Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers

Avatar for KONDO Uchio KONDO Uchio
June 16, 2018
Technology
0
3.4k

ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers

@PHPカンファレンス福岡 2018
(スポンサートークです!)

https://phpcon.fukuoka.jp/2018/

Avatar for KONDO Uchio

KONDO Uchio

June 16, 2018
Tweet

More Decks by KONDO Uchio

See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
Avatar for KONDO Uchio udzura
5
2.5k
Ruby x BPF in Action / RubyKaigi 2022
Avatar for KONDO Uchio udzura
0
270
Narrative of Ruby & Rust
Avatar for KONDO Uchio udzura
0
240
開発者生産性指標の可視化 / pepabo-four-keys
Avatar for KONDO Uchio udzura
3
1.7k
Talk of RBS
Avatar for KONDO Uchio udzura
0
470
Re: みなさん最近どうですか? / FGN tech meetup in 2021
Avatar for KONDO Uchio udzura
0
820
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
Avatar for KONDO Uchio udzura
2
760
Device access filtering in cgroup v2
Avatar for KONDO Uchio udzura
1
960
"Story of Rucy" on RubyKaigi takeout 2021
Avatar for KONDO Uchio udzura
0
870

Other Decks in Technology

See All in Technology
因果AIへの招待
Avatar for Shohei SHIMIZU sshimizu2006
0
930
ガバメントクラウド利用システムのライフサイクルについて
Avatar for 高橋広和 techniczna
0
180
Kiro Autonomous AgentとKiro Powers の紹介 / kiro-autonomous-agent-and-powers
Avatar for tomoki10 tomoki10
0
320
MapKitとオープンデータで実現する地図情報の拡張と可視化
Avatar for ZOZO Developers zozotech
PRO
1
120
Kubernetes Multi-tenancy: Principles and Practices for Large Scale Internal Platforms
Avatar for hhiroshell hhiroshell
0
110
意外とあった SQL Server 関連アップデート + Database Savings Plans
Avatar for Takuya Shibata stknohg
PRO
0
290
“決まらない”NSM設計への処方箋 〜ビットキーにおける現実的な指標デザイン事例〜 / A Prescription for "Stuck" NSM Design: Bitkey’s Practical Case Study
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
PRO
1
590
寫​了​幾年​ Code,​然後​呢?​軟體​工程師​必須重新​認識​的​ DevOps
Avatar for Cheng-Wei Chen cheng_wei_chen
1
1k
Noを伝える技術2025: 爆速合意形成のためのNICOフレームワーク速習 #pmconf2025
Avatar for Aki / @LoveIdahoBurger aki_iinuma
2
2.1k
エンジニアリングをやめたくないので問い続ける
Avatar for estie | エスティ estie
0
110
Challenging Hardware Contests with Zephyr and Lessons Learned
Avatar for misoji engineer iotengineer22
0
130
re:Invent2025 コンテナ系アップデート振り返り(+CloudWatchログのアップデート紹介)
Avatar for 枡川健太郎 masukawa
0
320

Featured

See All Featured
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.3k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.7k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Docker and Python
Avatar for Tania Allard trallard
47
3.7k
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
97
6.4k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
180
10k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
527
40k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
141
34k
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
140k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
12
970

Transcript

  1. ۙ౻͏͓ͪ(.01FQBCP *OD 1)1ΧϯϑΝϨϯε෱Ԭ ϩϦϙοϓʂ ϚωʔδυΫϥ΢υΛࢧ͑Δ ίϯςφٕज़ͷશͯ

  2. γχΞɾϓϦϯγύϧ ۙ౻͏͓ͪ!VE[VSB (.0ϖύϘɹٕज़෦ɹٕज़ج൫νʔϜ IUUQTCMPHVE[VSBKQ

  3. 'VLVPLBSC ! ԙϖύες (.0ϖύϘ෱Ԭࢧࣾ'

