DEV Community

chen yuan
chen yuan

Posted on

Docker 容器化实战:从零到生产部署

#docker #containers #devops #tutorial

Docker 容器化实战:从零到生产部署

容器化是现代 DevOps 的核心技能。本文从 Dockerfile 编写到 Docker Compose 编排,带你掌握容器化全流程。

1. Dockerfile 最佳实践

多阶段构建 

# 构建阶段
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build

# 运行阶段
FROM node:18-alpine
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
EXPOSE 3000
CMD ["node", "dist/server.js"]
Enter fullscreen mode Exit fullscreen mode

减小镜像体积的技巧 

# 1. 使用 Alpine 基础镜像
FROM python:3.11-alpine

# 2. 合并 RUN 指令减少层数
RUN apk add --no-cache gcc musl-dev && \
    pip install --no-cache-dir -r requirements.txt && \
    apk del gcc musl-dev

# 3. 使用 .dockerignore
# .dockerignore 内容:
# .git
# node_modules
# *.md
# .env
Enter fullscreen mode Exit fullscreen mode

2. Docker Compose 编排

Web 应用 + 数据库 

version: '3.8'

services:
  web:
    build: .
    ports:
      - "3000:3000"
    environment:
      - DATABASE_URL=postgres://user:pass@db:5432/mydb
      - REDIS_URL=redis://cache:6379
    depends_on:
      db:
        condition: service_healthy
      cache:
        condition: service_started
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3

  db:
    image: postgres:15-alpine
    volumes:
      - pgdata:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=mydb
      - POSTGRES_USER=user
      - POSTGRES_PASSWORD=pass
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U user -d mydb"]
      interval: 10s
      timeout: 5s
      retries: 5

  cache:
    image: redis:7-alpine
    volumes:
      - redisdata:/data
    command: redis-server --appendonly yes --maxmemory 256mb

volumes:
  pgdata:
  redisdata:
Enter fullscreen mode Exit fullscreen mode

3. 安全加固

非 root 用户运行 

FROM node:18-alpine
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
WORKDIR /app
COPY --chown=appuser:appgroup . .
USER appuser
CMD ["node", "server.js"]
Enter fullscreen mode Exit fullscreen mode

镜像扫描 

# 使用 Trivy 扫描镜像漏洞
trivy image myapp:latest

# 使用 Docker Scout
docker scout cves myapp:latest
Enter fullscreen mode Exit fullscreen mode

4. 日志管理 

# docker-compose.yml 中配置日志
services:
  web:
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
Enter fullscreen mode Exit fullscreen mode

5. CI/CD 自动构建 

# .github/workflows/docker.yml
name: Docker Build & Push
on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USER }}
          password: ${{ secrets.DOCKER_PASS }}
      - uses: docker/build-push-action@v5
        with:
          push: true
          tags: myapp:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max
Enter fullscreen mode Exit fullscreen mode

总结

Docker 容器化的核心要点:

  1. 多阶段构建:减小镜像体积
  2. 非 root 运行:安全加固
  3. 健康检查:确保服务可用
  4. 日志管理:便于排查问题
  5. CI/CD 集成:自动化部署

掌握这些,你就能把应用从容开发到生产了!

Top comments (0)