内容大纲
- 1. 容器化部署概述
- 2. Docker基础实践
- 3. Dockerfile最佳实践
- 4. Docker Compose实践
- 5. Kubernetes部署实践
- 6. Helm包管理实践
- 7. 容器镜像仓库管理
- 8. 容器网络管理
- 9. 容器存储管理
- 10. 最佳实践
1. 容器化部署概述
容器化部署是一种将应用程序及其依赖项打包到容器中进行部署的技术。容器提供了轻量级、可移植、自包含的运行环境,确保应用程序在任何环境中都能一致运行。容器化部署已经成为现代软件开发和运维的标准实践,它提高了开发效率、简化了部署流程、增强了系统的可扩展性。
容器化部署的核心优势包括:
- 一致性:确保开发、测试、生产环境一致
- 可移植性:容器可以在任何支持容器的平台上运行
- 轻量级:容器共享主机内核,资源占用少
- 快速部署:容器启动速度快,部署效率高
- 可扩展性:易于水平扩展和管理
更多学习教程www.fgedu.net.cn
2. Docker基础实践
2.1 Docker安装与配置
# Docker安装与配置脚本
$ cat > /usr/local/bin/docker_install.sh << 'EOF' #!/bin/bash echo "开始安装Docker..." # 1. 安装依赖包 yum install -y yum-utils device-mapper-persistent-data lvm2 # 2. 添加Docker仓库 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo # 3. 安装Docker yum install -y docker-ce docker-ce-cli containerd.io # 4. 启动Docker systemctl start docker systemctl enable docker # 5. 验证安装 docker --version docker run hello-world # 6. 配置Docker镜像加速 mkdir -p /etc/docker cat > /etc/docker/daemon.json << 'DOCKER' { "registry-mirrors": [ "https://registry.docker-cn.com", "https://docker.mirrors.ustc.edu.cn" ], "insecure-registries": ["registry.fgedu.net.cn"], "max-concurrent-downloads": 10, "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "3" }, "storage-driver": "overlay2" } DOCKER # 7. 重启Docker systemctl daemon-reload systemctl restart docker echo "Docker安装完成" EOF $ chmod +x /usr/local/bin/docker_install.sh
$ cat > /usr/local/bin/docker_install.sh << 'EOF' #!/bin/bash echo "开始安装Docker..." # 1. 安装依赖包 yum install -y yum-utils device-mapper-persistent-data lvm2 # 2. 添加Docker仓库 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo # 3. 安装Docker yum install -y docker-ce docker-ce-cli containerd.io # 4. 启动Docker systemctl start docker systemctl enable docker # 5. 验证安装 docker --version docker run hello-world # 6. 配置Docker镜像加速 mkdir -p /etc/docker cat > /etc/docker/daemon.json << 'DOCKER' { "registry-mirrors": [ "https://registry.docker-cn.com", "https://docker.mirrors.ustc.edu.cn" ], "insecure-registries": ["registry.fgedu.net.cn"], "max-concurrent-downloads": 10, "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "3" }, "storage-driver": "overlay2" } DOCKER # 7. 重启Docker systemctl daemon-reload systemctl restart docker echo "Docker安装完成" EOF $ chmod +x /usr/local/bin/docker_install.sh
输出结果如下:
开始安装Docker…
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
正在解决依赖关系
–> 正在检查事务
—> 软件包 yum-utils.noarch.0.1.1.31-54.el7_8 将被 安装
–> 解决依赖关系完成
开始安装Docker…
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
正在解决依赖关系
–> 正在检查事务
—> 软件包 yum-utils.noarch.0.1.1.31-54.el7_8 将被 安装
–> 解决依赖关系完成
依赖关系解决
================================================================================
Package 架构 版本 源 大小
================================================================================
正在安装:
yum-utils noarch 1.1.31-54.el7_8 base 121 k
事务概要
================================================================================
安装 1 软件包
总下载量:121 k
安装大小:337 k
Downloading packages:
yum-utils-1.1.31-54.el7_8.noarch.rpm | 121 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : yum-utils-1.1.31-54.el7_8.noarch 1/1
验证中 : yum-utils-1.1.31-54.el7_8.noarch 1/1
已安装:
yum-utils.noarch 0:1.1.31-54.el7_8
完毕!
Docker version 20.10.7, build f0df350
Unable to find image ‘hello-world:latest’ locally
latest: Pulling from library/hello-world
b8dfde127a29: Pull complete
Digest: sha256:df5f5184104426b65967e016ff2ac0bfcd44ad7899ca3bbcf8e44e4461491a9e
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the “hello-world” image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
Docker安装完成
2.2 Docker基本操作
# Docker基本操作脚本
$ cat > /usr/local/bin/docker_operations.sh << 'EOF' #!/bin/bash echo "=== Docker基本操作演示 ===" # 1. 镜像操作 echo "" echo "1. 镜像操作" echo "搜索镜像:" docker search nginx echo "" echo "拉取镜像:" docker pull nginx:latest echo "" echo "查看本地镜像:" docker images echo "" echo "删除镜像:" docker rmi nginx:latest # 2. 容器操作 echo "" echo "2. 容器操作" echo "运行容器:" docker run -d --name nginx-test -p 8080:80 nginx:latest echo "" echo "查看运行中的容器:" docker ps echo "" echo "查看所有容器:" docker ps -a echo "" echo "停止容器:" docker stop nginx-test echo "" echo "启动容器:" docker start nginx-test echo "" echo "进入容器:" docker exec -it nginx-test bash echo "" echo "查看容器日志:" docker logs nginx-test echo "" echo "删除容器:" docker rm -f nginx-test # 3. 网络操作 echo "" echo "3. 网络操作" echo "查看网络:" docker network ls echo "" echo "创建网络:" docker network create fgedu-network echo "" echo "查看网络详情:" docker network inspect fgedu-network # 4. 数据卷操作 echo "" echo "4. 数据卷操作" echo "创建数据卷:" docker volume create fgedu-data echo "" echo "查看数据卷:" docker volume ls echo "" echo "查看数据卷详情:" docker volume inspect fgedu-data echo "" echo "=== Docker基本操作演示完成 ===" EOF $ chmod +x /usr/local/bin/docker_operations.sh
