
for
those
pieces.
So
so
you
can
take
a
look
at
it
over
here
and
we'll
just
jump
right
into
the
right
into
the
web
assembly.
B
So
what
we
see
here
is
we
have
android
installed,
that's
the
instance
name
in
the
name,
space
unroot
demo,
and
then
we
have
an
example
workload
installed
and
we
have.
We
have
exposed
that
workload
externally
using
the
health
chart
again
and
it's
called
http
bin
service
policy.
B
B
B
B
The
same
way,
so
we
have
an
http
bins
policy.
We
have
also
set
up
an
external
auth
service.
In
case
you
want
to
run
jot
against
auth0.
It
gets
automatically
set
up,
but
if
you
don't
need
it,
you
can
remove
it.
So
that's
how
the
that's
how
the
installation
looks
like.
B
B
The
next
step
is
checking
the
chasm
plugin.
So
again,
like
I
was
mentioned
earlier,
android
is
a
lightweight
shim
and
the
idea
is
that
there
is
more
or
less
one
to
one
correspondence
between
the
plugin
that
envoy
has
and
android
xposes.
So
web
assembly
is
a
plug-in
and
yeah.
You
can
very
simply
enable
that
plug-in.
So.
B
So
here
is
how
the
filter
looks
like
so
this
is
a
web
assembly
filter.
You
can
program
on
android
and
all
it
says
is
like
let's
download
this
image,
essentially
a
docker
container
and
this
image
has
this
image:
has
your
vasim
plugin?
So
the
idea
is,
it
provides
you
the
way
to
externally
load
an
image.
B
Now
there
is
a
fair
bit
of
documentation
out
there,
but
the
community
has
come
up
with
a
way
to
package.
Wasm
plugins
and
you
know,
load
them
into
the
web
assembly
runtime,
and
this
is
also
a
popular
mechanism
that
istio
uses.
B
So
what
we
have
done
is
we
have
taken
a
similar
approach
to
downloading
the
basm
plugin
from
an
external
container,
and
there
is
a
way
to
package
that
container
using
the
compact
variant
again,
which
is
documented
in
the
community.
So
you
can
look
it
up.
So
android
is
the
first
gateway
which
runs
wasm
for
free,
I
mean
there's
no
enterprise
license
or
anything
that
you
have
to
buy.
You
just
point
your
filter
to
the
right,
vasm
container.
It
will
download
it.
B
It
will
extract
the
plugin
and
run
it
so
so
what
you
see
here
in
the
filter
is
essentially
saying
that
hey
there
is
a
container
vvx
json,
so
validate
verify
transform
for
a
json
body
which
you
can
download
from
a
docker
repository
and
then
that
will
extract
the
plugin
and
load
it
into
the
web
assembly.
Runtime
on
onboard.
B
B
All
right
so
moving
on
this
is
how
the
web
assembly
filter
is
created,
doing
and
then.
B
Let's
run
continue
with
the
demo,
so
what
we
have
here
is
we
are
first
going
to
so
we
are
first
going
to
show
okay.
How
does
a
request
look
like
and
then
we
will
be
able
to
run
that
requiremently
until
we
enable
the
web
assembly
filter
and
then
we'll
say,
okay,
what,
if
the
digest
for
the
request,
doesn't
match
so
so
the
idea
behind
the
demo
is
the
following:
when
a
request
comes
in
externally,
we
want
to
be
able
to
verify
that
request.
The
way
we
will
be
verifying.
B
B
So
so
do
you
want
me
to
take
this
question
taylor?
I
just
see
a
question
here.
B
So
so
the
question
is
the
generated.
Wasm
is
based
on
go
right.
Does
that
on
road?
Also
support
rust
generated
vaso?
That's
a
great
question
absolutely
so
that
is
the
beauty
of
web
assembly.
There's
nothing
special
about
it
in
envoy
or
android.
They
both
leverage
the
flexibility
of
web
assembly.
B
So
if
you
write
your
code
in
rust
or
c
plus
plus
for
that
matter
or
go
live
or
javascript,
and
once
you
compile
it
into
web
assembly,
it's
just
web
assembly
byte
code
and
that
web
assembly
byte
code
can
be
run
inside
the
web
assembly
runtime.
Now
the
idea
is,
there
has
to
be
a
proxy
vasm,
abi
interface
to
that
language.
Maybe
there
is
an
sdk
out
there
for
us.
I
I'm
I'm
fairly
confident
there
is.
B
I
might
have
to
look
it
up,
but
I
know
that
there
is
a
good
community
around
the
rust
proxy
vasm,
the
cc
plus
proxy
vasim,
the
golang
and
the
javascript
in
the
community.
