►
From YouTube: CNCF SIG Runtime 2020-11-05
Description
CNCF SIG Runtime 2020-11-05
A
C
D
Yeah,
I
don't
know
about
anybody
else,
but
I
struggled
to
I
haven't
joined
into
this
meeting
for
a
while,
I
must
say,
but
I
I
s
between
having
to
log
in
and
having
to
find
the
passcode
and
whatever
it
was
non-trivial
to
get
on
this
call.
So
I'm
wondering
if,
if
other
people
are
struggling
with
the
same
thing,
yeah
give
them
a
few
more
minutes.
What's
the
attendance
been
like
recently,
ricardo.
A
D
D
A
C
D
Of
times,
usually
a
very
noisy,
I'm
usually
a
very
noisy
guy
when
it
comes
to
asking
questions
I'll,
be
that
that
question
asked
or
a
person.
If
we
want
to
go
ahead,
we
can
always
repeat
it
again
in
a
couple
of
weeks
time,
if
we
think
it's
worth
it,
but
yeah
I
mean
given
that
we're
all
here,
we
may
as
well
go
ahead
and
I'll
ask
questions:
how
about
that.
C
D
C
C
Okay,
I'm
gonna
go
ahead,
I'm
I'm
planning
on
just
showing
a
few
slides,
I'm
not
a
big
slide
person
and
I
figure
people
want
to
kind
of
dive
into
like
how
we've
done
things
when
we've
architected
but
and
these
first
things
are
just
kind
of
cut
to
cover
the
purpose.
I
am
reusing
them
from
another
slide
deck,
so
forgive
the
theming,
but
they
contain
like
the
perfect
information
to
kind
of
give
some
overview
about
why
we
did
cresla
and
when
we
did
it,
so
this
is
recording
just
an
introduction.
C
I
am
a
senior
software
engineer
at
microsoft
and
I'm
one
of
the
lead
maintainers
on
crestlit,
which
is
a
kubernetes
rest
kubelet,
is
what
that's
that
name
derives
from,
but
I'll
talk
a
little
bit
about
that
and
what
it
does
why
the
project
exists,
and
then
I'm
going
to
show
some
demos
and
if
people
are
interested
kind
of
like
the
architecture.
So
that's
that's
the
kind
of
general
overview
of
what
I'm
going
to
cover.
So
let
me
go
ahead
and
share
out
my
screen.
Make
sure
it
is.
C
Sorry
showed
up
on
the
wrong
display.
This
is
want
to
happen
there.
We
go
okay,
so
just
a
little
bit
of
background.
So
what's
this
whole
wasm
thing,
so
the
idea
of
the
crossfit
project
is
that
we
we
do
it.
It
was
really
meant
to
to
work
with
wasm
and
wasm
stands
for
web
assembly.
If
you
haven't
heard
of
it
and
just
a
quick
overview
of
that
in
case,
it
is
completely
unfamiliar
to
you.
It's
basically
compiled
binaries
that
can
run
be
run
in
a
browser
through
javascript.
C
We
like
our
w's
here
in
this
space,
I'm
kind
of
like
kubernetes
likes
its
k's.
We
like
our
w's,
so
we
have
this
thing
called
wazzy
that
stands
for
webassembly
system
interface.
There's
a
landing
page
right
here
on
this
slide,
that's
a
pretty
simple
one,
and
what
it
is
is
a
standard
for
interacting
with
the
host
system.
No
matter
what
the
os
is,
so
it's
a
very
well
defined
set
of
things
that
you
can
do
right
now.
C
D
C
Like
I
said
it
has
a
very
common
set
of
things.
It
can
do
and
way
of
interacting
with
things
in
a
security
model
that
goes
with
that,
and
so
it
could,
it
could
end
up
being
like
hey.
People
tried
this
before
like
posix,
and
it
might
not
end
up
that
way,
but
there's
a
very
concerted
effort
in
this
community
right
now
to
to
get
this
to
a
state
that
could
actually
be
used
on
all
systems
and
even
right
now,
even
with
its
limited
features,
I
can
take
something
that
is
a
compiled.
C
That's
a
a
wasm
binder,
that's
been
compiled
against
wazi
and
I
can
run
it.
I
can
compile
it
on
my
mac
run
it
on
my
windows.
Machine
run
it
on
my
mac,
rent
it
on
my
raspberry
pi
over
here,
run
it
on
a
linux
vm
somewhere.
I
can
run
it
anywhere
I
want
to,
and
so,
if
the
fact
that
it
can
already
do
that
and
and
it's
on
its
way
to
defining
these
other
things,
makes
me
think
that
there
is
a
distinct
possibility.