$ cat > /usr/local/bin/docker_operations.sh << 'EOF' #!/bin/bash echo "=== Docker基本操作演示 ===" # 1. 镜像操作 echo "" echo "1. 镜像操作" echo "搜索镜像:" docker search nginx echo "" echo "拉取镜像:" docker pull nginx:latest echo "" echo "查看本地镜像:" docker images echo "" echo "删除镜像:" docker rmi nginx:latest # 2. 容器操作 echo "" echo "2. 容器操作" echo "运行容器:" docker run -d --name nginx-test -p 8080:80 nginx:latest echo "" echo "查看运行中的容器:" docker ps echo "" echo "查看所有容器:" docker ps -a echo "" echo "停止容器:" docker stop nginx-test echo "" echo "启动容器:" docker start nginx-test echo "" echo "进入容器:" docker exec -it nginx-test bash echo "" echo "查看容器日志:" docker logs nginx-test echo "" echo "删除容器:" docker rm -f nginx-test # 3. 网络操作 echo "" echo "3. 网络操作" echo "查看网络:" docker network ls echo "" echo "创建网络:" docker network create fgedu-network echo "" echo "查看网络详情:" docker network inspect fgedu-network # 4. 数据卷操作 echo "" echo "4. 数据卷操作" echo "创建数据卷:" docker volume create fgedu-data echo "" echo "查看数据卷:" docker volume ls echo "" echo "查看数据卷详情:" docker volume inspect fgedu-data echo "" echo "=== Docker基本操作演示完成 ===" EOF $ chmod +x /usr/local/bin/docker_operations.sh
输出结果如下:
=== Docker基本操作演示 ===
=== Docker基本操作演示 ===
1. 镜像操作
搜索镜像:
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 15600 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 2100 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 820 [OK]
拉取镜像:
latest: Pulling from library/nginx
b4d181a07f80: Pull complete
6694c02114ec: Pull complete
d0f584dfd411: Pull complete
Digest: sha256:4d4d96ac750af48c6a551d757c1cbfc071692309b491b70b2b8976e102dd3fef
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
查看本地镜像:
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 4d4d96ac750a 2 weeks ago 133MB
2. 容器操作
运行容器:
f1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
查看运行中的容器:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f1234567890ab nginx:latest “/docker-entrypoint.…” 3 seconds ago Up 2 seconds 0.0.0.0:8080->80/tcp nginx-test
停止容器:
nginx-test
启动容器:
nginx-test
查看容器日志:
192.168.1.100 – – [03/Apr/2026:10:30:45 +0000] “GET / HTTP/1.1” 200 615 “-” “Mozilla/5.0” “-”
=== Docker基本操作演示完成 ===
学习交流加群风哥微信: itpux-com
3. Dockerfile最佳实践
3.1 Dockerfile编写
# Dockerfile最佳实践脚本
$ cat > /usr/local/bin/dockerfile_practice.sh << 'EOF' #!/bin/bash echo "创建Dockerfile最佳实践..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建Java应用Dockerfile cat > $PROJECT_DIR/docker/Dockerfile.java << 'DOCKERFILE' FROM openjdk:11-jre-slim LABEL maintainer="fengge@fgedu.net.cn" LABEL version="1.0" LABEL description="风哥教育网站系统" WORKDIR /app COPY target/web-system.jar app.jar EXPOSE 8080 ENV JAVA_OPTS="-Xms512m -Xmx1024m -XX:+UseG1GC" ENV SPRING_PROFILES_ACTIVE="prod" HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \ CMD curl -f http://fgedudb:8080/actuator/health || exit 1 ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -Dspring.profiles.active=$SPRING_PROFILES_ACTIVE -jar app.jar"] DOCKERFILE # 2. 创建多阶段构建Dockerfile cat > $PROJECT_DIR/docker/Dockerfile.multistage << 'MULTISTAGE' FROM maven:3.6.3-jdk-11 AS builder WORKDIR /build COPY pom.xml . COPY src ./src RUN mvn clean package -DskipTests FROM openjdk:11-jre-slim WORKDIR /app COPY --from=builder /build/target/web-system.jar app.jar EXPOSE 8080 ENV JAVA_OPTS="-Xms512m -Xmx1024m -XX:+UseG1GC" ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar app.jar"] MULTISTAGE # 3. 创建Nginx Dockerfile cat > $PROJECT_DIR/docker/Dockerfile.nginx << 'NGINX' FROM nginx:1.21-alpine LABEL maintainer="fengge@fgedu.net.cn" COPY nginx.conf /etc/nginx/nginx.conf COPY conf.d/ /etc/nginx/conf.d/ COPY html/ /usr/share/nginx/html/ EXPOSE 80 443 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD curl -f http://fgedudb/ || exit 1 CMD ["nginx", "-g", "daemon off;"] NGINX # 4. 创建Node.js Dockerfile cat > $PROJECT_DIR/docker/Dockerfile.nodejs << 'NODEJS' FROM node:16-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . RUN npm run build FROM node:16-alpine WORKDIR /app COPY --from=builder /app/node_modules ./node_modules COPY --from=builder /app/dist ./dist COPY --from=builder /app/package.json ./ EXPOSE 3000 ENV NODE_ENV=production HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \ CMD node healthcheck.js || exit 1 CMD ["node", "dist/main.js"] NODEJS echo "Dockerfile最佳实践创建完成" EOF $ chmod +x /usr/local/bin/dockerfile_practice.sh
$ cat > /usr/local/bin/dockerfile_practice.sh << 'EOF' #!/bin/bash echo "创建Dockerfile最佳实践..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建Java应用Dockerfile cat > $PROJECT_DIR/docker/Dockerfile.java << 'DOCKERFILE' FROM openjdk:11-jre-slim LABEL maintainer="fengge@fgedu.net.cn" LABEL version="1.0" LABEL description="风哥教育网站系统" WORKDIR /app COPY target/web-system.jar app.jar EXPOSE 8080 ENV JAVA_OPTS="-Xms512m -Xmx1024m -XX:+UseG1GC" ENV SPRING_PROFILES_ACTIVE="prod" HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \ CMD curl -f http://fgedudb:8080/actuator/health || exit 1 ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -Dspring.profiles.active=$SPRING_PROFILES_ACTIVE -jar app.jar"] DOCKERFILE # 2. 创建多阶段构建Dockerfile cat > $PROJECT_DIR/docker/Dockerfile.multistage << 'MULTISTAGE' FROM maven:3.6.3-jdk-11 AS builder WORKDIR /build COPY pom.xml . COPY src ./src RUN mvn clean package -DskipTests FROM openjdk:11-jre-slim WORKDIR /app COPY --from=builder /build/target/web-system.jar app.jar EXPOSE 8080 ENV JAVA_OPTS="-Xms512m -Xmx1024m -XX:+UseG1GC" ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar app.jar"] MULTISTAGE # 3. 创建Nginx Dockerfile cat > $PROJECT_DIR/docker/Dockerfile.nginx << 'NGINX' FROM nginx:1.21-alpine LABEL maintainer="fengge@fgedu.net.cn" COPY nginx.conf /etc/nginx/nginx.conf COPY conf.d/ /etc/nginx/conf.d/ COPY html/ /usr/share/nginx/html/ EXPOSE 80 443 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD curl -f http://fgedudb/ || exit 1 CMD ["nginx", "-g", "daemon off;"] NGINX # 4. 创建Node.js Dockerfile cat > $PROJECT_DIR/docker/Dockerfile.nodejs << 'NODEJS' FROM node:16-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . RUN npm run build FROM node:16-alpine WORKDIR /app COPY --from=builder /app/node_modules ./node_modules COPY --from=builder /app/dist ./dist COPY --from=builder /app/package.json ./ EXPOSE 3000 ENV NODE_ENV=production HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \ CMD node healthcheck.js || exit 1 CMD ["node", "dist/main.js"] NODEJS echo "Dockerfile最佳实践创建完成" EOF $ chmod +x /usr/local/bin/dockerfile_practice.sh
