Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing Clusters with Kubernetes Extensibility
Search
Aya (Igarashi) Ozawa
October 25, 2018
Technology
5
1.3k
Securing Clusters with Kubernetes Extensibility
@ Kubernetes & Cloud Native Meetup
https://wantedly.connpass.com/event/105371/
Aya (Igarashi) Ozawa
October 25, 2018
Tweet
Share
More Decks by Aya (Igarashi) Ozawa
See All by Aya (Igarashi) Ozawa
KubeCon: To Infinity and Beyond: Seamless autoscaling with in-place resource resize for Kubernetes Pods
ladicle
0
250
FinOps! Optimizing Kubernetes Costs with Karpenter
ladicle
0
240
Kubernetes: API Priority and Fairness
ladicle
1
900
FinOps! karpenterによるk8sコスト削減
ladicle
2
740
明日から使える(?)逆引きKubernetes
ladicle
2
1.4k
Recap: KubeCon+CloudNativeCon 2021 NA / Kubernetes Meetup Tokyo #47
ladicle
0
300
KubeCon+CloudNativeCon Europe 2020 Overview
ladicle
0
230
Think Design About Pretty kubectl Plugins
ladicle
0
430
Kubernetesを拡張して日々のオペレーションを自動化する
ladicle
18
7.7k
Other Decks in Technology
See All in Technology
AWS Control Towerを 数年運用してきての気づきとこれから/aws-controltower-ops-tips
tadayukinakamura
0
150
より良い開発者体験を実現するために~開発初心者が感じた生成AIの可能性~
masakiokuda
0
180
Webアプリを Lambdaで動かすまでに考えること / How to implement monolithic Lambda Web Application
_kensh
7
1.3k
はてなの開発20年史と DevOpsの歩み / DevOpsDays Tokyo 2025 Keynote
daiksy
6
1.5k
開発視点でAWS Signerを考えてみよう!! ~コード署名のその先へ~
masakiokuda
3
160
SREの視点で考えるSIEM活用術 〜AWS環境でのセキュリティ強化〜
coconala_engineer
1
290
Cross Data Platforms Meetup LT 20250422
tarotaro0129
1
550
LLM as プロダクト開発のパワードスーツ
layerx
PRO
1
240
Classmethod AI Talks(CATs) #21 司会進行スライド(2025.04.17) / classmethod-ai-talks-aka-cats_moderator-slides_vol21_2025-04-17
shinyaa31
0
580
Running JavaScript within Ruby
hmsk
3
330
Ops-JAWS_Organizations小ネタ3選.pdf
chunkof
2
170
クォータ監視、AWS Organizations環境でも楽勝です✌️
iwamot
PRO
1
310
Featured
See All Featured
Statistics for Hackers
jakevdp
798
220k
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.8k
