Containers / Kubernetes / Technology

When WebAssembly Replaces Docker

7 Jun 2022 10:19am, by

One of the more interesting discussions that attracted some attention during KubeCon + CloudNativeCon was how, due to its design, WebAssembly (also known as Wasm) can replace Docker in many circumstances. But as we’ll see below in this article, over-focusing on that aspect of WebAssembly is missing the point, since what is more important are the business uses that WebAssembly can support, as described below.

However, like any interesting new programming language or technology in general, the true test of Wasm’s worth is its business use, and it appears that Wasm’s advantages for simplicity, portability and security, make it at least a good candidate to make up for Docker’s shortcomings, especially for edge and distributed applications.

WebAssembly can be used to integrate JavaScript (JS), C++ and Rust in addition to HTML and CSS into a single runtime platform in a binary format that runs directly on a machine level on the CPU. It can be used to support web applications and extend to any edge environment and cloud native platform that runs on a CPU, including service mesh and edge Kubernetes support. Wasm has also been around for a while, before the World Wide Web Consortium (W3C) named it as a web standard in 2019, thus becoming the fourth web standard with HTML, CSS and JavaScript.

Colin Murphy, senior software engineer, Adobe, detailed during his talk on CDN edge compute and Wasm/WASI platforms, and present and future Adobe applications. To improve business performance, Murphy alluded to how Wasm can serve as a likely successor to Docker. Murphy said he was “just kind of looking around and seeing ‘what’s the successor to Docker with Kubernetes’ and, and so when I got into WebAssembly, I set out to say ‘well, can I take a microservice actually used in production and could I use WebAssembly to deploy it on the client on the edge of the server?'” and he found that his hunch was correct.

Avoiding Vulnerabilities with Wasm

One of the main issues associated with Docker is the potential for vulnerabilities in CVE files, for example. “Sometimes the same vulnerability can have multiple CVEs as a Docker container. With WebAssembly, you don’t have any of that third-party stuff. Just think of it as a binary,” Murphy said during a podcast interview. “However, of course, there will always be security concerns. But the idea that you don’t have to bring all the rest of an operating system and you don’t have to pretend it’s an operating system since it’s really its own unit” helps to make Wasm compelling.

However, don’t expect Wasm to completely replace Docker, either, Murphy said.

“There are still mainframes, there are still host OSSes, there are still VMs that have very particular business cases, and will continue to be used. But there are some really nice places, particularly on the edge in 5G cars, and all these kinds of applications where IoT meets the world and meets the edge, where you’re not going to be able to bring Docker with you.”

The question if there is a possibility that Wasm could eventually replace the use of Docker completely one day is a non sequitur, Jake Levirne, head of product, Docker, said in an email response. The question does not correctly frame how the developer market works since Wasm, as a technology, is not a replacement for Docker, Levirne said.

“Wasm is complementary to Docker — in whatever way developers choose to architect and implement parts of their application, Docker will be there to support their development experience,” Levirne said.

Development, testing and deployment toolchains that use Docker make it easier to maintain reproducible pipelines for application delivery regardless of application architecture, Levirne said. Additionally, the millions of pre-built Docker images, including thousands of official and verified images, provide “a backbone of core services (e.g. data stores, caches, search, frameworks, etc. )” that can be used hand-in-hand with Wasm modules, he said.

“Over time, container runtimes and registries will expand to include native Wasm module support. In fact, this is already happening today,” Levirne said.

The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker.

Feature image by OpenClipart-Vectors from Pixabay