Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
ricc-20210826
Tomoki Sugiura
August 26, 2021
Programming
0
290
ricc-20210826
Tomoki Sugiura
August 26, 2021
Tweet
Share
More Decks by Tomoki Sugiura
See All by Tomoki Sugiura
CiliumによるKubernetes Network Policyの実現 CNDT2021
shanpu
0
650
naist colloquium-B 2
shanpu
0
150
IOT53
shanpu
0
33
RICC-PIoT Workshop 2021
shanpu
0
360
ricc-nii-2020
shanpu
0
63
Cloud Native Kansai #05 LT4
shanpu
1
660
gcpug-kyoto#2-LT1
shanpu
0
460
kubernetes-seminar
shanpu
0
95
KansaiLT2
shanpu
0
180
Other Decks in Programming
See All in Programming
Hono v3 - Do Everything, Run Anywhere, But Small, And Faster
yusukebe
4
130
(新米)エンジニアリングマネージャーのしごと #RSGT2023
murabayashi
9
5.6k
Swift Expression Macros: a practical introduction
kishikawakatsumi
2
720
Azure Functionsをサクッと開発、サクッとデプロイ/vscodeconf2023-baba
nina01
1
330
はてなリモートインターンシップ2022 Web API 講義資料
hatena
0
150
OSSから学んだPR Descriptionの書き方
fugakkbn
4
130
Step Functions Distributed Map を使ってみた
codemountains
0
100
10年以上続くプロダクトの フロントエンド刷新プロジェクトのふりかえり
yotahada3
2
320
Remix + Cloudflare Pages + D1 で ポケモン SV のレンタルチームを検索できるアプリを作ってみた
kuroppe1819
4
1.3k
Cloudflare Workersと状態管理
chimame
3
480
An Advanced Introduction to R
nicetak
0
1.7k
コンピュータビジョンセミナー2 / computer_vision_seminar_libSGM
fixstars
0
310
Featured
See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
Build your cross-platform service in a week with App Engine
jlugia
221
17k
Designing Experiences People Love
moore
130
22k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.2k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
