Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Higobashi.aws 第7回 AWS コンテナ実践勉強会 低レイヤー視点から読み解くコン...

Yuji Shimoda
October 24, 2018
Technology
7
2.1k

Higobashi.aws 第7回 AWS コンテナ実践勉強会 低レイヤー視点から読み解くコンテナ入門

2018年10月25日に開催したHIGOBASHI.AWS ( https://classmethod.connpass.com/event/103495/ ) の発表資料です

Yuji Shimoda

October 24, 2018
Tweet

More Decks by Yuji Shimoda

See All by Yuji Shimoda
チームの課題をサーバーレスで解決 Backlog と Zendesk の繋ぎ方
yuji_shimoda
1
1.9k
チームの課題をサーバーレスで解決 プロジェクト管理ツール「Backlog」とカスタマーサービスシステム「Zendesk」の繋ぎ方
yuji_shimoda
0
2.3k
higobashi.aws 第1回 AWS re:Invent 2017 報告会 AWS Fargate と ECS タスクネットワークのご紹介
yuji_shimoda
0
980

Other Decks in Technology

See All in Technology
SRE×AIOpsを始めよう!GuardDutyによるお手軽脅威検出
amixedcolor
0
120
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
SREによる隣接領域への越境とその先の信頼性
shonansurvivors
2
520
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
110
Terraform CI/CD パイプラインにおける AWS CodeCommit の代替手段
hiyanger
1
240
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
410
プロダクト活用度で見えた真実 ホリゾンタルSaaSでの顧客解像度の高め方
tadaken3
0
100
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
170
ドメイン名の終活について - JPAAWG 7th -
mikit
33
20k
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
590
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
350
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
430

Featured

See All Featured
Into the Great Unknown - MozCon
thekraken
32
1.5k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
890
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
Ruby is Unlike a Banana
tanoku
97
11k
Adopting Sorbet at Scale
ufuk
73
9.1k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
93
16k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Agile that works and the tools we love
rasmusluckow
327
21k
The Language of Interfaces
destraynor
154
24k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k

Transcript

  1. )JHPCBTIJBXT  Լా༞࢜ ௿ϨΠϠʔࢹ఺͔ΒಡΈղ͘ίϯςφೖ໳

  2. ຊ೔ͷςʔϚ  

  3. 8IPBSFZPV   ೥݄Ϋϥεϝιουೖࣾ "84࢖༻ྺ͸ɺΫϥεϝιουࡏ੶ظؒͱಉ͡ େख4*FSʢ6/*9Ծ૝Խ੡඼୲౰ʣͰ೥ؒ΄Ͳ
 αϙʔτΤϯδχΞΛ΍ͬͯ·ͨ͠ɻ %FWFMPQFST*0Ͱ͸ɺίϯςφपΓͷهࣄΛࣥච͢Δ ͜ͱ͕ଟ͍Ͱ͢ɻ ࠷ۙ͸ɺ$PEF#VJMEͱٔΕΔ͜ͱ͕ଟ͍Ͱ͢ɻ

    Լాɹ༞࢜ʢࡀʣ

  4. ࠓ೔͓࿩͢Δ͜ͱ   ؆୯ͳ Docker ͷ֓ཁͳͲ Docker ίϯςφ͕ͲͷΑ͏ͳٕज़Λ࢖͍ͬͯΔ͔ ͬ͘͟Γͱͨ͠ OSʢLinuxʣͷىಈϓϩηε

    ECS ͷλεΫωοτϫʔΫʢawsvpcʣͷ঺հͳͲ

  5. ࠓ೔͓࿩͠ͳ͍͜ͱ   Docker ͷ࣮૷ʹؔ͢ΔৄࡉͳͲ docker ΍ Linux ؔ࿈ίϚϯυͷ࢖͍ํ΍ৄࡉͳͲ Docker

    volume ΍ docker-compose ͳͲωοτϫʔΫҎ֎ͷػೳͳͲ

  6. "HFOEB   ίϯςφ֓ཁ ௿ϨΠϠʔࢹ఺͔ΒಡΈղ͘ίϯςφ Φʔόʔϔουฤ ωοτϫʔΫฤ ·ͱΊ


  7.   ίϯςφ֓ཁ

  8. 8IBUJTB$POUBJOFS  

  9. ʢ%PDLFSʣίϯςφͱ͸ʁ   ΞϓϦέʔγϣϯΛ࣮ߦ͢ΔͨΊʹඞཁͳ΋ͷΛશؚͯΉ
 ܰྔ͔ͭελϯυΞϩϯͰ࣮ߦՄೳͳιϑτ΢ΣΞύοέʔδ ίʔυ ϥϯλΠϜ γεςϜπʔϧ γεςϜϥΠϒϥϦ ઃఆϑΝΠϧ

