Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Sandbox] SpinKube #90

Open
2 tasks done
endocrimes opened this issue Mar 21, 2024 · 31 comments
Open
2 tasks done

[Sandbox] SpinKube #90

endocrimes opened this issue Mar 21, 2024 · 31 comments
Assignees
Labels

Comments

@endocrimes
Copy link

endocrimes commented Mar 21, 2024

Application contact emails

danielle@fermyon.com, c.voigt@reply.de, fcastelli@suse.com, jiazho@microsoft.com

Project Summary

SpinKube is an open source platform for efficiently running (containerless) Spin-based WebAssembly (Wasm) applications on Kubernetes.

Project Description

SpinKube is a Kubernetes-based platform for running serverless Wasm without a container. It achieves this by combining a few technologies: A containerd-shim-spin that can directly run Spin applications from OCI Artifacts without a Container, A runtime-class-manager (formerly KWasm) operator that manages the lifecycle of WebAssembly runtimes on Kubernetes Hosts, and the Spin Operator which manages the configuration and lifecycle of Spin applications.

This combination provides excellent developer and operator experience when running Wasm on Kubernetes.

SpinKube provides many benefits over container-based serverless compute:

  • Change management - with container based deployments, patching system dependencies (such as OpenSSL) needs to happen in every image independently, which can become difficult to manage over time. With SpinKube many of these dependencies are node-local, and the runtime-class-manager provides a kubernetes-native api for patching those on running systems, without application downtime.
  • Rightsizing workloads - managing access to shared resources like CPU and memory correctly is difficult, which often leads to over-provisioning resources (over introducing downtime) resulting in low utilization of host resources. With SpinKube, applications consume near-zero resources at idle, and per-request resource isolation reduces the need for broad-strokes resource limits, allowing you to reduce overprovisioning of resources.
  • Size - containers are often bigger than needed, and often include extraneous system dependencies by default which are not required to run the application. Spin applications contain only the compiled application and its assets - and does not need per-architecture artifacts, this results in much smaller distribution units and can drastically improve scaling performance.

Org repo URL (provide if all repos under the org are in scope of the application)

https://github.com/spinkube

Project repo URL in scope of application

N/A

Additional repos in scope of the application

No response

Website URL

https://spinkube.dev

Roadmap

https://github.com/orgs/spinkube/projects/5/views/7

Roadmap context

The SpinKube Project aims to integrate WebAssembly applications seamlessly into the Kubernetes and the broader CNCF Landscape. To achieve those goals there are up-and-downstream enhancements to make across Observability, Kubernetes Node management, and scaling systems. Although not yet fully realized in the GitHub Project, the roadmap includes bringing automatic OpenTelemetry instrumentation to Wasm applications and having runtime-class-manager handle the lifecycle of installing and upgrading complex runtimes on Kubernetes nodes.

We believe in the future of WebAssembly as the next wave of efficient Serverless compute.

Contributing Guide

https://www.spinkube.dev/docs/contrib/

Code of Conduct (CoC)

https://github.com/spinkube/governance/blob/main/CODE_OF_CONDUCT.md

Adopters

No response

Contributing or Sponsoring Org

Fermyon Technologies, Microsoft, Liquid Reply, SUSE

Maintainers file

https://github.com/spinkube/governance/blob/main/MAINTAINERS.md

IP Policy

  • If the project is accepted, I agree the project will follow the CNCF IP Policy

Trademark and accounts

  • If the project is accepted, I agree to donate all project trademarks and accounts to the CNCF

Why CNCF?

The CNCF hosts a vibrant and diverse community of developers and organizations. The CNCF is able to provide a shared governance model and neutral home for the project, allowing for collaboration among various vendors and end-users, fostering the creation of a solution that delivers collective benefits to all stakeholders within the ecosystem.

