Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers

Avatar for KONDO Uchio KONDO Uchio
June 16, 2018
Technology
0
3.4k

ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers

@PHPカンファレンス福岡 2018
(スポンサートークです!)

https://phpcon.fukuoka.jp/2018/

Avatar for KONDO Uchio

KONDO Uchio

June 16, 2018
Tweet

More Decks by KONDO Uchio

See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
Avatar for KONDO Uchio udzura
5
2.5k
Ruby x BPF in Action / RubyKaigi 2022
Avatar for KONDO Uchio udzura
0
260
Narrative of Ruby & Rust
Avatar for KONDO Uchio udzura
0
230
開発者生産性指標の可視化 / pepabo-four-keys
Avatar for KONDO Uchio udzura
3
1.7k
Talk of RBS
Avatar for KONDO Uchio udzura
0
460
Re: みなさん最近どうですか? / FGN tech meetup in 2021
Avatar for KONDO Uchio udzura
0
800
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
Avatar for KONDO Uchio udzura
2
750
Device access filtering in cgroup v2
Avatar for KONDO Uchio udzura
1
940
"Story of Rucy" on RubyKaigi takeout 2021
Avatar for KONDO Uchio udzura
0
850

Other Decks in Technology

See All in Technology
多野優介
Avatar for 多野優介 tanoyusuke
1
480
生成AIとM5Stack / M5 Japan Tour 2025 Autumn 東京
Avatar for you(@youtoy) you
PRO
0
230
AI駆動開発を推進するためにサービス開発チームで 取り組んでいること
Avatar for おーしろ noayaoshiro
0
230
オープンソースでどこまでできる?フォーマル検証チャレンジ
Avatar for msyksphinz msyksphinz
0
120
【Oracle Cloud ウェビナー】クラウド導入に「専用クラウド」という選択肢、Oracle AlloyとOCI Dedicated Region とは
Avatar for oracle4engineer oracle4engineer
PRO
3
120
『OCI で学ぶクラウドネイティブ 実践 × 理論ガイド』 書籍概要
Avatar for oracle4engineer oracle4engineer
PRO
2
140
PLaMoの事後学習を支える技術 / PFN LLMセミナー
Avatar for Preferred Networks pfn
PRO
9
3.9k
SoccerNet GSRの紹介と技術応用:選手視点映像を提供するサッカー作戦盤ツール
Avatar for MIXI ENGINEERS mixi_engineers
PRO
1
190
AIAgentの限界を超え、 現場を動かすWorkflowAgentの設計と実践
Avatar for Koji Miyata miyatakoji
0
150
from Sakichi Toyoda to Agile
Avatar for Yasunobu Kawaguchi kawaguti
PRO
1
100
空間を設計する力を考える / 20251004 Naoki Takahashi
Avatar for SHIFT EVOLVE shift_evolve
PRO
4
440
PLaMo2シリーズのvLLM実装 / PFN LLM セミナー
Avatar for Preferred Networks pfn
PRO
2
1k

Featured

See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
507
140k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
4k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.7k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
96
6.3k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
209
24k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
51k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
4.8k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
358
30k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
64
7.9k

Transcript

  1. ۙ౻͏͓ͪ(.01FQBCP *OD 1)1ΧϯϑΝϨϯε෱Ԭ ϩϦϙοϓʂ ϚωʔδυΫϥ΢υΛࢧ͑Δ ίϯςφٕज़ͷશͯ

  2. γχΞɾϓϦϯγύϧ ۙ౻͏͓ͪ!VE[VSB (.0ϖύϘɹٕज़෦ɹٕज़ج൫νʔϜ IUUQTCMPHVE[VSBKQ

  3. 'VLVPLBSC ! ԙϖύες (.0ϖύϘ෱Ԭࢧࣾ'

