Agenda​
- DISCUSSION: wasmCloud 1.0 update
- DISCUSSION: wasmCloud Operator
DEMO: wasmCloud policy service using Open Policy Agent
The wasmCloud Policy Service: those that have been running apps locally but not running wasmCloud in clusters in production, you may not have had a need for a policy services.
A new introduction to the wasmCloud ecosystem is a flexible, pluggable Policy Service.
This is all about extending the security of wasmCloud. This is important if you need to put guardrails around the use of specific applications—where they can run, what their role is, who can manage them—common and essential in pretty much every organization.
Every time you start an actor or capability provider, a request is sent to a policy topic to ensure it is allowed to operate.
Does include a cache. If you turn on the policy service actions are disabled by-default.
Today’s demo shows how we can think of the Policy Service as a mission controller which consults an external policy server to deduce whether you’re allowed to start.
By far one of the most popular projects people use as mission control for policy evaluation is with Open Policy Agent. OPA is beginning to become the industry standard.
This is a combination of a project, rules engine and policy evaluation engine.
Take a look at Brooks’ demo in the recording below which shows how this works in practice! And take a look at the accompanying documentation.
DISCUSSION: wRPC MVP check-in
Victor and I have been working steadily through the task list in the repo.
As we work through the task list we will merge into main so that you can all try out.
We’ve done a ton of work to refactor, components and interface links set in.
The next major advancement - taking the current provider SDK and wit-bindgen macro and, instead of generating handlers for wasmbus, it allows us to generate types and handlers for wRPC.
When you write a capability provider it will subscribe on wrPC topics - encode and decode over the wire.
Very first example of a component invoking a provider over wRPC - done with the Redis provider to start with.
Custom interfaces with WIT and generate types and handlers from there.
We plan to take the branch, create a provider from scratch and create a couple of examples that you can all try.
Expect to see the branch merge into wasmCloud main by end of week latest.
Then we will take a look at the rest of the roadmap and start cutting release candidates for 1.0.
wRPC protocol does have support and planned ways to increment.
Check out the recording for a wider discussion around custom interfaces; what’s coming now versus later (in WASI 0.3).
DISCUSSION: Progress in the 1.0 roadmap
Lots of progress has been made in the last week alone to get us closer to 1.0.
Completed: Deprecated Wasmbus is a good first issue—we have made some small modifications.
There are a couple of open RFCs open for contribution—thank you to the community for your support.
Next: final tasks including pinning WIT definitions to wasmCloud 1.0. Evaluating final blocked RFCs—thankfully few.
Where we’ll be…
Listen in…