内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档详细介绍企业服务的容器化部署方法和最佳实践。
风哥提示:
Part01-容器镜像构建
1.1 编写Dockerfile
$ mkdir -p ~/webapp
$ cat > ~/webapp/Dockerfile << 'EOF' FROM nginx:1.更多学习教程公众号风哥教程itpux_com20-alpine LABEL maintainer="admin@fgedu.net.cn" LABEL version="1.0" LABEL description="Web Application" ENV NGINX_PORT=8080 ENV APP_ENV=production COPY nginx.conf /etc/nginx/nginx.conf COPY html/ /usr/share/nginx/html/ EXPOSE ${NGINX_PORT} HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD wget --quiet --tries=1 --spider http://localhost:${NGINX_PORT}/ || exit 1 CMD ["nginx", "-g", "daemon off;"] EOF # 创建nginx配置 $ cat > ~/webapp/nginx.conf << 'EOF' user nginx;学习交流加群风哥QQ113257174 worker_processes auto; error_log /var/log/nginx/error.log warn;更多视频教程www.fgedu.net.cn pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; gzip on; server { listen 8080; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; } location /health { access_log off; return 200 "healthy\n"; add_header Content-Type text/plain; } } } EOF # 创建HTML文件 $ mkdir -p ~/webapp/html $ cat > ~/webapp/html/index.html << 'EOF'
Welcome to Web Application<
from PG视频:www.itpux.com
/h1>
<
学习交流加群风哥微信: itpux-com
p>Environment: Production
EOF
# 构建镜像
$ cd ~/webapp
$ podman build -t webapp:v1.0 .
STEP 1/9: FROM nginx:1.20-alpine
Trying to pull docker.io/library/nginx:1.20-alpine…
Getting image source signatures
Copying blob sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
Copying config sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
Writing manifest to image destination
Storing signatures
STEP 2/9: LABEL maintainer=”admin@fgedu.net.cn”
–> 1234567890ab
STEP 3/9: LABEL version=”1.0″
–> 1234567890ac
STEP 4/9: LABEL description=”Web Application”
–> 1234567890ad
STEP 5/9: ENV NGINX_PORT=8080
–> 1234567890ae
STEP 6/9: ENV APP_ENV=production
–> 1234567890af
STEP 7/9: COPY nginx.conf /etc/nginx/nginx.conf
–> 1234567890b0
STEP 8/9: COPY html/ /usr/share/nginx/html/
–> 1234567890b1
STEP 9/9: HEALTHCHECK –interval=30s –timeout=3s –start-period=5s –retries=3 CMD wget –quiet –tries=1 –spider http://localhost:${NGINX_PORT}/ || exit 1
–> 1234567890b2
COMMIT webapp:v1.0
–> 1234567890b3
Successfully tagged localhost/webapp:v1.0
1234567890b34567890abcdef1234567890abcdef1234567890abcdef12345678
# 查看镜像
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/webapp v1.0 1234567890ab 10 seconds ago 25 MB
docker.io/library/nginx 1.20-alpine 1234567890ac 2 weeks ago 23 MB
Part02-容器编排
2.1 使用Podman Compose
$ sudo dnf install -y podman-compose
# 创建docker-compose.yml
$ cat > ~/webapp/docker-compose.yml << 'EOF'
version: '3.8'
services:
web:
image: webapp:v1.0
container_name: webapp
ports:
- "8080:8080"
environment:
- APP_ENV=production
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/health"]
interval: 30s
timeout: 3s
retries: 3
start_period: 5s
restart: unless-stopped
networks:
- webnet
db:
image: mysql:8.0
container_name: mysql
environment:
- MYSQL_ROOT_PASSWORD=RootPassword123!
- MYSQL_DATABASE=webapp
- MYSQL_USER=webuser
- MYSQL_PASSWORD=UserPassword123!