How GitHub (no longer) Works
holman
314
140k
Designing for humans not robots
tammielis
252
25k
Writing Fast Ruby
sferik
628
61k
Agile that works and the tools we love
rasmusluckow
328
21k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.2k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
32
5.4k
The Cult of Friendly URLs
andyhume
78
6.3k
Music & Morning Musume
bryan
47
6.5k
Designing for Performance
lara
608
69k
Building Applications with DynamoDB
mza
94
6.3k
Transcript
4FDVSJOH$MVTUFSTXJUI ,VCFSOFUFT&YUFOTJCJMJUZ "ZB0[BXB !MBEJDMF 5BLBTIJ,VTVNJ ,VCFSOFUFT$MPVE/BUJWF.FFUVQ
"CPVUVT "ZB0[BXB!MBEJDMF 4PGUXBSF&OHJOFFS BU;-BC$PSQ 5BLBTIJ,VTVNJ 4PGUXBSF&OHJOFFS BU;-BC$PSQ
"ZB 5BLBTIJ 5PEBZˏTBHFOEB ,VCFSOFUFTBTB4FSWJDFGPS:BIPP+BQBO )PXTIPVMEXFDPOUSPMBDDFTTUPUIF,VCFSOFUFT"1*TFSWFS 8IBUJT+85BOE3#"$ BOE)PXUPVTFJU
3#"$JT/05FOPVHI %FNPOTUSBUJPOPGQSJWJMFHFFTDBMBUJPO 4FDVSJOH,VCFSOFUFTXJUI7BMJEBUJOH"ENJTTJPO8FCIPPL
;-BC,VCFSOFUFTBTB4FSWJDF 4 .BTUFS ,VCFSOFUFT$MVTUFS 6TFS ,VCFSOFUFT$MVTUFS 6TFS ,VCFSOFUFT$MVTUFS 6TFS ,VCFSOFUFT$MVTUFS
Ӝ4FMGIFBMJOHUIFXIPMF DMVTUFS Ӝ4DBMJOHDMVTUFSFBTJMZ Ӝ;FSPEPXOUJNFVQHSBEF DMVTUFSWFSTJPO .BKPS'FBUVSFT .BTUFS$MVTUFSNBOBHFTNVMUJQMF6TFS ,VCFSOFUFT$MVTUFSBOEJUTFMGVTJOH$3%
)PXTIPVMEXFDPOUSPMBDDFTT 5 .BTUFS ,VCFSOFUFT$MVTUFS 6TFS ,VCFSOFUFT$MVTUFS 6TFS ,VCFSOFUFT$MVTUFS 6TFS ,VCFSOFUFT$MVTUFS
"QQ %FWFMPQFS "QQ %FWFMPQFS "QQ 0QFSBUPS LT 0QFSBUPS "UUBDLFS ✖%&/:
"DDFTT$POUSPM
TUFQT"DDFTT$POUSPM 7 "VUIFOUJDBUJPO "VUI/ "VUIPSJ[BUJPO "VUI; "ENJTTJPO $POUSPM "1*4FSWFS "DDFTT
"MMPX 8IBUIBQQFOTJOFBDITUFQ 8 "DDFTT 8IPBSFZPV ✔$SFBUF9 ✖%FMFUF: 8IBUDBOZPVEP %FOZ
%FOZ %FOZ 7BMJEBUJOH .PEJGZJOH ٥٥٥ "MMPX "MMPX "VUI/ "VUI; "ENJTTJPO$POUSPM
"DDFTT$POUSPMNPEVMFT 9 9DMJFOUDFSU 1BTTXPSE +85 1MBOF5PLFO "VUI/ "VUI; "ENJTTJPO$POUSPM "#"$
3#"$ 8FCIPPL /PEF3PMF 4FSWJDF"DDPVOU 3FTPVSDF2VPUB 1SJPSJUZ 7BMJEBUJOH "ENJTTJPO 8FCIPPL FUD FUD FUD
8IZEPXFVTF+85 10 9DMJFOUDFSU 1BTTXPSE +85 1MBOF5PLFO "VUI/ "VUI; "ENJTTJPO$POUSPM "#"$
