Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for KONDO Uchio KONDO Uchio
June 16, 2018
Technology
0
3.5k

ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers

@PHPカンファレンス福岡 2018
(スポンサートークです!)

https://phpcon.fukuoka.jp/2018/

Avatar for KONDO Uchio

KONDO Uchio

June 16, 2018
Tweet

More Decks by KONDO Uchio

See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
Avatar for KONDO Uchio udzura
5
2.5k
Ruby x BPF in Action / RubyKaigi 2022
Avatar for KONDO Uchio udzura
0
280
Narrative of Ruby & Rust
Avatar for KONDO Uchio udzura
0
250
開発者生産性指標の可視化 / pepabo-four-keys
Avatar for KONDO Uchio udzura
3
1.8k
Talk of RBS
Avatar for KONDO Uchio udzura
0
480
Re: みなさん最近どうですか? / FGN tech meetup in 2021
Avatar for KONDO Uchio udzura
0
830
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
Avatar for KONDO Uchio udzura
2
780
Device access filtering in cgroup v2
Avatar for KONDO Uchio udzura
1
980
"Story of Rucy" on RubyKaigi takeout 2021
Avatar for KONDO Uchio udzura
0
880

Other Decks in Technology

See All in Technology
Bedrock PolicyでAmazon Bedrock Guardrails利用を強制してみた
Avatar for Yudai Jinno yuu551
0
240
生成AIを活用した音声文字起こしシステムの2つの構築パターンについて
Avatar for Kazuki Miura miu_crescent
PRO
3
210
Oracle Cloud Observability and Management Platform - OCI 運用監視サービス概要 -
Avatar for oracle4engineer oracle4engineer
PRO
2
14k
Oracle Base Database Service 技術詳細
Avatar for oracle4engineer oracle4engineer
PRO
15
93k
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
Avatar for AEON aeonpeople
6
2.5k
Ruby版 JSXのRuxが気になる
Avatar for SansanTech sansantech
PRO
0
160
Digitization部 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
6.8k
CDK対応したAWS DevOps Agentを試そう_20260201
Avatar for モブエンジニア(Masaki Okuda) masakiokuda
1
340
こんなところでも(地味に)活躍するImage Modeさんを知ってるかい?- Image Mode for OpenShift -
Avatar for Masataka Tsukamoto tsukaman
1
160
超初心者からでも大丈夫!オープンソース半導体の楽しみ方〜今こそ!オレオレチップをつくろう〜
Avatar for Yamada3 keropiyo
0
110
配列に見る bash と zsh の違い
Avatar for kazzpapa3 kazzpapa3
3
160
【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略
Avatar for oracle4engineer oracle4engineer
PRO
2
170

Featured

See All Featured
Paper Plane
Avatar for Katie Cordina Lindsey katiecoart
PRO
0
46k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
359
30k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3.3k
Making Projects Easy
Avatar for Brett Harned brettharned
120
6.6k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
97
6.5k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
Avatar for Yuki Nakata chikuwait chikuwait
0
330
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
128
55k
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
Avatar for David Carrasco davidcarrasco
0
67
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
1
180
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.6k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
46
8k

Transcript

  1. ۙ౻͏͓ͪ(.01FQBCP *OD 1)1ΧϯϑΝϨϯε෱Ԭ ϩϦϙοϓʂ ϚωʔδυΫϥ΢υΛࢧ͑Δ ίϯςφٕज़ͷશͯ

  2. γχΞɾϓϦϯγύϧ ۙ౻͏͓ͪ!VE[VSB (.0ϖύϘɹٕज़෦ɹٕज़ج൫νʔϜ IUUQTCMPHVE[VSBKQ

  3. 'VLVPLBSC ! ԙϖύες (.0ϖύϘ෱Ԭࢧࣾ'