351
21k
Design by the Numbers
sachag
271
18k
Large-scale JavaScript Application Architecture
addyosmani
499
110k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
175
9.1k
The Mythical Team-Month
searls
210
40k
Building Flexible Design Systems
yeseniaperezcruz
314
35k
How to name files
jennybc
47
73k
Navigating Team Friction
lara
176
12k
Transcript
Cilium Explicit Allow- Listing for ICMP GSoC 2021 3*$$ୈҰճݚڀ߹॓ /"*454%-BC.
ਿӜஐج
֓ཁ 2 ˓ (PPHMF4VNNFSPG$PEFʢ(4P$ʣʹࢀՃ͠·ͨ͠ ˓ $JMJVNͱ͍͏ωοτϫʔΫ044ͷػೳՃΛ୲ ˔ *$.1ύέοτͷϑΟϧλʔػೳ ˓ ͜ͷൃදͰ$JMJVNػೳͷ࣮ʹ͍ͭͯհ
Google Summer of CodeʢGSoCʣ 3 ˓ (PPHMFओ࠵ͷֶੜͷ044ߩݙΛࢧԉ͢ΔϓϩάϥϜ ˓ ֶੜϦετΞοϓ͞Εͨ044ʹରͯ͠ػೳՃͷ ϓϩϙʔβϧΛఏग़
˓ ࠾͞ΕͨΒʙ݄ͷिؒͰ࣮ ˔ ϝϯλʔ͋Γ ˓ தؒ৹ࠪɼ࠷ऴ৹ࠪͦΕͧΕ௨Δ͝ͱʹใۚ ˓ $JMJVNωοτϫʔΫϙϦγʔͷ*$.1ରԠ
Cilium 4 ˓ ,VCFSOFUFTͷ$/*ϓϥάΠϯͷҰछ ˔ IUUQTHJUIVCDPNDJMJVNDJMJVN ˓ ॲཧج൫ʹF#1'Λ༻ ˓ $/*ϓϥάΠϯք۾ͷதͰΞπ͍ଘࡏ
˔ (,&EBUBQMBOFWʹ࠾༻ ˔ $/$'JODVCBUJOHQSPKFDUొਃத ˗ IUUQTHJUIVCDPNDODGUPDQVMM ˔ ຊͰ͋·ΓΘΕͯͳ͍ ҹ 🥺
Kubernetes 5 ˓ ίϯςφΦʔέετϨʔγϣϯπʔϧͷσϑΝΫτ ˓ ෳͷίϯςφɺෳͷϊʔυΛཧ ˔ εέδϡʔϦϯά ˔ ࣗಈ෮چ
˔ ϘϦϡʔϜͷׂΓͯ ˔ FUD ˓ એݴతૢ࡞ͱϦίϯαΠϧϧʔϓʢௐϧʔϓʣ ˓ ΦϖϨʔλͷΈΛͬͯίϯςφҎ֎ ཧ ˔ ίϯςφΦʔέετϨʔγϣϯͰ͖Δπʔϧ
KubernetesͱCNIϓϥάΠϯ 6 ˓ ,VCFSOFUFTίϯςφͷωοτϫʔΫ*'ͷ࡞Λ֎෦ ϓϥάΠϯʹ͍ͤͯΔ ˔ ͦΕΛ୲͏ͷ͕$POUBJOFS/FUXPSL*OUFSGBDFʢ$/*ʣ ϓϥάΠϯ ˔ $/*ϓϥάΠϯ,VCFSOFUFTઐ༻πʔϧͰͳ͍
˓ 1PEʢ㲈$POUBJOFSʣੜ࣌ʹ,VCFMFU͕$/*ϓϥάΠϯ Λىಈ ˓ $/*ϓϥάΠϯͷൣғ͋͘·Ͱ*'ͷ࡞͕ͩ ωοτϫʔΫपΓͷॾʑΛ୲͍ͬͯΔ
KubernetesͱCNIϓϥάΠϯ 7 ˓ $/*ͷఆٛ͜͜ ˓ $/*ͷఏڙ͖͢ػೳ ˔ "%% ˗ ίϯςφʹωοτϫʔΫ*'ΛՃPSߋ৽
˔ %&- ˗ ίϯςφͷωοτϫʔΫ*'ΛআPS6OEP ˔ $)&$, ˗ ίϯςφͷωοτϫʔΫ*'ͷঢ়ଶ֬ೝ ˔ 7&34*0/ ˗ $/*ϓϥάΠϯͷόʔδϣϯ֬ೝ
දతͳCNIϓϥάΠϯ 8 ˓ 'MBOOFM ˓ $BMJDP ˓ 8FBWF ˓ $JMJVN
