Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers
Search
KONDO Uchio
June 16, 2018
Technology
0
3.3k
ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers
@PHPカンファレンス福岡 2018
(スポンサートークです!)
https://phpcon.fukuoka.jp/2018/
KONDO Uchio
June 16, 2018
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.4k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
250
Narrative of Ruby & Rust
udzura
0
220
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.7k
Talk of RBS
udzura
0
450
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
780
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
730
Device access filtering in cgroup v2
udzura
1
910
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
830
Other Decks in Technology
See All in Technology
さくらのIaaS基盤のモニタリングとOpenTelemetry/OSC Hokkaido 2025
fujiwara3
2
250
AWS Summit Japan 2025 Community Stage - App workflow automation by AWS Step Functions
matsuihidetoshi
1
310
Amazon S3標準/ S3 Tables/S3 Express One Zoneを使ったログ分析
shigeruoda
5
590
生成AI開発案件におけるClineの業務活用事例とTips
shinya337
0
180
AI専用のリンターを作る #yumemi_patch
bengo4com
4
2k
OPENLOGI Company Profile for engineer
hr01
1
33k
5min GuardDuty Extended Threat Detection EKS
takakuni
0
180
Node-RED × MCP 勉強会 vol.1
1ftseabass
PRO
0
180
CursorによるPMO業務の代替 / Automating PMO Tasks with Cursor
motoyoshi_kakaku
2
800
MUITにおける開発プロセスモダナイズの取り組みと開発生産性可視化の取り組みについて / Modernize the Development Process and Visualize Development Productivity at MUIT
muit
0
140
SpringBoot x TestContainerで実現するポータブル自動結合テスト
demaecan
0
120
Core Audio tapを使ったリアルタイム音声処理のお話
yuta0306
0
150
Featured
See All Featured
The Language of Interfaces
destraynor
158
25k
[RailsConf 2023] Rails as a piece of cake
palkan
55
5.6k
Fireside Chat
paigeccino
37
3.5k
Bash Introduction
62gerente
614
210k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
107
19k
How to train your dragon (web standard)
notwaldorf
94
6.1k
Art, The Web, and Tiny UX
lynnandtonic
299
21k
Being A Developer After 40
akosma
90
590k
Scaling GitHub
holman
459
140k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
500
4 Signs Your Business is Dying
shpigford
184
22k
The Straight Up "How To Draw Better" Workshop
denniskardys
234
140k
Transcript
ۙ౻͏͓ͪ(.01FQBCP *OD 1)1ΧϯϑΝϨϯεԬ ϩϦϙοϓʂ ϚωʔδυΫϥυΛࢧ͑Δ ίϯςφٕज़ͷશͯ