输出结果如下:
创建Dockerfile最佳实践…
Dockerfile最佳实践创建完成
创建Dockerfile最佳实践…
Dockerfile最佳实践创建完成
3.2 Dockerfile优化技巧
# Dockerfile优化脚本
$ cat > /usr/local/bin/dockerfile_optimization.sh << 'EOF' #!/bin/bash echo "创建Dockerfile优化示例..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建优化后的Dockerfile cat > $PROJECT_DIR/docker/Dockerfile.optimized << 'OPTIMIZED' FROM openjdk:11-jre-slim LABEL maintainer="fengge@fgedu.net.cn" WORKDIR /app RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ && rm -rf /var/lib/apt/lists/* COPY target/web-system.jar app.jar RUN useradd -m -u 1000 appuser && \ chown -R appuser:appuser /app USER appuser EXPOSE 8080 ENV JAVA_OPTS="-Xms512m -Xmx1024m -XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError" HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \ CMD curl -f http://fgedudb:8080/actuator/health || exit 1 ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar app.jar"] OPTIMIZED # 2. 创建.dockerignore文件 cat > $PROJECT_DIR/.dockerignore << 'IGNORE' target/ !target/web-system.jar *.log *.tmp .git .gitignore README.md .idea .vscode *.iml .DS_Store Thumbs.db IGNORE # 3. 创建Dockerfile最佳实践文档 cat > $PROJECT_DIR/docs/docker/best_practices.md << 'PRACTICES' # Dockerfile最佳实践 ## 1. 基础镜像选择 - 使用官方镜像 - 选择Alpine版本减小镜像大小 - 指定具体版本号,不使用latest ## 2. 指令优化 - 合并RUN指令减少层数 - 清理缓存和临时文件 - 使用多阶段构建 ## 3. 安全优化 - 创建非root用户 - 设置文件权限 - 不存储敏感信息 ## 4. 性能优化 - 利用构建缓存 - 最小化镜像大小 - 优化网络传输 ## 5. 可维护性 - 添加LABEL标签 - 添加健康检查 - 使用环境变量 PRACTICES echo "Dockerfile优化示例创建完成" EOF $ chmod +x /usr/local/bin/dockerfile_optimization.sh
$ cat > /usr/local/bin/dockerfile_optimization.sh << 'EOF' #!/bin/bash echo "创建Dockerfile优化示例..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建优化后的Dockerfile cat > $PROJECT_DIR/docker/Dockerfile.optimized << 'OPTIMIZED' FROM openjdk:11-jre-slim LABEL maintainer="fengge@fgedu.net.cn" WORKDIR /app RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ && rm -rf /var/lib/apt/lists/* COPY target/web-system.jar app.jar RUN useradd -m -u 1000 appuser && \ chown -R appuser:appuser /app USER appuser EXPOSE 8080 ENV JAVA_OPTS="-Xms512m -Xmx1024m -XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError" HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \ CMD curl -f http://fgedudb:8080/actuator/health || exit 1 ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar app.jar"] OPTIMIZED # 2. 创建.dockerignore文件 cat > $PROJECT_DIR/.dockerignore << 'IGNORE' target/ !target/web-system.jar *.log *.tmp .git .gitignore README.md .idea .vscode *.iml .DS_Store Thumbs.db IGNORE # 3. 创建Dockerfile最佳实践文档 cat > $PROJECT_DIR/docs/docker/best_practices.md << 'PRACTICES' # Dockerfile最佳实践 ## 1. 基础镜像选择 - 使用官方镜像 - 选择Alpine版本减小镜像大小 - 指定具体版本号,不使用latest ## 2. 指令优化 - 合并RUN指令减少层数 - 清理缓存和临时文件 - 使用多阶段构建 ## 3. 安全优化 - 创建非root用户 - 设置文件权限 - 不存储敏感信息 ## 4. 性能优化 - 利用构建缓存 - 最小化镜像大小 - 优化网络传输 ## 5. 可维护性 - 添加LABEL标签 - 添加健康检查 - 使用环境变量 PRACTICES echo "Dockerfile优化示例创建完成" EOF $ chmod +x /usr/local/bin/dockerfile_optimization.sh
输出结果如下:
创建Dockerfile优化示例…
Dockerfile优化示例创建完成
创建Dockerfile优化示例…
Dockerfile优化示例创建完成
4. Docker Compose实践
4.1 Docker Compose配置
# Docker Compose配置脚本
$ cat > /usr/local/bin/docker_compose_setup.sh << 'EOF' #!/bin/bash echo "配置Docker Compose..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建基础docker-compose.yml cat > $PROJECT_DIR/docker-compose.yml << 'COMPOSE' version: '3.8' services: web: build: context: . dockerfile: docker/Dockerfile.java image: registry.fgedu.net.cn/fgedu/web-system:latest container_name: fgedu-web ports: - "8080:8080" environment: - SPRING_PROFILES_ACTIVE=prod - MYSQL_HOST=mysql - REDIS_HOST=redis - JAVA_OPTS=-Xms512m -Xmx1024m -XX:+UseG1GC depends_on: - mysql - redis networks: - fgedu-network volumes: - web-logs:/app/logs restart: unless-stopped healthcheck: test: ["CMD", "curl", "-f", "http://fgedudb:8080/actuator/health"] interval: 30s timeout: 3s retries: 3 start_period: 40s mysql: image: mysql:8.0 container_name: fgedu-mysql environment: - MYSQL_ROOT_PASSWORD=root123 - MYSQL_DATABASE=fgedu_web - MYSQL_USER=fgedu - MYSQL_PASSWORD=fgedu123 - TZ=Asia/Shanghai ports: - "3306:3306" networks: - fgedu-network volumes: - mysql-data:/var/lib/mysql - ./sql:/docker-entrypoint-initdb.d restart: unless-stopped command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci redis: image: redis:6.2-alpine container_name: fgedu-redis ports: - "6379:6379" networks: - fgedu-network volumes: - redis-data:/data restart: unless-stopped command: redis-server --appendonly yes nginx: image: nginx:1.21-alpine container_name: fgedu-nginx ports: - "80:80" - "443:443" networks: - fgedu-network volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf - ./nginx/conf.d:/etc/nginx/conf.d - ./nginx/html:/usr/share/nginx/html - ./nginx/ssl:/etc/nginx/ssl restart: unless-stopped depends_on: - web networks: fgedu-network: driver: bridge volumes: mysql-data: redis-data: web-logs: COMPOSE # 2. 