Ciliumͷಛ 9 ˓ F#1'Λॲཧج൫ʹ׆༻ ˔ 9%1ʹΑΔύέοτॲཧͷߴԽ ˗ JQUBCMFTΑΓύϑΥʔϚϯεߴ ˔ ௨৴ଳҬཧ
˔ ॆ࣮ͨ͠ࢹػೳ ˓ ΤϯυϙΠϯτͷ*%ϕʔεཧʢOPU*1ΞυϨεʣ ˔ LT্ͷΞϓϦέʔγϣϯ*1ΞυϨε͕සൟʹมΘΔ
eBPF 10 ˓ FYUFOEFE#FSLFMFZ1BDLFU'JMUFS ˔ 1BDLFU'JMUFSͱݴ͍ͭͭγεςϜίʔϧͷϑΟϧλϦϯάΛ ͨ͠ΓϓϩάϥϜͷτϨʔγϯάΛͨ͠Γ ˓ ಠ໋ࣗྩηοτΛͬͨΧʔωϧԾϚγϯͰ࣮ߦ ˔
γεςϜ7.͡Όͳͯ͘ϓϩηε7. ˔ ϓϩάϥϜͷݕࠪػߏ͕͋Δ ˓ $ݴޠͰهड़ ˓ ࠷ۙF#1''PVOEBUJPO͕-JOVY'PVOEBUJOࡿԼʹ Ͱ͖ͨ
Kubernetesʹ͓͚ΔNetwork Policy 11 ˓ $/*ϓϥάΠϯ͕ػೳΛ͍࣋ͬͯΕ༻Մೳ ˓ ҎԼͷཁૉͰϗϫΠτϦετΛ࡞ ˔ *1ΞυϨε ˔
໊લۭؒ ˔ ϥϕϧ ˔ ϙʔτ൪߸ /FUXPSL1PMJDZྫ
Cilium Network PolicyʢCNPʣ 12 ˓ $/1,VCFSOFUFT/FUXPSL1PMJDZͷ֦ு ˔ 4FSWJDF ˔ &OUJUZ
˔ '2%/ ˔ -ʢ)551ɼ,BGLBʣ ˔ FUD ˓ BMMPXEFOZ྆ํՄೳ -$/1ͷྫ
CNPͱICMP 13 ˓ ͔͠͠*$.1ͷBMMPXEFOZػೳͳ͔ͬͨ ˔ -ͷBMMPXϧʔϧΛ࡞Δͱ-ࣗಈతʹઃఆ͞ΕΔ ˠ*$.1શͯυϩοϓ ˓ ແ͍ͳΒ࡞Ζ͏
Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 14 /FUXPSL1PMJDZΛهड़ͨ͠ ϚχϑΣετϑΝΠϧ
Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 15 ਖ਼͍͔͠νΣοΫ F#1'.BQߏମ (P Ϣʔβۭ֤ؒϊʔυʹͯ /1༻F#1'.BQʹ ରԠ͢Δߏମʹม F#1'.BQʹՃ
Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 16 ύέοτ F#1'.BQ Χʔωϧۭؒ ϔομΛಡΈऔͬͯ ߏମʹม F#1'.BQLFZ র߹͢Δ 1BTT
%SPQ
ICMP Policyͷ࣮1 17 ਖ਼͍͔͠νΣοΫ Ϣʔβۭ֤ؒϊʔυʹͯ /1༻F#1'.BQʹ ରԠ͢Δߏମʹม F#1'.BQʹՃ *$.1ϑΟʔϧυͷνΣοΫ *$.1UZQFΛ%FTU1PSUʹೖΕΔ
ICMP Policyͷ࣮2 18 ύέοτ F#1'.BQ Χʔωϧۭؒ ϔομΛಡΈऔͬͯ ߏମʹม F#1'.BQLFZ র߹͢Δ
1BTT %SPQ *$.1ϔομΛಡΈऔΓ
ICMP Policyͷ࣮3 19 ˓ ৄͪ͘͜͠Β ˔ IUUQTHJTUHJUIVCDPNDIF[TIBOQV DBDBDDGBGGDBE
ۤ࿑ϙΠϯτ 20 ˓ F#1'ϓϩάϥϜαΠζʢ໋ྩʣͷ੍ݶ͋Γ ˔ ΧʔωϧόʔδϣϯʹΑͬͯҧ͏ͷͰͦΕͧΕͰ֬ೝ ˔ ͜ͷ੍ݶʹΑΓ*$.1ϑΟϧλʔԾ࣮ঢ়ଶ🥺 ˓ ʢ୭͔͕͕$*յ͢ͱࣗͷมߋΛϚʔδͯ͠Β͑ͳ͍ʣ
·ͱΊ 21 ˓ ,VCFSOFUFTωοτϫʔΫػೳΛ$/*ϓϥάΠϯʹҕ ˓ $JMJVNF#1'Λͬͨ$/*ϓϥάΠϯͷҰͭ ˓ F#1'ͷ੍ݶ͔Β*$.1ϑΟϧλʔػೳԾ࣮ঢ়ଶ ˓ (4P$ऴΘΓ·͕ͨ͠ɼ͏ͪΐͬͱؤுΓ·͢
❤