Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for KONDO Uchio KONDO Uchio
June 16, 2018
Technology
0
3.6k

ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers

@PHPカンファレンス福岡 2018
(スポンサートークです!)

https://phpcon.fukuoka.jp/2018/

Avatar for KONDO Uchio

KONDO Uchio

June 16, 2018
Tweet

More Decks by KONDO Uchio

See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
Avatar for KONDO Uchio udzura
5
2.5k
Ruby x BPF in Action / RubyKaigi 2022
Avatar for KONDO Uchio udzura
0
290
Narrative of Ruby & Rust
Avatar for KONDO Uchio udzura
0
260
開発者生産性指標の可視化 / pepabo-four-keys
Avatar for KONDO Uchio udzura
3
1.8k
Talk of RBS
Avatar for KONDO Uchio udzura
0
490
Re: みなさん最近どうですか? / FGN tech meetup in 2021
Avatar for KONDO Uchio udzura
0
840
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
Avatar for KONDO Uchio udzura
2
800
Device access filtering in cgroup v2
Avatar for KONDO Uchio udzura
1
990
"Story of Rucy" on RubyKaigi takeout 2021
Avatar for KONDO Uchio udzura
0
900

Other Decks in Technology

See All in Technology
【PHPerKaigi2026】OpenTelemetry SDKを使ってPHPでAPMを自作する
Avatar for Futoshi Endo fendo181
1
290
Bill One 開発エンジニア 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
5
18k
「コントロールの三分法」で考える「コト」への向き合い方 / phperkaigi2026
Avatar for blue_goheimochi blue_goheimochi
0
180
品質を経営にどう語るか #jassttokyo / Communicating the Strategic Value of Quality to Executive Leadership
Avatar for kyonmm kyonmm
PRO
3
1.2k
スピンアウト講座03_CLAUDE-MDとSKILL-MD
Avatar for overflow ,Inc overflowinc
0
1.3k
【AWS】CloudTrail LakeとCloudWatch Logs Insightsの使い分け方針
Avatar for Yuma Tsurugasaki tsurunosd
0
120
君はジョシュアツリーを知っているか?名前をつけて事象を正しく認識しよう / Do you know Joshua Tree?
Avatar for Y-KANOH ykanoh
4
130
【社内勉強会】新年度からコーディングエージェントを使いこなす - 構造と制約で引き出すClaude Codeの実践知
Avatar for nwiizo nwiizo
24
12k
GitHub Copilot CLI で Azure Portal to Bicep
Avatar for Yuta Matsumura tsubakimoto_s
0
200
DDD×仕様駆動で回す高品質開発のプロセス設計
Avatar for Koichiro Matsuoka littlehands
6
2.4k
イベントで大活躍する電子ペーパー名札を作る(その2) 〜 M5PaperとM5PaperS3 〜 / IoTLT @ JLCPCB オープンハードカンファレンス
Avatar for you(@youtoy) you
PRO
0
210
開発チームとQAエンジニアの新しい協業モデル -年末調整開発チームで実践する【QAリード施策】-
Avatar for kaomi kaomi_wombat
0
240

Featured

See All Featured
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.7k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
55
8k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
55
3.3k
エンジニアに許された特別な時間の終わり
Avatar for watany watany
106
240k
Deep Space Network (abreviated)
Avatar for Tony Rice tonyrice
0
96
Code Review Best Practice
Avatar for Trisha Gee trishagee
74
20k
WENDY [Excerpt]
Avatar for Tessa Abrams tessaabrams
9
37k
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
135
9.8k
How to audit for AI Accessibility on your Front & Back End
Avatar for davetheseo davetheseo
0
220
Darren the Foodie - Storyboard
Avatar for Kevinho.art khoart
PRO
3
3k
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
Avatar for Sara Fernández Carmona sarafernandez
0
150
30 Presentation Tips
Avatar for Ian Lurie portentint
PRO
1
260

