Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ricc-20210826
Search
Tomoki Sugiura
August 26, 2021
Programming
0
540
ricc-20210826
Tomoki Sugiura
August 26, 2021
Tweet
Share
More Decks by Tomoki Sugiura
See All by Tomoki Sugiura
CiliumによるKubernetes Network Policyの実現 CNDT2021
shanpu
0
1.3k
naist colloquium-B 2
shanpu
0
230
IOT53
shanpu
0
92
RICC-PIoT Workshop 2021
shanpu
0
650
ricc-nii-2020
shanpu
0
130
Cloud Native Kansai #05 LT4
shanpu
1
1k
gcpug-kyoto#2-LT1
shanpu
0
690
kubernetes-seminar
shanpu
0
190
KansaiLT2
shanpu
0
270
Other Decks in Programming
See All in Programming
uniqueパッケージの内部実装を支えるweak pointerの話
magavel
0
1k
CSC509 Lecture 06
javiergs
PRO
0
260
Serena MCPのすすめ
wadakatu
4
1k
overlayPreferenceValue で実現する ピュア SwiftUI な AdMob ネイティブ広告
uhucream
0
190
AI駆動で0→1をやって見えた光と伸びしろ
passion0102
1
220
『毎日の移動』を支えるGoバックエンド内製開発
yutautsugi
2
250
開発生産性を上げるための生成AI活用術
starfish719
3
1.2k
AI Coding Meetup #3 - 導入セッション / ai-coding-meetup-3
izumin5210
0
3.3k
XP, Testing and ninja testing ZOZ5
m_seki
3
700
エンジニアインターン「Treasure」とHonoの2年、そして未来へ / Our Journey with Hono Two Years at Treasure and Beyond
carta_engineering
0
310
kiroとCodexで最高のSpec駆動開発を!!数時間で web3ネイティブなミニゲームを作ってみたよ!
mashharuki
0
650
詳しくない分野でのVibe Codingで困ったことと学び/vibe-coding-in-unfamiliar-area
shibayu36
3
5.1k
Featured
See All Featured
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
115
20k
What's in a price? How to price your products and services
michaelherold
246
12k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