  4. None

  5. <?php

  6. None

  7. IUUQTNDMPMJQPQKQ

  8. Λ❗ Λ❗

  9. 8PSE1SFTTͳΒҰॠʂ 1)1؀ڥ΋͙͢ʹʂ 44)΋Ͱ͖Δʂ ಠࣗυϝΠϯ΋γϡοͱʂ ແྉͰ5-4ରԠ΋ʂ

  10. None

  11. ίϯςφ

  12. Linux containers, in short, contain applications in a way that

    keep them isolated from the host system that they run on. IUUQTPQFOTPVSDFDPNSFTPVSDFTXIBUBSFMJOVYDPOUBJOFST

  13. ίϯςφΛ࢖͏ཧ༝ Ͱ

  14. ։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠

  15. αʔόͰۤ࿑ͨ͘͠ͳ͍ʂ wϛυϧ΢ΣΞͳͲΛࣗ෼ͰೖΕΔͷ͸᠘΋ଟͯ͘େม wಥવෛՙ͕ߴ·ͬͨΒͲ͏͠Α͏ʁ w৭ʑͳ੬ऑੑ͕ग़͖ͯͯΔ͚ͲɺͲ͏ରॲ͢Ε͹͍͍ͷʁ

  16. ίϯςφͷಛ௃ wίϯςφ͸ϙʔλϒϧ wˠඞཁͳ΋ͷʮશ෦ೖΓʯͷ؀ڥΛ͝ఏڙʂ wίϯςφ͸ىಈɾఀࢭ͕ߴ଎ wˠඞཁʹԠͯ͡ͷىಈʢΦʔτεέʔϧʣ΋଎͍ʂ wˠෆཁͳ৔߹͸ͪΌΜͱఀࢭͯ͠ɺඅ༻͕͔͔Γ͗͢ͳ͍Α͏ʹ wˠίϯςφͷΞοϓάϨʔυɾೖΕସ͑࠶ىಈ΋ૉૣ͘ʂ

  17. ίϯςφӡ༻͸ ϖύϘʹ͓೚ͤʂ

  18. ίϯςφͷಛ௃ ͷ

  19. օ༷ʹͱͬͯίϯςφͱ͸

  20. ίϯςφͷ͞Βʹਂ͍࿩

  21. ಛघͳϓϩηεͷ࡞ΓํΛ͢Δ

  22. ʮίϯςφؔ࿈ػೳʯΛ༗ޮʹ cgroup Linux Namespace Capability chroot/ pivot_root seccomp

  23. ίϯςφ͸ ϓϩηε

  24. ϓϩηε͸ ؆୯ʹ࡞ΕΔ

  25. ίϯςφ͸ ࡞ΕΔʂ

  26. ։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠ "HBJO

  27. ࠷ߴʹूதͰ͖Δ ίϯςφ؀ڥΛʂ

  28. Haconiwa

  29. )BDPOJXBͷ࢓૊Έ w-JOVYͷ༷ʑͳίϯςφػೳΛ૊Έ߹ΘͤՄೳͳϥϯλΠϜ wγεςϜίʔϧ౳ΛɺɹɹɹɹΛܦ༝੍ͯ͠ޚͰ͖ΔΑ͏ʹ͠ɺ
 %4-ʹΑΓػೳͷ૊Έ߹Θͤ΍ɺ༷ʑͳΠϕϯτʹԠͨ͡ϑοΫॲཧ Λهड़Ͱ͖Δɻ

  30. ਤղ Linux Kernel mruby gems Haconiwa DSL Containers Syscalls: *

    chroot * mount * prctl * unshare * setns * (cgroup op) * seccomp * setuid * setgid * ...... mruby-dir mruby-linux-namespace mruby-cgroup mruby-seccomp ...... sample.haco