So
so
I
think
I
think
absolutely
so.
You
can
run
rust
programs
inside
the
web
assembly
runtime
when.
A
B
Compiled
into
web
assembly
bytecode-
yes,
so
so
yeah,
so
so
going
back
to
the
validation,
verification
and
the
transformation
step,
the
high
level
flow
is
going
to
be
following,
so
we
are
going
to
first
say
when
an
external
request
is
coming
in.
I
don't
trust
that
request.
B
I
don't
trust
that
the
request
has
been
modified
in
the
middle,
so
I'm
going
to
verify
the
for
it.
So
the
implementation
details
are
the
following.
So
when
you
get
a
body
for
a
request,
you
are
going
to
compute
a
sha-256
of
that
body,
so
you'll
compute
a
short
256
hash,
and
then
you
will
compare
it
against
the
hash
hash
which
has
been
sent
in
the
request.
Now.
B
The
hash
which
is
sent
in
the
request
is
in
the
header
for
the,
and
there
can
be
other
implementation
details
depending
on
how
it
is
implemented
in
a
stack.
But
for
the
very
basic
case
we
are
going
to
say,
we
are
going
to
verify
the
hash
against
the
against
what
is
coming
in
the
header.
So
initially
we
will
start
with.
No
web
assembly
will
send
in
a
request,
we'll
send
something
without
a
header,
then
we'll
enable
web
assembly
and
we'll
see
how
it
does
not
like
a
request
if
the
hash
doesn't
match
next.
B
B
Okay,
how
the
code
that
we
have
written
and
got
is
getting
run
into
web
assembly
is
going
to
perform
those
validations
for
json,
and
the
last
step
is
going
to
be
that
there
could
be
personally
identifiable
information
which
I
don't
want
to
be
sending
to
the
back-end
server.
In
this
specific
case,
it
may
be
allowed
in
other
cases,
but
it
may
be
in
this
case.
We
don't
want
to
do
it.
B
So,
in
the
last
step
we
show
how
we
can
transform
the
request
very
systematically
programmatically,
very
pinpointed
modification
to
show
that
how
you
can
redact
certain
set
of
information
or
perform
any
kind
of
transformation
at
this
step.
Again
done
using
golang
code
which
gets
compiled
into
web
assembly,
or
it
could
be
rust
code
for
that
matter.
So.
B
So
that's
the
high
level
thing
now:
let's
look
at.
B
Let's
send
a
request
right
now,
so
so
that's
that's
the
request.
So
what
we
did
is
we
sent
a
request
and
we
can
see
that
the
quest
is
going
through
right
now.
There
are
no
issues
with
validation
or
verification,
and
there
is
nothing
in
there
like
what
we
are
sending.
As
a
body
of
the
request
is
just
an
empty
json,
and
it's
not
complaining.
So
even
if
it
is
not
a
json,
it
won't
complain
because
the
idea
is
that
right
now
the
web
assembly,
validation
and
verification
is
not
enabled.
B
So
everything
is
going
through
it.
Everything
is
going
through
the
ingress
we
are
going
to
now
enable
the
verification
aspect
of
it.
So
maybe
it
might
help
a
little
bit
to
go
over.
Okay,
let's
go
over
this
first,
so.
B
So
going
to
do
is
we
are
going
to
enable
this,
the
web
assembly
plugin,
that
I
showed
you
in
the
last
step
and
the
way
to
enable
it
is
saying
that
for
all
my
requests
coming
in
just
pipe
them
through
the
wasm
filter
so
again
similar
to
the
piping
mechanism
right
like
when
you
get
an
output
from
one
you
send
it
to
the
other.
So
what
we
are
saying
is
we
are
going
to
pipe
it
through
the
vassam
filter
right
now.
This
is
how
it
has
been
set
up.
B
So
when
we
expose
the
service
externally,
we
exposed
it
using
a
couple
of
filters.
One
of
the
filters
was
the
rate
limit
filter
and
the
other
filter
was
the
lua
filter.
Now
this
was
basically
programmatically
when
we
set
it
up.
We
said
okay
set
up
these
five
or
three
filters,
but
for
this
demo
we
set
it
up
only
with
a
couple
of
filters,
the
lua
filter
and
the
link
limit
filter,
and
now
we
are
going
to
enable
the
wasm
filter.
B
So
what
what
I'm
doing
here
is
I'm
adding
the
wasm
filter
to
all
my
traffic.
B
And
now
I
have
the
ram
filter
enabled
so,
let's
send
a
request
again
and
does
so.
It
says
I
failed
to
validate
vaso
validate
json
because
it
doesn't
have
a
valid
json.