Designing for Performance
lara
610
69k
GitHub's CSS Performance
jonrohan
1032
470k
KATA
mclloyd
32
15k
How STYLIGHT went responsive
nonsquared
100
5.8k
Java REST API Framework Comparison - PWX 2021
mraible
34
8.9k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
Speed Design
sergeychernyshev
32
1.2k
Thoughts on Productivity
jonyablonski
70
4.9k
Transcript
Cilium Explicit Allow- Listing for ICMP GSoC 2021 3*$$ୈҰճݚڀ߹॓ /"*454%-BC.
ਿӜஐج
֓ཁ 2 ˓ (PPHMF4VNNFSPG$PEFʢ(4P$ʣʹࢀՃ͠·ͨ͠ ˓ $JMJVNͱ͍͏ωοτϫʔΫ044ͷػೳՃΛ୲ ˔ *$.1ύέοτͷϑΟϧλʔػೳ ˓ ͜ͷൃදͰ$JMJVNػೳͷ࣮ʹ͍ͭͯհ
Google Summer of CodeʢGSoCʣ 3 ˓ (PPHMFओ࠵ͷֶੜͷ044ߩݙΛࢧԉ͢ΔϓϩάϥϜ ˓ ֶੜϦετΞοϓ͞Εͨ044ʹରͯ͠ػೳՃͷ ϓϩϙʔβϧΛఏग़
˓ ࠾͞ΕͨΒʙ݄ͷिؒͰ࣮ ˔ ϝϯλʔ͋Γ ˓ தؒ৹ࠪɼ࠷ऴ৹ࠪͦΕͧΕ௨Δ͝ͱʹใۚ ˓ $JMJVNωοτϫʔΫϙϦγʔͷ*$.1ରԠ
Cilium 4 ˓ ,VCFSOFUFTͷ$/*ϓϥάΠϯͷҰछ ˔ IUUQTHJUIVCDPNDJMJVNDJMJVN ˓ ॲཧج൫ʹF#1'Λ༻ ˓ $/*ϓϥάΠϯք۾ͷதͰΞπ͍ଘࡏ
˔ (,&EBUBQMBOFWʹ࠾༻ ˔ $/$'JODVCBUJOHQSPKFDUొਃத ˗ IUUQTHJUIVCDPNDODGUPDQVMM ˔ ຊͰ͋·ΓΘΕͯͳ͍ ҹ 🥺
Kubernetes 5 ˓ ίϯςφΦʔέετϨʔγϣϯπʔϧͷσϑΝΫτ ˓ ෳͷίϯςφɺෳͷϊʔυΛཧ ˔ εέδϡʔϦϯά ˔ ࣗಈ෮چ
˔ ϘϦϡʔϜͷׂΓͯ ˔ FUD ˓ એݴతૢ࡞ͱϦίϯαΠϧϧʔϓʢௐϧʔϓʣ ˓ ΦϖϨʔλͷΈΛͬͯίϯςφҎ֎ ཧ ˔ ίϯςφΦʔέετϨʔγϣϯͰ͖Δπʔϧ
KubernetesͱCNIϓϥάΠϯ 6 ˓ ,VCFSOFUFTίϯςφͷωοτϫʔΫ*'ͷ࡞Λ֎෦ ϓϥάΠϯʹ͍ͤͯΔ ˔ ͦΕΛ୲͏ͷ͕$POUBJOFS/FUXPSL*OUFSGBDFʢ$/*ʣ ϓϥάΠϯ ˔ $/*ϓϥάΠϯ,VCFSOFUFTઐ༻πʔϧͰͳ͍
˓ 1PEʢ㲈$POUBJOFSʣੜ࣌ʹ,VCFMFU͕$/*ϓϥάΠϯ Λىಈ ˓ $/*ϓϥάΠϯͷൣғ͋͘·Ͱ*'ͷ࡞͕ͩ ωοτϫʔΫपΓͷॾʑΛ୲͍ͬͯΔ
KubernetesͱCNIϓϥάΠϯ 7 ˓ $/*ͷఆٛ͜͜ ˓ $/*ͷఏڙ͖͢ػೳ ˔ "%% ˗ ίϯςφʹωοτϫʔΫ*'ΛՃPSߋ৽
˔ %&- ˗ ίϯςφͷωοτϫʔΫ*'ΛআPS6OEP ˔ $)&$, ˗ ίϯςφͷωοτϫʔΫ*'ͷঢ়ଶ֬ೝ ˔ 7&34*0/ ˗ $/*ϓϥάΠϯͷόʔδϣϯ֬ೝ
දతͳCNIϓϥάΠϯ 8 ˓ 'MBOOFM ˓ $BMJDP ˓ 8FBWF ˓ $JMJVN
