引言
在云原生时代,容器化技术已经成为现代应用开发和部署的核心技术之一。Docker作为最流行的容器化平台,与Kubernetes一起构成了现代化云原生应用的基石。本文将从零开始,手把手教学完整的容器化部署流程,涵盖Docker镜像构建、容器编排以及Kubernetes集群管理等关键环节。
一、Docker基础概念与环境准备
1.1 Docker核心概念
Docker是一种开源的容器化平台,它允许开发者将应用程序及其依赖项打包到轻量级、可移植的容器中。Docker的核心概念包括:
- 镜像(Image):只读模板,用于创建容器
- 容器(Container):镜像的运行实例
- 仓库(Repository):存储和分发镜像的地方
- Dockerfile:用于构建镜像的文本文件
1.2 环境准备
在开始之前,确保已安装以下工具:
# 检查Docker版本
docker --version
# 检查Docker Compose版本
docker-compose --version
# 检查Kubernetes环境(可选)
kubectl version
二、Docker镜像构建实战
2.1 编写Dockerfile
让我们以一个简单的Node.js应用为例,展示如何编写Dockerfile:
# 使用官方Node.js运行时作为基础镜像
FROM node:16-alpine
# 设置工作目录
WORKDIR /app
# 复制package.json和package-lock.json
COPY package*.json ./
# 安装依赖
RUN npm ci --only=production
# 复制应用代码
COPY . .
# 暴露端口
EXPOSE 3000
# 创建非root用户
RUN addgroup -g 1001 -S nodejs && \
adduser -S nextjs -u 1001
# 更改文件所有权
USER nextjs
# 健康检查
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD curl -f http://localhost:3000/health || exit 1
# 启动应用
CMD ["npm", "start"]
2.2 构建镜像
# 构建镜像
docker build -t my-node-app:latest .
# 查看构建的镜像
docker images
# 运行容器进行测试
docker run -p 3000:3000 my-node-app:latest
2.3 最佳实践
# 1. 使用多阶段构建优化镜像大小
FROM node:16-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
FROM node:16-alpine AS runtime
WORKDIR /app
COPY --from=builder /app/node_modules ./node_modules
COPY . .
EXPOSE 3000
CMD ["npm", "start"]
# 2. 合理设置用户权限
USER nodejs
# 3. 使用.dockerignore文件排除不必要的文件
三、容器编排与Docker Compose
3.1 Docker Compose基础
Docker Compose允许我们使用YAML文件定义和运行多容器Docker应用程序:
version: '3.8'
services:
web:
build: .
ports:
- "3000:3000"
environment:
- NODE_ENV=production
- DATABASE_URL=postgresql://user:pass@db:5432/myapp
depends_on:
- db
volumes:
- ./logs:/app/logs
restart: unless-stopped
db:
image: postgres:13-alpine
environment:
POSTGRES_DB: myapp
POSTGRES_USER: user
POSTGRES_PASSWORD: pass
volumes:
- postgres_data:/var/lib/postgresql/data
restart: unless-stopped
redis:
image: redis:alpine
ports:
- "6379:6379"
restart: unless-stopped
volumes:
postgres_data:
3.2 多环境配置
# docker-compose.yml (基础配置)
version: '3.8'
services:
web:
build: .
ports:
- "${PORT:-3000}:3000"
environment:
- NODE_ENV=${NODE_ENV:-development}
# docker-compose.override.yml (开发环境)
version: '3.8'
services:
web:
environment:
- DEBUG=true
volumes:
- .:/app:rw
- /app/node_modules
3.3 常用命令
# 启动所有服务
docker-compose up -d
# 查看服务状态
docker-compose ps
# 查看日志
docker-compose logs web
# 停止所有服务
docker-compose down
# 构建并启动
docker-compose up --build
四、Kubernetes集群环境搭建
4.1 Kubernetes基础概念
Kubernetes(K8s)是一个开源的容器编排平台,用于自动化部署、扩展和管理容器化应用程序。
4.2 集群部署方式
使用Minikube本地测试
# 安装Minikube
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube
# 启动集群
minikube start --driver=docker
# 查看集群状态
kubectl cluster-info
kubectl get nodes
使用Kind(Kubernetes in Docker)
# 安装kind
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
# 创建集群
kind create cluster --name my-cluster
# 查看集群
kubectl get nodes
五、Kubernetes资源定义与部署
5.1 Deployment配置
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: node-app-deployment
labels:
app: node-app
spec:
replicas: 3
selector:
matchLabels:
app: node-app
template:
metadata:
labels:
app: node-app
spec:
containers:
- name: node-app
image: my-node-app:latest
ports:
- containerPort: 3000
env:
- name: NODE_ENV
value: "production"
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
5.2 Service配置
# service.yaml
apiVersion: v1
kind: Service
metadata:
name: node-app-service
spec:
selector:
app: node-app
ports:
- port: 80
targetPort: 3000
protocol: TCP
type: LoadBalancer
5.3 ConfigMap和Secret
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
database.url: "postgresql://user:pass@db:5432/myapp"
log.level: "info"
---
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: app-secret
type: Opaque
data:
database.password: cGFzc3dvcmQxMjM= # base64 encoded password
5.4 部署到Kubernetes
# 应用配置
kubectl apply -f configmap.yaml
kubectl apply -f secret.yaml
kubectl apply -f deployment.yaml
kubectl apply -f service.yaml