Benefit to the Landscape

To expand the range of serverless platform options in the CNCF ecosystem and bring the benefits of Wasm to the Kubernetes community. Many end-users are looking for options that allow them to give their developers a serverless solution that is cost-efficient while offering excellent performance. SpinKube offers a seamless way to do this by leveraging the power of Wasm and deeply integrating it into various layers of Kubernetes for integration with the whole ecosystem.

Cloud Native 'Fit'

Landscape: Serverless

TAGs: TAG Runtime + TAG App Delivery

TAG Runtime is a natural fit for much of SpinKube, especially as the home of WG-WASM. We already integrate deeply with ContainerD through runwasi, and aim to work alongside other common runtimes too. These discussions present an opportunity to enhance the Kubernetes ecosystem, especially for lightweight environments with WebAssembly runtimes.

TAG App Delivery is also relevant to SpinKube - Our primary distribution mechanism for Wasm artifacts are OCI Artifacts, which ties into the work of wg-artifacts.

Cloud Native 'Integration'

SpinKube unites Wasm applications and Kubernetes in a way that is natural to developers who use Kubernetes today - by running applications as deployments and creating regular Kubernetes Service’s. This means you can benefit from your existing Service Meshes, O11y Pipeline’s, CI+CD, and scaling solutions while also benefiting from the portability and efficiency of WebAssembly.

SpinKube is also built on the shoulders of giants - including OCI Artifacts, runwasi in the containerd project, Kubebuilder, and OpenTelemetry.

Cloud Native Overlap

The WasmEdge, wasmCloud, knative, and krustlet projects in the CNCF ecosystem have some overlapping objectives with SpinKube. The SpinKube Project aims to integrate WebAssembly applications seamlessly into the Kubernetes and the broader CNCF Landscape.

The CNCF WasmEdge, SpinKube, and CNCF wasmCloud each use a different Wasm runtime, wasmEdge, Spin, and wasmCloud, respectively. While each of them have a differing developer experience for building applications, they each have some level of support for running their applications on Kubernetes.

According to the wasmCloud documentation, "wasmCloud is compatible with, but not dependent on, Kubernetes". With wasmCloud, Pods in a cluster are the wasmCloud "hosts" and contain N Wasm applications.
On the other hand, SpinKube was designed and built for running WebAssembly on Kubernetes - and there is a 1:1 relationship between Pods and Wasm applications. This is due to SpinKube leveraging the containerd/runwasi project to natively execute Wasm applications. Since all Wasm apps are represented as Pods, you can easily use existing tooling such as Cilium, Istio, HPA, KEDA, and Dapr with SpinKube.

WasmEdge is a runtime for embedded functions, microservices, udf, smart contracts, and IoT devices. The WasmEdge Runtime is excellent for packaging inside your software, but is more akin to WasmTime (the runtime used by Spin) than it is to Spin itself. Spin is hyper-focused on event driven serverless applications (that respond to events from HTTP requests/Queue messages/...), and SpinKube relies on that developer experience and programming model as we continue to integrate into the Cloud Native Ecosystem.
Both projects leverage runwasi to run on Kubernetes, and as such SpinKube’s runtime-class-manager not only simplifies configuring the Spin shim but can also manage the WasmEdge shim if that runtime better suits your needs, or you would like to use both.

SpinKube fits in a similar domain as serverless projects in the Cloud Native ecosystem. Like Knative, SpinKube is targeted at engineers who build serverless platforms and want a Kubernetes native experience. The defining distinction is that SpinKube applications are Wasm applications, giving them a greater level of isolation (as every request is fully isolated), fast start-up times, and simplified management of system dependencies.

Krustlet is another project in the CNCF space that runs Wasm on Kubernetes; however, it is no longer maintained - the team that developed it did go on to develop runwasi however.

Similar projects

Knative, wasmCloud, wasmEdge, krustlet

Landscape

Not yet

Business Product or Service to Project separation

N/A.

