$30 off During Our Annual Pro Sale. View Details »

Securing CI/CD Systems Through eBPF (recap)

whywaita
PRO
November 24, 2022
Technology
0
550

Securing CI/CD Systems Through eBPF (recap)

Talked by https://k8sjp.connpass.com/event/264501/

whywaita
PRO

November 24, 2022
Tweet

More Decks by whywaita

See All by whywaita
GitHub Actions runner基盤におけるオンプレミスマルチテナントアプリケーションの運用 #CADC2022
whywaita
PRO
0
160
Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with your shoes. #cndjp
whywaita
PRO
0
4
イベント企画運営の経験と実際 / The history of organizing events by me
whywaita
PRO
0
1
CyberAgent における OSS の CI/CD 基盤開発 myshoes #CICD2021
whywaita
PRO
0
0
#今日の食神 #dentoolt / today's shokujinjp
whywaita
PRO
0
0
Prometheus monitoring from outside of Kubernetes
 〜どうして我々はKubernetes上のPrometheusを破壊したのか〜 #prometheustokyo
whywaita
PRO
0
1

Other Decks in Technology

See All in Technology
電子証明書でデバイス認証を強化せよ
matsujirushi
0
120
Redshift ServerlessとProvisioned Cluster のちょっとした違い
mashiike
0
170
OCI Search Service with OpenSearch ご紹介/search-service-overview
oracle4engineer
PRO
0
330
Node-RED で GCP IoT Core でつないでた仕組みを Azure IoT にライトにつなぎ変えてみる試行錯誤
1ftseabass
PRO
0
100
カンファレンス主催者から見た プロポーザルを通すコツ / How to hack the CfP
tomzoh
6
730
Make time count with Wear OS 🤖⌚️
moyheen
3
180
一人でも小さく始められるGoogle Cloudで実現するほぼサーバレスなデータ基盤 / Serverless Dataplatform for Google Cloud
shinyorke
0
170
エムスリーデジスマ診療チーム紹介資料 / Introduction of M3 DigiKar Smart Development Team
m3_engineering
1
250
システム開発の基礎〜システム開発の全体像を捉えるV字モデル
haru860
6
1.2k
ローコードツールを用いてチーム全員で自動テスト導入 -mabl で自動テスト-
jkubota
0
420
Next.jsチョットデキル!サイトの規模やページ特性に合わせた開発テクニック
hanetsuki
2
1.3k
Dojo 20221130 Searching famous Malware
ichikawayasuhisa
0
110

Featured

See All Featured
StorybookのUI Testing Handbookを読んだ
zakiyama
7
3k
Gamification - CAS2011
davidbonilla
75
4k
The Cult of Friendly URLs
andyhume
68
5k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
12
1.1k
Designing for humans not robots
tammielis
244
24k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
6
770
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
3
490
GraphQLの誤解/rethinking-graphql
sonatard
36
7.6k
It's Worth the Effort
3n
174
26k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
351
21k
What’s in a name? Adding method to the madness
productmarketing
11
1.8k
Large-scale JavaScript Application Architecture
addyosmani
499
110k

Transcript

  1. 4FDVSJOH$*$%4ZTUFNT 5ISPVHIF#1' ,VCFSOFUFT.FFUVQ5PLZP ,VCF$PO/"3FDBQ $ZCFS"HFOU *ODத੢ ݐొ XIZXBJUB

  2. த੢ ݐొ XIZXBJUB  $MPVE.BLFSBU$ZCFS"HFOU *OD  ϓϥΠϕʔτΫϥ΢υ *BB4 

    ϚωʔδυαʔϏε։ൃ TFMGIPTUFESVOOFSJO(JU)VC"DUJPOT  XIZXBJUBNZTIPFT044EFWFMPQFS  झຯࣗ୐αʔό ,T!IPNF ϙʔΧʔ  ,VCF$POॳࢀઓ ॳւ֎  ೖࠃΠϯλϏϡʔͰҰഊ 5IBOLZPVBNTZ😭

  3. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1'

  4. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1' • CZ"MFY*MHBZFW $ZDPEF ◦ IUUQTDZDPEFDPN • IUUQTTDIFEDP"V[ • IUUQTXXXZPVUVCFDPNXBUDI

    WQD#(3'W4SW : • $*$%ΛηΩϡΞʹߦ͏ͨΊʹF#1'Λར༻͢ΔࢼΈ

  5. • &YUFOEFE#FSLFMFZ1BDLFU'JMUFS • -JOVY,FSOFMͷ4BOECPYͰίʔυΛ࣮ߦ͢Δ࢓૊ ◦ ϦίϯύΠϧෆཁ Ͱ ҆શ ͔ͭ ߴ଎