# 查看部署状态
kubectl get deployments
kubectl get pods
kubectl get services
# 查看详细信息
kubectl describe deployment node-app-deployment
kubectl logs -l app=node-app
六、高级特性与最佳实践
6.1 水平扩展与自动伸缩
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: node-app-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: node-app-deployment
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
6.2 Ingress配置
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: node-app-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myapp.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: node-app-service
port:
number: 80
6.3 持久化存储
# persistent-volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: app-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /mnt/data
---
# persistent-volume-claim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: app-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
6.4 健康检查与监控
# deployment-with-health.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: node-app-deployment
spec:
replicas: 3
selector:
matchLabels:
app: node-app
template:
metadata:
labels:
app: node-app
spec:
containers:
- name: node-app
image: my-node-app:latest
ports:
- containerPort: 3000
livenessProbe:
httpGet:
path: /healthz
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /ready
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
七、CI/CD集成与自动化部署
7.1 GitLab CI示例
# .gitlab-ci.yml
stages:
- build
- test
- deploy
variables:
DOCKER_IMAGE: my-node-app:${CI_COMMIT_SHA}
build:
stage: build
image: docker:latest
services:
- docker:dind
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script:
- docker build -t $DOCKER_IMAGE .
- docker push $DOCKER_IMAGE
only:
- main
deploy:
stage: deploy
image: bitnami/kubectl:latest
script:
- kubectl set image deployment/node-app-deployment node-app=$DOCKER_IMAGE
environment:
name: production
only:
- main
7.2 GitHub Actions示例
# .github/workflows/deploy.yml
name: Deploy to Kubernetes
on:
push:
branches: [ main ]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push Image
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: ghcr.io/${{ github.repository }}:latest
- name: Deploy to Kubernetes
run: |
echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > kubeconfig
export KUBECONFIG=kubeconfig
kubectl set image deployment/node-app-deployment node-app=ghcr.io/${{ github.repository }}:latest
八、故障排除与监控
8.1 常见问题排查
# 查看Pod详细状态
kubectl describe pod <pod-name>
# 查看Pod日志
kubectl logs <pod-name>
kubectl logs -p <pod-name> # 查看上一个容器实例的日志
# 进入Pod容器
kubectl exec -it <pod-name> -- /bin/sh
# 查看资源使用情况
kubectl top pods
kubectl top nodes
8.2 监控与告警
# prometheus监控配置示例
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: node-app-monitor
spec:
selector:
matchLabels:
app: node-app
endpoints:
- port: metrics
九、性能优化与安全加固
9.1 资源限制优化
# 优化后的Deployment配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: optimized-node-app
spec:
replicas: 3
template:
spec:
containers:
- name: node-app
image: my-node-app:latest
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
9.2 安全最佳实践
# 安全增强的Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: secure-node-app
spec:
template:
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1001
fsGroup: 1001
containers:
- name: node-app
image: my-node-app:latest
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
十、总结与展望
通过本文的学习,我们已经掌握了从Docker镜像构建到Kubernetes集群管理的完整容器化部署流程。从基础的Dockerfile编写,到复杂的Kubernetes资源定义,再到CI/CD自动化部署,每一步都体现了现代云原生应用开发的最佳实践。
关键要点回顾:
- 镜像构建:使用多阶段构建优化镜像大小,合理设置用户权限
- 容器编排:通过Docker Compose实现多容器应用的快速部署
- Kubernetes部署:掌握Deployment、Service、ConfigMap等核心资源的使用
- 自动化运维:集成CI/CD工具实现持续交付
- 监控与安全:建立完善的监控体系和安全加固措施
未来发展方向:
- 服务网格:引入Istio等服务网格技术提升微服务治理能力
- Serverless:探索Knative等无服务器计算平台
- 多云管理:使用Crossplane等工具实现多云资源统一管理
- 边缘计算:结合Kubernetes在边缘节点的部署实践
容器化技术正在不断演进,随着云原生生态的日趋成熟,我们将能够构建更加灵活、可靠、高效的现代化应用系统。掌握这些核心技术,将为您的技术职业发展带来巨大优势。
本文提供了完整的Docker容器化部署实战指南,涵盖了从基础概念到高级特性的全面内容,适合不同层次的技术人员学习和实践。通过实际的代码示例和最佳实践指导,帮助读者快速上手现代云原生应用开发。
评论 (0)