Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ricc-20210826
Search
Tomoki Sugiura
August 26, 2021
Programming
0
410
ricc-20210826
Tomoki Sugiura
August 26, 2021
Tweet
Share
More Decks by Tomoki Sugiura
See All by Tomoki Sugiura
CiliumによるKubernetes Network Policyの実現 CNDT2021
shanpu
0
940
naist colloquium-B 2
shanpu
0
160
IOT53
shanpu
0
38
RICC-PIoT Workshop 2021
shanpu
0
510
ricc-nii-2020
shanpu
0
87
Cloud Native Kansai #05 LT4
shanpu
1
870
gcpug-kyoto#2-LT1
shanpu
0
590
kubernetes-seminar
shanpu
0
140
KansaiLT2
shanpu
0
200
Other Decks in Programming
See All in Programming
ピグパーティにおけるMongoDB CommunityバージョンからAtlasへの移行事例
10969hotaka
0
130
Android開発者のための Kotlin Multiplatform入門
ntaro
0
190
初心者がおさえておきたいAWS CDKのベストプラクティス 2024
konokenj
15
7.3k
CSC307 Lecture 13
javiergs
PRO
0
150
DMMプラットフォームにおけるTiDBの導入から運用まで
pospome
7
3k
GraphQL はいいぞ! ~Laravel で学ぶ GraphQL 入門~
azuki
1
160
Folding Cheat Sheet #7
philipschwarz
PRO
0
150
大規模マルチテナントを解決するYugabyteDBという選択肢
nnaka2992
1
250
Play Billing Library 7.0.0 変更点まとめ@potatotips#88
kako351
0
160
Javaの現状2024夏 / Java current status 2024 summer
kishida
4
1.4k
CSC307 Lecture 10
javiergs
PRO
0
310
OpenAI/Gemini APIを使って EPUBを翻訳するCLIツールをつくってみた
tomiyan
0
790
Featured
See All Featured
Building Adaptive Systems
keathley
34
2k
What's new in Ruby 2.0
geeforr
338
31k
Faster Mobile Websites
deanohume
303
30k
Infographics Made Easy
chrislema
238
18k
How GitHub Uses GitHub to Build GitHub
holman
471
290k
The Straight Up "How To Draw Better" Workshop