volumes:
- dbdata:/var/lib/mysql
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
interval: 30s
timeout: 3s
retries: 3
restart: unless-stopped
networks:
- webnet
redis:
image: redis:6-alpine
container_name: redis
ports:
- "6379:6379"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 3s
retries: 3
restart: unless-stopped
networks:
- webnet
networks:
webnet:
driver: bridge
volumes:
dbdata:
EOF
# 启动服务
$ cd ~/webapp
$ podman-compose up -d
Creating network "webapp_webnet" with driver "bridge"
Creating volume "webapp_dbdata" with default driver
Creating webapp ... done
Creating mysql ... done
Creating redis ... done
# 查看服务状态
$ podman-compose ps
Name Command State Ports
-------------------------------------------------------------------------
mysql docker-entrypoint.sh mysqld Up 0.0.0.0:3306->3306/tcp
redis docker-entrypoint.sh redis… Up 0.0.0.0:6379->6379/tcp
webapp nginx -g daemon off; Up 0.0.0.0:8080->8080/tcp
# 查看日志
$ podman-compose logs web
webapp | 2026/04/04 02:00:00 [notice] 1#1: start worker process 1
webapp | 2026/04/04 02:00:00 [notice] 1#1: start worker process 2
webapp | 2026/04/04 02:00:00 [notice] 1#1: start worker process 3
webapp | 2026/04/04 02:00:00 [notice] 1#1: start worker process 4
# 停止服务
$ podman-compose down
Stopping webapp … done
Stopping mysql … done
Stopping redis … done
Removing webapp … done
Removing mysql … done
Removing redis … done
Removing network webapp_webnet
Part03-Kubernetes部署
3.1 创建Kubernetes配置
$ cat > ~/webapp/k8s/deployment.yml << 'EOF' apiVersion: apps/v1 kind: Deployment metadata: name: webapp labels: app: webapp spec: replicas: 3 selector: matchLabels: app: webapp template: metadata: labels: app: webapp spec: containers: - name: webapp image: webapp:v1.0 ports: - containerPort: 8080 env: - name: APP_ENV value: production resources: requests: memory: "128Mi" cpu: "100m" limits: memory: "256Mi" cpu: "200m" livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 5 periodSeconds: 10 EOF # 创建Service $ cat > ~/webapp/k8s/service.yml << 'EOF' apiVersion: v1 kind: Service metadata: name: webapp labels: app: webapp spec: type: LoadBalancer ports: - port: 80 targetPort: 8080 protocol: TCP selector: app: webapp EOF # 创建ConfigMap $ cat > ~/webapp/k8s/configmap.yml << 'EOF' apiVersion: v1 kind: ConfigMap metadata: name: webapp-config data: APP_ENV: production LOG_LEVEL: info EOF # 创建Secret $ cat > ~/webapp/k8s/secret.yml << 'EOF' apiVersion: v1 kind: Secret metadata: name: webapp-secret type: Opaque data: DB_PASSWORD: VXNlclBhc3N3b3JkMTIzIQ== API_KEY: YWJjMTIzZGVmNDU2 EOF # 部署应用 $ kubectl apply -f ~/webapp/k8s/ deployment.apps/webapp created service/webapp created configmap/webapp-config created secret/webapp-secret created # 查看部署状态 $ kubectl get pods NAME READY STATUS RESTARTS AGE webapp-1234567890-abcde 1/1 Running 0 10s webapp-1234567890-fghij 1/1 Running 0 10s webapp-1234567890-klmno 1/1 Running 0 10s $ kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1
webapp LoadBalancer 10.96.123.456
# 扩容应用
$ kubectl scale deployment webapp –replicas=5
deployment.apps/webapp scaled
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
webapp-1234567890-abcde 1/1 Running 0 1m
webapp-1234567890-fghij 1/1 Running 0 1m
webapp-1234567890-klmno 1/1 Running 0 1m
webapp-1234567890-pqrst 1/1 Running 0 10s
webapp-1234567890-uvwxy 1/1 Running 0 10s
Part04-容器监控
4.1 容器监控配置
$ cat > ~/webapp/monitoring/prometheus.yml << 'EOF' global: scrape_interval: 15s scrape_configs: - job_name: 'prometheus' static_configs: - targets: ['localhost:9090'] - job_name: 'cadvisor' static_configs: - targets: ['cadvisor:8080'] - job_name: 'node-exporter' static_configs: - targets: ['node-exporter:9100'] EOF # 部署cAdvisor $ cat > ~/webapp/monitoring/docker-compose.yml << 'EOF' version: '3.8' services: prometheus: image: prom/prometheus:v2.45.0 ports: - "9090:9090" volumes: - ./prometheus.yml:/etc/prometheus/prometheus.yml - prometheus_data:/prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' grafana: image: grafana/grafana:10.0.0 ports: - "3000:3000" environment: - GF_SECURITY_ADMIN_PASSWORD=admin volumes: - grafana_data:/var/lib/grafana cadvisor: image: gcr.io/cadvisor/cadvisor:v0.47.0 ports: - "8080:8080" volumes: - /:/rootfs:ro - /var/run:/var/run:ro - /sys:/sys:ro - /var/lib/docker/:/var/lib/docker:ro node-exporter: image: prom/node-exporter:v1.6.0 ports: - "9100:9100" volumes: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro command: - '--path.procfs=/host/proc' - '--path.sysfs=/host/sys' - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' volumes: prometheus_data: grafana_data: EOF # 启动监控 $ cd ~/webapp/monitoring $ podman-compose up -d # 查看容器资源使用 $ podman stats ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS 1234567890ab webapp 0.50% 50MiB / 256MiB 19.53% 1.5MB / 500kB 10MB / 5MB 10 1234567890ac mysql 1.20% 200MiB / 512MiB 39.06% 2MB / 1MB 50MB / 20MB 30 1234567890ad redis 0.30% 10MiB / 128MiB 7.81% 500kB / 200kB 5MB / 2MB 5 # 查看容器日志 $ podman logs webapp 2026/04/04 02:05:00 [notice] 1#1: start worker process 1 2026/04/04 02:05:00 [notice] 1#1: start worker process 2 2026/04/04 02:05:00 [notice] 1#1: start worker process 3 2026/04/04 02:05:00 [notice] 1#1: start worker process 4
1. 使用多阶段构建优化镜像
2. 配置健康检查和资源限制
3. 使用编排工具管理容器
4. 实施容器监控和日志
5. 定期更新基础镜像
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