  31. Կ͕خ͍͠ʁ

  32. ৽͍͠ ίϯςφΞʔΩςΫνϟ

  33. ίϯςφͱ͍͑Ͳ΋ɺ೉͍͠՝୊ w ͓٬༷؀ڥΛͳΔ΂͘շదɺ͔ͭߴूੵʹ
 ूੵ཰Λߴ͘͠ͳ͚Ε͹ɺݱ࣮తͳ͓஋ஈͰఏڙ͠ଓ͚Δ͜ͱ͕Ͱ͖ ͳ͍ʂɹͦΕͰ΋ɺշదͰͳ͍؀ڥʹ͸ͨ͘͠ͳ͍ʂ w ίϯςφͱ͸͍͑ɺӡ༻ʹ޻෉͠ͳ͍ͱߴ଎͡Όͳ͍
 ىಈɺఀࢭɺεέʔϧΞ΢τͳͲΛ͍͍ͪͪखಈͰ΍͍ͬͯͯ͸
 ঢ়گʹԠͯ͡ͳΊΒ͔ʹίϯςφͷ਺Λม͑ΒΕͳ͍͔ʁ

  34. 'BTU$POUBJOFS ΞʔΩςΫνϟ

  35. ਤղ Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌

    FastContainer Killed 1. Check 2. Boot 3. Forward 4. Terminate

  36. ίϯςφΛ॥؀ͤ͞Δʂ wίϯςφ͸ɺඞཁͳ࣌ʹ͔͠ىಈͤ͞ͳ͍ʂ
 ˠϗεταʔόͷϦιʔεΛඞཁҎ্ʹ࢖Θͳ͍ͷͰɺଟ͘ͷϢʔβ ༷ʹఏڙ͢Δ͜ͱ͕Ͱ͖ΔΑ͏ʹʂ wίϯςφͷʮੜଘ࣌ؒʯΛ۠੾ͬͯఏڙ͢Δʂ
 ˠίϯςφʹೖΕସ͑Λڧ੍ͤ͞ɺৗʹ৽͘͠อͨͤΔ͜ͱͰɺ
 ΞοϓάϨʔυɺΦʔτεέʔϧΛ༰қʹ࣮ݱͰ͖Δʂ ˠ΋ͬͱշదͳ؀ڥʹʂ

  37. ݚڀ։ൃͷͱΓ͘Έ ͷ

  38. IUUQTSBOEQFQBCPDPN

  39. ΞʔΩςΫνϟ౳ ࿦จԽ

  40. αʔϏεͰ࢖ٕͬͨज़Λ࿦จʹ wɹɹɹɹɹɹɹɹɹɹɹͰ͸ɺ
 ݚڀ։ൃͱࣄۀߩݙͷؔΘΓΛେࣄʹ͍ͯ͠·͢ wྫ͑͹'BTU$POUBJOFS
 w044΋࿦จʹ)BDPOJXB

  41. None

  42. ىಈߴ଎Խ $3*6

  43. ΑΓշదͳίϯςφΛɻ w$3*6 $IFDLQPJOUBOE3FTUPSF*O6TFSTQBDF Λ༻͍ͯɺ
 ىಈ్தͷϓϩηεͷνΣοΫϙΠϯτΛ࡞੒ɺىಈΛߴ଎Խ͢Δ
 ݚڀΛਐΊ͍ͯ·͢ɻ w$IFDLQPJOU3FTUPSF$3*6͸֤ॴͰݚڀ͕ਐΜͰ͍·͕͢ɺ
 TFDDPNQͱQUSBDFΛ૊Έ߹Θͤɺ೚ҙͷϓϩηεΛىಈߴ଎Խ͢Δ
 ख๏Λ΍͍ͬͯͬͯ·͢ʂ IUUQTICNBUTVNPUPSKQFOUSZ

  44. ·ͱΊ

  45. ։ൃऀ༷͕։ൃʹ ूத͢ΔͨΊʹ શྗΛਚ͍ͯ͘͠·͢ʂ ͸

  46. 1MFBTF "TLUIF4QFBLFS

  47. ϓϥοτϑΥʔϜΛʮ࡞ͬͯʯΈ·ͤΜ͔ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU IUUQIBUFOBOFXTDPNBSUJDMFT