    etc… Ծ૝Խ؀ڥͷఏڙܗଶͷ̍ͭ

  10. %PDLFSͱ͸ʁ   Docker Inc. ͕ OSS Ͱ։ൃ͢ΔίϯςφϓϥοτϑΥʔϜ͓Αͼ
 ιϑτ΢ΣΞͷ૯শʢDocker Enterprise,Desktop,Hub

    ͳͲ͕͋Δʣ Linux ίϯςφΤϯδϯͷ̍ͭʢଞʹ rkt ΍ɺrunc ͳͲ͕͋Δʣ GoݴޠͰॻ͔Ε͓ͯΓɺLinux ͷػೳΛར༻͢ΔԾ૝Խιϑτ΢ΣΞ namespacesʢpid,net,ipc,mnt,uts ͳͲ໊લۭؒΛ෼཭͢Δػೳʣ cgroupsʢcontrol groups ͷུশͰɺϦιʔεΛ੍ݶ͢Δػೳʣ UnionFSʢϨΠϠΛ࡞੒͢Δ͜ͱʹΑͬͯಈ࡞͢ΔϑΝΠϧγεςϜʣ

  11. ίϯςφͱԾ૝Ϛγϯͷൺֱ   https://www.docker.com/resources/what-container

  12. %PDLFSίϯςφԽʹΑΔϝϦοτ   ΞϓϦέʔγϣϯͷϙʔλϏϦςΟʢՄൖੑʣ Քಇ͢ΔγεςϜ΁ͷґଘੑΛഉআͯ͠ɺՄൖੑΛ֫ಘ͢Δ ΞϓϦέʔγϣϯͷεέʔϥϏϦςΟʢ֦ுੑʣ ෳ਺ͷγεςϜʹίϯςφͷෳ੡Λ഑ஔ͢Δ͜ͱͰɺ֦ுੑΛ֫ಘ͢Δ ։ൃ؀ڥߏஙίετͷ࡟ݮ ΦϯσϚϯυʹར༻͢Δ؀ڥʢαʔϏεʣΛଈ࠲ʹ༻ҙ͢Δ

  13.   ௿ϨΠϠʔࢹ఺͔ΒಡΈղ͘ίϯςφ Φʔόʔϔουฤ

  14. -JOVYΧʔωϧ͸ڞ௨ιϑτ΢ΣΞ   Linux ͸ڱٛʹ͸ɺΧʔωϧͰ͋Γ޿ٛʹ͸ OS Ͱ͋Δ LinuxσΟετϦϏϡʔγϣϯʢҎԼɺdistroʣͷར༻͕Ұൠత Amazon Linux

    Red Hat Enterprise Linux Ubuntu Desktop/Server etc… Linux Χʔωϧ͸ɺجຊతʹڞ௨ιϑτ΢ΣΞ ΞʔΩςΫνϟ͕ಉ͡ͳΒ͹ɺҟͳΔ distro ্Ͱಉ͡ΞϓϦ͕ಈ࡞Մ
 ʢABI ޓ׵ੑ͕͋Δ৔߹ʣ

  15. ίϯςφͰ৭ʑͳEJTUSPΛىಈͨ͠ࡍͷΠϝʔδਤ   Ծ૝Ϛγϯಉ༷ʹɺίϯςφͰ΋ҎԼͷΑ͏ͳ͜ͱ͕ग़དྷ·͢ ͨͩ͠ɺDocker Ͱ͸ҟͳΔΞʔΩςΫνϟͷΠϝʔδ͸࣮ߦෆՄ
 ʢԾ૝Ϛγϯͷ৔߹ɺCPUΤϛϡϨʔγϣϯͰ࣮ߦՄೳ -JOVYΧʔωϧΛར༻ Ϣʔβʔϥϯυʢ˞ʣΛ
 ࠩ͠ସ͍͑ͯΔ͚ͩ