    • /FUXPSL 0CTFSWBCJMJUZͷར༻ࣄྫ͕ଟΊ ◦ ,VCFSOFUFT$/* .POJUPSJOH"HFOU લఏ஌ࣝF#1'

  6. • &YUFOEFE#FSLFMFZ1BDLFU'JMUFS • -JOVY,FSOFMͷ4BOECPYͰίʔυΛ࣮ߦ͢Δ࢓૊ ◦ ϦίϯύΠϧෆཁ Ͱ ҆શ ͔ͭ ߴ଎

    • /FUXPSL 0CTFSWBCJMJUZͷར༻ࣄྫ͕ଟΊ ◦ ,VCFSOFUFT$/*$JMJVN ◦ .POJUPSJOH"HFOUEBUBEPHBHFOU FCQG@FYQPSUFS લఏ஌ࣝF#1'

  7. IUUQTUXJUUFSDPNHSBGBOBTUBUVT લఏ஌ࣝF#1'

  8. IUUQTHSBGBOBDPNCMPHHSBGBOBBOEDJMJVNEFFQFCQGQPXFSFEPCTFSWBCJMJUZGPSLVCFSOFUFTBOEDMPVE OBUJWFJOGSBTUSVDUVSF લఏ஌ࣝF#1'

  9. ຊ୊

  10. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1' • $*$%ʹ͓͚ΔηΩϡϦςΟࣄҊ ◦ 4PMBS8JOETॺ໊෇͖ϑΝΠϧͷॻ׵ ◦ $PEF$PWCBTIJOTUBMMFSͷॻ׵ ◦ /1. 1Z1*αϓϥΠνΣʔϯΞλοΫ

    • $*$%πʔϧ ͷηΩϡϦςΟରࡦ͸೉͍͠ ◦ ڧݖݶ شൃ͢Δ؀ڥ ௿Մ؍ଌੑ

  11. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1' • ఏҊ$*$%΁F#1'ϕʔεͳ"HFOUͷಋೖ • XIZF#1' ◦ ؆୯ʹՄ؍ଌੑͱηΩϡϦςΟχʔζΛߴΊΒΕΔ ◦ ࠷৽ΧʔωϧͰಈ࡞͢Δ ◦

    ڧྗͳίϛϡχςΟͱπʔϧ • $JMJVN5FUSBHPOͷ࠾༻

  12. • F#1'CBTFE 4FDVSJUZ0CTFSWBCJMJUZ ηΩϡϦςΟͷՄ؍ଌੑ BOE 3VOUJNF&OGPSDFNFOU ϦΞϧλΠϜ࣮ߦ੍ޚ • ੨ࢁ͞ΜʹΑΔ೔ຊޠهࣄ $JMJVN1SPKFDU͔Βެ։ʂ

    F#1'Λ༻͍ͯηΩϡϦςΟͷՄ؍ଌੑΛ΋ͨΒ͢5FUSBHPOcHJIZPKQ $JMJVN5FUSBHPO IUUQTHJUIVCDPNDJMJVNUFUSBHPO ͔Θ͍͍ˠ

  13. $JMJVN5FUSBHPO

  14. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1' • $*$%γεςϜʹ$JMJVN5FUSBHPOΛಋೖ ◦ $*$%γεςϜʹ͓͚Δzಈ࡞Λ؍ଌ͢Δ ◦ ϓϩηε ίωΫγϣϯ ϑΝΠϧ *0৘ใ

    • 5FUSBHPO࠾༻ཧ༝ ◦ LQSPCFΛ࢝Ίͱͯ͠ଟ͘ͷσʔλ͕औಘՄೳ ◦ LTҎ֎ͷ؀ڥͰ΋ಈ࡞͢Δ

  15. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1'

  16. 1P$ͷ࣮૷಺༰ʹ͍ͭͯ • Ϗϧυ؀ڥͷ0CTFSWBMJCJUZ ◦ ϓϩηε ઀ଓઌυϝΠϯ *1 • ιʔείʔυͷ׬શੑ֬อ ◦

    HPϑΝΠϧͷॻ׵Λ؂ࢹ • ௨৴ઌͷ੍ޚ ◦ ڐՄͯ͠ͳ͍*1υϝΠϯ΁ͷ઀ଓՄ൱ • (JU)VC"DUJPOT্Ͱಈ࡞͢ΔΑ͏ߏஙࡁ

  17. 1P$ͷ࣮૷಺༰ʹ͍ͭͯ

  18. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1' HJUDMPOF࣌ͷ HJUIVCDPN΁ͷ઀ଓ UDQ@DPOOFDU ΛUSBDJOH͢Δ͜ͱͰ؍ଌ੒ޭ