Ciliumͷಛ 9 ˓ F#1'Λॲཧج൫ʹ׆༻ ˔ 9%1ʹΑΔύέοτॲཧͷߴԽ ˗ JQUBCMFTΑΓύϑΥʔϚϯεߴ ˔ ௨৴ଳҬཧ
˔ ॆ࣮ͨ͠ࢹػೳ ˓ ΤϯυϙΠϯτͷ*%ϕʔεཧʢOPU*1ΞυϨεʣ ˔ LT্ͷΞϓϦέʔγϣϯ*1ΞυϨε͕සൟʹมΘΔ
eBPF 10 ˓ FYUFOEFE#FSLFMFZ1BDLFU'JMUFS ˔ 1BDLFU'JMUFSͱݴ͍ͭͭγεςϜίʔϧͷϑΟϧλϦϯάΛ ͨ͠ΓϓϩάϥϜͷτϨʔγϯάΛͨ͠Γ ˓ ಠ໋ࣗྩηοτΛͬͨΧʔωϧԾϚγϯͰ࣮ߦ ˔
γεςϜ7.͡Όͳͯ͘ϓϩηε7. ˔ ϓϩάϥϜͷݕࠪػߏ͕͋Δ ˓ $ݴޠͰهड़ ˓ ࠷ۙF#1''PVOEBUJPO͕-JOVY'PVOEBUJOࡿԼʹ Ͱ͖ͨ
Kubernetesʹ͓͚ΔNetwork Policy 11 ˓ $/*ϓϥάΠϯ͕ػೳΛ͍࣋ͬͯΕ༻Մೳ ˓ ҎԼͷཁૉͰϗϫΠτϦετΛ࡞ ˔ *1ΞυϨε ˔
໊લۭؒ ˔ ϥϕϧ ˔ ϙʔτ൪߸ /FUXPSL1PMJDZྫ
Cilium Network PolicyʢCNPʣ 12 ˓ $/1,VCFSOFUFT/FUXPSL1PMJDZͷ֦ு ˔ 4FSWJDF ˔ &OUJUZ
˔ '2%/ ˔ -ʢ)551ɼ,BGLBʣ ˔ FUD ˓ BMMPXEFOZ྆ํՄೳ -$/1ͷྫ
CNPͱICMP 13 ˓ ͔͠͠*$.1ͷBMMPXEFOZػೳͳ͔ͬͨ ˔ -ͷBMMPXϧʔϧΛ࡞Δͱ-ࣗಈతʹઃఆ͞ΕΔ ˠ*$.1શͯυϩοϓ ˓ ແ͍ͳΒ࡞Ζ͏
Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 14 /FUXPSL1PMJDZΛهड़ͨ͠ ϚχϑΣετϑΝΠϧ
Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 15 ਖ਼͍͔͠νΣοΫ F#1'.BQߏମ (P Ϣʔβۭ֤ؒϊʔυʹͯ /1༻F#1'.BQʹ ରԠ͢Δߏମʹม F#1'.BQʹՃ
Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 16 ύέοτ F#1'.BQ Χʔωϧۭؒ ϔομΛಡΈऔͬͯ ߏମʹม F#1'.BQLFZ র߹͢Δ 1BTT
%SPQ
ICMP Policyͷ࣮1 17 ਖ਼͍͔͠νΣοΫ Ϣʔβۭ֤ؒϊʔυʹͯ /1༻F#1'.BQʹ ରԠ͢Δߏମʹม F#1'.BQʹՃ *$.1ϑΟʔϧυͷνΣοΫ *$.1UZQFΛ%FTU1PSUʹೖΕΔ
ICMP Policyͷ࣮2 18 ύέοτ F#1'.BQ Χʔωϧۭؒ ϔομΛಡΈऔͬͯ ߏମʹม F#1'.BQLFZ র߹͢Δ
1BTT %SPQ *$.1ϔομΛಡΈऔΓ
ICMP Policyͷ࣮3 19 ˓ ৄͪ͘͜͠Β ˔ IUUQTHJTUHJUIVCDPNDIF[TIBOQV DBDBDDGBGGDBE
ۤ࿑ϙΠϯτ 20 ˓ F#1'ϓϩάϥϜαΠζʢ໋ྩʣͷ੍ݶ͋Γ ˔ ΧʔωϧόʔδϣϯʹΑͬͯҧ͏ͷͰͦΕͧΕͰ֬ೝ ˔ ͜ͷ੍ݶʹΑΓ*$.1ϑΟϧλʔԾ࣮ঢ়ଶ🥺 ˓ ʢ୭͔͕͕$*յ͢ͱࣗͷมߋΛϚʔδͯ͠Β͑ͳ͍ʣ
·ͱΊ 21 ˓ ,VCFSOFUFTωοτϫʔΫػೳΛ$/*ϓϥάΠϯʹҕ ˓ $JMJVNF#1'Λͬͨ$/*ϓϥάΠϯͷҰͭ ˓ F#1'ͷ੍ݶ͔Β*$.1ϑΟϧλʔػೳԾ࣮ঢ়ଶ ˓ (4P$ऴΘΓ·͕ͨ͠ɼ͏ͪΐͬͱؤுΓ·͢
❤