创建开发环境docker-compose cat > $PROJECT_DIR/docker-compose.dev.yml << 'DEV' version: '3.8' services: web: build: context: . dockerfile: docker/Dockerfile.java image: registry.fgedu.net.cn/fgedu/web-system:dev container_name: fgedu-web-dev ports: - "8080:8080" environment: - SPRING_PROFILES_ACTIVE=dev - MYSQL_HOST=mysql - REDIS_HOST=redis - JAVA_OPTS=-Xms256m -Xmx512m -XX:+UseG1GC depends_on: - mysql - redis networks: - fgedu-network volumes: - ./src:/app/src - web-logs:/app/logs restart: unless-stopped mysql: image: mysql:8.0 container_name: fgedu-mysql-dev environment: - MYSQL_ROOT_PASSWORD=root123 - MYSQL_DATABASE=fgedu_web_dev - MYSQL_USER=fgedu - MYSQL_PASSWORD=fgedu123 ports: - "3306:3306" networks: - fgedu-network volumes: - mysql-data-dev:/var/lib/mysql restart: unless-stopped redis: image: redis:6.2-alpine container_name: fgedu-redis-dev ports: - "6379:6379" networks: - fgedu-network volumes: - redis-data-dev:/data restart: unless-stopped networks: fgedu-network: driver: bridge volumes: mysql-data-dev: redis-data-dev: web-logs: DEV # 3. 创建启动脚本 cat > $PROJECT_DIR/scripts/docker_compose.sh << 'SCRIPT' #!/bin/bash case "$1" in start) echo "启动服务..." docker-compose up -d ;; stop) echo "停止服务..." docker-compose down ;; restart) echo "重启服务..." docker-compose restart ;; logs) echo "查看日志..." docker-compose logs -f $2 ;; ps) echo "查看服务状态..." docker-compose ps ;; build) echo "构建镜像..." docker-compose build ;; *) echo "Usage: $0 {start|stop|restart|logs|ps|build}" exit 1 ;; esac SCRIPT chmod +x $PROJECT_DIR/scripts/docker_compose.sh echo "Docker Compose配置完成" EOF $ chmod +x /usr/local/bin/docker_compose_setup.sh
$ cat > /usr/local/bin/docker_compose_setup.sh << 'EOF' #!/bin/bash echo "配置Docker Compose..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建基础docker-compose.yml cat > $PROJECT_DIR/docker-compose.yml << 'COMPOSE' version: '3.8' services: web: build: context: . dockerfile: docker/Dockerfile.java image: registry.fgedu.net.cn/fgedu/web-system:latest container_name: fgedu-web ports: - "8080:8080" environment: - SPRING_PROFILES_ACTIVE=prod - MYSQL_HOST=mysql - REDIS_HOST=redis - JAVA_OPTS=-Xms512m -Xmx1024m -XX:+UseG1GC depends_on: - mysql - redis networks: - fgedu-network volumes: - web-logs:/app/logs restart: unless-stopped healthcheck: test: ["CMD", "curl", "-f", "http://fgedudb:8080/actuator/health"] interval: 30s timeout: 3s retries: 3 start_period: 40s mysql: image: mysql:8.0 container_name: fgedu-mysql environment: - MYSQL_ROOT_PASSWORD=root123 - MYSQL_DATABASE=fgedu_web - MYSQL_USER=fgedu - MYSQL_PASSWORD=fgedu123 - TZ=Asia/Shanghai ports: - "3306:3306" networks: - fgedu-network volumes: - mysql-data:/var/lib/mysql - ./sql:/docker-entrypoint-initdb.d restart: unless-stopped command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci redis: image: redis:6.2-alpine container_name: fgedu-redis ports: - "6379:6379" networks: - fgedu-network volumes: - redis-data:/data restart: unless-stopped command: redis-server --appendonly yes nginx: image: nginx:1.21-alpine container_name: fgedu-nginx ports: - "80:80" - "443:443" networks: - fgedu-network volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf - ./nginx/conf.d:/etc/nginx/conf.d - ./nginx/html:/usr/share/nginx/html - ./nginx/ssl:/etc/nginx/ssl restart: unless-stopped depends_on: - web networks: fgedu-network: driver: bridge volumes: mysql-data: redis-data: web-logs: COMPOSE # 2. 创建开发环境docker-compose cat > $PROJECT_DIR/docker-compose.dev.yml << 'DEV' version: '3.8' services: web: build: context: . dockerfile: docker/Dockerfile.java image: registry.fgedu.net.cn/fgedu/web-system:dev container_name: fgedu-web-dev ports: - "8080:8080" environment: - SPRING_PROFILES_ACTIVE=dev - MYSQL_HOST=mysql - REDIS_HOST=redis - JAVA_OPTS=-Xms256m -Xmx512m -XX:+UseG1GC depends_on: - mysql - redis networks: - fgedu-network volumes: - ./src:/app/src - web-logs:/app/logs restart: unless-stopped mysql: image: mysql:8.0 container_name: fgedu-mysql-dev environment: - MYSQL_ROOT_PASSWORD=root123 - MYSQL_DATABASE=fgedu_web_dev - MYSQL_USER=fgedu - MYSQL_PASSWORD=fgedu123 ports: - "3306:3306" networks: - fgedu-network volumes: - mysql-data-dev:/var/lib/mysql restart: unless-stopped redis: image: redis:6.2-alpine container_name: fgedu-redis-dev ports: - "6379:6379" networks: - fgedu-network volumes: - redis-data-dev:/data restart: unless-stopped networks: fgedu-network: driver: bridge volumes: mysql-data-dev: redis-data-dev: web-logs: DEV # 3. 创建启动脚本 cat > $PROJECT_DIR/scripts/docker_compose.sh << 'SCRIPT' #!/bin/bash case "$1" in start) echo "启动服务..." docker-compose up -d ;; stop) echo "停止服务..." docker-compose down ;; restart) echo "重启服务..." docker-compose restart ;; logs) echo "查看日志..." docker-compose logs -f $2 ;; ps) echo "查看服务状态..." docker-compose ps ;; build) echo "构建镜像..." docker-compose build ;; *) echo "Usage: $0 {start|stop|restart|logs|ps|build}" exit 1 ;; esac SCRIPT chmod +x $PROJECT_DIR/scripts/docker_compose.sh echo "Docker Compose配置完成" EOF $ chmod +x /usr/local/bin/docker_compose_setup.sh
输出结果如下:
配置Docker Compose…
Docker Compose配置完成
配置Docker Compose…
Docker Compose配置完成