Project presentations

SpinKube Tutorial - https://www.youtube.com/watch?v=TTXAUSicj04

Project champions

No response

Additional information

No response

@endocrimes endocrimes added the New New Application label Mar 21, 2024
@endocrimes endocrimes changed the title [Sandbox] <Project Name> [Sandbox] SpinKube Mar 21, 2024
@devigned
Copy link

I am a big +1 to this proposal. However, I believe it is significant that the namesake project at the core of SpinKube, Spin, is itself not a CNCF project. My main concern regarding this is that if there was a change of licensing for Spin, then the SpinKube collection of projects could be at risk.

@boomskats
Copy link

This proposal is really interesting (the demos at kubecon were great), but I do find some of the statements above confusing and potentially misleading.

This opening statement describing the cloud native overlap:

The CNCF WasmEdge, SpinKube, and WasmCloud each use a different Wasm runtime, wasmEdge, Spin, and wasmCloud, respectively.

explicitly clashes with this statement in the paragraph immediately following it:

WasmEdge [...] is more akin to WasmTime (the runtime used by Spin) than it is to Spin itself.

Is Spin itself a runtime that SpinKube depends on (as suggested by the first statement), or does it use Wasmtime (as suggested by the second)?

As far as I'm aware neither Spin or wasmCloud are runtimes. According to Spin's own readme, it is a framework which uses Wasmtime, and according to this blog post, wasmCloud also uses Wasmtime (it does not use 'wasmCloud'). If both wasmCloud and Spin use Wasmtime for their runtimes, what is the purpose of that opening statement?

I'm also not sure why this text refers to WasmEdge as 'CNCF WasmEdge' and wasmCloud as simply wasmCloud, given that they are both CNCF sandbox projects and I've generally seen wasmCloud referred to CNCF wasmCloud elsewhere.

Lastly, Taylor Thomas, one of the original developers of Krustlet that the above text refers to, recently wrote a blog post on this subject which I feel is a relevant read.

@endocrimes
Copy link
Author

I'm also not sure why this text refers to WasmEdge as 'CNCF WasmEdge' and wasmCloud as simply wasmCloud, given that they are both CNCF sandbox projects and I've generally seen wasmCloud referred to CNCF wasmCloud elsewhere.

@boomskats that is entirely unintentional - in the place we do that I'll update it for wasmCloud too

Is Spin itself a runtime that SpinKube depends on (as suggested by the first statement), or does it use Wasmtime (as suggested by the second)?

WRT "runtime" - I'm going to try and do some wordsmithing to find a better word, but originally they (Spin and wasmCloud) were referred to as "runtimes" because from an end-user perspective they somewhat are in this context. I'm on holiday until Tuesday so that'll take a bit longer to change.

@kapilt
Copy link

kapilt commented Apr 4, 2024

It seems a little odd to have an operator and accompanying in a foundation for a base project not in a foundation which is also reliant on a venture backed startup. Ie. It’s unclear why spin is not part of this. Given the zeitgeist and heightened sensitivity to companies changing project licenses to non oss, it seems like a non starter unless the project is also in a foundation. else cncf as a community runs the risk of being foundation laundered on accessories for a core that could end up in the same place, re non oss.

Re other foundation homes for spin, Byte code alliance projects are typically lower level runtime/spec oriented versus orchestration here. Splitting coherency for contributor organizations across foundations doesn’t seem like a good rationale either. Spin is devex and orchestration, and cncf already holds numerous projects to the goals and targeted towards wasm.

It’s not clear what benefit it has to users or community on the split but the risks to the same seem high unless spin is part of the same proposal to move to a foundation.

@endocrimes
Copy link
Author

@devigned

I believe it is significant that the namesake project at the core of SpinKube, Spin, is itself not a CNCF project. My main concern regarding this is that if there was a change of licensing for Spin, then the SpinKube collection of projects could be at risk.

I understand that concern and it's one we're currently taking very seriously (sorry for the delay, I was on vacation post KubeCon and wanted to have some internal discussions before posting a response).
We're just as committed to keeping Spin open as we have been from the beginning with the Open Source Promise. We're currently working on defining how best to ensure that Spin will remain open for everyone.