  4. None

  5. <?php

  6. None

  7. IUUQTNDMPMJQPQKQ

  8. Λ❗ Λ❗

  9. 8PSE1SFTTͳΒҰॠʂ 1)1؀ڥ΋͙͢ʹʂ 44)΋Ͱ͖Δʂ ಠࣗυϝΠϯ΋γϡοͱʂ ແྉͰ5-4ରԠ΋ʂ

  10. None

  11. ίϯςφ

  12. Linux containers, in short, contain applications in a way that

    keep them isolated from the host system that they run on. IUUQTPQFOTPVSDFDPNSFTPVSDFTXIBUBSFMJOVYDPOUBJOFST

  13. ίϯςφΛ࢖͏ཧ༝ Ͱ

  14. ։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠

  15. αʔόͰۤ࿑ͨ͘͠ͳ͍ʂ wϛυϧ΢ΣΞͳͲΛࣗ෼ͰೖΕΔͷ͸᠘΋ଟͯ͘େม wಥવෛՙ͕ߴ·ͬͨΒͲ͏͠Α͏ʁ w৭ʑͳ੬ऑੑ͕ग़͖ͯͯΔ͚ͲɺͲ͏ରॲ͢Ε͹͍͍ͷʁ

  16. ίϯςφͷಛ௃ wίϯςφ͸ϙʔλϒϧ wˠඞཁͳ΋ͷʮશ෦ೖΓʯͷ؀ڥΛ͝ఏڙʂ wίϯςφ͸ىಈɾఀࢭ͕ߴ଎ wˠඞཁʹԠͯ͡ͷىಈʢΦʔτεέʔϧʣ΋଎͍ʂ wˠෆཁͳ৔߹͸ͪΌΜͱఀࢭͯ͠ɺඅ༻͕͔͔Γ͗͢ͳ͍Α͏ʹ wˠίϯςφͷΞοϓάϨʔυɾೖΕସ͑࠶ىಈ΋ૉૣ͘ʂ

  17. ίϯςφӡ༻͸ ϖύϘʹ͓೚ͤʂ

  18. ίϯςφͷಛ௃ ͷ

  19. օ༷ʹͱͬͯίϯςφͱ͸

  20. ίϯςφͷ͞Βʹਂ͍࿩

  21. ಛघͳϓϩηεͷ࡞ΓํΛ͢Δ

  22. ʮίϯςφؔ࿈ػೳʯΛ༗ޮʹ cgroup Linux Namespace Capability chroot/ pivot_root seccomp

  23. ίϯςφ͸ ϓϩηε

  24. ϓϩηε͸ ؆୯ʹ࡞ΕΔ

  25. ίϯςφ͸ ࡞ΕΔʂ

  26. ։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠ "HBJO

  27. ࠷ߴʹूதͰ͖Δ ίϯςφ؀ڥΛʂ

  28. Haconiwa

  29. )BDPOJXBͷ࢓૊Έ w-JOVYͷ༷ʑͳίϯςφػೳΛ૊Έ߹ΘͤՄೳͳϥϯλΠϜ wγεςϜίʔϧ౳ΛɺɹɹɹɹΛܦ༝੍ͯ͠ޚͰ͖ΔΑ͏ʹ͠ɺ
 %4-ʹΑΓػೳͷ૊Έ߹Θͤ΍ɺ༷ʑͳΠϕϯτʹԠͨ͡ϑοΫॲཧ Λهड़Ͱ͖Δɻ

  30. ਤղ Linux Kernel mruby gems Haconiwa DSL Containers Syscalls: *

    chroot * mount * prctl * unshare * setns * (cgroup op) * seccomp * setuid * setgid * ...... mruby-dir mruby-linux-namespace mruby-cgroup mruby-seccomp ...... sample.haco