D
C
C
I
know
that
a
lot
of
these
things
can
be
done
it
just
it
enables
it
in
a
little
bit
different
way
and
I'll
get
I'll
get
into
that
in
just
a
little
bit,
because
I'm
going
to
cover
a
little
bit
about
why
we
did
the
things
we
did
with
waza
cool
good
question,
though
so
the
other
thing
to
that
that
I
like
to
kind
of
make
a
specific
and
a
difference
here
is,
and
I'm
I'm
talking
to
sig
run
time.
So
this
is
a
little
bit
dumbs
down
for
the
audience,
so
pardon
that.
C
But
the
idea
is
just
to
kind
of
explain
where
we
sit
in
kind
of
our
layer
of
abstraction.
So
we
all
know
what
oci
is
I'm
assuming
in
this
meeting
and
we
have
and
we
obviously
that's
kind
of
a
little
bit
too
low
level
for
us.
We
actually
thought,
as
we
were
playing
this
like,
how
could
we
enable
wasm
on
kubernetes
we're
like
well?
C
Can
we
implement
it
kind
of
like
as
an
oc
like
with
like
a
shim,
that's
running
underneath
and
all
that
and
honestly,
the
process
model
didn't
work
out
the
best
for
us.
It
was
a
little
bit
too
much
overhead
and
too
tied
to
the
idea
of
containers.
Still
we
also
tried
and
there's
a
you,
can
look
it
up.
There's
a
repository
called
walk
inside
of
deus
labs.
C
That
was
stan
that
was
waziman
kubernetes
and
we
tried
implementing
the
cri
interface,
but
the
cri
interface
is
way
way
way
too
container
specific,
like
we
couldn't
even
test
it
against
the
normal
testing
tools,
because
it
makes
the
assumption
that
everything
is
a
container,
no
matter
what
which
I
mean,
that's
not
a
problem,
but
that's
just
how
it's
defined
so
that
didn't
work
for
us
as
well.
We
kind
of
went
up
to
this
virtual
kubelet
level
and
I'm
pretty
certain.
Everyone
knows
what
the
virtual
kubelet
is.
C
So
it's
the
idea
of
like
we're
masking
as
a
kubelet.
So
that's
what
cresslib
is
doing
in
this
case
is
it's
masking
as
a
kubelet,
but
it
goes
a
little
bit
above
and
beyond
the
normal
virtual
kubelet
and
the
fact
that
we're
implementing
other
things
that
the
kublet
has
as
if
it
were
like
a
drop-in
replacement
for
kubelet.
That's
not
it
that's
not
its
purpose,
but
like
we
have
a
lot
of
the
same
kind
of
features
like
right.
C
Now
I've
been
working
on
implementing
the
plug-in
watcher
system,
so
we
can
have
csi
plug-ins,
and
so
I
just
I
have
a
pr
open
for
that.
Actually,
right
now
to
land
that,
and
so
those
that's
kind
of
the
level
that
this
that
crestlet
sits
at
here
is
that
we
aren't
an
actual
kubla
in
the
sense
of
like
right,
we're
doing
the
cri
and
all
that,
but
we're
performing
a
lot
of
the
same
functions
and
pretending
to
be
a
node,
no
matter
where
it's
running
at
okay.
C
So
here's
to
answer
your
question
about
the
well,
why
why
did
we
make
this
then?
So,
there's
kind
of
five
big
things
here.
The
first
two
are
are
a
little
bit
more
self-explanatory.
So
there's
a
security
aspect
here,
so
wasm
is
a
completely
sandboxed
runtime,
so
you
have
to
explicitly
grant
in
permissions
for
it
to
do
something.
C
If
you
want
to
open
a
file
that
that
file
has
to
be
explicitly
granted
to
the
runtime
to
be
able
to
use,
and
I'm
assuming
the
same
thing
will
hold
true
for
network
sockets
and
other
things
down
the
line.
This
is
another
one
where
people
asked
like.
Well,
people
tried
this
kind
of
security
model
before
and
once
again
like.
C
We
don't
know
for
sure
that
it's
going
to
work
this
time,
but
given
its
success
in
the
browser
in
its
sandbox
space,
we
think
that
this
can
still
translate
very
well
to
to
an
in
like
in
a
server
running
model
like
we
have
with
wazi,
and
so
that
security
is
something
that
that
is
very
important
to
a
lot
of
people,
and
that's
one
of
those
reasons.
We
thought
that
wasm
would
be
a
good
choice
here.
The
other.
The
other
reason
is
density.
C
Wasm
modules
are
even
better
at
the
density
aspect
and
that's
that's
something
that
ties
into
the
last
point
about
being
a
smaller
footprint.