学习交流加群风哥QQ113257174
5. Kubernetes部署实践
5.1 Kubernetes配置
# Kubernetes部署配置脚本
$ cat > /usr/local/bin/kubernetes_setup.sh << 'EOF' #!/bin/bash echo "配置Kubernetes部署..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建Deployment配置 cat > $PROJECT_DIR/k8s/deployment.yaml << 'DEPLOYMENT' apiVersion: apps/v1 kind: Deployment metadata: name: web-system namespace: fgedu labels: app: web-system spec: replicas: 3 selector: matchLabels: app: web-system strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 template: metadata: labels: app: web-system spec: containers: - name: web-system image: registry.fgedu.net.cn/fgedu/web-system:latest ports: - containerPort: 8080 env: - name: SPRING_PROFILES_ACTIVE value: "prod" - name: MYSQL_HOST value: "mysql-service" - name: REDIS_HOST value: "redis-service" - name: JAVA_OPTS value: "-Xms512m -Xmx1024m -XX:+UseG1GC" resources: requests: memory: "512Mi" cpu: "250m" limits: memory: "1Gi" cpu: "500m" livenessProbe: httpGet: path: /actuator/health/liveness port: 8080 initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 readinessProbe: httpGet: path: /actuator/health/readiness port: 8080 initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 volumeMounts: - name: logs mountPath: /app/logs volumes: - name: logs emptyDir: {} imagePullSecrets: - name: registry-secret DEPLOYMENT # 2. 创建Service配置 cat > $PROJECT_DIR/k8s/service.yaml << 'SERVICE' apiVersion: v1 kind: Service metadata: name: web-system-service namespace: fgedu spec: selector: app: web-system ports: - protocol: TCP port: 80 targetPort: 8080 type: ClusterIP --- apiVersion: v1 kind: Service metadata: name: web-system-nodeport namespace: fgedu spec: selector: app: web-system ports: - protocol: TCP port: 80 targetPort: 8080 nodePort: 30080 type: NodePort SERVICE # 3. 创建Ingress配置 cat > $PROJECT_DIR/k8s/ingress.yaml << 'INGRESS' apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: web-system-ingress namespace: fgedu annotations: nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/ssl-redirect: "true" cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: ingressClassName: nginx tls: - hosts: - www.fgedu.net.cn secretName: fgedu-tls rules: - host: www.fgedu.net.cn http: paths: - path: / pathType: Prefix backend: service: name: web-system-service port: number: 80 INGRESS # 4. 创建ConfigMap配置 cat > $PROJECT_DIR/k8s/configmap.yaml << 'CONFIGMAP' apiVersion: v1 kind: ConfigMap metadata: name: web-system-config namespace: fgedu data: application.yml: | server: port: 8080 spring: datasource: url: jdbc:mysql://mysql-service:3306/fgedu_web username: fgedu driver-class-name: com.mysql.cj.jdbc.Driver redis: host: redis-service port: 6379 logging: level: root: INFO com.fgedu: DEBUG CONFIGMAP # 5. 创建Secret配置 cat > $PROJECT_DIR/k8s/secret.yaml << 'SECRET' apiVersion: v1 kind: Secret metadata: name: web-system-secret namespace: fgedu type: Opaque data: mysql-password: ZmdlZHUxMjM= redis-password: "" SECRET echo "Kubernetes部署配置完成" EOF $ chmod +x /usr/local/bin/kubernetes_setup.sh
$ cat > /usr/local/bin/kubernetes_setup.sh << 'EOF' #!/bin/bash echo "配置Kubernetes部署..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建Deployment配置 cat > $PROJECT_DIR/k8s/deployment.yaml << 'DEPLOYMENT' apiVersion: apps/v1 kind: Deployment metadata: name: web-system namespace: fgedu labels: app: web-system spec: replicas: 3 selector: matchLabels: app: web-system strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 template: metadata: labels: app: web-system spec: containers: - name: web-system image: registry.fgedu.net.cn/fgedu/web-system:latest ports: - containerPort: 8080 env: - name: SPRING_PROFILES_ACTIVE value: "prod" - name: MYSQL_HOST value: "mysql-service" - name: REDIS_HOST value: "redis-service" - name: JAVA_OPTS value: "-Xms512m -Xmx1024m -XX:+UseG1GC" resources: requests: memory: "512Mi" cpu: "250m" limits: memory: "1Gi" cpu: "500m" livenessProbe: httpGet: path: /actuator/health/liveness port: 8080 initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 readinessProbe: httpGet: path: /actuator/health/readiness port: 8080 initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 volumeMounts: - name: logs mountPath: /app/logs volumes: - name: logs emptyDir: {} imagePullSecrets: - name: registry-secret DEPLOYMENT # 2. 创建Service配置 cat > $PROJECT_DIR/k8s/service.yaml << 'SERVICE' apiVersion: v1 kind: Service metadata: name: web-system-service namespace: fgedu spec: selector: app: web-system ports: - protocol: TCP port: 80 targetPort: 8080 type: ClusterIP --- apiVersion: v1 kind: Service metadata: name: web-system-nodeport namespace: fgedu spec: selector: app: web-system ports: - protocol: TCP port: 80 targetPort: 8080 nodePort: 30080 type: NodePort SERVICE # 3. 创建Ingress配置 cat > $PROJECT_DIR/k8s/ingress.yaml << 'INGRESS' apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: web-system-ingress namespace: fgedu annotations: nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/ssl-redirect: "true" cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: ingressClassName: nginx tls: - hosts: - www.fgedu.net.cn secretName: fgedu-tls rules: - host: www.fgedu.net.cn http: paths: - path: / pathType: Prefix backend: service: name: web-system-service port: number: 80 INGRESS # 4. 创建ConfigMap配置 cat > $PROJECT_DIR/k8s/configmap.yaml << 'CONFIGMAP' apiVersion: v1 kind: ConfigMap metadata: name: web-system-config namespace: fgedu data: application.yml: | server: port: 8080 spring: datasource: url: jdbc:mysql://mysql-service:3306/fgedu_web username: fgedu driver-class-name: com.mysql.cj.jdbc.Driver redis: host: redis-service port: 6379 logging: level: root: INFO com.fgedu: DEBUG CONFIGMAP # 5. 创建Secret配置 cat > $PROJECT_DIR/k8s/secret.yaml << 'SECRET' apiVersion: v1 kind: Secret metadata: name: web-system-secret namespace: fgedu type: Opaque data: mysql-password: ZmdlZHUxMjM= redis-password: "" SECRET echo "Kubernetes部署配置完成" EOF $ chmod +x /usr/local/bin/kubernetes_setup.sh
