1. Overview

This document defines the structure and building method of Higress Wasm Plugin images. When preparing, we referred to Wasm Image Specification.

2. Image Structure

Each image needs to be build in OCI Image Specification based on scratch, and shall only contain following files:

  • spec.yaml: Required. Metadata file of the plugin. Please refer to section 3 below for its format.
  • README.md: Required. Readme file describing the usage of the plugin. Markdown format. Written in English or Chinese.
  • README_{lang}.md: Optional. Readme file describing the usage of the plugin. Markdown format. lang can be ZH or EN.
  • icon.png: Optional. Icon file of the plugin. A URL of the plugin icon can also be specified in spec.yaml. If both the file and the URL are configured, the file will be used for display.
  • plugin.wasm: Required. The binary file of the plugin.

Each layer of the image can only contain a single file.

Except the layer containing plugin.wasm, the media type of other layers shall be set according to the file inside:

  • spec.yaml: application/vnd.module.wasm.spec.v1+yaml
  • README.md: application/vnd.module.wasm.doc.v1+markdown
  • README_{lang}.md: application/vnd.module.wasm.doc.v1.{lang}+markdown
  • icon.png: application/vnd.module.wasm.icon.v1+png

plugin.wasm must be placed in the last layer of the image, with the media type of application/vnd.oci.image.layer.v1.tar+gzip.

3. Metadata File Format

The format of metadata file, spec.yaml, is as following, using the metadata of basic-auth plugin as an example:

  1. apiVersion: 1.0.0  # The schema version of the content below. Always use to 1.0.0 for now.
  2. info:
  3.   category: auth # Plugin category. Options: auth (authentication and authorization), security (security protection), protocol (protocol transformation), flow-control, flow-monitor,custom
  4.   name: basic-auth/v1  # Plugin name, which is the unique identifier of the plugin. It is recommended to add a version suffix, such as “/v1”, just in case an incompatible upgrade in the future.
  5.   title: Basic Auth # Display name. I18n supported.
  6.   description: 本插件实现了基于 HTTP Basic Auth 标准进行认证鉴权的功能。 # Plugin description. I18n supported.
  7.   x-description-i18n: # I18n content of the description field above. Translated contents can be added using “x-{name}-i18n” fields for all i18n-supported fields.
  8.     en-US: This plugin implements an authentication function based on HTTP Basic Auth standard.
  10.   version: 1.0.0 # Plugin version
  11.   contact: # Plugin contact
  12.     name: Higress Team
  14.     email: admin@higress.io
  15. spec:
  17.   priority: 0 # Execution priority within the given phase. Please refer to https://istio.io/latest/docs/reference/config/proxy_extensions/wasm-plugin/#WasmPlugin
  18.   configSchema: # Schema of the plugin’s runtime configurations, which shall be defined with the Schema object in OpenAPI 3.0.0 standard.
  19.     openAPIV3Schema: # Please refer to https://openapi.apifox.cn/#schema-%E5%AF%B9%E8%B1%A1 for the data structure. Some fields which can be used for display support i18n.
  20.       type: object
  21.       properties:
  22.         consumers:
  23.           type: array
  24.           x-scope: GLOBAL # Field effective scope. Options: GLOBAL (global configuration), RULE (rule-level configuration, which can be set associated to routes, domains or services.), ANY (Effective scope unrestricted). Optional. Default value is ANY.
  25.           title: 调用方列表
  26.           x-title-i18n:
  27.             en-US: Consumer List
  28.           description: 服务调用方列表,用于对请求进行认证
  29.           x-description-i18n:
  30.             en-US: List of service consumers which will be used in request authentication
  31.           items:
  32.             type: object
  33.             properties:
  34.               name:
  35.                 type: string
  36.                 title: 名称
  37.                 x-title-i18n:
  38.                   en-US: Name
  39.                 description: 该调用方的名称
  40.                 x-description-i18n:
  41.                   en-US: The name of the consumer
  42.                 # Data validation shall be implemented according JSON Schema Validation Spec
  44.                 # Following values are supported:
  45.                 # - maximum
  46.                 # - minimum
  47.                 # - maxLength
  48.                 # - minLength
  49.                 # - pattern
  50.                 # - maxItems
  51.                 # - minItems
  52.                 # - required
  53.                 minLength: 6 # Minimum length for data validation
  54.                 maxLength: 256 # Maximum length for data validation
  55.                 pattern: “^$ # Regular experssion for data validation
  56.                 example:
  57.                   - consumer1
  58.               credential:
  59.                 type: string
  60.                 title: 访问凭证
  61.                 x-title-i18n:
  62.                   en-US: Credential
  63.                 description: 该调用方的访问凭证
  64.                 x-description-i18n:
  65.                   en-US: The credential of the consumer
  66.                 example:
  67.                   - admin:123456
  68.             required:
  69.               - name
  70.               - credential
  71.         allow:
  72.           type: array
  73.           title: 授权访问的调用方列表
  74.           x-title-i18n:
  75.             en-US: Allowed Consumers
  76.           description: 对于匹配上述条件的请求,允许访问的调用方列表
  77.           x-description-i18n:
  78.             en-US: Consumers to be allowed for matched requests
  79.           items:
  80.             type: string
  81.             example:
  82.               - consumer1
  83.       required:
  84.         - allow
  85.         - consumers
  86.       example:
  87.         consumers:
  88.           - name: consumer1
  89.             credential: admin:123456
  90.           - name: consumer2
  91.             credential: guest:abc
  92.         allow:
  93.           - consumer2

4. How to Build an Image

  1. Start the builder container from the Higress root folder
  1. GO_VERSION=”1.19
  2. TINYGO_VERSION=”0.28.1
  3. ORAS_VERSION=”1.0.0
  4. PLUGIN_NAME=”hello-world
  5. BUILDER_IMAGE=”higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/wasm-go-builder:go${GO_VERSION}-tinygo${TINYGO_VERSION}-oras${ORAS_VERSION}”
  6. docker run -v ${PWD}:/workspace -e PLUGIN_NAME=${PLUGIN_NAME} -it —rm  /bin/bash
  1. Build Wasm file inside the container
  1. cd /workspace/plugins/wasm-go/extensions/${PLUGIN_NAME}
  2. go mod tidy
  3. tinygo build -o ./plugin.wasm -scheduler=none -target=wasi -gc=custom -tags=’custommalloc nottinygc_finalizer ./main.go
  1. Build and push an OCI image
  1. tar czvf plugin.tar.gz plugin.wasm
  2. IMAGE_REGISTRY_SERVICE=docker.io
  3. IMAGE_REPOSITORY=”${IMAGE_REGISTRY_SERVICE}/plugins/${PLUGIN_NAME}”
  4. IMAGE_TAG=”v0.0.1
  5. oras login ${IMAGE_REGISTRY_SERVICE}
  6. oras push ${IMAGE_REPOSITORY}:${IMAGE_TAG} \
  7.     ./spec.yaml:application/vnd.module.wasm.spec.v1+yaml  \
  8.     ./README.md:application/vnd.module.wasm.doc.v1+markdown \
  9.     ./README_EN.md:application/vnd.module.wasm.doc.v1.en+markdown \
  10.     ./plugin.tar.gz:application/vnd.oci.image.layer.v1.tar+gzip

5. Appendix

5.1 Default Icon for Each Plugin Category