Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

ricc-20210826

Avatar for Tomoki Sugiura Tomoki Sugiura
August 26, 2021
Programming
0
550

 ricc-20210826

Avatar for Tomoki Sugiura

Tomoki Sugiura

August 26, 2021
Tweet

More Decks by Tomoki Sugiura

See All by Tomoki Sugiura
CiliumによるKubernetes Network Policyの実現 CNDT2021
Avatar for Tomoki Sugiura shanpu
0
1.3k
naist colloquium-B 2
Avatar for Tomoki Sugiura shanpu
0
230
IOT53
Avatar for Tomoki Sugiura shanpu
0
100
RICC-PIoT Workshop 2021
Avatar for Tomoki Sugiura shanpu
0
660
ricc-nii-2020
Avatar for Tomoki Sugiura shanpu
0
140
Cloud Native Kansai #05 LT4
Avatar for Tomoki Sugiura shanpu
1
1k
gcpug-kyoto#2-LT1
Avatar for Tomoki Sugiura shanpu
0
700
kubernetes-seminar
Avatar for Tomoki Sugiura shanpu
0
190
KansaiLT2
Avatar for Tomoki Sugiura shanpu
0
270

Other Decks in Programming

See All in Programming
手が足りない!兼業データエンジニアに必要だったアーキテクチャと立ち回り
Avatar for zinkosuke zinkosuke
0
600
【Streamlit x Snowflake】データ基盤からアプリ開発・AI活用まで、すべてをSnowflake内で実現
Avatar for Ayumu Yamaguchi ayumu_yamaguchi
1
120
AIコーディングエージェント(Gemini)
Avatar for kondai kondai24
0
200
AIエンジニアリングのご紹介 / Introduction to AI Engineering
Avatar for r-kagaya rkaga
5
2k
ゲームの物理 剛体編
Avatar for Fadis fadis
0
320
TypeScript 5.9 で使えるようになった import defer でパフォーマンス最適化を実現する
Avatar for おおいし bicstone
1
1.3k
開発に寄りそう自動テストの実現
Avatar for Hiroki Iseri goyoki
1
770
「コードは上から下へ読むのが一番」と思った時に、思い出してほしい話
Avatar for HideyukiKitao panda728
PRO
38
25k
tparseでgo testの出力を見やすくする
Avatar for utagawa kiki utgwkk
1
190
大体よく分かるscala.collection.immutable.HashMap ~ Compressed Hash-Array Mapped Prefix-tree (CHAMP) ~
Avatar for matsu_chara matsu_chara
1
210
30分でDoctrineの仕組みと使い方を完全にマスターする / phpconkagawa 2025 Doctrine
Avatar for Takashi Kanemoto ttskch
3
800
AIエージェントを活かすPM術 AI駆動開発の現場から
Avatar for gyuta gyuta
0
360

Featured

See All Featured
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
4.9k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9k
Navigating Team Friction
Avatar for Lara Hogan lara
191
16k
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
62k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
234
18k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1371
200k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
76
5.2k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
162
23k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
61
9.6k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
32
2.7k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
990

Transcript

  1. Cilium Explicit Allow- Listing for ICMP GSoC 2021 3*$$೥౓ୈҰճݚڀ߹॓ /"*454%-BC.

    ਿӜஐج

  2. ֓ཁ 2 ˓ (PPHMF4VNNFSPG$PEFʢ(4P$ʣʹࢀՃ͠·ͨ͠ ˓ $JMJVNͱ͍͏ωοτϫʔΫ044ͷػೳ௥ՃΛ୲౰ ˔ *$.1ύέοτͷϑΟϧλʔػೳ ˓ ͜ͷൃදͰ͸$JMJVN΍ػೳͷ࣮૷ʹ͍ͭͯ঺հ