  19. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1' TFUVQHP಺Ͱ࣮ߦ͞Ε͍ͯΔ ϓϩηε৘ใͷ؍ଌ੒ޭ

  20. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1' • σϞ ◦ Ϗϧυதͷ HPϑΝΠϧͷॻ׵ 4*(,*-- ◦ ڐՄ͍ͯ͠ͳ͍*1΁ͷ௨৴ 4*(,*--

    ◦ ڐՄ͍ͯ͠ͳ͍ϓϩηεͷੜ੒ 4*(,*--

  21. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1' • σϞ ◦ Ϗϧυதͷ HPϑΝΠϧͷॻ׵ 4*(,*-- ◦ ڐՄ͍ͯ͠ͳ͍*1΁ͷ௨৴ 4*(,*--

    ◦ ڐՄ͍ͯ͠ͳ͍ϓϩηεͷੜ੒ 4*(,*--

  22. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1'

  23. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1' • σϞ ◦ Ϗϧυதͷ HPϑΝΠϧͷॻ׵ 4*(,*-- ◦ ڐՄ͍ͯ͠ͳ͍*1΁ͷ௨৴ 4*(,*--

    ◦ ڐՄ͍ͯ͠ͳ͍ϓϩηεͷੜ੒ 4*(,*--

  24. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1' (JU)VC"DUJPOT্ͷઃఆϑΝΠϧ͔Β $JMJVN5FUSBHPOͷઃఆΛੜ੒

  25. ·ͱΊ • F#1' $JMJVN5FUSBHPO͸ύϫϑϧͳςΫϊϩδʔ • $*$%͸F#1'ʹΑͬͯ͞ΒʹηΩϡΞʹͳΔ • ࠓޙ͸1P$Ͱ࢖ͬͨ"HFOUΛ044Խ༧ఆ ◦ ͞Εͯ·ͨ͠

    IUUQTHJUIVCDPN$ZDPEF-BCTFCQGBHFOUBDUJPO • $POUSJCVUF଴ͬͯΔΑʂ

  26. ײ૝ • 5FUSBHPOͷڧྗ͞Λेೋ෼ʹ׆͔͢ൃද ◦ 0CTFSWBCJMJUZ 3VOUJNF&OGPSDFNFOU ◦ ϕετϑΟοτ • ʮؾΛ͚ͭΔʯҎ্ͷ͜ͱ͕ग़དྷΔΑ͏ʹ

    ◦ $*$%ͷΑ͏ʹʮॏཁ͚ͩͲ޻਺ׂ͕͔Εʹ͍͘ʯ෺͸ ಛʹ͜ͷΑ͏ͳऔΓ૊Έ͕ඞཁʹͳΓͦ͏

  27. αΠόʔΤʔδΣϯτͰͷऔΓ૊Έ ϓϥΠϕʔτΫϥ΢υͰͷ(JU)VC"DUJPOTج൫Λ ։ൃɾӡ༻த IUUQTXXXTMJEFTIBSFOFUXIZXBJUBEFWFMPQNFOUNZTIPFTBOEQSPWJEFDZDMPVEIPTUFESVOOFSHJUIVCBDUJPOT XJUIZPVSTIPFT

  28. αΠόʔΤʔδΣϯτͰͷऔΓ૊Έ IUUQTXXXTMJEFTIBSFOFUXIZXBJUBEFWFMPQNFOUNZTIPFTBOEQSPWJEFDZDMPVEIPTUFESVOOFSHJUIVCBDUJPOT XJUIZPVSTIPFT ಈతͳTFMGIPTUFESVOOFS XIZXBJUBNZTIPFT

  29. 4FDVSJOH$*$%4ZTUFNT5ISPVHIF#1'

  30. αΠόʔΤʔδΣϯτͰͷऔΓ૊Έ IUUQTXXXTMJEFTIBSFOFUXIZXBJUBEFWFMPQNFOUNZTIPFTBOEQSPWJEFDZDMPVEIPTUFESVOOFSHJUIVCBDUJPOT XJUIZPVSTIPFT ಈతͳ TFMGIPTUFESVOOFS XIZXBJUBNZTIPFT .BOBHFE 1P$"HFOU4FSWFS

  31. Q?