B
What
happened
here
so?
What
let's
go?
Take
a
look
at
the
code,
so
the
message
we
are
getting
is
fail
to
validate
jj's
json
schema,
we'll
go
ahead
and
cut
the
code,
so
here.
B
We
are
hitting
the
validate
json
code
so
again
going
back
and
let
me
take
a
step
back
and
explain
what
the
code
is
doing.
I
never
got
a
chance
to
do
that,
but
the
code
is
at
a
high
level,
organized
into
call
backs
provided
by
the
proxy
vasometers
right.
So
so
anytime,
the
b
comes
in
the
proxy
assam
interface
defines
a
request
body,
callback
right
and
that
is
implemented
by
the
sdk
so
now
inside
the
sdk
using
that
sdk.
B
B
Now
I
say:
okay,
once
I
have
the
complete
body,
I'm
just
going
to
get
the
complete
body
into
a
white
stream,
so
json
body
is
a
buffer
where
I'm
going
to
store
the
complete
body.
Next,
I'm
going
to
say,
digest
value
red.
So
this
is
the
verification
piece
again.
This
code
has
been
set
up
in
such
a
way
to
say
that
if
I
do
see
a
digest
value
set
inside
the
request,
I'm
going
to
perform
the
validation.
B
If
I
don't
see
a
digest
value
read
then
I'm
not
going
to
perform
the
validation
and
I'm
going
to
try
and
verify
the
digest
with
the
json
body
and
if
it
matches
all
good,
if
it
doesn't
match,
then
we
are
just
going
to
send
a
400
here,
but
we
are
hitting
the
validate
json
code
because
we
did
not
send
a
digest.
So
now,
let's
go
ahead
and
send
a
digest
and
see
what
it
does.
B
So
here
is
how
you
add
the
digest
by
adding
that
additional
variable
and
again
this
can
be
specific
to
your
implementation.
But
this
is
how
this
implementation
is
so
now
you're
getting
an
unknown
prefix
in
hash.
So
the
expectation
of
this
code
is
that
it
can
only
verified,
I
just
in
short,
256
or
sha1,
so
we
are
just
going
to
make
so
again,
let's
take
a
look
at
this.
B
So
I
can
take
questions
if
there
are
any
I'm
just
going
through
this
there's
a
lot
to
cover,
so
I'm
just
going
through
this
assuming
folks
are
with
me.
But
if
you
are
not
feel
free
to
interrupt
and
ask
questions,
but
I'll
take
a
moment
of
break
like
a
few
seconds
to
take
any
questions.
A
I
think
one
question
that
I
had
for
you
was
kind
of
when
getting
involved
with
wasm
and
kind
of
understanding
how
all
that
fit
together,
I'm
kind
of
new
to
the
space
myself.
You
know
I
feel
like
it
was
a
big
thing
to
discover
that
wasm
is
more
of
a
targeted
run
time
for
things
understanding.
You
know
the
the
bindings
and
kind
of
like
how
you
put
all
of
this
together.
A
Can
you
share
some
of
the
things
that
you
found
interesting
when
kind
of
starting
to
work
with
wasm,
and
you
know,
does
my
language
support
this?
How
do
I
start
building
with
this?
Do
you
have
any
insights
on
that
front.
B
That's
a
that's
an
excellent
point:
taylor.
Thank
you
for
asking
that
so
vasm.
If
you
want
the
simple
answer,
then
I
would
say
pick
up
an
sdk
and
start
implementing
your
code
around
that
sdk,
and
then
there
will
be
ways
to
compile
that
vasom
into
that
that
code
into
vasim
bytecode
using
the
sdk
or
some
compiler.
B
Now
the
vasm
support
is
still
coming
up.
So
again,
I
think
it's
an
excellent
point
that
you
make
is
because
vasm
support
is
still
coming
up
with
languages.
So
today,
if
you
see
golang
golang
has
a
interface.
Essentially,
if
you
wanted
to
compile
golang
into
vassam
code,
the
compiler
has
to
support
that,
and
today
we
are
using
a
compiler
called
a
tiny
ego
compiler,
which
has,
which
does
not
have
support
for
all
the
libraries.
B
So,
for
instance,
I'll
tell
you
an
example
of
what
we
encountered
while
we
were
building
this
demo
piece
is
that
encoding,
slash
json,
which
is
a
fairly
popular
and
extensively
used?
Library
in
golang,
is
still
under
development
because
it
uses
the
reflection
package.
Reflection
package
is
not
yet
ported
in
there.
So
today,
if
you
use
reflection,
you
cannot
build
a
program
using
reflection
in
golang,
which
you
can
compile
into
the
vasim
code,
because
the
support
is
coming
up.