  3. Google Summer of CodeʢGSoCʣ 3 ˓ (PPHMFओ࠵ͷֶੜͷ044ߩݙΛࢧԉ͢ΔϓϩάϥϜ ˓ ֶੜ͸ϦετΞοϓ͞Εͨ044ʹରͯ͠ػೳ௥Ճͷ ϓϩϙʔβϧΛఏग़

    ˓ ࠾୒͞ΕͨΒʙ݄ͷिؒͰ࣮૷ ˔ ϝϯλʔ͋Γ ˓ தؒ৹ࠪɼ࠷ऴ৹ࠪͦΕͧΕ௨Δ͝ͱʹใ঑ۚ ˓ $JMJVNωοτϫʔΫϙϦγʔͷ*$.1ରԠ

  4. Cilium 4 ˓ ,VCFSOFUFTͷ$/*ϓϥάΠϯͷҰछ ˔ IUUQTHJUIVCDPNDJMJVNDJMJVN ˓ ॲཧج൫ʹF#1'Λ࢖༻ ˓ $/*ϓϥάΠϯք۾ͷதͰΞπ͍ଘࡏ

    ˔ (,&EBUBQMBOFWʹ࠾༻ ˔ $/$'JODVCBUJOHQSPKFDU΁ొ࿥ਃ੥த ˗ IUUQTHJUIVCDPNDODGUPDQVMM ˔ ೔ຊͰ͸͋·Γ࢖ΘΕͯͳ͍ ҹ৅ 🥺

  5. Kubernetes 5 ˓ ίϯςφΦʔέετϨʔγϣϯπʔϧͷσϑΝΫτ ˓ ෳ਺ͷίϯςφɺෳ਺ͷϊʔυΛ؅ཧ ˔ εέδϡʔϦϯά ˔ ࣗಈ෮چ

    ˔ ϘϦϡʔϜͷׂΓ౰ͯ ˔ FUD ˓ એݴతૢ࡞ͱϦίϯαΠϧϧʔϓʢௐ੔ϧʔϓʣ ˓ ΦϖϨʔλͷ࢓૊ΈΛ࢖ͬͯίϯςφҎ֎΋ ؅ཧ ˔ ίϯςφΦʔέετϨʔγϣϯ΋Ͱ͖Δπʔϧ

  6. KubernetesͱCNIϓϥάΠϯ 6 ˓ ,VCFSOFUFT͸ίϯςφͷωοτϫʔΫ*'ͷ࡞੒Λ֎෦ ϓϥάΠϯʹ೚͍ͤͯΔ ˔ ͦΕΛ୲͏ͷ͕$POUBJOFS/FUXPSL*OUFSGBDFʢ$/*ʣ ϓϥάΠϯ ˔ $/*ϓϥάΠϯ͸,VCFSOFUFTઐ༻πʔϧͰ͸ͳ͍

    ˓ 1PEʢ㲈$POUBJOFSʣੜ੒࣌ʹ,VCFMFU͕$/*ϓϥάΠϯ Λىಈ ˓ $/*ϓϥάΠϯͷ੹೚ൣғ͸͋͘·Ͱ*'ͷ࡞੒͕ͩ ωοτϫʔΫपΓͷॾʑΛ୲͍ͬͯΔ

  7. KubernetesͱCNIϓϥάΠϯ 7 ˓ $/*ͷఆٛ͸͜͜ ˓ $/*ͷఏڙ͢΂͖ػೳ ˔ "%% ˗ ίϯςφʹωοτϫʔΫ*'Λ௥ՃPSߋ৽

    ˔ %&- ˗ ίϯςφͷωοτϫʔΫ*'Λ࡟আPS6OEP ˔ $)&$, ˗ ίϯςφͷωοτϫʔΫ*'ͷঢ়ଶ֬ೝ ˔ 7&34*0/ ˗ $/*ϓϥάΠϯͷόʔδϣϯ֬ೝ

  8. ୅දతͳCNIϓϥάΠϯ 8 ˓ 'MBOOFM ˓ $BMJDP ˓ 8FBWF ˓ $JMJVN

  9. Ciliumͷಛ௃ 9 ˓ F#1'Λॲཧج൫ʹ׆༻ ˔ 9%1ʹΑΔύέοτॲཧͷߴ଎Խ ˗ JQUBCMFTΑΓ΋ύϑΥʔϚϯεߴ ˔ ௨৴ଳҬ؅ཧ

    ˔ ॆ࣮ͨ͠؂ࢹػೳ ˓ ΤϯυϙΠϯτͷ*%ϕʔε؅ཧʢOPU*1ΞυϨεʣ ˔ LT্ͷΞϓϦέʔγϣϯ͸*1ΞυϨε͕සൟʹมΘΔ

  10. eBPF 10 ˓ FYUFOEFE#FSLFMFZ1BDLFU'JMUFS ˔ 1BDLFU'JMUFSͱݴ͍ͭͭγεςϜίʔϧͷϑΟϧλϦϯάΛ ͨ͠ΓϓϩάϥϜͷτϨʔγϯάΛͨ͠Γ ˓ ಠ໋ࣗྩηοτΛ΋ͬͨΧʔωϧ಺Ծ૝ϚγϯͰ࣮ߦ ˔