γχΞɾϓϦϯγύϧ ۙ౻͏͓ͪ!VE[VSB (.0ϖύϘɹٕज़෦ɹٕज़ج൫νʔϜ IUUQTCMPHVE[VSBKQ
'VLVPLBSC ! ԙϖύες (.0ϖύϘԬࢧࣾ'
None
<?php
None
IUUQTNDMPMJQPQKQ
Λ❗ Λ❗
8PSE1SFTTͳΒҰॠʂ 1)1ڥ͙͢ʹʂ 44)Ͱ͖Δʂ ಠࣗυϝΠϯγϡοͱʂ ແྉͰ5-4ରԠʂ
None
ίϯςφ
Linux containers, in short, contain applications in a way that
keep them isolated from the host system that they run on. IUUQTPQFOTPVSDFDPNSFTPVSDFTXIBUBSFMJOVYDPOUBJOFST
ίϯςφΛ͏ཧ༝ Ͱ
։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠
αʔόͰۤ࿑ͨ͘͠ͳ͍ʂ wϛυϧΣΞͳͲΛࣗͰೖΕΔͷ᠘ଟͯ͘େม wಥવෛՙ͕ߴ·ͬͨΒͲ͏͠Α͏ʁ w৭ʑͳ੬ऑੑ͕ग़͖ͯͯΔ͚ͲɺͲ͏ରॲ͢Ε͍͍ͷʁ
ίϯςφͷಛ wίϯςφϙʔλϒϧ wˠඞཁͳͷʮશ෦ೖΓʯͷڥΛ͝ఏڙʂ wίϯςφىಈɾఀࢭ͕ߴ wˠඞཁʹԠͯ͡ͷىಈʢΦʔτεέʔϧʣ͍ʂ wˠෆཁͳ߹ͪΌΜͱఀࢭͯ͠ɺඅ༻͕͔͔Γ͗͢ͳ͍Α͏ʹ wˠίϯςφͷΞοϓάϨʔυɾೖΕସ͑࠶ىಈૉૣ͘ʂ
ίϯςφӡ༻ ϖύϘʹ͓ͤʂ
ίϯςφͷಛ ͷ
օ༷ʹͱͬͯίϯςφͱ
ίϯςφͷ͞Βʹਂ͍
ಛघͳϓϩηεͷ࡞ΓํΛ͢Δ
ʮίϯςφؔ࿈ػೳʯΛ༗ޮʹ cgroup Linux Namespace Capability chroot/ pivot_root seccomp
ίϯςφ ϓϩηε
ϓϩηε ؆୯ʹ࡞ΕΔ
ίϯςφ ࡞ΕΔʂ
։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠ "HBJO
࠷ߴʹूதͰ͖Δ ίϯςφڥΛʂ
Haconiwa
)BDPOJXBͷΈ w-JOVYͷ༷ʑͳίϯςφػೳΛΈ߹ΘͤՄೳͳϥϯλΠϜ wγεςϜίʔϧΛɺɹɹɹɹΛܦ༝੍ͯ͠ޚͰ͖ΔΑ͏ʹ͠ɺ %4-ʹΑΓػೳͷΈ߹Θͤɺ༷ʑͳΠϕϯτʹԠͨ͡ϑοΫॲཧ Λهड़Ͱ͖Δɻ
ਤղ Linux Kernel mruby gems Haconiwa DSL Containers Syscalls: *
chroot * mount * prctl * unshare * setns * (cgroup op) * seccomp * setuid * setgid * ...... mruby-dir mruby-linux-namespace mruby-cgroup mruby-seccomp ...... sample.haco
Կ͕خ͍͠ʁ
৽͍͠ ίϯςφΞʔΩςΫνϟ
ίϯςφͱ͍͑Ͳɺ͍͠՝ w ͓٬༷ڥΛͳΔ͘շదɺ͔ͭߴूੵʹ ूੵΛߴ͘͠ͳ͚Εɺݱ࣮తͳ͓ஈͰఏڙ͠ଓ͚Δ͜ͱ͕Ͱ͖ ͳ͍ʂɹͦΕͰɺշదͰͳ͍ڥʹͨ͘͠ͳ͍ʂ w ίϯςφͱ͍͑ɺӡ༻ʹ͠ͳ͍ͱߴ͡Όͳ͍ ىಈɺఀࢭɺεέʔϧΞτͳͲΛ͍͍ͪͪखಈͰ͍ͬͯͯ ঢ়گʹԠͯ͡ͳΊΒ͔ʹίϯςφͷΛม͑ΒΕͳ͍͔ʁ
'BTU$POUBJOFS ΞʔΩςΫνϟ
ਤղ Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌
FastContainer Killed 1. Check 2. Boot 3. Forward 4. Terminate
ίϯςφΛ॥ͤ͞Δʂ wίϯςφɺඞཁͳ࣌ʹ͔͠ىಈͤ͞ͳ͍ʂ ˠϗεταʔόͷϦιʔεΛඞཁҎ্ʹΘͳ͍ͷͰɺଟ͘ͷϢʔβ ༷ʹఏڙ͢Δ͜ͱ͕Ͱ͖ΔΑ͏ʹʂ wίϯςφͷʮੜଘ࣌ؒʯΛ۠ͬͯఏڙ͢Δʂ ˠίϯςφʹೖΕସ͑Λڧ੍ͤ͞ɺৗʹ৽͘͠อͨͤΔ͜ͱͰɺ ΞοϓάϨʔυɺΦʔτεέʔϧΛ༰қʹ࣮ݱͰ͖Δʂ ˠͬͱշదͳڥʹʂ
ݚڀ։ൃͷͱΓ͘Έ ͷ
IUUQTSBOEQFQBCPDPN
ΞʔΩςΫνϟ จԽ
αʔϏεͰٕͬͨज़Λจʹ wɹɹɹɹɹɹɹɹɹɹɹͰɺ ݚڀ։ൃͱࣄۀߩݙͷؔΘΓΛେࣄʹ͍ͯ͠·͢ wྫ͑'BTU$POUBJOFS w044จʹ)BDPOJXB
None
ىಈߴԽ $3*6
ΑΓշదͳίϯςφΛɻ w$3*6 $IFDLQPJOUBOE3FTUPSF*O6TFSTQBDF Λ༻͍ͯɺ ىಈ్தͷϓϩηεͷνΣοΫϙΠϯτΛ࡞ɺىಈΛߴԽ͢Δ ݚڀΛਐΊ͍ͯ·͢ɻ w$IFDLQPJOU3FTUPSF$3*6֤ॴͰݚڀ͕ਐΜͰ͍·͕͢ɺ TFDDPNQͱQUSBDFΛΈ߹ΘͤɺҙͷϓϩηεΛىಈߴԽ͢Δ ख๏Λ͍ͬͯͬͯ·͢ʂ IUUQTICNBUTVNPUPSKQFOUSZ
·ͱΊ
։ൃऀ༷͕։ൃʹ ूத͢ΔͨΊʹ શྗΛਚ͍ͯ͘͠·͢ʂ
1MFBTF "TLUIF4QFBLFS
ϓϥοτϑΥʔϜΛʮ࡞ͬͯʯΈ·ͤΜ͔ ࠷৽ͷ࠾༻ใΛνΣοΫˠ !QC@SFDSVJU IUUQIBUFOBOFXTDPNBSUJDMFT