Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers

Avatar for KONDO Uchio KONDO Uchio
June 16, 2018
Technology
0
3.5k

ロリポップ!マネージドクラウドを支えるコンテナ技術 / lolipop-mc-containers

@PHPカンファレンス福岡 2018
(スポンサートークです!)

https://phpcon.fukuoka.jp/2018/

Avatar for KONDO Uchio

KONDO Uchio

June 16, 2018
Tweet

More Decks by KONDO Uchio

See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
Avatar for KONDO Uchio udzura
5
2.5k
Ruby x BPF in Action / RubyKaigi 2022
Avatar for KONDO Uchio udzura
0
270
Narrative of Ruby & Rust
Avatar for KONDO Uchio udzura
0
250
開発者生産性指標の可視化 / pepabo-four-keys
Avatar for KONDO Uchio udzura
3
1.8k
Talk of RBS
Avatar for KONDO Uchio udzura
0
470
Re: みなさん最近どうですか? / FGN tech meetup in 2021
Avatar for KONDO Uchio udzura
0
820
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
Avatar for KONDO Uchio udzura
2
760
Device access filtering in cgroup v2
Avatar for KONDO Uchio udzura
1
970
"Story of Rucy" on RubyKaigi takeout 2021
Avatar for KONDO Uchio udzura
0
870

Other Decks in Technology

See All in Technology
SQLだけでマイグレーションしたい!
Avatar for MakKi makki_d
0
1.2k
ソフトウェアエンジニアとAIエンジニアの役割分担についてのある事例
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
0
280
AWSに革命を起こすかもしれない新サービス・アップデートについてのお話
Avatar for Yuuki Yamashita yama3133
0
510
100以上の新規コネクタ提供を可能にしたアーキテクチャ
Avatar for yu-kioo ooyukioo
0
260
ペアーズにおけるAIエージェント 基盤とText to SQLツールの紹介
Avatar for Hikaru Sasamoto hisamouna
2
1.7k
TED_modeki_共創ラボ_20251203.pdf
Avatar for AIxIoTビジネス共創ラボ iotcomjpadmin
0
150
"人"が頑張るAI駆動開発
Avatar for yoko yokomachi
1
620
通勤手当申請チェックエージェント開発のリアル
Avatar for WHIsaiyo whisaiyo
3
470
MySQLとPostgreSQLのコレーション / Collation of MySQL and PostgreSQL
Avatar for とみたまさひろ tmtms
1
1.2k
AI駆動開発の実践とその未来
Avatar for Ikko Eltociear Ashimine eltociear
2
500
『君の名は』と聞く君の名は。 / Your name, you who asks for mine.
Avatar for NTT docomo Business nttcom
1
120
AR Guitar: Expanding Guitar Performance from a Live House to Urban Space
Avatar for Ekito ekito_station
0
240

Featured

See All Featured
Jess Joyce - The Pitfalls of Following Frameworks
Avatar for Tech SEO Connect techseoconnect
PRO
1
31
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
225
10k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1032
470k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
Avatar for Ines Montani inesmontani
PRO
3
2k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
Avatar for David Carrasco davidcarrasco
0
22
More Than Pixels: Becoming A User Experience Designer
Avatar for Michelle Schulp Hunt marktimemedia
2
260
Applied NLP in the Age of Generative AI
Avatar for Ines Montani inesmontani
PRO
3
2k
A brief & incomplete history of 
UX Design for the World Wide Web: 1989–2019
Avatar for Jason CranfordTeague jct
1
270
Color Theory Basics | Prateek | Gurzu
Avatar for Gurzu gurzu
0
150
Abbi's Birthday
Avatar for Violet Bock coloredviolet
0
3.8k
Neural Spatial Audio Processing for Sound Field Analysis and Control
Avatar for NII S. Koyama's Lab skoyamalab
0
130

Transcript

  1. ۙ౻͏͓ͪ(.01FQBCP *OD 1)1ΧϯϑΝϨϯε෱Ԭ ϩϦϙοϓʂ ϚωʔδυΫϥ΢υΛࢧ͑Δ ίϯςφٕज़ͷશͯ

  2. γχΞɾϓϦϯγύϧ ۙ౻͏͓ͪ!VE[VSB (.0ϖύϘɹٕज़෦ɹٕज़ج൫νʔϜ IUUQTCMPHVE[VSBKQ

  3. 'VLVPLBSC ! ԙϖύες (.0ϖύϘ෱Ԭࢧࣾ'