But
you
can
fit
a
lot
of
wasa
modules
because
they're
very
tiny
and
run
very
light
into
a
into
a
small
space.
Obviously
we
haven't
gotten
to
the
whole
resource
constraints
and
everything
that,
in
the
state
like
how
you
have
the
resources
blocking
kubernetes,
to
be
able
to
find
those
things.
We
haven't
gotten
there
yet
and
decided
how
that's
going
to
work.
C
A
So
about
the
identity
part,
basically
you!
What
you
have
now
is
with
the
crosslit
is:
you
know
like
a
cubelet
tied
to
webassembly
binary
right,
so
with
density.
Is
that
the
plan
is
the
plan
to
have
multiple
webassembly
binaries
tied
to
the
cubelet
or
because
that
it
ties
to
a
kubernetes
node,
and
so
when
people
want
to
run
webassembly
nodes
using
kubernetes,
so
that
interface
is
not
already
it's
not
defined.
I
believe
right
and
that's
where
you
want
to
get
or
no.
C
C
Yeah,
it's
basically,
we
have
made
it
pretty
much
a
one-to-one
mapping
in
the
sense
of
like
you
have
a
container
and
then
you
have
a
wasm
module.
Now
they
kind
of
they're
they're
a
little
bit
different
they're,
not
a
one-to-one
mapping
in
the
technology
itself,
but
they
are
in
the
kubernetes
like
object.
Parlance
like
a
module
is
just
a
container.
D
Sense
for
what
it's
worth,
we
ran
into
similar
problems
with
people
trying
to
run
virtual
machines
on
you
know,
use
kubernetes
to
control
virtual
machines
as
opposed
to
containers,
and
one
of
the
popular
abstractions
was,
as
you
say,
used
pod.
As
this
you
know,
pod
is
the
thing
that
most
of
kubernetes
interacts
with
and
what's
inside,
the
pod
is
kind
of
less
important
and
it
could
be
containers,
it
could
be
virtual
machines
and
presumably
it
could
be
wasn't
modules.
C
Yeah
and
that's
that's
basically
why
we
did
the
thing
that
we're
doing
right
like
we're
just
handling
pods
and
scheduling,
pods
and
running
the
things
that
those
pods
tell
us
to
run
so
that
that's
a
completely
correct
assessment
of
it.
Now
the
last
two
things
are
really
are
really
interesting
to
me.
C
This
crestlet
and
wasm
stuff
are
not
meant
to
supplant
docker,
there's
plenty
of
workloads
that
actually
work
better
in
docker
and
wouldn't
be
worth
the
effort
to
port
them
to
wasm,
even
if
everything
was
in
place
with
the
wazi
spec
and
all
that.
But
if
we're
being
perfectly
honest
with
ourselves
as
much
as
we
say,
dockers,
work
anywhere
or
more
portable
it,
it
really
isn't
it's
just
a
linux
technology.
I
mean
I
work.
I
work
in
microsoft.
C
I
know
there
are
some
very
smart
people
who
have
made
windows
containers
a
thing
that
work
well,
but
they
aren't
even
really
the
same
thing.
They
work
with
very
different
underlying
like
hosts
and
libraries,
and
if
you
build
like
an
nginx
container,
you
can't
go
run
that
on
a
as
a
windows
container
like
not
running
in
a
vm,
you
compare
that
to
web
assembly
modules
and
webassembly
modules.
C
I
mean
even
right
now
we
have
like
I
said
that
we
have
support
for
mac,
for
windows,
for
arch
64
and
for
linux
and
so
for
for
crestlet
itself,
and
so
those
things
can
run
pretty
much
anywhere.
We
want
them
to.
The
last
thing
is
kind
of
tied
to
the
density.
The
smaller
footprint
so
docker,
as
I
think
we
all
know
if
we've
ever
tried,
like
docker,
has
some
pretty
heavy
overhead
for
smaller
embedded
devices.
If
you're
on
a
pi,
you
can
run
something
like
k3s,
which
is
awesome.
C
E
C
C
If,
if
you
want
to
do
like
a
simple
server
demo
or
a
simple
like
hello,
world
kind
of
example,
even
a
docker
container
still
is
several
like
you're
talking
at
least
10
to
20
megs,
a
wasa
module
is
bytes
kilobytes
worst
case
scenario,
maybe
a
meg,
so
you
get
a
huge
size
reduction
there
and
then
also
the
fact
that
we're
sharing
that
that
same
kind
of
like
parent
thread
and
how
I
mentioned
that
because
it's
running
just
basically
on
like
tasks,
those
tasks
may
get
parked.
If
it's
not
doing
anything.