3#"$ 8FCIPPL /PEF3PMF 4FSWJDF"DDPVOU 3FTPVSDF2VPUB 1SJPSJUZ 7BMJEBUJOH "ENJTTJPO FUD FUD FUD Ӝ %ZOBNJDVTFSBVUIFOUJDBUJPO Ӝ 1BTTXPSEBOE1MBOF5PLFONPEVMFT SFRVJSFUPTFU"VUI/TFUUJOHXIFOCPPUJOH "1*TFSWFS Ӝ 4FWFSBM0*%$*E1TTVQQPSUUIJTNPEVMF
8IZEPXFVTF3#"$ 11 9DMJFOUDFSU 1BTTXPSE +85 1MBOF5PLFO "VUI/ "VUI; "ENJTTJPO$POUSPM "#"$
3#"$ 8FCIPPL /PEF3PMF 4FSWJDF"DDPVOU 3FTPVSDF2VPUB 1SJPSJUZ 7BMJEBUJOH "ENJTTJPO FUD FUD FUD Ӝ %ZOBNJDBDDFTTBVUIPSJ[BUJPO Ӝ /PBEEJUJPOBMEFWFMPQNFOU Ӝ 3#"$TFUUJOHTDBOCF DPOSNFECZLVCFDUMMJLFBOZ PUIFSSFTPVSDFT /05&*GZPVBMSFBEZIBWF"VUI;TZTUFN 8FCIPPLJTBHPPEDIPJDF
"VUI/+85 4FSWJDF"DDPVOU0*%$
5XPDBUFHPSJFTPG6TFST 13 "1*4FSWFS "DDFTT 6TFSNBOBHFECZLT FH#PU /PSNBM6TFS FH"MJDF
#PUI4"BOE0*%$VTJOH+85 14 "1*4FSWFS 6TFSNBOBHFECZLT FH#PU /PSNBM6TFS FH"MJDF +85 +85 (FU+85GSPNB0*%$*E1
(FU+85GSPN B4FSWJDF"DDPVOU
4"4FDSFUIBT+85 15 $SFBUFBCPU4" JOUIFTZTUFN/4 %FUFDUUIF DSFBUJPOFWFOU $SFBUFBCPU4"4FDSFU XJUI+85JOUIFTZTUFN/4 5PLFO $POUSPMMFS
4FSWJDF "DDPVOU 4FDSFU +85
4"$POUSPMMFSDSFBUFTEFGBVMU4"GPSBMM/4 16 $SFBUFTZTUFN /BNFTQBDF $SFBUFEFGBVMU 4"JOTZTUFN/4 4" $POUSPMMFS 4FSWJDF "DDPVOU
/BNF TQBDF %FUFDUUIF DSFBUJPOFWFOU
7PMVNF "MM1PETBTTPDJBUF4FSWJDF"DDPVOU 17 4""ENJTTJPO $POUSPMMFS .PVOU $SFBUF1PE 4FUEFGBVMU/"*GUIF 1PEEPFTOPUIBWF4" 4FDSFU
+85 1PE 4FU*NBHF1VMM4FDSFUTPG4"*G UIF1PEEPFTOPUIBWFJU 4FU4FDSFUPG4"UPUIF1PEWPMVNF .PEJGZ1PE
%FY0QFO*%$POOFDU*%1SPWJEFS 18 %FY 0*%$*E1 3FEJSFDU +85 6QTUSFBN*E1 FH'BDFCPPL $MJFOU IUUQTHJUIVCDPNEFYJEQEFY
0*%$JTBTJNQMFJEFOUJUZMBZFSPO UPQPGUIF0"VUIQSPUPDPM
+40/8FC5PLFODPOTJTUTPGQBSUT 19 )FBEFS 1BZMPBE 4JHOBUVSF IUUQTKXUJP
7FSJGZJOH+85PG0*%$ 20 "1*4FSWFS LVCFDUM +85 $BMM"1*XJUI+85 *T+85TJHOBUVSFWBMJE )BTUIF+85FYQJSFE
MBU FYQ 6TFS"VUIPSJ[FE 3FUVSOSFTVMU "VUIPSJ[BUJPO#FBSFS+85 ⚠/05& 4"ˏT+85EPFTOPUIBWFFYQJSBUJPOEBUF BOEJUJTOPUSPUBUFE
"VUI;3#"$
3PMF#BTF"DDFTT$POUSPM 22 "DDFTT %FOZ "MMPX 7JFXFS3PMF 4VCKFDU 3PMF Y $POUSPM