    ʢ˞ΧʔωϧҎ֎ʣ

  16. -JOVY͕αϙʔτ͢ΔΞʔΩςΫνϟ   ΞʔΩςΫνϟ͸ɺCPU ͷछྨʢx86,arm,ia64 ͳͲʣΛ͍ࣔͯ͠Δ ࢀরɿhttps://github.com/torvalds/linux/tree/master/arch

  17. Ծ૝Ϛγϯͱൺֱͯ͠࡟ݮ͞ΕΔΦʔόʔϔου   ໢ཏతʹઆ໌͠·ͤΜ͕ɺ෼͔Γ΍͍͢ͱ͜ΖͰήετOS ͕ෆཁͱͳΔ

  18. ήετ04ʢYʣͷϒʔτϓϩηε   ҎԼ͸ɺͬ͘͟Γͱͨ͠આ໌Ͱ͢ɻ BIOS POST or EFI ͷॳظԽޙɺϒʔτϩʔμʔʢGRUBͳͲʣΛىಈ ϦΞϧϞʔυ͔ΒϓϩςΫτϞʔυʹҠߦʢλεΫ΍อޢػೳͷ༗ޮԽ

    ϒʔτϩʔμʔ͕ΧʔωϧΛ෺ཧϝϞϦ্ʹల։ Χʔωϧىಈ४උʢϖʔδςʔϒϧ࡞੒ɺΧʔωϧελοΫॳظԽ౳ʣ ΧʔωϧىಈʢCPUʹՐΛೖΕͯɺ֤ϋʔυ΢ΣΞͷॳظԽ౳ʣ init ʢPID 1ʣϓϩηεΛੜ੒ ελʔτΞοϓεΫϦϓτΛىಈ͠ɺ֤छαʔϏεΛىಈͤ͞Δ ࢀߟɿXv6, a simple Unix-like teaching operating system
 https://pdos.csail.mit.edu/6.828/2012/xv6.html

  19.   ௿ϨΠϠʔࢹ఺͔ΒಡΈղ͘ίϯςφ ωοτϫʔΫฤ

  20. ʢ&$4ͷʣ%PDLFS/FUXPSLʹ͍ͭͯ   ECS ͷλεΫఆٛύϥϝʔλʔͰαϙʔτ͞ΕΔωοτϫʔΫϞʔυ bridge host awsvpc ʢຊࢿྉ಺Ͱɺ؆୯ʹ঺հ͠·͢ʣ noneʢຊࢿྉͰ͸આ໌͠·ͤΜʣ

  21. CSJEHFOFUXPSLʢΠϝʔδਤʣ   -JOVYϒϦοδ
 ʢEPDLFSʣ Ծ૝&UIFSOFU
 ʢίϯςφ಺෦ͷFUIʣ /FUXPSL/BNFTQBDF
 ίϯςφຖʹ࡞੒ (MPCBM/BNFTQBDF

    WFUIQBJS
 ʢ-"/έʔϒϧΈ͍ͨͳ΋ͷʣ

  22. /FUXPSL/BNFTQBDFͱ͸ʁ   Linux ͷωοτϫʔΫۭؒΛԾ૝తʹ෼ׂ͢Δػೳ ωοτϫʔΫ໊લۭؒʢҎԼɺnetnsʣ͸ɺԼهͷΑ͏ͳ
 γεςϜϦιʔεͷ෼཭ػೳΛఏڙ͠ UNIX υϝΠϯΛִ཭͠·͢ɻ ωοτϫʔΫσΠόε

    IPv4/IPv6 ϓϩτίϧελοΫ IP ϧʔςΟϯάςʔϒϧ ϑΝΠΞ΢Υʔϧɾϧʔϧ /proc/net σΟϨΫτϦʢ/proc/PID/net ΁ͷγϯϘϦοΫϦϯΫʣ /sys/class/net σΟϨΫτϦ /proc/sys/net ഑Լͷ֤छϑΝΠϧ ϙʔτ൪߸ (sockets) ෺ཧωοτϫʔΫσόΠε͸ɺ1ͭͷ netns ʹॴଐͰ͖Δ Ծ૝ωοτϫʔΫσόΠεɾϖΞʢveth pairʣ͸ɺผͷ netns ʹ
 ॴଐ͢Δ෺ཧωοτϫʔΫσόΠε΁ͷϒϦοδΛ࡞੒͢ΔͨΊʹ
 ֤ netns ؒͷ L2 τϯωϧʢύΠϓͷΑ͏ͳந৅ԽʣػೳΛఏڙ 
 NETWORK_NAMESPACES(7) Linux Programmer's Manual 
 http://man7.org/linux/man-pages/man7/network_namespaces.7.html