E
Yeah
so
like
the
the
image
size
is
definitely
one
thing
that
I
think
traditional
containers-
I
don't
know
if
we
have
a
name
for
that,
but
it
could
never
be
in
terms
of
wasm
just
because,
like
the
operating
system
comes
with
the
runtime,
basically
with
with
wasm
but
yeah.
I
was
just
thinking
from
like
a
kubernetes
perspective
like
is
it
ideal
to
have
like
one
per
pod?
C
Yeah
and
that's
maybe
something
that
we
can-
we
can
look
at
like
if
this
is
something
where
people
are
getting
interested
in
and
want
to
try
it
out.
Like
that's
the
kind
of
thing
we
welcome
the
feedback
on,
and
maybe
we
can
wrap
some
of
those
things
like
it.
But
the
main
thing
around,
like
relying
on
c
groups
is
one
of
our
drives
from
the
beginning
has
been
that
this
is
cross-platform,
and
let
me
tell
you
for
the
whole
plug-in
system.
Boy
howdy
was
that
a
an
adventure
to
get
that.
C
Like
windows
and
mac
and
linux,
and
just
because
of
like
different
the
differences
between
operating
systems,
and
so
anything
we
do
we
want
to
make
sure
it
is.
Is
that
it's
cross-platform,
which
is
why,
like
looking
at
c
groups
directly,
is
probably
not
a
good
option
right
now,
just
because
it's
limited
to
the
linux
side
of
things.
E
C
Yeah-
and
I
think
that's
something
that
we
we
will
continue.
This
is
where,
because
it's
so
bleeding
edge
with
with
wazi
like
we
don't
know
like,
we
don't
want
to
make
an
assumption
about
a
security
like
some
of
those
like.
If
you
want
to
add
an
additional
like
wrapper
thing
like
a
c
group
around
it,
we
don't
want
to
make
an
assumption
yet
on
how
how
that
works
or
what
it'll
look
like,
because
it
is
so
new.
D
C
D
C
Yes,
yeah,
so
if
you
want
to
learn
more
about
that,
I
can
either
connect
you
directly
with
one
of
my
co-workers
or
we
can
come
back
next
time
if
we
have
a
next
time.
We
present
we'll
go
ahead
and
talk
about
that
a
little
bit
so
anyway.
Let's
see
I
just
wanted
to
talk
a
little
bit
about
what
we
have
in
there
before
I
demo
it
and
then
the
idea
of
what's
a
provider
in
our
in
our
project.
C
So
basically
what
we
have
implemented
is
we
have
the
basic
pod
life
cycle,
things
like
downward
api
support,
environment
variables,
host
path,
secret
config
map
volumes
and
then
support
across
all
those
operating
systems.
I
mentioned,
we
don't
have
the
cloud
provider
volume
types
yet,
but
we're
going
to
have
it
by
the
next
release.
Like
I
said
I
just
put
in
the
plug-in
discovery
system
so
now
we'll
be
able
to
implement
csi
it'll,
look
a
little
bit
different
because
we're
not
gonna
have
like
a
sidecar
container
on
on
wasm.
C
That's
that's
running
this,
but,
like
you'll,
be
able
to
implement
csi
things.
We
haven't
implemented
some
of
the
eventing
stuff
and
we
we
don't
have
full
kubernetes
networking
support
yet
so
we're
not
totally
tied
into
that
system
yet,
but
that's
actually
going
to
be
not
this
release,
but
the
release
after
that.
We're
targeting
that
so
this
is.
C
This
is
just
to
make
sure
that
people
are
clear
like
this
is
still
very
new
because
of
the
space
that
it's
sitting
in
so
there's
certain
things
that
are
still
missing,
but
we're
we're
moving
very
quickly.
We're
hoping
don't
hold
me
to
this,
we're
hoping
for
a
1.0
release
around
february,
where
we
can
say:
okay
like
now,
you
can
start
using
it
for
things
like
it's
still
very
new
they're
still
missing
things
due
to
the
space
it's
in,
but
it's
like
a
saw.
C
It's
been
solid,
it's
been
tested
and
those
kind
of
things
now
I
also
just
wanted
to
cover
quickly
the
idea
of
what
a
provider
is,
so
we
stole
this
term
from
virtual
kubelet.
So
the
way
crestlet
works
is
actually
just
an
abstract,
kublet
running
system
and
it
delegates
the
logic
to
actually
running
the
thing
that
you're
trying
to
run
to
something
called
a
provider,
and
so
you
can
actually
implement
a
provider
for
anything.
C
One
of
the
other
maintainers
of
the
project
actually
has
an
oci
one
that
is
implemented
for
crisis,
so
it
can
run
normal
containers
using
presslet,
and
we
have
two
that
we
implement
that
are
kind
of
in
tree
and
that's
called
wask
and
wazi.
