Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
コンテーナーの話
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Ian Lewis
June 04, 2014
Technology
0
110
コンテーナーの話
Ian Lewis
June 04, 2014
Tweet
Share
More Decks by Ian Lewis
See All by Ian Lewis
Kubernetes Security Best Practices
ianlewis
38
26k
The Enemy Within: Running untrusted code in Kubernetes
ianlewis
0
1.4k
The Enemy Within: Running untrusted code with gVisor
ianlewis
4
1.3k
KubeCon EU Runtime Track Recap
ianlewis
3
1.7k
コンテナによるNoOpsオートメーション
ianlewis
2
190
Google Kubernetes Engine 概要 & アップデート @ GCPUG Kansai Summit Day 2018
ianlewis
2
970
Extending Kubernetes with Custom Resources and Operator Frameworks
ianlewis
10
3.9k
Kubernetesのセキュリティのベストプラクティス
ianlewis
12
17k
Scheduling and Resource Management in Kubernetes
ianlewis
2
1.4k
Other Decks in Technology
See All in Technology
AWS Network Firewall Proxyを触ってみた
nagisa53
1
240
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
68k
今日から始める Amazon Bedrock AgentCore
har1101
4
410
SREのプラクティスを用いた3領域同時 マネジメントへの挑戦 〜SRE・情シス・セキュリティを統合した チーム運営術〜
coconala_engineer
2
670
Webhook best practices for rock solid and resilient deployments
glaforge
2
300
プロポーザルに込める段取り八分
shoheimitani
1
290
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
shibayu36
0
260
22nd ACRi Webinar - NTT Kawahara-san's slide
nao_sumikawa
0
100
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.4k
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
200
学生・新卒・ジュニアから目指すSRE
hiroyaonoe
2
640
ブロックテーマ、WordPress でウェブサイトをつくるということ / 2026.02.07 Gifu WordPress Meetup
torounit
0
190
Featured
See All Featured
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
250
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.7k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
1
54
How GitHub (no longer) Works
holman
316
140k
The untapped power of vector embeddings
frankvandijk
1
1.6k
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.3k
For a Future-Friendly Web
brad_frost
182
10k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2k
Utilizing Notion as your number one productivity tool
mfonobong
3
220
Faster Mobile Websites
deanohume
310
31k
The Invisible Side of Design
smashingmag
302
51k
Transcript
コンテーナーの話
1. 誰 2. 何 3. 何故
1. 何 2. 誰 3. 何故
何
LXC
LinuX Container
•Kernel namespaces (ipc, uts, mount, pid, network and user) Apparmor
and SELinux profiles Seccomp policies Chroots (using pivot_root) Kernel capabilities Control groups (cgroups)
import lxc container = lxc.Container("p1") container.create("ubuntu") container.start() container.get_ips() container.stop()
PYTHON
PYTHON3
chroot
None
namespaces
mount UTS Network SysV IPC
cgroups
Resource limits Prioritization Accounting Control
誰
2006
None
2014
EVERYTHING at Google runs in a container
None
None
None
None
( ̄∇ ̄;)
April 2008
None
None
None
CoreOS
何故
セキュリティ
リソース
パフォーマンス
スケーラビリティ
THE END
ianlewis
nagisa53
sansan33
har1101
coconala_engineer
glaforge
shoheimitani
shibayu36
nao_sumikawa
andrzejkrzywda
hiroyaonoe
torounit
skipperchong
smashingmag
bcantrill
akademiya2063
holman
frankvandijk
inesmontani
brad_frost
mfonobong
deanohume