  23. %PDLFSΠϯετʔϧલޙͰ֬ೝͯ͠Έͨ   $ brctl show bridge name bridge id

    STP enabled interfaces %PDLFSΠϯετʔϧલʢCSJEHFVUJMTΛΠϯετʔϧ͓ͯ͘͠ʣ %PDLFSΠϯετʔϧޙ $ brctl show bridge name bridge id STP enabled interfaces docker0 8000.024271457a61 no %PDLFSʢOHJOYʣίϯςφىಈޙ $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES efa1e165e8e7 nginx "nginx -g 'daemon of…" 2 days ago Up 2 days 0.0.0.0:8080->80/tcp elegant_cori $ brctl show bridge name bridge id STP enabled interfaces docker0 8000.024271457a61 no veth3fc628b

  24. %PDLFSΠϯετʔϧલޙͰ֬ೝͯ͠Έͨʢଓ͖ʣ   $ docker network inspect bridge | jq

    ".[].Containers" { "efa1e165e8e7fe4dc924d5da4ea6a5c083ba87064e2abb89ba1b71ba351bb40c": { "Name": "elegant_cori", "EndpointID": "e5c3325faeea2a57fc16f6835add9c99268849de38389264942f0ae36419180f", "MacAddress": “02:42:ac:11:00:02",ɹ★ίϯςφʹׂΓ౰ͯΒΕͨ eth0 ͷ MAC ΞυϨε "IPv4Address": “172.17.0.2/16",ɹɹɹ★ ίϯςφ eth0 ʹׂΓ౰ͯΒΕͨ IP ΞυϨε "IPv6Address": "" } } $ ip add show dev docker0 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:71:45:7a:61 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 ★ Linux Bridge(docker0) ͷ IP ΞυϨε : $ ping -I docker0 -c 1 172.17.0.2ɹ★ΠϯλʔϑΣΠε(docker0)Λࢦఆͯ͠ɺίϯςφͷ eth0 ʹ ping Λ࣮ߦ PING 172.17.0.2 (172.17.0.2) from 172.17.0.1 docker0: 56(84) bytes of data. 64 bytes from 172.17.0.2: icmp_seq=1 ttl=255 time=0.043 ms --- 172.17.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms $ arp -a ip-172-31-16-1.ap-northeast-1.compute.internal (172.31.16.1) at 06:e7:bc:91:cc:b2 [ether] on eth0 ip-172-17-0-2.ap-northeast-1.compute.internal (172.17.0.2) at 02:42:ac:11:00:02 [ether] on docker0ɹ★ ίϯςφͷ eth0 MAC Addr %PDLFSϗετʢ&$4Πϯελϯεʣ͔Βίϯςφ΁ͷૄ௨֬ೝ

  25. Ͳ͏΍ͬͯ%PDLFSϗετ֎෦ͱ௨৴͢Δͷʁ   $ sudo iptables -S -P INPUT ACCEPT

    -P FORWARD DROP -P OUTPUT ACCEPT -N DOCKER -N DOCKER-ISOLATION-STAGE-1 -N DOCKER-ISOLATION-STAGE-2 -N DOCKER-USER -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION-STAGE-1 -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o docker0 -j DOCKER -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT ★Ѽઌ͕ίϯςφΞυϨεͷύέοτ͸సૹ -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2 -A DOCKER-ISOLATION-STAGE-1 -j RETURN -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP -A DOCKER-ISOLATION-STAGE-2 -j RETURN -A DOCKER-USER -j RETURN JQUBCMFTͷϧʔϧʹै͍ɺίϯςφѼͷύέοτΛసૹ͍ͯ͠Δ

  26. IPTUOFUXPSLʢΠϝʔδਤʣ   (MPCBM/BNFTQBDF ίϯςφͷ Network Namespace ͸
 ࡞੒ͤͣʹɺGlobal Namespace

    ಺Ͱ
 ίϯςφϓϩηεΛىಈ͢Δ͚ͩ bridge network ͱൺֱͨ͠৔߹ɺ
 ωʔϜεϖʔεؒͷ IP సૹॲཧ͕
 ෆཁͳͨΊΦʔόʔϔου͕গͳ͍ ͨͩ͠ɺListen Port ͕ڝ߹͢ΔͨΊ
 Port#80 Ͱ଴ͪड͚Δ Web ίϯςφ
 Λෳ਺ىಈ͢Δ͜ͱ͸ग़དྷͳ͍