    γεςϜ7.͡Όͳͯ͘ϓϩηε7. ˔ ϓϩάϥϜͷݕࠪػߏ͕͋Δ ˓ $ݴޠͰهड़ ˓ ࠷ۙF#1''PVOEBUJPO͕-JOVY'PVOEBUJOࡿԼʹ Ͱ͖ͨ

  11. Kubernetesʹ͓͚ΔNetwork Policy 11 ˓ $/*ϓϥάΠϯ͕ػೳΛ͍࣋ͬͯΕ͹࢖༻Մೳ ˓ ҎԼͷཁૉͰϗϫΠτϦετΛ࡞੒ ˔ *1ΞυϨε ˔

    ໊લۭؒ ˔ ϥϕϧ ˔ ϙʔτ൪߸ /FUXPSL1PMJDZྫ

  12. Cilium Network PolicyʢCNPʣ 12 ˓ $/1͸,VCFSOFUFT/FUXPSL1PMJDZͷ֦ு ˔ 4FSWJDF ˔ &OUJUZ

    ˔ '2%/ ˔ -ʢ)551ɼ,BGLBʣ ˔ FUD ˓ BMMPXEFOZ྆ํՄೳ -$/1ͷྫ

  13. CNPͱICMP 13 ˓ ͔͠͠*$.1ͷBMMPXEFOZػೳ͸ͳ͔ͬͨ ˔ -ͷBMMPXϧʔϧΛ࡞Δͱ-΋ࣗಈతʹઃఆ͞ΕΔ ˠ*$.1શͯυϩοϓ ˓ ແ͍ͳΒ࡞Ζ͏

  14. Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 14 /FUXPSL1PMJDZΛهड़ͨ͠ ϚχϑΣετϑΝΠϧ

  15. Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 15 ਖ਼͍͔͠νΣοΫ F#1'.BQߏ଄ମ (P Ϣʔβۭ֤ؒϊʔυʹͯ /1༻F#1'.BQʹ ରԠ͢Δߏ଄ମʹม׵ F#1'.BQʹ௥Ճ

  16. Ciliumʹ͓͚ΔPolicyͷ࣮ݱ 16 ύέοτ F#1'.BQ Χʔωϧۭؒ ϔομΛಡΈऔͬͯ ߏ଄ମʹม׵ F#1'.BQLFZ র߹͢Δ 1BTT

    %SPQ

  17. ICMP Policyͷ࣮૷1 17 ਖ਼͍͔͠νΣοΫ Ϣʔβۭ֤ؒϊʔυʹͯ /1༻F#1'.BQʹ ରԠ͢Δߏ଄ମʹม׵ F#1'.BQʹ௥Ճ *$.1ϑΟʔϧυͷνΣοΫ *$.1UZQFΛ%FTU1PSUʹೖΕΔ

  18. ICMP Policyͷ࣮૷2 18 ύέοτ F#1'.BQ Χʔωϧۭؒ ϔομΛಡΈऔͬͯ ߏ଄ମʹม׵ F#1'.BQLFZ র߹͢Δ

    1BTT %SPQ *$.1ϔομΛಡΈऔΓ

  19. ICMP Policyͷ࣮૷3 19 ˓ ৄ͘͠͸ͪ͜Β ˔ IUUQTHJTUHJUIVCDPNDIF[TIBOQV DBDBDDGBGGDBE

  20. ۤ࿑ϙΠϯτ 20 ˓ F#1'͸ϓϩάϥϜαΠζʢ໋ྩ਺ʣͷ੍ݶ͋Γ ˔ ΧʔωϧόʔδϣϯʹΑͬͯҧ͏ͷͰͦΕͧΕͰ֬ೝ ˔ ͜ͷ੍ݶʹΑΓ*$.1ϑΟϧλʔ͸Ծ࣮૷ঢ়ଶ🥺 ˓ ʢ୭͔͕͕$*յ͢ͱࣗ෼ͷมߋΛϚʔδͯ͠΋Β͑ͳ͍ʣ

  21. ·ͱΊ 21 ˓ ,VCFSOFUFT͸ωοτϫʔΫػೳΛ$/*ϓϥάΠϯʹҕ೚ ˓ $JMJVN͸F#1'Λ࢖ͬͨ$/*ϓϥάΠϯͷҰͭ ˓ F#1'ͷ੍ݶ͔Β*$.1ϑΟϧλʔػೳ͸Ծ࣮૷ঢ়ଶ ˓ (4P$͸ऴΘΓ·͕ͨ͠ɼ΋͏ͪΐͬͱؤுΓ·͢