Transcript

  1. ۙ౻͏͓ͪ(.01FQBCP *OD 1)1ΧϯϑΝϨϯε෱Ԭ ϩϦϙοϓʂ ϚωʔδυΫϥ΢υΛࢧ͑Δ ίϯςφٕज़ͷશͯ

  2. γχΞɾϓϦϯγύϧ ۙ౻͏͓ͪ!VE[VSB (.0ϖύϘɹٕज़෦ɹٕज़ج൫νʔϜ IUUQTCMPHVE[VSBKQ

  3. 'VLVPLBSC ! ԙϖύες (.0ϖύϘ෱Ԭࢧࣾ'

  4. None

  5. <?php

  6. None

  7. IUUQTNDMPMJQPQKQ

  8. Λ❗ Λ❗

  9. 8PSE1SFTTͳΒҰॠʂ 1)1؀ڥ΋͙͢ʹʂ 44)΋Ͱ͖Δʂ ಠࣗυϝΠϯ΋γϡοͱʂ ແྉͰ5-4ରԠ΋ʂ

  10. None

  11. ίϯςφ

  12. Linux containers, in short, contain applications in a way that

    keep them isolated from the host system that they run on. IUUQTPQFOTPVSDFDPNSFTPVSDFTXIBUBSFMJOVYDPOUBJOFST

  13. ίϯςφΛ࢖͏ཧ༝ Ͱ

  14. ։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠

  15. αʔόͰۤ࿑ͨ͘͠ͳ͍ʂ wϛυϧ΢ΣΞͳͲΛࣗ෼ͰೖΕΔͷ͸᠘΋ଟͯ͘େม wಥવෛՙ͕ߴ·ͬͨΒͲ͏͠Α͏ʁ w৭ʑͳ੬ऑੑ͕ग़͖ͯͯΔ͚ͲɺͲ͏ରॲ͢Ε͹͍͍ͷʁ

  16. ίϯςφͷಛ௃ wίϯςφ͸ϙʔλϒϧ wˠඞཁͳ΋ͷʮશ෦ೖΓʯͷ؀ڥΛ͝ఏڙʂ wίϯςφ͸ىಈɾఀࢭ͕ߴ଎ wˠඞཁʹԠͯ͡ͷىಈʢΦʔτεέʔϧʣ΋଎͍ʂ wˠෆཁͳ৔߹͸ͪΌΜͱఀࢭͯ͠ɺඅ༻͕͔͔Γ͗͢ͳ͍Α͏ʹ wˠίϯςφͷΞοϓάϨʔυɾೖΕସ͑࠶ىಈ΋ૉૣ͘ʂ

  17. ίϯςφӡ༻͸ ϖύϘʹ͓೚ͤʂ

  18. ίϯςφͷಛ௃ ͷ

  19. օ༷ʹͱͬͯίϯςφͱ͸

  20. ίϯςφͷ͞Βʹਂ͍࿩

  21. ಛघͳϓϩηεͷ࡞ΓํΛ͢Δ

  22. ʮίϯςφؔ࿈ػೳʯΛ༗ޮʹ cgroup Linux Namespace Capability chroot/ pivot_root seccomp

  23. ίϯςφ͸ ϓϩηε

  24. ϓϩηε͸ ؆୯ʹ࡞ΕΔ

  25. ίϯςφ͸ ࡞ΕΔʂ

  26. ։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠ "HBJO

  27. ࠷ߴʹूதͰ͖Δ ίϯςφ؀ڥΛʂ

  28. Haconiwa

  29. )BDPOJXBͷ࢓૊Έ w-JOVYͷ༷ʑͳίϯςφػೳΛ૊Έ߹ΘͤՄೳͳϥϯλΠϜ wγεςϜίʔϧ౳ΛɺɹɹɹɹΛܦ༝੍ͯ͠ޚͰ͖ΔΑ͏ʹ͠ɺ
 %4-ʹΑΓػೳͷ૊Έ߹Θͤ΍ɺ༷ʑͳΠϕϯτʹԠͨ͡ϑοΫॲཧ Λهड़Ͱ͖Δɻ

  30. ਤղ Linux Kernel mruby gems Haconiwa DSL Containers Syscalls: *

    chroot * mount * prctl * unshare * setns * (cgroup op) * seccomp * setuid * setgid * ...... mruby-dir mruby-linux-namespace mruby-cgroup mruby-seccomp ...... sample.haco