  27. ίϯςφΛىಈͯ֬͠ೝͯ͠ΈΔ   $ docker run --rm -d --net=host nginx

    33f02f44760359b8c4a6ac3870ba1c5991977557daf95450988ab2fa41d852c3 $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 33f02f447603 nginx "nginx -g 'daemon of…" 4 seconds ago Up 4 seconds epic_liskov $ docker network inspect host | jq ".[].Containers" { "33f02f44760359b8c4a6ac3870ba1c5991977557daf95450988ab2fa41d852c3": { "Name": "epic_liskov", "EndpointID": "1d978b7bfa67fcd260ed830407d1371596b1bbac6ead9183a4e2f1e6345abe92", "MacAddress": "", "IPv4Address": "", "IPv6Address": "" } } $ sudo lsof -i:80 lsof: no pwd entry for UID 101 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 5157 root 6u IPv4 58496 0t0 TCP *:http (LISTEN) lsof: no pwd entry for UID 101 nginx 5183 101 6u IPv4 58496 0t0 TCP *:http (LISTEN) %PDLFSϗετͷ1PSUͰOHJOYϓϩηε͕-*45&/

  28. 5BTLOFUXPSLJOH BXTWQDOFUXPSLNPEF   amazon-ecs-agent/eni.md at master · aws/amazon-ecs-agent https://github.com/aws/amazon-ecs-agent/blob/master/proposals/eni.md

    AWS Fargate Ͱ།Ұαϙʔτ͞ΕΔ
 ωοτϫʔΫϞʔυ ٕज़తʹ͸ɺLinux ωοτϫʔΫ namespace ͱ ENI ͷ૊Έ߹Θͤ CNI(Container Networking Interface)ͷ࢓༷ʹج͖ͮɺ
 ECS CNI ϓϥάΠϯ͕։ൃ͞Ε͍ͯΔ aws/amazon-ecs-cni-plugins: Networking Plugins repository for ECS Task Networking 
 https://github.com/aws/amazon-ecs-cni-plugins

  29. ৄղɿ"NB[PO&$4ͷλεΫωοτϫʔΫ   ࢀߟࢿྉʣৄղ: Amazon ECSͷλεΫωοτϫʔΫ | Amazon Web Services

    ϒϩά 
 https://aws.amazon.com/jp/blogs/news/under-the-hood-task-networking-for-amazon-ecs/

  30. FDTUBTLOFUXPSLʢΠϝʔδਤʣ   /FUXPSL/BNFTQBDF
 ίϯςφຖʹ࡞੒ (MPCBM/BNFTQBDF

  31. λεΫωοτϫʔΫʹΑΔϝϦοτɾσϝϦοτ   ϝϦοτ Bridge ωοτϫʔΫͷΑ͏ͳɺιϑτ΢ΣΞΦʔόʔϔου͕ແ͍ ίϯςφϓϩηε͸ɺωʔϜεϖʔεʹׂ౰ͯΒΕͨ ENI Λ௚઀ 


    LISTEN ͢ΔͨΊɺHost ωοτϫʔΫಉ౳ͱͳΔ λεΫʢίϯςφʣຖʹαʔϏεͰඞཁͱͳΔ࠷খݶͷϙʔτઃఆΛ
 ηΩϡϦςΟάϧʔϓʹߏ੒͢ΔͨΊ؅ཧ͕γϯϓϧʹͳΔ σϝϦοτ ECS ΠϯελϯεͷλΠϓʹΑΓɺίϯςφىಈՄೳ਺͕ҟͳΔ
 ʢEC2 ͷ੍ݶͱͯ͠ɺENI Λߏ੒Մೳͳ࠷େ਺͕λΠϓຖʹҟͳΔͨΊ
 Elastic Network Interface - Amazon Elastic Compute Cloud 
 https://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI

  32. λεΫωοτϫʔΫPO&$ߏஙखॱͷ͝঺հʢʣ   $ ip addr show | grep eth[0-1]