Wask
is
another
project
that
is
out
there
in
the
community.
That
is
a
actor-based
model.
C
It
has
a
host
runtime
and
it
uses
something
called
capabilities,
and
these
capabilities
are
generally
well.
They
can
be
two
different
things:
they
can
be
provided
by
another
wasm
module
or
they
can
be
like
a
native
capability,
which
is
just
a
compil
compiled
against
the
operating
system.
That's
at
so
wasc
actually
has
network
support
because
it
uses
the
a
native
capability
for
your
networking
and
so
this
model.
C
This
actor
model
allows
you
to
hot
swap
things,
so
you
can
swap
out
a
provider,
so
you
could
swap
out
the
networking
implementation
and
none
of
the
other
things
have
to
know
about
it.
You
can
swap
out
any
of
the
capabilities
provided
and
the
provider
has
no
idea
that
that
or
sorry
the
the
other
was
module.
That's
consuming.
Those
doesn't
need
to
know
that
it
changed
it.
Just
it
just
swaps,
it
out.
C
It's
added
some
strong
security
models
on
top
of
normal,
a
strong
security
model
on
top
of
normal
wasm
modules.
So
we're
talking
some
key
signing
like
it
has
to
have
a
it,
has
to
be
signed
and
embedded
with
a
token
that
validates
that
it's
allowed
to
run
in
the
in
the
host
that
it's
being
provisioned
to
to
be
clear,
though
wasc
is
kind
of
a
a
little
bit
of
a
in
a
kind
of
a
square
tag
round
hole,
because
wasp
is
kind
of
its
own
ecosystem
too.
C
It
can
run
its
own
thing
outside
of
kubernetes.
It
even
has
a
cool
feature
called
lattice
that
allows
you
to
arbitrarily
connect
in
nodes
into
into
like
a
cluster
like
a
meshed
cluster,
and
then
those
modules
can
talk
across
that
that
lattice
to
each
other.
But
it
has
a
whole
bunch
of
support
for
things
like
streaming
file,
storage
and
logging
and
all
sorts
of
all
sorts
of
things.
That
is
pretty
cool,
but
we
also
have
the
implementation
for
crestlet
the
opera.
C
C
Yeah,
I
actually
remember
that
I
think
they.
I
forgot
that
I
saw
that
yeah
and
I
talked
to
them
about
it.
Kevin
is
a
is
a
good
friend
of
ours.
We've
yeah
we've
been
collaborating
with
them
for
a
while
and
actually
we're
moving
the
wasp
provider
out
in
under
the
wasp
project
umbrella
here
soon
in
the
next
few
months,
so
yeah,
and
then
he
mentioned
the
crossfit
too,
and
how
you
guys.
A
Are
working
so
yeah
yeah,
it's
great
to
see
collaboration
like
this
yeah
yeah
and
then
everything
with
the
challenge
is
also
like.
You
know
time
they
don't
turn
it
all
to
kubernetes
right.
So
when
you,
because
a
lot
of
people
are
using
kubernetes
and
then
you're
talking
about
maybe
people
using
k3s
all
right
so
but
anyways
just
a
comment.
Yeah.
C
Well
and
that's
the
thing:
the
providers
are
meant
to
offer
flexibility
anyway,
and
so
that's
why
we
have
this
model.
So
if
someone
wanted
to
implement
one
for
you
like
hashtag
corpse
nomad
or
if
you
wanted
to
implement
something
for
like
functions
on
like
azure
or
on
or
on
aws
or
on
google,
you
could
do
that
with
a
provider.
But
in
this
case
like
we,
just
have
these
two
that
we've
we've
supported
and
wazi's
kind
of
the
more
reference
implementation
of
everything.
So
it
follows
the
wazi
standard.
The
promises
doesn't
have.
C
It
doesn't
have
networking
yet,
as
I
mentioned,
and
the
wazi
provider
follows
more
of
like
the
traditional
kubernetes
runtime
model,
not
that
it
is
a
kubernetes
runtime,
but
that,
like
you,
have
a
pod
that
serves
as
a
that
contains
containers
right
and
those
containers
which
are
wasa
modules
are
just
acting
as
individual
processes.
They're
not
connected
well
they're,
technically
running
on
the
same
host.
C
C
There
are
no
production
use
cases
for
the
reason
that
this
is
still
so
new.
We
still
have
the
warning
on
there.
The
big
warning
sign
that
says
do
not
use
this
in
production,
please,
so
we
don't
know
that
anyone's
using
it
production.
I
I
hope
nobody
is
yet,
but
we
have
had
a
lot
of
people
connecting
it
and
trying
things
in
various
ways.
