Docker 与 Kubernetes 云原生实战：从容器化到生产部署的完整指南#

🐳 前言：Docker 和 Kubernetes 不仅改变了应用的部署方式，也改变了我们的开发和运维模式。这篇文章将从零开始，带你掌握从容器化到生产部署的完整流程。

一、Docker 基础与最佳实践#

1.1 Dockerfile 优化技巧#

一个好的 Dockerfile 应该遵循以下原则：体积小、构建快、安全、易维护。

1
# 使用更小的基础镜像
2
FROM node:18-alpine AS builder
3

4
WORKDIR /app
5

6
# 先复制依赖文件，利用缓存层
7
COPY package*.json ./
8
RUN npm ci --only=production
9

10
# 生产阶段
11
FROM node:18-alpine
12

13
# 创建非 root 用户运行应用
14
RUN addgroup -g 1001 -S nodejs
15
RUN adduser -S nextjs -u 1001
16

17
WORKDIR /app
18

19
# 只复制必要的文件
20
COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules
21
COPY --chown=nextjs:nodejs . .
22

23
USER nextjs
24

25
EXPOSE 3000
26

27
# 健康检查
28
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
29
  CMD curl -f http://localhost:3000/health || exit 1
30

31
CMD ["node", "server.js"]

优化要点：

多阶段构建：分离构建环境和运行环境，减小镜像体积
利用缓存：先复制 package.json，再复制源代码
使用非 root 用户：提高安全性
指定具体版本：避免使用 latest 标签
健康检查：确保容器运行正常

1.2 Docker Compose 编排#

1
version: '3.8'
2

3
services:
4
  app:
5
    build:
6
      context: .
7
      dockerfile: Dockerfile
8
    container_name: myapp
9
    restart: unless-stopped
10
    ports:
11
      - "3000:3000"
12
    environment:
13
      - NODE_ENV=production
14
      - DATABASE_URL=postgres://user:pass@db:5432/mydb
15
    depends_on:
16
      - db
17
      - redis
18
    networks:
19
      - app-network
20

21
  db:
22
    image: postgres:15-alpine
23
    container_name: postgres
24
    restart: unless-stopped
25
    environment:
26
      POSTGRES_USER: user
27
      POSTGRES_PASSWORD: pass
28
      POSTGRES_DB: mydb
29
    volumes:
30
      - postgres_data:/var/lib/postgresql/data
31
    networks:
32
      - app-network
33

34
  redis:
35
    image: redis:7-alpine
36
    container_name: redis
37
    restart: unless-stopped
38
    volumes:
39
      - redis_data:/data
40
    networks:
41
      - app-network
42

43
volumes:
44
  postgres_data:
45
  redis_data:
46

47
networks:
48
  app-network:
49
    driver: bridge

二、Kubernetes 核心概念#

2.1 Pod、Deployment 和 Service#

1
apiVersion: apps/v1
2
kind: Deployment
3
metadata:
4
  name: myapp-deployment
5
  labels:
6
    app: myapp
7
spec:
8
  replicas: 3
9
  selector:
10
    matchLabels:
11
      app: myapp
12
  template:
13
    metadata:
14
      labels:
15
        app: myapp
16
    spec:
17
      containers:
18
      - name: myapp
19
        image: myregistry/myapp:v1.0.0
20
        ports:
21
        - containerPort: 3000
22
        resources:
23
          requests:
24
            memory: "256Mi"
25
            cpu: "250m"
26
          limits:
27
            memory: "512Mi"
28
            cpu: "500m"
29
        livenessProbe:
30
          httpGet:
31
            path: /health
32
            port: 3000
33
          initialDelaySeconds: 30
34
          periodSeconds: 10

2.2 ConfigMap 和 Secret#

1
apiVersion: v1
2
kind: ConfigMap
3
metadata:
4
  name: myapp-config
5
data:
6
  app.properties: |
7
    max_connections=100
8
    timeout=30
9

10
---
11
apiVersion: v1
12
kind: Secret
13
metadata:
14
  name: app-secrets
15
type: Opaque
16
stringData:
17
  database-url: "postgres://user:password@db:5432/mydb"

2.3 Ingress 配置#

1
apiVersion: networking.k8s.io/v1
2
kind: Ingress
3
metadata:
4
  name: myapp-ingress
5
  annotations:
6
    kubernetes.io/ingress.class: nginx
7
    cert-manager.io/cluster-issuer: letsencrypt-prod
8
spec:
9
  tls:
10
  - hosts:
11
    - myapp.example.com
12
    secretName: myapp-tls
13
  rules:
14
  - host: myapp.example.com
15
    http:
16
      paths:
17
      - path: /
18
        pathType: Prefix
19
        backend:
20
          service:
21
            name: myapp-service
22
            port:
23
              number: 80

三、K8s 高级特性#

3.1 Horizontal Pod Autoscaler（HPA）#

1
apiVersion: autoscaling/v2
2
kind: HorizontalPodAutoscaler
3
metadata:
4
  name: myapp-hpa
5
spec:
6
  scaleTargetRef:
7
    apiVersion: apps/v1
8
    kind: Deployment
9
    name: myapp-deployment
10
  minReplicas: 3
11
  maxReplicas: 20
12
  metrics:
13
  - type: Resource
14
    resource:
15
      name: cpu
16
      target:
17
        type: Utilization
18
        averageUtilization: 70

3.2 持久化存储（PVC）#

1
apiVersion: v1
2
kind: PersistentVolumeClaim
3
metadata:
4
  name: postgres-pvc
5
spec:
6
  accessModes:
7
    - ReadWriteOnce
8
  resources:
9
    requests:
10
      storage: 10Gi
11
  storageClassName: fast-ssd

四、CI/CD 流水线#

4.1 GitHub Actions 配置#

1
name: CI
2

3
on:
4
  push:
5
    branches: [ main ]
6
  pull_request:
7
    branches: [ main ]
8

9
jobs:
10
  test:
11
    runs-on: ubuntu-latest
12
    steps:
13
    - uses: actions/checkout@v3
14

15
    - name: Setup Node.js
16
      uses: actions/setup-node@v3
17
      with:
18
        node-version: '18'
19

20
    - name: Install dependencies
21
      run: npm ci
22

23
    - name: Test
24
      run: npm run test:ci
25

26
    - name: Build
27
      run: npm run build