That's
why
I
think
it's
a
great
question.
B
This
is
this
will
eventually
happen,
but
today
maybe
the
support
for
c
plus,
plus
or
rust,
maybe
more
or
javascript,
maybe
more,
but
it
is
still
under
process,
and
it's
very
promising
I
mean
this.
Things
will
eventually
get
into
get
in
there.
B
But
one
thing
to
keep
in
mind
like
you
mentioned
taylor,
is
that
when
you
pick
something
up
or
when
you
pick
up
a
language,
one
is
how
comfortable
you
are
with
the
language,
but
also
understanding
the
kind
of
support
that
the
language
has
when
it
comes
to
wasm,
so
it
today,
as
of
today,
there
is
a
possibility
that
you
might
be
right
trying
to.
B
That
might
not
compile
or
those
libraries
may
not
be
supported
for
wasm
compilation.
So
you
have
to
be
cognizant
of
that
fact,
because
it
might
happen
that
you
might
go
down
that
route
and
you
might
not
find
that
support.
So
let
me
add
one
more
thing,
so
what
we
are
doing
is
with
json
validation.
We
started
with
encoding
json
package,
but
we
quickly
realized
that
the
reflect
package
inside
golang
is
not
supported
today.
So
so
we
took
a
step
back
and
we
said:
okay
are
there
any
json
libraries
today?
B
Let
us
do
the
validation
we
do,
while
still
being
able
to
compile
it
to
asm,
and
the
beauty
of
it
is
that
we
did
find
some.
We
were
able
to
express
our
validation
requirements
using
using
the
libraries
that
were
supported
today,
so
we
were
able
to
achieve
this
today,
but
again
the
there
is
a
lot
of
action
in
the
community.
There
is
a
lot
of
interest
in
vasim.
It
will
eventually
get
there,
but
it
takes
some
form
of
evaluation.
B
Before
you
jump
into
it
and
say,
I'm
going
to
use
rust
for
my
use
case,
it
might
help
to
just
check
the
language,
support
or
javascript
for
my
use
case,
because
the
support
might
still
not
be
there.
You.
A
B
A
Great
question
yeah.
Thank
you.
Thank
you.
It's
a
and
and
really
enlightening
too.
I
think
that,
like
you
said,
as
we
see
different
languages
start
to
adopt
these
things,
and
we
get
that
more.
We
get
higher
levels
of
support
for
different
frameworks
and
libraries.
It's
really
going
to
be
an
interesting
place.
You
know
I
remember
when
webrtc
came
out
and
was
like,
can
all
browsers
support
this.
This
would
be
fantastic,
but
it
looks
like
we're
like
finally
getting
there.
A
My
hope
is
that
we're
going
to
see
that
much
more
an
abbreviated
timeline
for
that
much
faster
adoption
on
that
front,
but
fingers
crossed
you
know.
Thank
you
to
everybody
working
on
that
as
well.
I
did
see
a
couple
of
other
questions
come
in
like
the
way
you
added
wasm
plug-in
as
a
filter.
What
other
kinds
of
filters
can
be
used
like
an
auth
filter
or
something
like
that.
B
So
again,
a
great
question:
the
idea
behind
android
was
how,
transparently,
you
can
add,
any
filter
that
envoy
has
and
extend
it
using
custom
filter.
So
the
answer
to
that
is
any
filter.
Literally
I
mean
today
we
have
enabled
cars.
We
have
enabled
lua,
we
have
enabled
web
assembly,
we
have
enabled
you
know
external
auth
z.
You
know
all
these
filters
are
out
there
very
easily.
B
You
can
enable
it
on
envoy
using
on
root,
so
so
absolutely
any
filter
and
tomorrow,
if
you
say
I'm
going
to
add
my
custom
filter
again,
that
is
all,
but
the
idea
is
that
how
do
you
make
it
easy?
Because
all
these,
if
there's
a
lot
of
extensibility,
you
need
to
be
able
to
wrestle
with
that
complexity
too.
So
the
idea
is,
how
do
you
make
it
simple
so
that
it
is
intuitive
like
when
you
go
look
at
envoy
today
or
when
you
go?
Look
at
your
architecture
today?
B
How
are
you
going
to
easily
say
that
I
know
the.
I
know
that
my
service
or
my
solution,
because
it's
an
edge
service,
it
needs
ssl,
it
needs
circuit,
breaking
it
needs
scores.
It
needs
lua.
It
needs
vasom,
maybe
it
needs
auth.
How
am
I
going
to
like
selectively
and
quickly
say
these
are
the
five
or
seven
things
I
need.