输出结果如下:
配置Kubernetes部署…
Kubernetes部署配置完成
配置Kubernetes部署…
Kubernetes部署配置完成
6. Helm包管理实践
6.1 Helm Chart配置
# Helm Chart配置脚本
$ cat > /usr/local/bin/helm_chart_setup.sh << 'EOF' #!/bin/bash echo "配置Helm Chart..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建Chart目录结构 mkdir -p $PROJECT_DIR/helm/web-system/{templates,charts} # 2. 创建Chart.yaml cat > $PROJECT_DIR/helm/web-system/Chart.yaml << 'CHART' apiVersion: v2 name: web-system description: 风哥教育网站系统Helm Chart type: application version: 1.0.0 appVersion: "1.0.0" maintainers: - name: fengge email: fengge@fgedu.net.cn CHART # 3. 创建values.yaml cat > $PROJECT_DIR/helm/web-system/values.yaml << 'VALUES' replicaCount: 3 image: repository: registry.fgedu.net.cn/fgedu/web-system pullPolicy: IfNotPresent tag: "latest" imagePullSecrets: - name: registry-secret nameOverride: "" fullnameOverride: "" serviceAccount: create: true annotations: {} name: "" podAnnotations: {} podSecurityContext: fsGroup: 1000 securityContext: runAsNonRoot: true runAsUser: 1000 service: type: ClusterIP port: 80 ingress: enabled: true className: "nginx" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" hosts: - host: www.fgedu.net.cn paths: - path: / pathType: Prefix tls: - secretName: fgedu-tls hosts: - www.fgedu.net.cn resources: limits: cpu: 500m memory: 1Gi requests: cpu: 250m memory: 512Mi autoscaling: enabled: true minReplicas: 3 maxReplicas: 10 targetCPUUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} env: SPRING_PROFILES_ACTIVE: "prod" MYSQL_HOST: "mysql-service" REDIS_HOST: "redis-service" JAVA_OPTS: "-Xms512m -Xmx1024m -XX:+UseG1GC" VALUES # 4. 创建部署脚本 cat > $PROJECT_DIR/scripts/helm_deploy.sh << 'HELM' #!/bin/bash NAMESPACE="fgedu" RELEASE_NAME="web-system" case "$1" in install) echo "安装Helm Chart..." helm install $RELEASE_NAME ./helm/web-system -n $NAMESPACE --create-namespace ;; upgrade) echo "升级Helm Chart..." helm upgrade $RELEASE_NAME ./helm/web-system -n $NAMESPACE ;; uninstall) echo "卸载Helm Chart..." helm uninstall $RELEASE_NAME -n $NAMESPACE ;; rollback) echo "回滚Helm Chart..." helm rollback $RELEASE_NAME -n $NAMESPACE ;; status) echo "查看Helm状态..." helm status $RELEASE_NAME -n $NAMESPACE ;; history) echo "查看Helm历史..." helm history $RELEASE_NAME -n $NAMESPACE ;; *) echo "Usage: $0 {install|upgrade|uninstall|rollback|status|history}" exit 1 ;; esac HELM chmod +x $PROJECT_DIR/scripts/helm_deploy.sh echo "Helm Chart配置完成" EOF $ chmod +x /usr/local/bin/helm_chart_setup.sh
$ cat > /usr/local/bin/helm_chart_setup.sh << 'EOF' #!/bin/bash echo "配置Helm Chart..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建Chart目录结构 mkdir -p $PROJECT_DIR/helm/web-system/{templates,charts} # 2. 创建Chart.yaml cat > $PROJECT_DIR/helm/web-system/Chart.yaml << 'CHART' apiVersion: v2 name: web-system description: 风哥教育网站系统Helm Chart type: application version: 1.0.0 appVersion: "1.0.0" maintainers: - name: fengge email: fengge@fgedu.net.cn CHART # 3. 创建values.yaml cat > $PROJECT_DIR/helm/web-system/values.yaml << 'VALUES' replicaCount: 3 image: repository: registry.fgedu.net.cn/fgedu/web-system pullPolicy: IfNotPresent tag: "latest" imagePullSecrets: - name: registry-secret nameOverride: "" fullnameOverride: "" serviceAccount: create: true annotations: {} name: "" podAnnotations: {} podSecurityContext: fsGroup: 1000 securityContext: runAsNonRoot: true runAsUser: 1000 service: type: ClusterIP port: 80 ingress: enabled: true className: "nginx" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" hosts: - host: www.fgedu.net.cn paths: - path: / pathType: Prefix tls: - secretName: fgedu-tls hosts: - www.fgedu.net.cn resources: limits: cpu: 500m memory: 1Gi requests: cpu: 250m memory: 512Mi autoscaling: enabled: true minReplicas: 3 maxReplicas: 10 targetCPUUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} env: SPRING_PROFILES_ACTIVE: "prod" MYSQL_HOST: "mysql-service" REDIS_HOST: "redis-service" JAVA_OPTS: "-Xms512m -Xmx1024m -XX:+UseG1GC" VALUES # 4. 创建部署脚本 cat > $PROJECT_DIR/scripts/helm_deploy.sh << 'HELM' #!/bin/bash NAMESPACE="fgedu" RELEASE_NAME="web-system" case "$1" in install) echo "安装Helm Chart..." helm install $RELEASE_NAME ./helm/web-system -n $NAMESPACE --create-namespace ;; upgrade) echo "升级Helm Chart..." helm upgrade $RELEASE_NAME ./helm/web-system -n $NAMESPACE ;; uninstall) echo "卸载Helm Chart..." helm uninstall $RELEASE_NAME -n $NAMESPACE ;; rollback) echo "回滚Helm Chart..." helm rollback $RELEASE_NAME -n $NAMESPACE ;; status) echo "查看Helm状态..." helm status $RELEASE_NAME -n $NAMESPACE ;; history) echo "查看Helm历史..." helm history $RELEASE_NAME -n $NAMESPACE ;; *) echo "Usage: $0 {install|upgrade|uninstall|rollback|status|history}" exit 1 ;; esac HELM chmod +x $PROJECT_DIR/scripts/helm_deploy.sh echo "Helm Chart配置完成" EOF $ chmod +x /usr/local/bin/helm_chart_setup.sh
