Downloaded 30 times
![フロントエンド
Load balancer
Runtime
Database
API
Endpoint
永続
ストレージ
Local Container
Cache
Monitoring Service
SCM
Container
App
Container
アプリへの
リクエスト
SSH
Proxy
• Exposeしたポートは[ア
プリ設定] > [環境変数]
のWEBSITES_PORTで明
示的に指定できる](https://image.slidesharecdn.com/techsummit2017pdfdep005-171116035106/85/Japan-Tech-summit-2017-DEP-005-39-320.jpg)
![[Japan Tech summit 2017] DEP 005](https://image.slidesharecdn.com/techsummit2017pdfdep005-171116035106/85/Japan-Tech-summit-2017-DEP-005-73-320.jpg)
More Related Content
![[Japan Tech summit 2017] DAL 003](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdal003-171115033147-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DEP 006](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdep006-171116035106-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 009](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec009-171116035457-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] CLD 006](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfcld006-171115032103-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 004](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec004-171116035501-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DEP 008](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdep008-171116035107-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] PRD 007](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfprd007-171115033456-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DAL 001](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdal001-171115033146-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DEP 009](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdep009-171116035108-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 006](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec006-171116035456-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] CLD 019](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfcld019-171115032130-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 011](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec011-171127040529-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DAL 005](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdal005-171127040522-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] APP 001](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfapp001-171115031546-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DEP 007](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdep007-171116035105-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] CLD 013](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfcld013-171115032120-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] CLD 008](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfcld008-171115032110-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DAL 006](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdal006-171115033148-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] CLD 011](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfcld011-171115032116-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] CLD 015](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfcld015-171115032124-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] CLD 014](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfcld014-171115032121-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DEP 02](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdep002-171116035109-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] CLD 007](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfcld007-171115032107-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DAL 004](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdal004-171115033144-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] CLD 003](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfcld003-171115032051-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] APP 006](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfapp006-171127040530-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] CLD 009](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfcld009-171115032113-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SPL 002](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfspl002-171116035845-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] PRD 005](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfprd005-171116071452-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] MAI 003](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfmai003-171116035458-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SPL 004](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfspl004-171116035845-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DEP 001](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdep001-171116035108-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] MAI 005](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfmai005-171116071451-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SPL 005](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfspl005-171116035846-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] APP 003](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfapp003-171115031648-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Azure Deep Dive] クラウド デザイン パターン ~優れたシステム構築のためのガイダンス~](https://cdn.slidesharecdn.com/ss_thumbnails/200151004madcdp-151216090016-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DEP 003](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdep003-171116035105-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] MAI 008](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfmai008-171115034115-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] DAL 008](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfdal008-171115033146-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] MAI 006](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfmai006-171115034124-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] MAI 001](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfmai001-171115034129-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 007](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec007-171116035457-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to [Japan Tech summit 2017] DEP 005
![[Japan Tech summit 2017] SEC 010](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec010-171127040527-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] MAI 007](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfmai007-171127040526-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 012](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec012-171116071451-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] PRD 011](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfprd011-171116071451-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 005](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec005-171116035502-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 003](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec003-171116035500-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] PRD 001](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfprd001-171116035459-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 001](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec001-171116035455-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] MAI 002](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfmai002-171115034129-thumbnail.jpg?width=640&height=640&fit=bounds)
[Japan Tech summit 2017] DEP 005
- 1. Microsoft Tech Summit2017本情報の内容(添付文書、リンク先などを含む)は、Microsoft Tech Summit 2017 開催日(2017 年 11 月 8日 - 9 日)時点のものであり、予告なく変更される場合があります。
- 2. { “名前” : “真壁徹(まかべ とおる)”, “所属” : “日本マイクロソフト株式会社”, “役割” : “クラウド ソリューションアーキテクト”, “経歴” : “大和総研 HP Enterprise”, “特技” : “クラウド & オープンソース” }
- 3.
- 4.
- 5.
- 7.
- 11. コンテナー = Dockerと考えてOK? なにやら界隈が騒がしいけど
- 12. runC (OCI) containerd (CNCF)CRI-O CRI-containerd Docker Engine Kubernetes & Tools Docker Image Format Orchestrators/Tools (Docker Based)
- 13. Docker Platform Specific Platform Independent Linux Control Groups cgroups Namespaces Pid,net, ipc, mnt, uts Layer Capabilities Union Filesystems: AUFS, btrfs, vfs, zfs*,DeviceMapper Other OS Functionality Containerd + runC Docker Engine REST Interface libcontainerd graphlibnetwork plugins Windows Control Groups Job objects Namespaces Object Namespace, Process Table, Networking Layer Capabilities Registry, Union like filesystem extensions Other OS Functionality Compute Services Docker Client Docker SwarmDocker Compose Docker Registry
- 14. App Host User Mode Container Runtime AppApp Virtual Machine
- 15. App Host User Mode Container Runtime Hyper-VIsolation Virtual Machine Optimized for Container App
- 16.
- 17. App Host User Mode Container Runtime Hyper-VIsolation Virtual Machine Optimized for Container App Hyper-V Isolation Virtual Machine Optimized for Container App
- 19.
- 20. Layer metadata (json) Layerpayload (tar) Layer metadata (json) Layer payload (tar) Layer metadata (json) Layer payload (tar)
- 21. 入れ替え、使い捨てやすい コンテナーにする .dockerignoreファイルを使 う マルチステージビルドを活 用する 余計なパッケージを入れな い • コンテナーにはひとつひと つ違う役割を持たせる (詰め込まない) • イメージレイヤーを少なく する • 引数は改行&ソートする • キャッシュを活かす https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
- 23. “Resource Central: Understandingand Predicting Workloads for Improved Resource Management in Large Cloud Platforms” Microsoft, SOSP 2017
- 26.