You
know
at
a
high
level
and
transform
that
requirements
you
know
very
easily
and
intuitively
into
what
is
being
run
for
my
service,
while
you're
continuing
to
track
all
this.
You
know
so
so.
B
Yeah,
so
that's
so
there
is,
I
think,
there's
one
more
question
around.
There
is
any
mechanism
to
gather
metrics
of
this
routes
that
you
enforce.
B
Yes,
there
are
so
as
the
vasom
filter
is
developing
in
otherwise
generally
when
ony
builds
a
filter
again.
A
great
question.
I
think
one
of
the
reasons
we
see
people
when
we
talk
to
people.
We
see
people
replacing
proxies
with
envoys
because
of
its
stats,
observability
and
the
amount
of
telemetry
you
can
accumulate
from
the
proxy
for
web
assembly.
I'm
pretty
sure
there
will
be
more
starts
coming
out
into
the
envoy
proxy,
but
you
can
also,
you
know,
have
additional
mechanisms
to
extract.
B
B
There
is
no
reason
why
you
know
any
of
these
wasm
plug-ins
could
also
be.
You
know
like
extended
to
do
some
of
that,
so
so
so
absolutely
so
there
are
several
mechanisms
to
achieve
that.
So
I'm
pretty
sure
one
of
them
is
that
onward
proxy
will
have
additional
stats
coming
out
with
web
assembly.
And
the
other
aspect
is,
you
know
some
form
of
instrumentation
with
existing
frameworks
like
prometheus
or
other
starts,
you
know,
like
infrastructure
to
you,
know,
expose
more
metrics.
A
For
your
questions,
keep
them
keep
them
coming.
If
you
got
any
to
to
ask,
I
know
that
yeah
you
have
a
more
of
a
demo
to
get
through,
but
but
definitely
you
know,
please
keep
asking
questions
next,
one
was:
what
is
the
performance
impact
to
call
one
of
one
or
multiple
wasm
filters,
meaning
probably
copying
all
the
request
bits
from
the
ingress
memory
stack
to
the
wasm
stack
right.
B
Right
so
we
haven't
run
any
formal,
we
haven't
run
any
formal.
You
know
like
performance
numbers,
but
the
one
of
the
key
reasons
that
people
like
web
assembly
is
because
of
the
performance
aspects.
Apart
from
the
flexibility
now
is
there
a
copy
of
all
the
body
coming
in?
I
think
there
is
because
I
haven't
really
looked
at
the
details
and
I
I
could
be
wrong
here.
B
Okay,
I'm
not
claiming
that
I'm
right,
but
when
I
was
writing
this,
this
did
cross
my
mind
that
am
I
making
a
complete
copy
of
the
body.
So
my
of
the
request
body
that
is
coming
in-
and
my
sense
is
that
we
are
because
when
you
go
back
and
look
at
the
code
here
right,
you
could
potentially
trace
this
call.
But
what
we
are
doing
here
is
that
we
are.
B
We
are
getting
the
request
body
here,
which
we
have
accumulated
now
is
the
is
the
request
body
pointer
pointing
to
a
buffer
which
has
already
been
allocated,
or
is
it
being?
I
think
there
is
a
copy
inside
the
wasm
runtime
itself
right,
because
all
this
code
is
running
there.
So
I
I
really
I'm
not
completely
sure
about
this,
but
my
you
asked
me
to
take
a
guess.
I'll
tell
you
that,
yes,
there
is
a
copy
of
the
whole
body
being
copied
into
the
vasom
runtime
and
again.
B
This
is
a
guess,
so
I
may
be
inaccurate
here,
but
there
is
a
potential
cost
to
it.
Yes,
it
could
be.
I
mean
I
I
we
haven't
run
any
performance
numbers,
but
it
could
be.
So
that's
again
a
good
question.
So
maybe,
when
you
choose
to
go
down
this
route,
it
might
help
to
understand.
B
If
there
is
a
big
performance
hit,
you
know
coming
in
from
vasim.
What
we
have
seen
is
is
typically
again
in
all
the
conversations
we
have
with
our
customers
or
other
prospects
that
we
talk
to
it's
very
easily.
B
We
see
that
when
they
replace
envoy
or
when
they
replace
any
other
api
gateway
out
there
with
an
envoy
based
solution,
they
see
at
least
3x
or
5x
improvement
in
performance,
because
envoy
inherently
is
like
natively
written
in
c
plus
plus
and
all
these
things-
and
it
has
this
asynchronous
callback
mechanism
to
you
know,
run
a
big
event
loop
on
top
of
live
event
right,
so
it's
extremely
performant.