输出结果如下:
配置Helm Chart…
Helm Chart配置完成
配置Helm Chart…
Helm Chart配置完成
7. 容器镜像仓库管理
7.1 Harbor仓库配置
# Harbor仓库配置脚本
$ cat > /usr/local/bin/harbor_setup.sh << 'EOF' #!/bin/bash echo "配置Harbor镜像仓库..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建Harbor配置文档 cat > $PROJECT_DIR/docs/docker/harbor_setup.md << 'HARBOR' # Harbor镜像仓库配置 ## 1. Harbor安装 ### 1.1 下载Harbor wget https://github.com/goharbor/harbor/releases/download/v2.3.0/harbor-offline-installer-v2.3.0.tgz tar xzvf harbor-offline-installer-v2.3.0.tgz ### 1.2 配置Harbor cd harbor cp harbor.yml.tmpl harbor.yml vi harbor.yml 修改以下配置: hostname: registry.fgedu.net.cn http: port: 80 https: port: 443 certificate: /etc/ssl/registry.fgedu.net.cn.crt private_key: /etc/ssl/registry.fgedu.net.cn.key harbor_admin_password: Harbor12345 ### 1.3 安装Harbor ./install.sh --with-notary --with-clair --with-chartmuseum ## 2. Harbor使用 ### 2.1 登录Harbor docker login registry.fgedu.net.cn ### 2.2 推送镜像 docker tag web-system:latest registry.fgedu.net.cn/fgedu/web-system:latest docker push registry.fgedu.net.cn/fgedu/web-system:latest ### 2.3 拉取镜像 docker pull registry.fgedu.net.cn/fgedu/web-system:latest ## 3. Harbor管理 ### 3.1 创建项目 - 访问:https://registry.fgedu.net.cn - 登录:admin/Harbor12345 - 创建项目:fgedu ### 3.2 配置用户 - 创建用户 - 分配权限 - 配置访问控制 ### 3.3 配置镜像扫描 - 启用镜像扫描 - 配置扫描策略 - 查看扫描结果 HARBOR # 2. 创建镜像推送脚本 cat > $PROJECT_DIR/scripts/docker_push.sh << 'PUSH' #!/bin/bash REGISTRY="registry.fgedu.net.cn" PROJECT="fgedu" IMAGE_NAME="web-system" VERSION=$1 if [ -z "$VERSION" ]; then VERSION="latest" fi echo "推送镜像到Harbor..." echo "1. 登录Harbor..." docker login $REGISTRY echo "2. 标记镜像..." docker tag $IMAGE_NAME:$VERSION $REGISTRY/$PROJECT/$IMAGE_NAME:$VERSION echo "3. 推送镜像..." docker push $REGISTRY/$PROJECT/$IMAGE_NAME:$VERSION echo "4. 推送完成" docker images | grep $REGISTRY/$PROJECT/$IMAGE_NAME PUSH chmod +x $PROJECT_DIR/scripts/docker_push.sh # 3. 创建镜像拉取脚本 cat > $PROJECT_DIR/scripts/docker_pull.sh << 'PULL' #!/bin/bash REGISTRY="registry.fgedu.net.cn" PROJECT="fgedu" IMAGE_NAME="web-system" VERSION=$1 if [ -z "$VERSION" ]; then VERSION="latest" fi echo "从Harbor拉取镜像..." echo "1. 登录Harbor..." docker login $REGISTRY echo "2. 拉取镜像..." docker pull $REGISTRY/$PROJECT/$IMAGE_NAME:$VERSION echo "3. 标记镜像..." docker tag $REGISTRY/$PROJECT/$IMAGE_NAME:$VERSION $IMAGE_NAME:$VERSION echo "4. 拉取完成" docker images | grep $IMAGE_NAME PULL chmod +x $PROJECT_DIR/scripts/docker_pull.sh echo "Harbor镜像仓库配置完成" EOF $ chmod +x /usr/local/bin/harbor_setup.sh
$ cat > /usr/local/bin/harbor_setup.sh << 'EOF' #!/bin/bash echo "配置Harbor镜像仓库..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建Harbor配置文档 cat > $PROJECT_DIR/docs/docker/harbor_setup.md << 'HARBOR' # Harbor镜像仓库配置 ## 1. Harbor安装 ### 1.1 下载Harbor wget https://github.com/goharbor/harbor/releases/download/v2.3.0/harbor-offline-installer-v2.3.0.tgz tar xzvf harbor-offline-installer-v2.3.0.tgz ### 1.2 配置Harbor cd harbor cp harbor.yml.tmpl harbor.yml vi harbor.yml 修改以下配置: hostname: registry.fgedu.net.cn http: port: 80 https: port: 443 certificate: /etc/ssl/registry.fgedu.net.cn.crt private_key: /etc/ssl/registry.fgedu.net.cn.key harbor_admin_password: Harbor12345 ### 1.3 安装Harbor ./install.sh --with-notary --with-clair --with-chartmuseum ## 2. Harbor使用 ### 2.1 登录Harbor docker login registry.fgedu.net.cn ### 2.2 推送镜像 docker tag web-system:latest registry.fgedu.net.cn/fgedu/web-system:latest docker push registry.fgedu.net.cn/fgedu/web-system:latest ### 2.3 拉取镜像 docker pull registry.fgedu.net.cn/fgedu/web-system:latest ## 3. Harbor管理 ### 3.1 创建项目 - 访问:https://registry.fgedu.net.cn - 登录:admin/Harbor12345 - 创建项目:fgedu ### 3.2 配置用户 - 创建用户 - 分配权限 - 配置访问控制 ### 3.3 配置镜像扫描 - 启用镜像扫描 - 配置扫描策略 - 查看扫描结果 HARBOR # 2. 创建镜像推送脚本 cat > $PROJECT_DIR/scripts/docker_push.sh << 'PUSH' #!/bin/bash REGISTRY="registry.fgedu.net.cn" PROJECT="fgedu" IMAGE_NAME="web-system" VERSION=$1 if [ -z "$VERSION" ]; then VERSION="latest" fi echo "推送镜像到Harbor..." echo "1. 登录Harbor..." docker login $REGISTRY echo "2. 标记镜像..." docker tag $IMAGE_NAME:$VERSION $REGISTRY/$PROJECT/$IMAGE_NAME:$VERSION echo "3. 推送镜像..." docker push $REGISTRY/$PROJECT/$IMAGE_NAME:$VERSION echo "4. 推送完成" docker images | grep $REGISTRY/$PROJECT/$IMAGE_NAME PUSH chmod +x $PROJECT_DIR/scripts/docker_push.sh # 3. 创建镜像拉取脚本 cat > $PROJECT_DIR/scripts/docker_pull.sh << 'PULL' #!/bin/bash REGISTRY="registry.fgedu.net.cn" PROJECT="fgedu" IMAGE_NAME="web-system" VERSION=$1 if [ -z "$VERSION" ]; then VERSION="latest" fi echo "从Harbor拉取镜像..." echo "1. 登录Harbor..." docker login $REGISTRY echo "2. 拉取镜像..." docker pull $REGISTRY/$PROJECT/$IMAGE_NAME:$VERSION echo "3. 标记镜像..." docker tag $REGISTRY/$PROJECT/$IMAGE_NAME:$VERSION $IMAGE_NAME:$VERSION echo "4. 拉取完成" docker images | grep $IMAGE_NAME PULL chmod +x $PROJECT_DIR/scripts/docker_pull.sh echo "Harbor镜像仓库配置完成" EOF $ chmod +x /usr/local/bin/harbor_setup.sh
输出结果如下:
配置Harbor镜像仓库…
Harbor镜像仓库配置完成
配置Harbor镜像仓库…
Harbor镜像仓库配置完成
风哥风哥提示:容器镜像仓库是容器化部署的核心组件,需要做好安全管理和镜像扫描。
8. 容器网络管理
8.1 容器网络配置