- 27. Container Group Namespace ContainerA Container B (Exposed) Port: 80 Port: 6000 • 同じコンテナーグループ のコンテナーは、同じ仮 想マシンに配置 • コンテナーグループは代 表で1つの公開パブリック IPとポートを持てる • コンテナーグループ内で はlocalhostとしてコンテ ナー間通信が可能 • “サイドカー” • コンテナーはAzure File Storageをマウントできる
- 29. Container Group Namespace sidecar •2つのコンテナー • getenv: 各種環境情報 を取得し表示する HTTPサーバー • sidecar: getenvコンテ ナーの監視 • せっかくなので軽量に • コンテナーサイズは約 10MBytes • Golang + Alpine Linux • マルチステージビルド getenv (Exposed) Port: 8080 169.254.169.254
- 31.
- 32. Azure Batch Pool Spark Master/Worker SparkWorker Data Store
- 34.
- 36.
- 37.
- 39. フロントエンド Load balancer Runtime Database API Endpoint 永続 ストレージ Local Container Cache MonitoringService SCM Container App Container アプリへの リクエスト SSH Proxy • Exposeしたポートは[ア プリ設定] > [環境変数] のWEBSITES_PORTで明 示的に指定できる
- 40. docker run -d-p 56785:8080 PORT="8080"
- 41.
- 44.
- 48.
- 50.
- 51. UDR? User DefinedRoute? ネットワーク構成が謎すぎて 夜も眠れない
- 52.
- 55.
- 56. Container Container Container Container Container Container Container Container Container Container Container Container Prefix Next Hop 10.244.2.0/2410.240.0.4 10.244.3.0/24 10.240.0.5 UDR Flannelなどで オーバーレイせ ずにすむ理由
- 57. モデル 特徴 懸念 NATNATの裏にコンテナーネットワークを 閉じ込める K8sのコンテナー間通信では使えない Transparent コンテナーをVMネットワークに露出さ せる 接続スイッチの学習MACアドレスが多く なる Overlay ノード間でトンネルを掘り仮想的なプ ライベートネットワークを作る Overlayの仕組みを構築維持する必要があ る (FlannelやWeaveなど) L2 Bridge Transparentの進化系(MAC変換で露出す るMACアドレスを少なく) DHCPが使えない L2 Tunnel 変換、転送、トンネリングをホストの SDN機能(AzureではVFP)に任せる ホストのSDN機能に依存
- 58. -A KUBE-SERVICES -d 10.0.134.197/32-p tcp -m comment --comment "default/azure-vote- front: cluster IP" -m tcp --dport 80 -j KUBE-SVC-GHSLGKVXVBRM4GZX (中略) -A KUBE-SEP-CYIUI5GK6PK6K23I -p tcp -m comment --comment "default/azure-vote-front:" -m tcp -j DNAT --to-destination 10.244.2.5:80 Node iptables (Netfilter) Client kube-proxy Container (Pod) Node iptables (Netfilter) kube-proxy Container (Pod) Master 10.0.134.197 10.244.2.5
- 59. Node iptables (Netfilter) Client kube-proxy Container (Pod) Node iptables (Netfilter) kube-proxy Container (Pod) Master 10.244.0.4 10.244.2.5 -A KUBE-SERVICES -d 52.243.38.6/32-p tcp -m comment - -comment "default/azure-vote-front: loadbalancer IP" -m tcp --dport 80 -j KUBE-FW-GHSLGKVXVBRM4GZX (中略) -A KUBE-SEP-CYIUI5GK6PK6K23I -p tcp -m comment --comment "default/azure-vote-front:" -m tcp -j DNAT --to-destination 10.244.2.5:80 Azure LB 52.243.38.6 DSR サービスの公開IP
- 60. Windows Container HostVM vEthernet (HNS Internal NIC) 172.20.224.1/20 vEthernet (HNS Transparent) 10.240.0.4/8 10.244.1.1/25 vEthernet (forwarder)
- 61. 機能 Windows v1709以前Windows v1709 Linux ひとつのPodに 複数のコンテナー × (Podあたり1コンテナー) 〇 〇 Podの エンドポイント統合 × (2つのエンドポイント: Transparent + NAT) 〇 〇 カーネルモードでの 負荷分散 × 〇 〇 CNIのサポート × 〇 〇 https://www.cncf.io/blog/2017/09/08/windows- networking-parity-linux-kubernetes/
- 62. VM VFP Southbound API GFT OffloadAPI (NDIS) VMSwitch GFT Table First Packet GFT Offload Engine 40/ 50G QoSCrypto RDMA GFT Transposition Engine REWRITE SLB Decap SLB NAT VNET ACL Metering ControllerControllerController Encap SmartNIC (w/FPGA) DNATDecap Allow Meter Rule Action * Meter Rule Action * Allow Rule Action * Rewrite Rule Action * DNAT Rule Action * Decap Flow Action 1.2.3.1->1.3.4.1, 62362->80 Decap, DNAT, Rewrite, Meter Flow Action 1.2.3.1->1.3.4.1, 62362->80 Decap, DNAT, Rewrite, Meter
- 63. Orchestrator (K8s, DC/OS, ServiceFabric) 3rd party plugins IPAM Plugin Operating System (Windows, Linux) CNI Container Runtime Network Plugin Container1 Container2 Container3
- 64.
- 65.
- 72.