  31. Կ͕خ͍͠ʁ

  32. ৽͍͠ ίϯςφΞʔΩςΫνϟ

  33. ίϯςφͱ͍͑Ͳ΋ɺ೉͍͠՝୊ w ͓٬༷؀ڥΛͳΔ΂͘շదɺ͔ͭߴूੵʹ
 ूੵ཰Λߴ͘͠ͳ͚Ε͹ɺݱ࣮తͳ͓஋ஈͰఏڙ͠ଓ͚Δ͜ͱ͕Ͱ͖ ͳ͍ʂɹͦΕͰ΋ɺշదͰͳ͍؀ڥʹ͸ͨ͘͠ͳ͍ʂ w ίϯςφͱ͸͍͑ɺӡ༻ʹ޻෉͠ͳ͍ͱߴ଎͡Όͳ͍
 ىಈɺఀࢭɺεέʔϧΞ΢τͳͲΛ͍͍ͪͪखಈͰ΍͍ͬͯͯ͸
 ঢ়گʹԠͯ͡ͳΊΒ͔ʹίϯςφͷ਺Λม͑ΒΕͳ͍͔ʁ

  34. 'BTU$POUBJOFS ΞʔΩςΫνϟ

  35. ਤղ Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌

    FastContainer Killed 1. Check 2. Boot 3. Forward 4. Terminate

  36. ίϯςφΛ॥؀ͤ͞Δʂ wίϯςφ͸ɺඞཁͳ࣌ʹ͔͠ىಈͤ͞ͳ͍ʂ
 ˠϗεταʔόͷϦιʔεΛඞཁҎ্ʹ࢖Θͳ͍ͷͰɺଟ͘ͷϢʔβ ༷ʹఏڙ͢Δ͜ͱ͕Ͱ͖ΔΑ͏ʹʂ wίϯςφͷʮੜଘ࣌ؒʯΛ۠੾ͬͯఏڙ͢Δʂ
 ˠίϯςφʹೖΕସ͑Λڧ੍ͤ͞ɺৗʹ৽͘͠อͨͤΔ͜ͱͰɺ
 ΞοϓάϨʔυɺΦʔτεέʔϧΛ༰қʹ࣮ݱͰ͖Δʂ ˠ΋ͬͱշదͳ؀ڥʹʂ

  37. ݚڀ։ൃͷͱΓ͘Έ ͷ

  38. IUUQTSBOEQFQBCPDPN

  39. ΞʔΩςΫνϟ౳ ࿦จԽ

  40. αʔϏεͰ࢖ٕͬͨज़Λ࿦จʹ wɹɹɹɹɹɹɹɹɹɹɹͰ͸ɺ
 ݚڀ։ൃͱࣄۀߩݙͷؔΘΓΛେࣄʹ͍ͯ͠·͢ wྫ͑͹'BTU$POUBJOFS
 w044΋࿦จʹ)BDPOJXB

  41. None

  42. ىಈߴ଎Խ $3*6

  43. ΑΓշదͳίϯςφΛɻ w$3*6 $IFDLQPJOUBOE3FTUPSF*O6TFSTQBDF Λ༻͍ͯɺ
 ىಈ్தͷϓϩηεͷνΣοΫϙΠϯτΛ࡞੒ɺىಈΛߴ଎Խ͢Δ
 ݚڀΛਐΊ͍ͯ·͢ɻ w$IFDLQPJOU3FTUPSF$3*6͸֤ॴͰݚڀ͕ਐΜͰ͍·͕͢ɺ
 TFDDPNQͱQUSBDFΛ૊Έ߹Θͤɺ೚ҙͷϓϩηεΛىಈߴ଎Խ͢Δ
 ख๏Λ΍͍ͬͯͬͯ·͢ʂ IUUQTICNBUTVNPUPSKQFOUSZ

  44. ·ͱΊ

  45. ։ൃऀ༷͕։ൃʹ ूத͢ΔͨΊʹ શྗΛਚ͍ͯ͘͠·͢ʂ ͸

  46. 1MFBTF "TLUIF4QFBLFS

  47. ϓϥοτϑΥʔϜΛʮ࡞ͬͯʯΈ·ͤΜ͔ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU IUUQIBUFOBOFXTDPNBSUJDMFT