@Mossaka
Copy link

Mossaka commented Apr 7, 2024

We're just as committed to keeping Spin open as we have been from the beginning with the Open Source Promise.

I praise the Fermyon team for pledging to keep Spin open sourced in a good faith commitment and the fact that the team has a track record of building open source tools and platforms. However, we must consider the possibility of an acquisition scenario that a new ownership may change the open-source license to the closed-source model. This scenario isn't unheard of. I am interested in hearing considerations on how to ensure that Spin will remain open in enforceable frameworks.

@angellk
Copy link
Contributor

angellk commented Apr 9, 2024

TAG App Delivery is also relevant to SpinKube - Our primary distribution mechanism for Wasm artifacts are OCI Artifacts, which ties into the work of wg-artifacts.

@endocrimes TAG App Delivery would love to understand more how SpinKube is using OCI Artifacts. Could you please present to and engage with the Artifacts WG?

CNCF slack: #wg-artifacts
Meeting Info/Notes

@devigned
Copy link

devigned commented Apr 10, 2024

@angellk I believe @jsturtevant and @thomastaylor312 will be leading a discussion about Wasm OCI Artifacts in the TAG-Runtime Wasm-WG in the upcoming meeting on Tuesday April 16th at 5:00 pm CET/ 8:00 am PST meeting notes / working group details.

For a preview, I believe this doc, WASI OCI Design, tells the gist of the story.

We pursued this in containerd/runwasi#147 so that we could fulfill the promise of Wasm workloads being architecture and OS agnostic in Kubernetes. Previous to this work, one would need to build an OCI image for a given platform / arch (linux/arm, windows/amd64, ...) etc. To target multiple, you'd have to bake multi arch images. That is not Wasm. We believed that K8s Wasm workloads should be free to run on any node in your cluster with a single artifact.

IMHO, it's one of the coolest features of the containerd Wasm shims!

@angellk
Copy link
Contributor

angellk commented Apr 10, 2024

Thanks @devigned - please reach out to the TAG App Delivery Artifacts Working Group to make sure they are invited / involved then since they are specifically called out in the application.

@endocrimes
Copy link
Author

For those that are interested outside of the context of this issue, we now have an upstream tracking issue in Spin for governance definition and are making good progress in figuring out the path forwards. Thanks for your patience 💖 : fermyon/spin#2449

@jsturtevant
Copy link

Thanks @devigned - please reach out to the TAG App Delivery Artifacts Working Group to make sure they are invited / involved then since they are specifically called out in the application.

As a follow up, @devigned did an overview of the work at the last meeting on Tuesday April 12th https://docs.google.com/document/d/1E7iKPOuyA1jxPe8vDG8aPd8jtnCEbpDpCifXDvDCnA0/edit#heading=h.uylsvgzqikm

@angellk
Copy link
Contributor

angellk commented Jul 9, 2024

@rchincha @sabre1041 Does TAG App Delivery Artifacts WG have notes/recommendation from the meeting mentioned?

@sabre1041
Copy link

@rchincha @sabre1041 Does TAG App Delivery Artifacts WG have notes/recommendation from the meeting mentioned?

Recording from the meeting which provided a brief overview and how OCI artifacts are being used

https://www.youtube.com/watch?v=NHW5UigLXso

@mrbobbytables mrbobbytables moved this from 📋 New to 🏗 Upcoming in Sandbox Application Board Jul 12, 2024
@dims
Copy link
Member

dims commented Jul 17, 2024

We're just as committed to keeping Spin open as we have been from the beginning with the Open Source Promise.

I praise the Fermyon team for pledging to keep Spin open sourced in a good faith commitment and the fact that the team has a track record of building open source tools and platforms. However, we must consider the possibility of an acquisition scenario that a new ownership may change the open-source license to the closed-source model. This scenario isn't unheard of. I am interested in hearing considerations on how to ensure that Spin will remain open in enforceable frameworks.

@endocrimes any response?

@dims
Copy link
Member

dims commented Jul 23, 2024

@endocrimes poke!