#PC 7JFXFSDBOHFU SFTPVSDFT IBTSVMFTUIBU #JOEJOH NBOBHFS(SPVQ BOE 7JFXFS3PMF *G#PCJTB NBOBHFS *G#PCJTOPU BNBOBHFS "DDFTT6TFSJT #PC
3PMF 3PMF #JOEJOHT 3PMF 3#"$JO,VCFSOFUFT 23 Y $POUSPM Ӝ4" Ӝ6TFS
Ӝ(SPVQ /PSNBM6TFS ,T6TFS "VUIFOUJDBUFE6TFS %FOZ "MMPX ,VCFSOFUFT"1*0CKFDU subjects: - kind: Group name: manager roleRef: kind: Role name: viewer 4VCKFDU "DDFTT
3PMF 3PMF #JOEJOHT 3PMF 3#"$JO,VCFSOFUFT 24 Y $POUSPM %FOZ "MMPX
,VCFSOFUFT"1*0CKFDU metadata: name: viewer rules: - apiGroups: [""] resources: ["pods","pods/exec"] verbs: ["get","list","watch"] - nonResourceURLs: ["/version","/healthz"] verbs: [""] 4VCKFDU Ӝ4" Ӝ6TFS Ӝ(SPVQ /PSNBM6TFS ,T6TFS "VUIFOUJDBUFE6TFS "DDFTT
8IJDI3#"$SFTPVSDFTTIPVMEZPVVTF 25 #JOEJOHT $MVTUFS3PMF#JOEJOHT 3PMF (SBOUQFSNJTTJPOTUPSFTPVSDFTJOUIF TQFDJDOBNFTQBDF $MVTUFS 3PMF 6TF$MVTUFS3PMFGSPNNVMUJQMF
OBNFTQBDFT ˖ (SBOUBDDFTTUPOPO"1*SFTPVSDFT ˖ (SBOUBDDFTTQFSNJTTJPOUPSFTPVSDFTPG BMMOBNFTQBDFT $MVTUFS999EPFTOPUCFMPOH UPUIF/BNFTQBDFT
#VU3#"$JT/05FOPVHI
1SFWFOUQSJWJMFHFFTDBMBUJPO Ӝ Ӝ DBOPCUBJOIPTUTSPPUCZNPVOUJOH%PDLFSTPDLFU Ӝ DBOBDDFTTIPTUTMFTZTUFNWJBQSPD<1*%>SPPU Ӝ
☠5IFTFBSFFTFOUJBMMZFRVJWBMFOUUPSPPUPOUIFIPTU
SPOILER ALERT! :PVDBOVTF 1PE4FDVSJUZ1PMJDZ PS 7BMJEBUJOH"ENJTTJPO8FCIPPL UPQSFWFOUJU
%FNP1SJWJMFHFFTDBMBUJPOCZIPTU1BUI 29 IUUQTBTDJJOFNBPSHBG'+X+E4F#S)S%V.
)PXUPQSFWFOUQSJWJMFHFFTDBMBUJPO Ӝ 1PE4FDVSJUZ1PMJDZ %FOFBOENBOBHFTFDVSJUZQPMJDZXJUI3#"$ "EEUPUPVTFJU OFFEUPSFTUBSULVCFBQJTFSWFS $BOOPUDSFBUFBOZQPETXJUIPVUQPMJDZ OPEFGBVMUQSPWJEFE Ӝ
7BMJEBUJOH"ENJTTJPO8FCIPPL *NQMFNFOUZPVSPXOQPMJDZ DBOCFEZOBNJDBMMZDPOHVSFECZ /POFFEUPSFTUBSULVCFBQJTFSWFS
7BMJEBUJOH"ENJTTJPO8FCIPPL "1*4FSWFS :PVS8FCIPPL
*TUIFPCKFDUBMMPXFE ZFTOP
4VNNBSZ Ӝ $VTUPN3FTPVSDF%FOJUJPO UPDSFBUF,VCFSOFUFTBTB4FSWJDFJUTFMG Ӝ 0QFO*%$POOFDU"VUIPSJ[BUJPO8FCIPPL UPJOUFHSBUFPVSBVUIOBVUI[TZTUFN Ӝ 7BMJEBUJOH"ENJTTJPO8FCIPPL UPQSFWFOUQSJWJMFHFFTDBMBUJPOBOEJNQMFNFOUDVTUPNQPMJDZ
,VCFSOFUFTFYUFOTJCJMJUZBSFBMTPVTFGVMUPTFDVSFDMVTUFST
8FBSFIJSJOH CJUMZ[MBCDBSFFST