Community blog by Seven Cheng

WebAssembly (Wasm) was originally created for the browser, and it has become increasingly popular on the server-side as well. In my view, WebAssembly is gaining popularity in the Cloud Native ecosystem due to its advantages over containers, including smaller size, faster speed, enhanced security, and greater portability.

In this article, I will provide a brief introduction to WebAssembly and explain its advantages. Then I will discuss how Wasm modules can be executed using container toolings, including low-level container runtimes, high-level container runtimes, and Kubernetes in the next article.

What is WebAssembly?

WebAssembly is a universal bytecode technology that allows programs written in various languages like Go, Rust, and C/C++ to be compiled into bytecode, which can be executed directly within web browsers and servers.

WebAssembly architecture

WebAssembly is designed from the ground up to solve the performance problem of JavaScript. With WebAssembly, developers can compile code to a low-level binary format that can be executed by modern web browsers at near-native speeds.

In March 2019, Mozilla announced the WebAssembly System Interface (WASI), an API specification that defines a standard interface between WebAssembly modules and their host environments. WASI allows Wasm modules to access system resources securely, including the network, filesystem, etc. This extremely expanded Webassembly’s potential by enabling it to work not only in browsers but also on servers.

The advantages of WebAssembly

WebAssembly stands out with several remarkable benefits over traditional containers:

You can refer to this table for a detailed comparison between WebAssembly and containers: WebAssembly vs Linux Container.

Run Wasm modules in Linux containers

An easy method to execute Wasm modules within container ecosystems is to incorporate the Wasm bytecode into the Linux container image. Specifically, the Linux OS inside the container can be pared down to only the components necessary to support the Wasm runtime. Since Wasm modules are housed in standard containers, they can be integrated seamlessly with any existing container ecosystems.

The slimmed Linux OS presents a much smaller attack surface versus a regular Linux OS. Nonetheless, this approach still necessitates the launching of a Linux container. Although the Linux OS is trimmed down, it still takes up 80% of the container’s image size.

Run Wasm modules in container runtimes that have Wasm support

The advantage of embedding the Wasm modules into the Linux container is that it allows for seamless integration with existing environments while also benefiting from the performance improvements brought by Wasm. However, compared to running Wasm modules directly in Wasm-supported container runtimes, this method is less efficient and secure.

Generally, container runtimes can be categorized into two levels: high-level runtimes and low-level runtimes.

Diagram flow showing high-level container management to high-level container runtimes to low-level container runtimes

We can enable Wasm support in both low-level and high-level container runtimes.
When running Wasm modules directly via low-level container runtimes, there are several options available, such as crun and youki, which come with built-in support for Wasm.

When running Wasm modules through high-level container runtimes, both CRI-O and containerd are great options. There are two possible approaches:

Diagram flow showing container management platforms using containerd and wasm

Run Wasm modules on Kubernetes

WebAssembly is driving the third wave of cloud computing. As the de facto standard in the realm of container orchestration, Kubernetes continuously evolves to leverage the advantages brought about by WebAssembly.

To run Wasm workloads on Kubernetes, two key components are needed:

Code example in associated Kubernetes with wasm

To enable Wasm support on Kubernetes nodes, we can use the Kwasm Operator to automate the process instead of manually installing a container runtime with the Wasm runtime library. Kwasm is a Kubernetes Operator that automatically adds WebAssembly support to your Kubernetes nodes. The operator uses the kwasm-node-installer project to modify the underlying Kubernetes nodes.


WebAssembly provides a fast, efficient, and secure way for executing code, while Kubernetes serves as a powerful container orchestration platform. “Cloud Native WebAssembly” uses Wasm on servers and in the cloud, employing orchestration tools like Kubernetes for the deployment and management of Wasm applications. By combining these technologies, we can create Cloud Native applications that are flexible, high-performance, scalable, and secure. This convergence opens up exciting possibilities for innovation, enabling the development of advanced serverless architectures, edge computing solutions, and more, while ensuring compatibility and portability across different environments.


This article incorporates contributions and feedback from the Kubernetes project, which are copyright © 2024 The Linux Foundation.