B
So
so
my
feeling
is
that
you
know
generally,
if
you're
coming
from
a
legacy
gateway
right,
you're,
going
to
see
huge
income
in
terms
of
performance
when
it
comes
to
web
assembly,
there
might
be
a
hit
there
again.
I
I
cannot
confirm-
or
you
know
say
what's
going
on
there,
because
we
don't
have
any
data
to
you
know
like
answer
that
question
so
cool.
Let
me
go
ahead
with
the
with
the
demo.
B
So
so
I
again
this
time
we
were
yeah
so
so
again
so
validate
verify
and
transform.
So
we
were,
we
were
seeing
that
the
json
validation
was
failing
and
we
said,
okay,
you
need
to
pass
a
digest
header
for
the
verification
to
kick
in
after
looking
at
the
code.
So
now
we
are
running
the
verification
piece.
B
So
when
we,
when
we
give
a
digest
header,
we
see
that
we
get
an
unknown
prefix
in
hash
and
I
think
the
code
expects
that
sha
256
prefix,
so
let's
just
give
it
a
shot,
256
prefix.
B
So
now
it's
saying
that
received
digest,
doesn't
matter
periodized
right.
So
let's
just
go
back
to
the
code
and
see
what's
it's
doing
there
so
so
we
we
received,
we
received
a
digest
which
was
sent
to
us
in
a
header.
We
computed
the
digest,
but
they
don't
match.
So
we
are
getting
a
400
response
for
that.
So,
let's
just
quickly
compute
the
digest
and
give
it
the
correct
diet.
So
the
way
we
can
compute
the
just
is
by
using
open
ssl
to
compute
the
digest
and.
B
B
We
computed
our
digest
right
and
then
we
are
going
to
send
that
digest
now
and
now
it's
happy
so
now
it
gets
the
digest.
We
are
able
to
go
through.
It
verified
the
request
and
said:
hey.
The
request
looks
good.
We
are
able
to
verify
that
it
is.
It
is
the
the
checksum
and
all
matches.
So,
let's,
let's
just
quickly,
look
at
that
code,
so
the
verify
code,
the
verify
code,
checks
the
defects
again.
This
was
the
prefix
part
and
we
sent
it
to
sha
256
prefix.
B
B
So
going
back,
we
read
the
complete
body
here
until
we
received
the
complete
body,
we
said
action
pause.
So
now
we
have
the
complete
body
here.
Once
we
have
the
complete
body,
we
send
it
to
the
verify.
Call
the
verify,
call
computes
a
sha
256
and
extracts
the
digest
from
the
digest
header
right.
So
now
we
have
what
we
have
received
in
the
header
and
what
we
have
computed
right
and
then
we
just
check
the
two
of
them
and
say
either
they
match
or
they
don't
match.
B
So
I
think
what
what
we
saw
earlier
was
that
it
wasn't
matching
and
you
could
see
this
message
received,
I
just
don't
match
and
now
we
see
that
the
received
digest
matches
the
computed
digest
and
we
are
able
to
move
forward.
So
now
we
say
now
we
are
running
into
this
problem,
so
we
are
not
able
to
validate
the
json
so.
B
Right
so
so
I'll
just
pause
for
a
moment
and
see
if
there
are
any
questions
that
I
I
should
take
up
right
now
or
maybe
I
should
just
finish
this
and
move
forward.
A
I
don't
have
any
preference
on
my
end,
and
I
did.
I
did
just
see
that
one
question
come
in
to
is
there
any
way
to
integrate
r
based
coding
deployments
in
kate's?
I
think
that's
somewhat
of
a
separate
topic,
but
definitely
I've
seen
personally
a
few
different.
Our
workloads
kind
of
you
know
how.
A
How
do
you
set
up
your
workspace
on
kubernetes
is
one
topic
that
I've
seen
coming
up,
but
not
sure
if
you
know
there
might
be
there
might
be
some
policies
to
enact
definitely
on
your
on
your
data
sets
and
things
like
that,
but
yeah.
B
Yeah
so
you're
correct
taylor.
I
think
I
second
that
I
think
that
makes
sense.
So
no
that
is
not
there
so
yeah
I
mean
our
base
is
essentially
how
you
set
up
your
whole
studio
in
the
workspace
and
the
environment.
Right
to
you
know
like
run
some
ml
workloads
or
ml
programming,
so
so
so
moving
on
I'll
just
quickly
finish
a
few
things
on
the
demo
side,
I
I
I
want
to
complete
this
real,
quick
and
then
I'm
happy
to.
B
I
see
one
more
question
which
I'm
going
to
take
eventually,
but
let
me
quickly
finish
this,
and
we
can
talk
more
about
that
so
yeah,
so
this
failed
to
validate
json.