  4. None

  5. <?php

  6. None

  7. IUUQTNDMPMJQPQKQ

  8. Λ❗ Λ❗

  9. 8PSE1SFTTͳΒҰॠʂ 1)1؀ڥ΋͙͢ʹʂ 44)΋Ͱ͖Δʂ ಠࣗυϝΠϯ΋γϡοͱʂ ແྉͰ5-4ରԠ΋ʂ

  10. None

  11. ίϯςφ

  12. Linux containers, in short, contain applications in a way that

    keep them isolated from the host system that they run on. IUUQTPQFOTPVSDFDPNSFTPVSDFTXIBUBSFMJOVYDPOUBJOFST

  13. ίϯςφΛ࢖͏ཧ༝ Ͱ

  14. ։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠

  15. αʔόͰۤ࿑ͨ͘͠ͳ͍ʂ wϛυϧ΢ΣΞͳͲΛࣗ෼ͰೖΕΔͷ͸᠘΋ଟͯ͘େม wಥવෛՙ͕ߴ·ͬͨΒͲ͏͠Α͏ʁ w৭ʑͳ੬ऑੑ͕ग़͖ͯͯΔ͚ͲɺͲ͏ରॲ͢Ε͹͍͍ͷʁ

  16. ίϯςφͷಛ௃ wίϯςφ͸ϙʔλϒϧ wˠඞཁͳ΋ͷʮશ෦ೖΓʯͷ؀ڥΛ͝ఏڙʂ wίϯςφ͸ىಈɾఀࢭ͕ߴ଎ wˠඞཁʹԠͯ͡ͷىಈʢΦʔτεέʔϧʣ΋଎͍ʂ wˠෆཁͳ৔߹͸ͪΌΜͱఀࢭͯ͠ɺඅ༻͕͔͔Γ͗͢ͳ͍Α͏ʹ wˠίϯςφͷΞοϓάϨʔυɾೖΕସ͑࠶ىಈ΋ૉૣ͘ʂ

  17. ίϯςφӡ༻͸ ϖύϘʹ͓೚ͤʂ

  18. ίϯςφͷಛ௃ ͷ

  19. օ༷ʹͱͬͯίϯςφͱ͸

  20. ίϯςφͷ͞Βʹਂ͍࿩

  21. ಛघͳϓϩηεͷ࡞ΓํΛ͢Δ

  22. ʮίϯςφؔ࿈ػೳʯΛ༗ޮʹ cgroup Linux Namespace Capability chroot/ pivot_root seccomp

  23. ίϯςφ͸ ϓϩηε

  24. ϓϩηε͸ ؆୯ʹ࡞ΕΔ

  25. ίϯςφ͸ ࡞ΕΔʂ

  26. ։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠ "HBJO

  27. ࠷ߴʹूதͰ͖Δ ίϯςφ؀ڥΛʂ

  28. Haconiwa

  29. )BDPOJXBͷ࢓૊Έ w-JOVYͷ༷ʑͳίϯςφػೳΛ૊Έ߹ΘͤՄೳͳϥϯλΠϜ wγεςϜίʔϧ౳ΛɺɹɹɹɹΛܦ༝੍ͯ͠ޚͰ͖ΔΑ͏ʹ͠ɺ
 %4-ʹΑΓػೳͷ૊Έ߹Θͤ΍ɺ༷ʑͳΠϕϯτʹԠͨ͡ϑοΫॲཧ Λهड़Ͱ͖Δɻ

  30. ਤղ Linux Kernel mruby gems Haconiwa DSL Containers Syscalls: *

    chroot * mount * prctl * unshare * setns * (cgroup op) * seccomp * setuid * setgid * ...... mruby-dir mruby-linux-namespace mruby-cgroup mruby-seccomp ...... sample.haco