So
we've
seen
was
that
there's
one
of
someone
in
the
community
from
octo.
C
There
I'm
assuming
whoever
uses
wasc,
has
probably
also
looked
at
some
of
this
stuff
if
they,
if
they
do
kubernetes
things
as
well,
we've
mostly
just
been
trying
to
get
like
things
implemented
all
the
way
out
before
we've
been
focusing
on,
like
oh
here's,
the
use
case,
study
of
company
x
and
company
y
right
now,
but
I
do
know
that
those
are
the
kinds
of
people
who've
been
reaching
out.
Mostly
the
people
are
kind
of
tinkering
on
the
edge
saying.
C
A
So
I
have
a
question
so
when,
when
you
talk
about
wasm
modules,
do
people
actually
want
to
pack
more
capabilities
within
or
like
a
webassembly
binary
right?
Do
we
want
to
add
more
capabilities
inside
that
or
they
just
want
to
decouple
more
of
the
little
components
and
then
run
these
in
all
kinds
of
different
places?
I
would
imagine
that
that
you,
you
have
the
capability
capability
to
to
create
the
the
modules
with
you
know,
either
heavy
or
or
lightweight
right.
A
C
C
Imagine
that
just
like
with
containers
we'll
see
a
little
bit
of
both,
but
I
we
don't
have
enough,
like
real
world
usage
to
like
completely
guarantee
that
that's
going
to
be
the
case,
but
I
think
that
we'll
see
a
little
bit
of
of
both
use
cases
there.
I'm
guessing,
though,
that
initially
it'll
probably
be
these
smaller
constrained.
C
Anyway,
so
let's
I'm
gonna
go
ahead
and
demo
and
kind
of
explain
the
the
architecture
as
well
about
about
how
it
works.
If
we
have
extra
time,
people
are
curious,
I
can
kind
of
explain
why
we
did
rust
and
the
drop
that
what
if
it
went
like
why
it
has
gone
well,
some
of
the
drawbacks
and
all
that
if
people
are
curious,
but
otherwise,
I'm
just
going
to
go
through
the
demo
and
the
architecture
real
quick.
So
let
me
switch
screens
really
quick.
C
Okay,
so
double
check
that
my
cluster
didn't
die,
so
I
was
going
to
try
to
have
a
what
I
was
calling
a
franken
cluster
altogether,
but
of
course,
the
demo
gods
conspired
against
me.
I
was
going
to
have
a
random
windows
vm
connected
and
my
raspberry
pi
connected,
but
then
my
raspberry
pi's
had
issues,
and
I
couldn't
con
and
like
I
couldn't
like
even
get
into
it
over
ssh
and
my
windows
machine
was
having
problems.
C
So,
of
course,
I'm
not
going
to
show
it,
but
I
promise,
if
you
take
these,
you
can
run
these
on
on
any
operating
system.
I'm
not
just
making
that
up,
but
such
is
the
life
of
working
with
the
demo.
So
right
now,
I'm
just
pointing
at
mini
cube.
You
can
run.
We
have
instructions
for
most
of
the
major
cloud
providers
at
this
point.
If
you
use
another
cloud
provider
and
you
find
a
problem
with
it
or
there's
not
documentation,
that's
something
we're
always
looking
for
is
more
documentation
there.
C
So
you
can
run
it
against
anything.
The
the
two
requirements
are
are
that
you
need
to
be
able
to
create
a
bootstrap
token,
so
you
can
generate
a
bootstrap
config
and
the
other
requirement
is
that
you
need
to
be
able
to
be
in
a
place
where
the
kubernetes
control
plane
can
reach
you
over
the
internet,
somehow,
whether
that's
through
a
tunnel
or
or
something
else.
C
So
one
of
the
things
that
I
do,
if
I'm,
if
I'm
running
like
a
local
machine
against
like
an
aks
cluster,
I
will
use
inlets
to
just
to
set
that
up.
I
don't
have
that
set
up
now.
That's
why
I'm
doing
it
on
mini
cube,
because
you
need
that
end
point
coming
back,
so
that
the
control
plane
can
ask
the
kubelet
for
the
container
logs.
C
C
So
there
is
a
bootstrap
script,
that's
included,
and
this
is
one
of
those
things
stories
and
we're
hoping
we
can
just
have
kind
of
a
one-click
process
and
don't
worry
about
just
it's
just
a
tool
we're
using,
and
so
this
bootstrap
script
is
just
creating
a
bootstrap
token.
I
can
actually
show
it
because
this
is
an
audience
that
might
actually
care.
C
So
we
have
one
for
windows
and
for
and
for
linux
or
unix
like
systems,
I
should
say-
and
this
is
just
doing
basically
a
exactly
what
cube
admin
does
it's
creating
a
token
and
then
creating
the
secret.