denniskardys
229
130k
Code Review Best Practice
trishagee
58
16k
How STYLIGHT went responsive
nonsquared
93
5k
Designing for Performance
lara
604
67k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
121
18k
Building Applications with DynamoDB
mza
89
5.8k
Docker and Python
trallard
37
2.9k
Transcript
Cilium Explicit Allow- Listing for ICMP GSoC 2021 3*$$ୈҰճݚڀ߹॓ /"*454%-BC.
ਿӜஐج
֓ཁ 2 ˓ (PPHMF4VNNFSPG$PEFʢ(4P$ʣʹࢀՃ͠·ͨ͠ ˓ $JMJVNͱ͍͏ωοτϫʔΫ044ͷػೳՃΛ୲ ˔ *$.1ύέοτͷϑΟϧλʔػೳ ˓ ͜ͷൃදͰ$JMJVNػೳͷ࣮ʹ͍ͭͯհ
Google Summer of CodeʢGSoCʣ 3 ˓ (PPHMFओ࠵ͷֶੜͷ044ߩݙΛࢧԉ͢ΔϓϩάϥϜ ˓ ֶੜϦετΞοϓ͞Εͨ044ʹରͯ͠ػೳՃͷ ϓϩϙʔβϧΛఏग़
˓ ࠾͞ΕͨΒʙ݄ͷिؒͰ࣮ ˔ ϝϯλʔ͋Γ ˓ தؒ৹ࠪɼ࠷ऴ৹ࠪͦΕͧΕ௨Δ͝ͱʹใۚ ˓ $JMJVNωοτϫʔΫϙϦγʔͷ*$.1ରԠ
Cilium 4 ˓ ,VCFSOFUFTͷ$/*ϓϥάΠϯͷҰछ ˔ IUUQTHJUIVCDPNDJMJVNDJMJVN ˓ ॲཧج൫ʹF#1'Λ༻ ˓ $/*ϓϥάΠϯք۾ͷதͰΞπ͍ଘࡏ
˔ (,&EBUBQMBOFWʹ࠾༻ ˔ $/$'JODVCBUJOHQSPKFDUొਃத ˗ IUUQTHJUIVCDPNDODGUPDQVMM ˔ ຊͰ͋·ΓΘΕͯͳ͍ ҹ 🥺
Kubernetes 5 ˓ ίϯςφΦʔέετϨʔγϣϯπʔϧͷσϑΝΫτ ˓ ෳͷίϯςφɺෳͷϊʔυΛཧ ˔ εέδϡʔϦϯά ˔ ࣗಈ෮چ
˔ ϘϦϡʔϜͷׂΓͯ ˔ FUD ˓ એݴతૢ࡞ͱϦίϯαΠϧϧʔϓʢௐϧʔϓʣ ˓ ΦϖϨʔλͷΈΛͬͯίϯςφҎ֎ ཧ ˔ ίϯςφΦʔέετϨʔγϣϯͰ͖Δπʔϧ
KubernetesͱCNIϓϥάΠϯ 6 ˓ ,VCFSOFUFTίϯςφͷωοτϫʔΫ*'ͷ࡞Λ֎෦ ϓϥάΠϯʹ͍ͤͯΔ ˔ ͦΕΛ୲͏ͷ͕$POUBJOFS/FUXPSL*OUFSGBDFʢ$/*ʣ ϓϥάΠϯ ˔ $/*ϓϥάΠϯ,VCFSOFUFTઐ༻πʔϧͰͳ͍
˓ 1PEʢ㲈$POUBJOFSʣੜ࣌ʹ,VCFMFU͕$/*ϓϥάΠϯ Λىಈ ˓ $/*ϓϥάΠϯͷൣғ͋͘·Ͱ*'ͷ࡞͕ͩ ωοτϫʔΫपΓͷॾʑΛ୲͍ͬͯΔ
KubernetesͱCNIϓϥάΠϯ 7 ˓ $/*ͷఆٛ͜͜ ˓ $/*ͷఏڙ͖͢ػೳ ˔ "%% ˗ ίϯςφʹωοτϫʔΫ*'ΛՃPSߋ৽
˔ %&- ˗ ίϯςφͷωοτϫʔΫ*'ΛআPS6OEP ˔ $)&$, ˗ ίϯςφͷωοτϫʔΫ*'ͷঢ়ଶ֬ೝ ˔ 7&34*0/ ˗ $/*ϓϥάΠϯͷόʔδϣϯ֬ೝ
දతͳCNIϓϥάΠϯ 8 ˓ 'MBOOFM ˓ $BMJDP ˓ 8FBWF ˓ $JMJVN