So,
let's
go
back
and
see.
B
So
this
is
coming.
This
is
because
we
use
we
use
so
whatever
body
is
coming
in,
we
try
to
validate
the
json
of
that.
So
so
what
we
are
saying
here
at
a
high
level
is
that
ensure
that
my
json
contains
the
following.
So
inside
data,
the
first
element
contains
the
type
and
an
id
and
inside
the
data,
the
first
element
inside
attributes.
There
is
title
body
created
and
updated,
so
the
validation
looks
like
that
and
then
the
validation
also
checks
that
the
time
getting
in
created
and
updated
follows
the
time
format.
B
B
A
I
did
for
some
people
looking
at
jq.
I
know
that's
quite
a
popular
tool
for
introspecting
json
and
trying
to
filter
and
work
with
that.
I
did
see
one
called
zq
that
I'm
kind
of
curious
to
check
out.
There's
there's
so
many
new
command
line
tools,
I've
seen
lately,
but
so
little
time,
so
many
command
tools.
B
I
see,
oh,
is
it
what's
called
again,
taylor
c
q.
B
Yeah
I'll
check
it
out,
I
know
about
jq
and
I
think
it's
fairly
popular
I
just
have
tried
zq
sure
so
bearing
how
this
looks.
What
we
check
for
validation
is
inside
the
data
element,
so
data
element
is
a
right
and
then
the
first,
the
first
element
inside
the
check.
There
is
a
type
right,
so
there
is
a
type
and
there
is
an
id
and
inside
the
first
element
attributes,
then
a
body
right.
B
So
there
is
a
title
and
a
body,
and
then
there
is
a
cree
and
an
updated
right
and
then
check
that
created
and
updated.
So
what
this
code
does
is
that
identifies
all
these
are
present
and
if
they
are
not
present,
it
flags
a
failure
and
then
what
we
have
here
is
that
we
try
to
parse
the
time
and
say
created
and
updated
are
in
the
correct
time
format
right
so
so
this
is
the
validation
that
it
does
for
the
value
now,
typically
all
the
other
popular
gateways.
Again
they
will.
B
These
are
all
premium
features
which
you
charge,
which
they
charge
for
your
buy
these
features.
You
know
you
have
to
enable
those
plugins
go
through
that
extensive
configuration
for
those.
B
This
is
just
so
much
simpler
and
you
know
it's
just
so
much
easy
and
of
course
it's
free
because
webassembly
support
is
native
to
to
unvoy
and
android
just
exposes
that
support.
So
so
we
just
like
flip
a
few
switches
and
bits
here
and
there
and
things
just
start
to
work,
so
there's
really
no
cost
to
building
this
or
creating
this
right.
So
so
so
again,
I
think
the
flexibility
is
amazing.
The
performance
is
there
and
there's
no
cost
involved
in
this,
because
it's
all
envoy
native
right,
so
so
anyway.
B
B
B
Okay,
so
what
we
see
is
now
two
things
happening:
one
is
the
verification
went
through
it
lights,
the
dust
that
gate
is
open
for
us.
The
I
just
matches
its
added
message.
Next
step
we
are
going
to
do
is
validate
it.
So
so,
if
you
look
at
flow
of
code,
you
have
the
validate
call,
which
is,
after
the
verification
call.
So
your
first
call
is
a
verification.
Call.
Let
me
if,
if
the
message
is
okay,
the
next
call
is
the
validation
call
right.
Typically,
now
I
look
at
it.
A
B
So,
let's
quickly
look
at
happened
so
when
I
see
a
request
coming
through
what
it
is,
what
it
means
is
that
I'm
sending
a
request
and
it
got
verified
with
the
digest,
so
it
likes
the
digest
it
will
allow
it
to
go
through
next
is
the
validation
of
the
json.
So
in
this
piece
we
also
see
the
validation
went
through
because
it's
a
200.
Why?
Because
it
it
has
all
the
aspects
that
we
are
checking
for
right.
So
it
has.
B
B
The
key,
interesting
aspect
now
here
is
also
the
transformation
right.
So
so
remember
I
mentioned
you
could
validate
verify
and
transform
the
request,
but
take
a
note
here
of
the
dob,
the
date
of
birth.
B
A
B
For
the
data
right
so
for
the
data
attributes
of
zero
right
and
date
of
birth
right,
if
I
find
that
path,
I'm
just
going
to.
B
Within
that
path,
I'm
just
going
to
set
it
to
all
zeros.
So
that's
the
transformation
piece,
so
we
are
replacing
the
body
with
the
new
body
and
again
going
back
to
the
commons.
The
memory
copy,
the
body
copies.