So
you'll
need
admin
credentials
to
your
to
your
cluster,
to
do
this
and
then
creating
the
secret
in
the
proper
location
and
then
generating
a
coup
config
for
the
for
the
bootstrapping
process.
And
so
we
can
actually
see
that.
C
Right
here
that
it's
set
up
and
has
that
token
that
was
generated,
and
so
it'll
do
all
the
bootstrapping,
so
it
has
the
the
bootstrapping
process
implemented
from
from
normal
kubelet,
and
so
now,
when
I
start
it,
I'm
just
going
to
use
a
shortcut.
This
is
just
going
to
compile
it
and
pass
in
the
right
flags
actually
can
show
you
what
it
looks
like.
C
C
A
C
C
C
C
So
we
actually
have
a
couple
different
examples
of
of
each
one.
So
in
this
case
we
have
examples
in
pretty
much
all
the
languages.
We
have
one
that
support
that
have
like
really
good
wazey
support,
there's
more
languages,
they're,
adding
each
time
we
have
one
in
c
one
and
rest,
and
one
in
assembly
script
that
we're
all
compiled
in
their
own
language
down
to
wazi.
So
we'll
go
ahead
and
do
the
one
in
c
just
for
fun.
C
So
it's
going
to
create
a
simple
config
map
in
a
pod
and
we
can
actually
see
cube
control
get
pods,
it
ran.
So
this
isn't
a
long
running
pod.
It's
just
outputting
a
few
things
but
yeah
I
ran
to
completion
and
I
can
do
two
control
logs
on
it
and
I
get
back
the
logs
from
inside
of
that
pod.
So
in
this
case
it
was
just
printing
out
a
bunch
of
things
that
were
mounted
from
the
configmat
and
if
we
look
at
the
actual
manifest.
C
C
That's
that's
linked
in
the
only
thing
that's
different
is
we
have
to
make
sure
we
note
select
on
the
arch
that
we're
looking
for
and
tolerate
those
nodes,
because
we
have
it
set
up
so
that
those
nodes
repel
all
normal
pods
in
case
you're,
running
in
a
heterogeneous
environment,
and
so
the
thing
is
now
I
can.
I
can
delete
after
I
delete
that
pod.
So
let's
go
ahead
and
delete
that.
C
So
now,
if
I
say
two
control
get
or
sorry
logs,
actually
I'll
get
pods.
First,
okay,
we'll
see
that
it
ran
to
completion.
It's
do
it's
the
same
thing
just
written
in
rust
and
then
we
can
get
logs
and
we
actually
print
out
a
file
in
this
case
and
we're
reading
a
file
from
the
system
and
we
have
the
same
kind
of
values
there.
So
these
are
written
in
two
different
languages
compiled
to
the
same
target,
and
you
can
run
this
module
anywhere,
so
it
can
run
if
you're
on
a
windows
machine.
C
You
could
run
it
right
now,
if
you're
on
on
a
raspberry
pi,
you
can
run
it
over
there,
and
so
that's
that's
the
beauty
of
this
is
you
can
move
it
around
to
these
different
systems,
as
you
want,
whatever
type
of
of
nodes
you
have
connected,
so
there's
there's
just
a
simple
example
for
that
you
can
also
see
just
to
show.
This
is
what
I'm
running.
C
C
C
And
pass
foobar,
it
actually
returns
back
and
it's
running
a
running,
a
server.
That's
returning
back
and
uppercasing
everything
I
send
at
it,
and
this
this
webassembly
binary
is
actually
super
super
tiny
because
it
doesn't
have
to
worry
about
the
server
that's
handled
by
another
capability
within
the
wasp
provider.
But
you
can
also
do
some
limited
networking
things
right
now
with
the
wasp
provider.
C
A
C
Yeah,
so
if
we
look
at
the
actual,
if
we
look
at
this
file
right
here,
you'll
see
that
it's
selecting
on.
I
don't
know
why
it's
selecting
on
linux-
that's
not
supposed
to
be
there,
but
anyway,
you'll
select
on
wasm
32
wasc,
and
it's
the
same
thing
with
the
the
tolerations
right
here.
They're
set
to
repel
things
that
aren't
its
proper
runtime
got.
It.
A
C
C
C
C
So
these
are
the
four
reasons
that
we
we
picked
rust.
The
first
and
most
important
is
that
wasm
and
wazi
support
is
the
best
in
rust.
I
don't
know
why
that
started
out
that
way,
but
that's
what
it
is
right
now,
and
so
it
has
first
class
support
for
compiling
to
wazi.
You
just
basically
have
to
add
a
compilation
target
and
then
just
say:
cargo
build,
which
is
the
build
tool.