  4. None

  5. <?php

  6. None

  7. IUUQTNDMPMJQPQKQ

  8. Λ❗ Λ❗

  9. 8PSE1SFTTͳΒҰॠʂ 1)1؀ڥ΋͙͢ʹʂ 44)΋Ͱ͖Δʂ ಠࣗυϝΠϯ΋γϡοͱʂ ແྉͰ5-4ରԠ΋ʂ

  10. None

  11. ίϯςφ

  12. Linux containers, in short, contain applications in a way that

    keep them isolated from the host system that they run on. IUUQTPQFOTPVSDFDPNSFTPVSDFTXIBUBSFMJOVYDPOUBJOFST

  13. ίϯςφΛ࢖͏ཧ༝ Ͱ

  14. ։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠

  15. αʔόͰۤ࿑ͨ͘͠ͳ͍ʂ wϛυϧ΢ΣΞͳͲΛࣗ෼ͰೖΕΔͷ͸᠘΋ଟͯ͘େม wಥવෛՙ͕ߴ·ͬͨΒͲ͏͠Α͏ʁ w৭ʑͳ੬ऑੑ͕ग़͖ͯͯΔ͚ͲɺͲ͏ରॲ͢Ε͹͍͍ͷʁ

  16. ίϯςφͷಛ௃ wίϯςφ͸ϙʔλϒϧ wˠඞཁͳ΋ͷʮશ෦ೖΓʯͷ؀ڥΛ͝ఏڙʂ wίϯςφ͸ىಈɾఀࢭ͕ߴ଎ wˠඞཁʹԠͯ͡ͷىಈʢΦʔτεέʔϧʣ΋଎͍ʂ wˠෆཁͳ৔߹͸ͪΌΜͱఀࢭͯ͠ɺඅ༻͕͔͔Γ͗͢ͳ͍Α͏ʹ wˠίϯςφͷΞοϓάϨʔυɾೖΕସ͑࠶ىಈ΋ૉૣ͘ʂ

  17. ίϯςφӡ༻͸ ϖύϘʹ͓೚ͤʂ

  18. ίϯςφͷಛ௃ ͷ

  19. օ༷ʹͱͬͯίϯςφͱ͸

  20. ίϯςφͷ͞Βʹਂ͍࿩

  21. ಛघͳϓϩηεͷ࡞ΓํΛ͢Δ

  22. ʮίϯςφؔ࿈ػೳʯΛ༗ޮʹ cgroup Linux Namespace Capability chroot/ pivot_root seccomp

  23. ίϯςφ͸ ϓϩηε

  24. ϓϩηε͸ ؆୯ʹ࡞ΕΔ

  25. ίϯςφ͸ ࡞ΕΔʂ

  26. ։ൃऀ༷ʹ ΞϓϦέʔγϣϯʹ ूத͍͖͍ͯͨͩͨ͠ "HBJO

  27. ࠷ߴʹूதͰ͖Δ ίϯςφ؀ڥΛʂ

  28. Haconiwa

  29. )BDPOJXBͷ࢓૊Έ w-JOVYͷ༷ʑͳίϯςφػೳΛ૊Έ߹ΘͤՄೳͳϥϯλΠϜ wγεςϜίʔϧ౳ΛɺɹɹɹɹΛܦ༝੍ͯ͠ޚͰ͖ΔΑ͏ʹ͠ɺ
 %4-ʹΑΓػೳͷ૊Έ߹Θͤ΍ɺ༷ʑͳΠϕϯτʹԠͨ͡ϑοΫॲཧ Λهड़Ͱ͖Δɻ

  30. ਤղ Linux Kernel mruby gems Haconiwa DSL Containers Syscalls: *

    chroot * mount * prctl * unshare * setns * (cgroup op) * seccomp * setuid * setgid * ...... mruby-dir mruby-linux-namespace mruby-cgroup mruby-seccomp ...... sample.haco