  31. Կ͕خ͍͠ʁ

  32. ৽͍͠ ίϯςφΞʔΩςΫνϟ

  33. ίϯςφͱ͍͑Ͳ΋ɺ೉͍͠՝୊ w ͓٬༷؀ڥΛͳΔ΂͘շదɺ͔ͭߴूੵʹ
 ूੵ཰Λߴ͘͠ͳ͚Ε͹ɺݱ࣮తͳ͓஋ஈͰఏڙ͠ଓ͚Δ͜ͱ͕Ͱ͖ ͳ͍ʂɹͦΕͰ΋ɺշదͰͳ͍؀ڥʹ͸ͨ͘͠ͳ͍ʂ w ίϯςφͱ͸͍͑ɺӡ༻ʹ޻෉͠ͳ͍ͱߴ଎͡Όͳ͍
 ىಈɺఀࢭɺεέʔϧΞ΢τͳͲΛ͍͍ͪͪखಈͰ΍͍ͬͯͯ͸
 ঢ়گʹԠͯ͡ͳΊΒ͔ʹίϯςφͷ਺Λม͑ΒΕͳ͍͔ʁ

  34. 'BTU$POUBJOFS ΞʔΩςΫνϟ

  35. ਤղ Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌

    FastContainer Killed 1. Check 2. Boot 3. Forward 4. Terminate

  36. ίϯςφΛ॥؀ͤ͞Δʂ wίϯςφ͸ɺඞཁͳ࣌ʹ͔͠ىಈͤ͞ͳ͍ʂ
 ˠϗεταʔόͷϦιʔεΛඞཁҎ্ʹ࢖Θͳ͍ͷͰɺଟ͘ͷϢʔβ ༷ʹఏڙ͢Δ͜ͱ͕Ͱ͖ΔΑ͏ʹʂ wίϯςφͷʮੜଘ࣌ؒʯΛ۠੾ͬͯఏڙ͢Δʂ
 ˠίϯςφʹೖΕସ͑Λڧ੍ͤ͞ɺৗʹ৽͘͠อͨͤΔ͜ͱͰɺ
 ΞοϓάϨʔυɺΦʔτεέʔϧΛ༰қʹ࣮ݱͰ͖Δʂ ˠ΋ͬͱշదͳ؀ڥʹʂ

  37. ݚڀ։ൃͷͱΓ͘Έ ͷ

  38. IUUQTSBOEQFQBCPDPN

  39. ΞʔΩςΫνϟ౳ ࿦จԽ

  40. αʔϏεͰ࢖ٕͬͨज़Λ࿦จʹ wɹɹɹɹɹɹɹɹɹɹɹͰ͸ɺ
 ݚڀ։ൃͱࣄۀߩݙͷؔΘΓΛେࣄʹ͍ͯ͠·͢ wྫ͑͹'BTU$POUBJOFS
 w044΋࿦จʹ)BDPOJXB

  41. None

  42. ىಈߴ଎Խ $3*6

  43. ΑΓշదͳίϯςφΛɻ w$3*6 $IFDLQPJOUBOE3FTUPSF*O6TFSTQBDF Λ༻͍ͯɺ
 ىಈ్தͷϓϩηεͷνΣοΫϙΠϯτΛ࡞੒ɺىಈΛߴ଎Խ͢Δ
 ݚڀΛਐΊ͍ͯ·͢ɻ w$IFDLQPJOU3FTUPSF$3*6͸֤ॴͰݚڀ͕ਐΜͰ͍·͕͢ɺ
 TFDDPNQͱQUSBDFΛ૊Έ߹Θͤɺ೚ҙͷϓϩηεΛىಈߴ଎Խ͢Δ
 ख๏Λ΍͍ͬͯͬͯ·͢ʂ IUUQTICNBUTVNPUPSKQFOUSZ

  44. ·ͱΊ

  45. ։ൃऀ༷͕։ൃʹ ूத͢ΔͨΊʹ શྗΛਚ͍ͯ͘͠·͢ʂ ͸

  46. 1MFBTF "TLUIF4QFBLFS

  47. ϓϥοτϑΥʔϜΛʮ࡞ͬͯʯΈ·ͤΜ͔ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU IUUQIBUFOBOFXTDPNBSUJDMFT