    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000 inet 172.31.21.5/20 brd 172.31.31.255 scope global eth0 10: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000 inet 172.31.64.128/24 brd 172.31.64.255 scope global eth1 લఏ৚݅ʣ༧ΊFUIΛΞλον͍ͯ͠Δ͜ͱ $ sudo -s # ip netns # ip netns add task # ip netns task ωοτϫʔΫωʔϜεϖʔεUBTLΛ࡞੒ # ip link set eth1 down # ip addr show dev eth1 10: eth1: <BROADCAST,MULTICAST> mtu 9001 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether 06:8b:5f:7c:82:94 brd ff:ff:ff:ff:ff:ff inet 172.31.64.128/24 brd 172.31.64.255 scope global eth1 valid_lft forever preferred_lft forever # ip link set eth1 netns task # ip addr show dev eth1 Device "eth1" does not exist. FUIΛUBTLωʔϜεϖʔεʹׂΓ౰ͯΔ

  33. λεΫωοτϫʔΫPO&$ߏஙखॱͷ͝঺հʢʣ   # ip netns exec task ip addr

    show dev eth1 10: eth1: <BROADCAST,MULTICAST> mtu 9001 qdisc noop state DOWN group default qlen 1000 link/ether 06:8b:5f:7c:82:94 brd ff:ff:ff:ff:ff:ff # ip netns exec task ip link set eth1 up # ip netns exec task ip addr show dev eth1 10: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000 link/ether 06:8b:5f:7c:82:94 brd ff:ff:ff:ff:ff:ff inet6 fe80::48b:5fff:fe7c:8294/64 scope link valid_lft forever preferred_lft forever UBTLωʔϜεϖʔε಺ͷFUIΛMJOLVQͤ͞Δ # ip netns exec task ip addr add 172.31.64.128/24 dev eth1 # ip netns exec task ip addr show dev eth1 10: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000 link/ether 06:8b:5f:7c:82:94 brd ff:ff:ff:ff:ff:ff inet 172.31.64.128/24 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::48b:5fff:fe7c:8294/64 scope link valid_lft forever preferred_lft forever # ip netns exec task ip route 172.31.64.0/24 dev eth1 proto kernel scope link src 172.31.64.128 # ip netns exec task ip route add default via 172.31.64.1 dev eth1 # ip netns exec task ip route default via 172.31.64.1 dev eth1 172.31.64.0/24 dev eth1 proto kernel scope link src 172.31.64.128 FUIͷ*1͓ΑͼϧʔςΟϯάΛద੾ʹઃఆ

  34. ·ͱΊ   Bridge IP సૹॲཧʹ൐͏Φʔόʔϔου͸͋Δ΋ͷͷɺ໾ׂ͕ಉ͡ίϯςφΛ
 ू໿͢Δ৔߹͸બ୒͢Δඞཁ͋Γ Host ιϑτ΢ΣΞΦʔόʔϔου͸ແ͍͕ɺϙʔτ͕ڝ߹͢ΔͨΊ
 ໾ׂ͕ಉ͡ίϯςφΛू໿͢Δ͜ͱ͸Ͱ͖ͳ͍

    awsvpc Bridge/Host ωοτϫʔΫͷ֤՝୊Λղܾͨ͠ωοτϫʔΫߏ੒ λεΫωοτϫʔΫͰͷίϯςφىಈ਺͕ ENI ͷ੍ݶ஋ʢΠϯελϯε λΠϓຖͷ ENI ࠷େ਺ʣͱͳΔ͕ɺ஫ҙ఺Λ཈͑ͯੵۃతʹར༻͍ͨ͠

  35. ࠷ޙʹ   
 ࢓૊ΈΛ஌Δ͜ͱͰɺԼهͷΑ͏ͳ৔߹ʹ໾ཱͭͱࢥ͍·͢ɻ ো֐ൃੜ࣌ͷτϥϒϧγϡʔςΟϯά΍ௐࠪɾରԠ౳ ίϯςφ͸ɺԾ૝Խ؀ڥఏڙܗଶͷ̍ͭ ؾෛΘͣʹؾܰʹར༻͢Ε͹ྑ͍ͱࢥ͍·͢ɻ Docker ֮͑ͨΒྑ͍͜ͱ͋ΔΑ

    CodeBuild + ECR ͷ૊Έ߹ΘͤͰʢׂͱʣ৭ʑͳ͜ͱ͕Ͱ͖·͢ɻ Let's Enjoy Container !!
  36. None