Ciliumͷಛ 9 ˓ F#1'Λॲཧج൫ʹ׆༻ ˔ 9%1ʹΑΔύέοτॲཧͷߴԽ ˗ JQUBCMFTΑΓύϑΥʔϚϯεߴ ˔ ௨৴ଳҬཧ
˔ ॆ࣮ͨ͠ࢹػೳ ˓ ΤϯυϙΠϯτͷ*%ϕʔεཧʢOPU*1ΞυϨεʣ ˔ LT্ͷΞϓϦέʔγϣϯ*1ΞυϨε͕සൟʹมΘΔ
eBPF 10 ˓ FYUFOEFE#FSLFMFZ1BDLFU'JMUFS ˔ 1BDLFU'JMUFSͱݴ͍ͭͭγεςϜίʔϧͷϑΟϧλϦϯάΛ ͨ͠ΓϓϩάϥϜͷτϨʔγϯάΛͨ͠Γ ˓ ಠ໋ࣗྩηοτΛͬͨΧʔωϧԾϚγϯͰ࣮ߦ ˔
γεςϜ7.͡Όͳͯ͘ϓϩηε7. ˔ ϓϩάϥϜͷݕࠪػߏ͕͋Δ ˓ $ݴޠͰهड़ ˓ ࠷ۙF#1''PVOEBUJPO͕-JOVY'PVOEBUJOࡿԼʹ Ͱ͖ͨ
Kubernetesʹ͓͚ΔNetwork Policy 11 ˓ $/*ϓϥάΠϯ͕ػೳΛ͍࣋ͬͯΕ༻Մೳ ˓ ҎԼͷཁૉͰϗϫΠτϦετΛ࡞ ˔ *1ΞυϨε ˔
໊લۭؒ ˔ ϥϕϧ ˔ ϙʔτ൪߸ /FUXPSL1PMJDZྫ
Cilium Network PolicyʢCNPʣ 12 ˓ $/1,VCFSOFUFT/FUXPSL1PMJDZͷ֦ு ˔ 4FSWJDF ˔ &OUJUZ
˔ '2%/ ˔ -ʢ)551ɼ,BGLBʣ ˔ FUD ˓ BMMPXEFOZ྆ํՄೳ -$/1ͷྫ
CNPͱICMP 13 ˓ ͔͠͠*$.1ͷBMMPXEFOZػೳͳ͔ͬͨ ˔ -ͷBMMPXϧʔϧΛ࡞Δͱ-ࣗಈతʹઃఆ͞ΕΔ ˠ*$.1શͯυϩοϓ ˓ ແ͍ͳΒ࡞Ζ͏
Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 14 /FUXPSL1PMJDZΛهड़ͨ͠ ϚχϑΣετϑΝΠϧ
Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 15 ਖ਼͍͔͠νΣοΫ F#1'.BQߏମ (P Ϣʔβۭ֤ؒϊʔυʹͯ /1༻F#1'.BQʹ ରԠ͢Δߏମʹม F#1'.BQʹՃ
Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 16 ύέοτ F#1'.BQ Χʔωϧۭؒ ϔομΛಡΈऔͬͯ ߏମʹม F#1'.BQLFZ র߹͢Δ 1BTT
%SPQ
ICMP Policyͷ࣮1 17 ਖ਼͍͔͠νΣοΫ Ϣʔβۭ֤ؒϊʔυʹͯ /1༻F#1'.BQʹ ରԠ͢Δߏମʹม F#1'.BQʹՃ *$.1ϑΟʔϧυͷνΣοΫ *$.1UZQFΛ%FTU1PSUʹೖΕΔ
ICMP Policyͷ࣮2 18 ύέοτ F#1'.BQ Χʔωϧۭؒ ϔομΛಡΈऔͬͯ ߏମʹม F#1'.BQLFZ র߹͢Δ
1BTT %SPQ *$.1ϔομΛಡΈऔΓ
ICMP Policyͷ࣮3 19 ˓ ৄͪ͘͜͠Β ˔ IUUQTHJTUHJUIVCDPNDIF[TIBOQV DBDBDDGBGGDBE
ۤ࿑ϙΠϯτ 20 ˓ F#1'ϓϩάϥϜαΠζʢ໋ྩʣͷ੍ݶ͋Γ ˔ ΧʔωϧόʔδϣϯʹΑͬͯҧ͏ͷͰͦΕͧΕͰ֬ೝ ˔ ͜ͷ੍ݶʹΑΓ*$.1ϑΟϧλʔԾ࣮ঢ়ଶ🥺 ˓ ʢ୭͔͕͕$*յ͢ͱࣗͷมߋΛϚʔδͯ͠Β͑ͳ͍ʣ
·ͱΊ 21 ˓ ,VCFSOFUFTωοτϫʔΫػೳΛ$/*ϓϥάΠϯʹҕ ˓ $JMJVNF#1'Λͬͨ$/*ϓϥάΠϯͷҰͭ ˓ F#1'ͷ੍ݶ͔Β*$.1ϑΟϧλʔػೳԾ࣮ঢ়ଶ ˓ (4P$ऴΘΓ·͕ͨ͠ɼ͏ͪΐͬͱؤுΓ·͢
❤