@kapilt
Copy link

kapilt commented Jul 24, 2024

@endocrimes given zero movement on a foundation for spin core in the last quarter or two, the question must be asked, why the wrapper without the core in cncf? else splitting foundations is negative value for end users, and having a wrapper without a core in a foundation is the same. to be blunt, foundations aren't for laundering projects by startups, they are for fostering community around projects, imho.

@endocrimes
Copy link
Author

endocrimes commented Jul 24, 2024

@endocrimes poke!

We've actually been making some pretty meaningful progress - with Spin now having a defined governance model (fermyon/spin#2593) and "spin" being a more well defined set of projects - as a very important step in the process of defining its future. We'll have more to share soon as that process settles in.

@TheFoxAtWork
Copy link
Contributor

All - we appreciate community members support and exploration in surfacing items for technical consideration as part of sandbox applications, it allows the TOC to have a more comprehensive perspective on each projects' potential. However, in keeping with the Technical Leadership principles, we want to remind everyone to be welcoming and curious in their comments, provide feedback with courtesy, and foster respectful resolution. Embodying the technical leadership principles as you comment on these applications directly contributes to sustaining the open, community-oriented nature of CNCF.

We've initiated an update to the Sandbox Application README to capture this guidance for anyone commenting on applications (as well as providing more information to projects on what to expect).

@raravena80
Copy link

raravena80 commented Aug 8, 2024

Review from TAG-Runtime available here.

Note that there is a section of Technical Concerns and Moving Levels to Incubation Concerns

Thank you.

@dims dims mentioned this issue Aug 14, 2024
2 tasks
@endocrimes
Copy link
Author

Spin has now also been submitted for separate consideration as a Sandbox project - It's taken a little while and a lot of discussions to find the right path for the health of the project, and a lot of work on cementing governance 😅.

The projects are being submitted separately as they have different design goals and aspirations, even though there is some overlap between the Shim projects in SpinKube and Spin itself. I strongly feel that is the best path for both of the projects futures over a subproject-like dynamic.

@raravena80
Copy link

Hello, q. wouldn't it make sense to donate Spin first and then just do SpinKube as an add-on to Spin? Thanks.

@TheFoxAtWork TheFoxAtWork moved this from 🏗 Upcoming to ⏲ Waiting in Sandbox Application Board Aug 19, 2024
@TheFoxAtWork
Copy link
Contributor

Moving this project application to Waiting until Spin is up for review so they can be considered and reviewed at the same time.

@rochaporto
Copy link

rochaporto commented Aug 20, 2024

Apologies for the delay, but for completeness here are the recommendations following the discussion.

@endocrimes the submission was reviewed by the CNCF TOC on August 13th. The following clarifications are requested:

  • Would SpinKube consider supporting other WASM applications (WASMEdge, WASMCloud, ...), especially if Spin is not part of the application?
  • Would Spin be considered to be included in this application?

The second item was answered by @endocrimes above already, and this is the sandbox application.

@endocrimes
Copy link
Author

endocrimes commented Aug 21, 2024

Would SpinKube consider supporting other WASM applications (WASMEdge, WASMCloud, ...), especially if Spin is not part of the application?

We’re open to supporting runtimes and application models outside of Spin.

We haven’t talked about this scenario in detail, but the design of the operator, runtime class manager, and the shim (the three major components of SpinKube) allow eventually supporting other execution environments.

More specifically, the operator has the concept of the “executor”, which can select the specific implementation of an executor which can control both the scheduling configuration for Kubernetes (https://github.com/spinkube/spin-operator/blob/main/api/v1alpha1/spinappexecutor_types.go), and also the actual execution of a Wasm component.

Similarly, the runtime class manager project already tracks a milestone for being able to configure all shims that KWasm can install (https://github.com/spinkube/runtime-class-manager/milestone/2)

In the near term, we are prioritizing being able to run more generic HTTP applications with SpinKube (this is also in line with the Spin roadmap, which aims to allow targeting runtimes other than the Spin runtime itself — https://github.com/fermyon/spin/blob/main/ROADMAP.md), and focusing on the operational experience for configuring and running them.