C
Cargo
build
target,
wasn't
32w,
and
so
it
will
it's
because
of
that,
a
lot
of
of
the
web
assembly
things
and
then
the
wassi
things
are
built
in
rust
and
so
and
that's
why
why
one
of
the
biggest
reasons
we
chose
it?
And
I
know
that
we
people
often
ask
this
because
actually
our
team,
so
like
our
team,
I'm
still
one
of
the
core
maintainers
of
helm.
C
Our
team
has
like
lots
of
experience
in
go
and
other
kubernetes
things
and
then
the
other
three
things
are
the
safety
which
is
all
around
what
I
guess.
It's
the
the
memory
management
model
of
rust,
so
rust
doesn't
have
a
garbage
collector,
but
it
has
a
very
strict
ownership
model
and,
if
you've
ever
heard
of
somebody
who
started
with
a
rust
you'll
hear
about
fighting
with
the
borrow
checker.
So
that's
checking
that
all
your
data
is
going
to
the
right
places
and-
and
this
is
very
powerful-
it
leads
to
longer
compile
times.
C
But
honestly,
the
trade-offs
have
been
have
been
really
good
because
of
it.
They
have
it's
caught,
bugs
that
we
would.
We
wouldn't
have
caught
otherwise
and
there's
certain
bugs
that
we
would
see
like
we
found
one
in
helm
that
would
have
been
caught
by
the
rest.
Compiler
had
it
been
in
rust,
because
we
were
accidentally
sharing
data
and
creating
a
race
condition
that
not
even
the
race
checker
caught,
and
it
doesn't
that
those
kind
of
classes
of
bugs
are
entirely
eliminated
with
with
rust.
There's
still
plenty
of
bugs.
C
This
isn't
like
some
magic
bullet,
but
it
avoids
a
whole,
avoids
whole
classes
of
bugs
and
avoids.
There's
not
going
to
be
no
pointers,
dereferencing
or
anything
like
that,
unless
you're
doing
explicitly
unsafe
code,
which
has
to
be
called
out
as
unsafe
in
your
in
your
actual
code.
So
you
know
exactly
where
it's
happening.
C
Basically
doing
anything
where
you
have
to
do
large
projects
against
the
kubernetes
libraries
or
api,
it's
an
absolute
nightmare
in
go
to
upgrade
or
add
any
library
dependency,
because
some
of
them
have
different
versioning
schemes
and
there's.
So
you
have
to
often
figure
out
like
specific
hashes,
to
get
things
to
compile
or
specific
pinned
versions.
C
It
happens
to
us
in
helm
all
the
time
in
cargo.
It's
pretty
simple!
You
just
kind
of
look
like
this
and
there's
also
conditional
compilations.
So
we
offer
features
like
this.
This
ops
thing
is
a
way
to
opt
into
using
cli
flags
that
we
have.
If
you
don't
want
to
use
the
cli
flags,
then
you
just
turn
off
the
feature
called
cli
and
then
you'll
just
be
using
our
normal
config
objects.
You
won't
even
get
the
dependencies
or
the
the
dependencies
it
pulls
in
or
the
code.
C
That's
there
because
it'll
be
omitted
when
it's
being
compiled,
and
so
you
just
pull
in
exactly
and
only
what
you
need,
which
we
found
for
dependency
management
being
very,
very
nice
and
also
kind
of
like
what
I
mentioned
with
some
of
the
other
things.
There's
macros
how
error
handling
works,
the
flow
control,
there's
this
idea
of
results
and
unwraps,
and
how
and
how
you
get
everything
to
work
is
great,
but
last
just
to
cover
it.
There
are
caveats
there.
The
kubernetes
library
and
rust
is
missing.
C
Some
of
the
more
advanced
features,
so
streaming
manifests
in
from
like
a
list
of
manifest
like
we
do
in
in
helm
a
lot
some
of
the
patch
creation
and
other
things
are
just
are
just
not
there
and
probably
won't
be
for
a
little
while
there's
very
advanced
features
that
more
like
advanced
projects
might
miss,
and
I
really
miss
goes
just
like
easy
ease
of
starting
something.
Async
or
sorry.
C
But
what
we
have
found
is
that
once
you
get
used
to
the
language,
it
is
very
powerful
and
offers
a
lot
more
flexibility
and
safety
when
writing
these
kind
of
cloud
native
applications,
and
so
that
was
just
kind
of
the
extra
benefits
that
came
on
top
of
us
choosing,
rust
primarily
for
the
safety
and
wasm
side
of
things.
So
hopefully
that
answers
that
question,
but
I
know
we're
at
10
o'clock,
so
I
don't
want
to
yeah.