Kwasm is a Kubernetes operator that installs containerd WebAssembly shims onto existing nodes so pods can run Wasm modules instead of Linux containers. It targets the common case where you want to try Wasm workloads on an existing cluster without rebuilding node images.
The operator watches for a node label and, when it sees one, schedules a privileged installer pod that drops the chosen shim binary (runwasi-based shims for Spin, WasmEdge, Wasmtime, or Lunatic) into /opt on the host and patches containerd’s config.toml to register a new runtime handler. A RuntimeClass then points workloads at that handler, and any pod whose image is an OCI artifact containing a .wasm module is executed by the shim rather than runc. The node installer is driven by the kwasm-node-installer project so the same mechanism works on kind, k3s, AKS, EKS, and GKE nodes.
Kwasm is explicitly flagged as a development and evaluation tool — for production Wasm on Kubernetes, projects like SpinKube and the runwasi shims shipped directly by distributions are the longer-term path.