If others are interested in contributing and maintaining capabilities for SpinKube to support other Wasm applications, this is something the project can support, and we would definitely be open if it helps SpinKube users!

@edrob999
Copy link

edrob999 commented Jan 10, 2025

TAG Contributor Strategy has reviewed this project and found the following:

  • Contributor Guide: is Basic, with introductory instructions for getting started. It would be improved with suggestions for what to work on, and how to get help with contributing
  • Governance: Project does not yet have a written Governance file (this is not a blocking issue for Sandbox)
  • Roadmap: is Basic, listing two items. It would be improved by adding assignment/task breakdown/schedule
  • Maintainers: is Complete. Listing name, github handle, affiliation. Project has 13 maintainers: 6 Fermyon, 3 Microsoft, 1 each from Suse, Liquid Reply, Hetzner, independent

This review is for the TOC’s information only. Sandbox projects are not required to have full governance or contributor documentation.

@endocrimes
Copy link
Author

@edrob999 FWIW while we don't have a file named governance.md - the governance repo does define the projects governance.

Specifically, https://github.com/spinkube/governance/blob/main/CONTRIBUTOR_LADDER.md includes information about the roles and responsibilities within the project, how you progress between them, and the formal requirements for changing those parts and how removing inactive maintainers should work. This is actually pretty similar to the containerd projects governance.md - if you want us to just rename that file?

https://github.com/spinkube/governance/blob/main/SECURITY.md includes the security related bits (who to reach out to, how to make a report) - and a code of conduct exists within the same repository.


The contrib guide linked in your review there is specific to the spin-operator repo rather than the SpinKube project however (https://www.spinkube.dev/docs/contrib/ - goes into more detail and includes troubleshooting steps for various parts of the process).

@endocrimes
Copy link
Author

spinkube/governance#19 - PR is up for a maintainers file though - that's been an open issue for a while that fell off my radar

@edrob999
Copy link

edrob999 commented Jan 10, 2025

thanks @endocrimes. I've updated the comment above to record that a written governance file is not a blocking issue for sandbox acceptance. A governance file is a useful reference for people new to the project, recording how decisions are made/maintainer lifecycle step-by-step/how conflicts are resolved.

@endocrimes
Copy link
Author

The maintainers file above has also now been merged (and thus exists with affiliations and GitHub handles)

@geekygirldawn
Copy link
Member

TAG Contributor Strategy has reviewed this project and found the following:

  • Contributor Guide: is Basic, with introductory instructions for getting started. It would be improved with suggestions for what to work on, and how to get help with contributing
  • Governance: Project does not yet have a written Governance file (this is not a blocking issue for Sandbox)
  • Roadmap: is Basic, listing two items. It would be improved by adding assignment/task breakdown/schedule
  • Maintainers: is Complete. Listing name, github handle, affiliation. Project has 13 maintainers: 6 Fermyon, 3 Microsoft, 1 each from Suse, Liquid Reply, Hetzner, independent

This review is for the TOC’s information only. Sandbox projects are not required to have full governance or contributor documentation.

I would like to slightly amend @edrob999's assessment and replace the bullet about governance with:

  • Governance: The project has a governance repository with details about maintainers, a contributor ladder, and security policy. It could be improved by adding a governance.md file with more details about the decision-making process, how to non-voluntarily remove maintainers, and other details that can be found in the governance template. Note that this is not required for Sandbox.

@edrob999
Copy link

I'm in agreement. Thanks @endocrimes for adding the maintainers file, and for explaining the approach for how the project presents its governance info

@angellk angellk moved this from 🏗 Upcoming to 🤔 In voting in Sandbox Application Board Jan 15, 2025
@angellk angellk moved this from 🤔 In voting to 🏗 Upcoming in Sandbox Application Board Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: 🏗 Upcoming
Development

No branches or pull requests