  31. Կ͕خ͍͠ʁ

  32. ৽͍͠ ίϯςφΞʔΩςΫνϟ

  33. ίϯςφͱ͍͑Ͳ΋ɺ೉͍͠՝୊ w ͓٬༷؀ڥΛͳΔ΂͘շదɺ͔ͭߴूੵʹ
 ूੵ཰Λߴ͘͠ͳ͚Ε͹ɺݱ࣮తͳ͓஋ஈͰఏڙ͠ଓ͚Δ͜ͱ͕Ͱ͖ ͳ͍ʂɹͦΕͰ΋ɺշదͰͳ͍؀ڥʹ͸ͨ͘͠ͳ͍ʂ w ίϯςφͱ͸͍͑ɺӡ༻ʹ޻෉͠ͳ͍ͱߴ଎͡Όͳ͍
 ىಈɺఀࢭɺεέʔϧΞ΢τͳͲΛ͍͍ͪͪखಈͰ΍͍ͬͯͯ͸
 ঢ়گʹԠͯ͡ͳΊΒ͔ʹίϯςφͷ਺Λม͑ΒΕͳ͍͔ʁ

  34. 'BTU$POUBJOFS ΞʔΩςΫνϟ

  35. ਤղ Web Proxy Web Request Dispatcher FastContainer Runtime CMDB ❌

    FastContainer Killed 1. Check 2. Boot 3. Forward 4. Terminate

  36. ίϯςφΛ॥؀ͤ͞Δʂ wίϯςφ͸ɺඞཁͳ࣌ʹ͔͠ىಈͤ͞ͳ͍ʂ
 ˠϗεταʔόͷϦιʔεΛඞཁҎ্ʹ࢖Θͳ͍ͷͰɺଟ͘ͷϢʔβ ༷ʹఏڙ͢Δ͜ͱ͕Ͱ͖ΔΑ͏ʹʂ wίϯςφͷʮੜଘ࣌ؒʯΛ۠੾ͬͯఏڙ͢Δʂ
 ˠίϯςφʹೖΕସ͑Λڧ੍ͤ͞ɺৗʹ৽͘͠อͨͤΔ͜ͱͰɺ
 ΞοϓάϨʔυɺΦʔτεέʔϧΛ༰қʹ࣮ݱͰ͖Δʂ ˠ΋ͬͱշదͳ؀ڥʹʂ

  37. ݚڀ։ൃͷͱΓ͘Έ ͷ

  38. IUUQTSBOEQFQBCPDPN

  39. ΞʔΩςΫνϟ౳ ࿦จԽ

  40. αʔϏεͰ࢖ٕͬͨज़Λ࿦จʹ wɹɹɹɹɹɹɹɹɹɹɹͰ͸ɺ
 ݚڀ։ൃͱࣄۀߩݙͷؔΘΓΛେࣄʹ͍ͯ͠·͢ wྫ͑͹'BTU$POUBJOFS
 w044΋࿦จʹ)BDPOJXB

  41. None

  42. ىಈߴ଎Խ $3*6

  43. ΑΓշదͳίϯςφΛɻ w$3*6 $IFDLQPJOUBOE3FTUPSF*O6TFSTQBDF Λ༻͍ͯɺ
 ىಈ్தͷϓϩηεͷνΣοΫϙΠϯτΛ࡞੒ɺىಈΛߴ଎Խ͢Δ
 ݚڀΛਐΊ͍ͯ·͢ɻ w$IFDLQPJOU3FTUPSF$3*6͸֤ॴͰݚڀ͕ਐΜͰ͍·͕͢ɺ
 TFDDPNQͱQUSBDFΛ૊Έ߹Θͤɺ೚ҙͷϓϩηεΛىಈߴ଎Խ͢Δ
 ख๏Λ΍͍ͬͯͬͯ·͢ʂ IUUQTICNBUTVNPUPSKQFOUSZ

  44. ·ͱΊ

  45. ։ൃऀ༷͕։ൃʹ ूத͢ΔͨΊʹ શྗΛਚ͍ͯ͘͠·͢ʂ ͸

  46. 1MFBTF "TLUIF4QFBLFS

  47. ϓϥοτϑΥʔϜΛʮ࡞ͬͯʯΈ·ͤΜ͔ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU IUUQIBUFOBOFXTDPNBSUJDMFT