  31. Կ͕خ͍͠ʁ

  32. ৽͍͠ ίϯςφΞʔΩςΫνϟ

  33. ίϯςφͱ͍͑Ͳ΋ɺ೉͍͠՝୊ w ͓٬༷؀ڥΛͳΔ΂͘շదɺ͔ͭߴूੵʹ
 ूੵ཰Λߴ͘͠ͳ͚Ε͹ɺݱ࣮తͳ͓஋ஈͰఏڙ͠ଓ͚Δ͜ͱ͕Ͱ͖ ͳ͍ʂɹͦΕͰ΋ɺշదͰͳ͍؀ڥʹ͸ͨ͘͠ͳ͍ʂ w ίϯςφͱ͸͍͑ɺӡ༻ʹ޻෉͠ͳ͍ͱߴ଎͡Όͳ͍
 ىಈɺఀࢭɺεέʔϧΞ΢τͳͲΛ͍͍ͪͪखಈͰ΍͍ͬͯͯ͸
 ঢ়گʹԠͯ͡ͳΊΒ͔ʹίϯςφͷ਺Λม͑ΒΕͳ͍͔ʁ

  34. 'BTU$POUBJOFS ΞʔΩςΫνϟ

  35. ਤղ Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌

    FastContainer Killed 1. Check 2. Boot 3. Forward 4. Terminate

  36. ίϯςφΛ॥؀ͤ͞Δʂ wίϯςφ͸ɺඞཁͳ࣌ʹ͔͠ىಈͤ͞ͳ͍ʂ
 ˠϗεταʔόͷϦιʔεΛඞཁҎ্ʹ࢖Θͳ͍ͷͰɺଟ͘ͷϢʔβ ༷ʹఏڙ͢Δ͜ͱ͕Ͱ͖ΔΑ͏ʹʂ wίϯςφͷʮੜଘ࣌ؒʯΛ۠੾ͬͯఏڙ͢Δʂ
 ˠίϯςφʹೖΕସ͑Λڧ੍ͤ͞ɺৗʹ৽͘͠อͨͤΔ͜ͱͰɺ
 ΞοϓάϨʔυɺΦʔτεέʔϧΛ༰қʹ࣮ݱͰ͖Δʂ ˠ΋ͬͱշదͳ؀ڥʹʂ

  37. ݚڀ։ൃͷͱΓ͘Έ ͷ

  38. IUUQTSBOEQFQBCPDPN

  39. ΞʔΩςΫνϟ౳ ࿦จԽ

  40. αʔϏεͰ࢖ٕͬͨज़Λ࿦จʹ wɹɹɹɹɹɹɹɹɹɹɹͰ͸ɺ
 ݚڀ։ൃͱࣄۀߩݙͷؔΘΓΛେࣄʹ͍ͯ͠·͢ wྫ͑͹'BTU$POUBJOFS
 w044΋࿦จʹ)BDPOJXB

  41. None

  42. ىಈߴ଎Խ $3*6

  43. ΑΓշదͳίϯςφΛɻ w$3*6 $IFDLQPJOUBOE3FTUPSF*O6TFSTQBDF Λ༻͍ͯɺ
 ىಈ్தͷϓϩηεͷνΣοΫϙΠϯτΛ࡞੒ɺىಈΛߴ଎Խ͢Δ
 ݚڀΛਐΊ͍ͯ·͢ɻ w$IFDLQPJOU3FTUPSF$3*6͸֤ॴͰݚڀ͕ਐΜͰ͍·͕͢ɺ
 TFDDPNQͱQUSBDFΛ૊Έ߹Θͤɺ೚ҙͷϓϩηεΛىಈߴ଎Խ͢Δ
 ख๏Λ΍͍ͬͯͬͯ·͢ʂ IUUQTICNBUTVNPUPSKQFOUSZ

  44. ·ͱΊ

  45. ։ൃऀ༷͕։ൃʹ ूத͢ΔͨΊʹ શྗΛਚ͍ͯ͘͠·͢ʂ ͸

  46. 1MFBTF "TLUIF4QFBLFS

  47. ϓϥοτϑΥʔϜΛʮ࡞ͬͯʯΈ·ͤΜ͔ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU IUUQIBUFOBOFXTDPNBSUJDMFT