It's
a
great
question.
I
don't
know
if
the
copies
are
happening
here,
they
could
be,
but
are
definitely
worth
checking
the
cost
of
this
operation
and
the
copies
happening.
B
In
my
mind,
vasim
is
fairly
performant,
but
again
we
haven't
run
any
benchmarks
to
look
at
this
more
and
say:
are
there
more
optimized
versions
of
it
or
is
there
a
better
way
to
achieve
it,
but
anyway?
So
this
is
the
transformation
piece
where
you're
saying
that
if
I
do
find
a
date
of
birth,
then
I
just
want
to
remove
that
date
of
birth
and
it's
it.
This
is
where
you
can
see
in
the
request
body
that
it
has.
It
has
been
removed.
B
So
so
that's
that's
that's
pretty
much
it.
That's
actually
end-to-end
validate
verify
and
transform,
which
we
also
have
here
so
so
again.
This
is
this:
is
the
article
you
can
check
on
the
main
web
page
which
talks
about
the
same
thing,
so
so
so
anyway.
So
that's
all
I
had
so.
Let
me
take
a
step
back
and
provide
a
summary
of
what's
going
on
here.
So
what
we
are
saying
is
that
web
assembly
provides
a
flexible
mechanism
to
extend
your
ingredients
right
to
envoy
natively.
B
B
You
have
to
use
an
sdk
that
comes
that
complies
to
the
application,
binary
interface,
which
is
provided
by
proxy
vessel,
so
so
think
of
proxy
vasm
as
a
glue
that
joins
web
assembly
runtime
to
your
code
right,
so
you
have
proxy
basm
and
what
it
means
is
you're.
You
essentially
have
callbacks
in
your
code,
which
you
are
overriding
right,
so
you're
saying:
oh
I'm
getting
this
callback.
This
is
what
I'm
gonna
do.
B
So
so
that's
that's
pretty
much.
It
check
out
the
space
on
the
website.
We
are
going
to
add
more
details
into
doing
the
when
this
was
more
of
an
overview
of
what
to
what
you
can
achieve
with
this
capabilities.
But
we
are
going
to
add
more
on
how
to
exactly
do
all
of
this.
The
code
will
all
be
open,
so
we'll
just
push
it
on
github.
B
We
just
got
it
going
pretty
late,
so
we
haven't
had
a
chance
to
push
it
out,
but
one
additional
thing
is
loading
code
into
the
webassembly.
Runtime
also
should
be
flexible,
and
what
andrew
does
is
it
uses?
The
compact
variant,
which
is
again
fairly
popular
or
rather
defined
in
the
community,
is
still
community.
If
you
see
they
talk
about
the
compact
variant
which
you
can
use
to,
you
know
take
a
piece
of
code
convert
it.
You
know
like
into
a
web
assembly,
plug-in
and
package
it
into
the
compact
variant.
B
So
when
you
download
that
knocker
container
from
a
remote
compact,
you
know
variant
docker
container,
you
can
essentially
unpack
it
and
load
that
plug-in.
So
this
is
really
flexible
and
it's
very
it
makes
it
very
easy
right.
So
so,
just
to
conclude
by
saying
here
is
the
container
that
it's
downloading
from
the
sarus
iu.
You
know,
docker
hub
and
vvx.json
validated
verified,
transform.
Json
is
the
container
in
the
compact
format.
It's
downloading
and
unpacking,
and
loading
into
the
web
assembly
runtime.
So.
B
Had
and
I'm
happy
to
answer
questions
now.
A
Awesome
awesome
awesome.
Well,
unfortunately,
I
do
think
that
we
are
at
time,
but
so
so
we'll
close
things
out
and
and
end
them
here.
Is
there
any
good
place
for
people
to
contact
you
or
or
the
team
tinted
on
that
front.
B
Absolutely
so
there
is
a
there
is
a
slack
link
on
the
website.
Some
of
one
of
us
will
definitely
get
back
to
you,
quick
enough.
So
slack
is
the
best
way
to
reach
us
and
there's
also
a
contact
page
on
the
website.
B
A
Awesome
well,
wonderful!
Thank
you,
everyone
for
joining
us
for
today's
cloud
native
live.
It
was
great
to
learn
from
chington
and
yes,
please,
please
do
reach
out
to
him
if
you
have
any
more
questions
on
on
wasm
on
enroute
and
anything
in
between,
we
really
enjoyed
the
interaction
and
questions
from
the
audience.
Thank
you
so
much
for
joining
us
today
and
we
hope
to
see
you
again
soon.
Thank
you
all
so
much
thank
you
chintin
and
hopefully
you
have
a
wonderful
wednesday.