# 容器网络配置脚本
$ cat > /usr/local/bin/docker_network_setup.sh << 'EOF' #!/bin/bash echo "配置容器网络..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建网络配置文档 cat > $PROJECT_DIR/docs/docker/network.md << 'NETWORK' # 容器网络管理 ## 1. Docker网络类型 ### 1.1 Bridge网络 - 默认网络类型 - 容器之间可以通信 - 通过NAT访问外部网络 ### 1.2 Host网络 - 使用主机网络 - 性能最好 - 端口冲突风险 ### 1.3 None网络 - 无网络 - 安全性最高 - 无法网络通信 ### 1.4 Overlay网络 - 跨主机网络 - Swarm集群使用 - 支持服务发现 ## 2. 网络操作 ### 2.1 创建网络 docker network create --driver bridge fgedu-network ### 2.2 查看网络 docker network ls docker network inspect fgedu-network ### 2.3 连接网络 docker network connect fgedu-network container_name ### 2.4 断开网络 docker network disconnect fgedu-network container_name ### 2.5 删除网络 docker network rm fgedu-network ## 3. 网络配置 ### 3.1 自定义网络 docker network create \ --driver bridge \ --subnet=172.20.0.0/16 \ --gateway=172.20.0.1 \ fgedu-network ### 3.2 端口映射 docker run -p 8080:80 nginx docker run -p 192.168.1.100:8080:80 nginx ### 3.3 DNS配置 docker run --dns 8.8.8.8 nginx docker run --dns-search fgedu.net.cn nginx NETWORK # 2. 创建网络配置脚本 cat > $PROJECT_DIR/scripts/network_setup.sh << 'SETUP' #!/bin/bash echo "创建Docker网络..." # 创建应用网络 docker network create \ --driver bridge \ --subnet=172.20.0.0/16 \ --gateway=172.20.0.1 \ fgedu-network # 创建数据库网络 docker network create \ --driver bridge \ --subnet=172.21.0.0/16 \ --gateway=172.21.0.1 \ fgedu-db-network # 查看网络 docker network ls echo "Docker网络创建完成" SETUP chmod +x $PROJECT_DIR/scripts/network_setup.sh echo "容器网络配置完成" EOF $ chmod +x /usr/local/bin/docker_network_setup.sh
$ cat > /usr/local/bin/docker_network_setup.sh << 'EOF' #!/bin/bash echo "配置容器网络..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建网络配置文档 cat > $PROJECT_DIR/docs/docker/network.md << 'NETWORK' # 容器网络管理 ## 1. Docker网络类型 ### 1.1 Bridge网络 - 默认网络类型 - 容器之间可以通信 - 通过NAT访问外部网络 ### 1.2 Host网络 - 使用主机网络 - 性能最好 - 端口冲突风险 ### 1.3 None网络 - 无网络 - 安全性最高 - 无法网络通信 ### 1.4 Overlay网络 - 跨主机网络 - Swarm集群使用 - 支持服务发现 ## 2. 网络操作 ### 2.1 创建网络 docker network create --driver bridge fgedu-network ### 2.2 查看网络 docker network ls docker network inspect fgedu-network ### 2.3 连接网络 docker network connect fgedu-network container_name ### 2.4 断开网络 docker network disconnect fgedu-network container_name ### 2.5 删除网络 docker network rm fgedu-network ## 3. 网络配置 ### 3.1 自定义网络 docker network create \ --driver bridge \ --subnet=172.20.0.0/16 \ --gateway=172.20.0.1 \ fgedu-network ### 3.2 端口映射 docker run -p 8080:80 nginx docker run -p 192.168.1.100:8080:80 nginx ### 3.3 DNS配置 docker run --dns 8.8.8.8 nginx docker run --dns-search fgedu.net.cn nginx NETWORK # 2. 创建网络配置脚本 cat > $PROJECT_DIR/scripts/network_setup.sh << 'SETUP' #!/bin/bash echo "创建Docker网络..." # 创建应用网络 docker network create \ --driver bridge \ --subnet=172.20.0.0/16 \ --gateway=172.20.0.1 \ fgedu-network # 创建数据库网络 docker network create \ --driver bridge \ --subnet=172.21.0.0/16 \ --gateway=172.21.0.1 \ fgedu-db-network # 查看网络 docker network ls echo "Docker网络创建完成" SETUP chmod +x $PROJECT_DIR/scripts/network_setup.sh echo "容器网络配置完成" EOF $ chmod +x /usr/local/bin/docker_network_setup.sh
输出结果如下:
配置容器网络…
容器网络配置完成
配置容器网络…
容器网络配置完成
9. 容器存储管理
9.1 容器存储配置
# 容器存储配置脚本
$ cat > /usr/local/bin/docker_storage_setup.sh << 'EOF' #!/bin/bash echo "配置容器存储..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建存储配置文档 cat > $PROJECT_DIR/docs/docker/storage.md << 'STORAGE' # 容器存储管理 ## 1. 存储类型 ### 1.1 数据卷(Volume) - Docker管理的存储 - 存储在/var/lib/docker/volumes - 推荐使用方式 ### 1.2 绑定挂载(Bind Mount) - 挂载主机目录 - 主机路径依赖 - 开发环境常用 ### 1.3 tmpfs挂载 - 临时文件系统 - 存储在内存中 - 敏感数据存储 ## 2. 数据卷操作 ### 2.1 创建数据卷 docker volume create fgedu-data ### 2.2 查看数据卷 docker volume ls docker volume inspect fgedu-data ### 2.3 使用数据卷 docker run -v fgedu-data:/app/data nginx ### 2.4 删除数据卷 docker volume rm fgedu-data ## 3. 绑定挂载操作 ### 3.1 挂载主机目录 docker run -v /host/path:/container/path nginx ### 3.2 只读挂载 docker run -v /host/path:/container/path:ro nginx ### 3.3 挂载单个文件 docker run -v /host/file:/container/file nginx ## 4. 数据备份与恢复 ### 4.1 备份数据卷 docker run --rm -v fgedu-data:/data -v $(pwd):/backup alpine tar czf /backup/backup.tar.gz /data ### 4.2 恢复数据卷 docker run --rm -v fgedu-data:/data -v $(pwd):/backup alpine tar xzf /backup/backup.tar.gz -C / STORAGE # 2. 创建存储配置脚本 cat > $PROJECT_DIR/scripts/storage_setup.sh << 'SETUP' #!/bin/bash echo "创建Docker存储..." # 创建数据卷 docker volume create fgedu-mysql-data docker volume create fgedu-redis-data docker volume create fgedu-web-logs # 查看数据卷 docker volume ls echo "Docker存储创建完成" SETUP chmod +x $PROJECT_DIR/scripts/storage_setup.sh # 3. 创建数据备份脚本 cat > $PROJECT_DIR/scripts/backup_volume.sh << 'BACKUP' #!/bin/bash VOLUME_NAME=$1 BACKUP_DIR="/data/backups/docker-volumes" DATE=$(date +%Y%m%d_%H%M%S) if [ -z "$VOLUME_NAME" ]; then echo "Usage: $0”
exit 1
fi
$ cat > /usr/local/bin/docker_storage_setup.sh << 'EOF' #!/bin/bash echo "配置容器存储..." PROJECT_DIR="/data/projects/fgedu-web-system" # 1. 创建存储配置文档 cat > $PROJECT_DIR/docs/docker/storage.md << 'STORAGE' # 容器存储管理 ## 1. 存储类型 ### 1.1 数据卷(Volume) - Docker管理的存储 - 存储在/var/lib/docker/volumes - 推荐使用方式 ### 1.2 绑定挂载(Bind Mount) - 挂载主机目录 - 主机路径依赖 - 开发环境常用 ### 1.3 tmpfs挂载 - 临时文件系统 - 存储在内存中 - 敏感数据存储 ## 2. 数据卷操作 ### 2.1 创建数据卷 docker volume create fgedu-data ### 2.2 查看数据卷 docker volume ls docker volume inspect fgedu-data ### 2.3 使用数据卷 docker run -v fgedu-data:/app/data nginx ### 2.4 删除数据卷 docker volume rm fgedu-data ## 3. 绑定挂载操作 ### 3.1 挂载主机目录 docker run -v /host/path:/container/path nginx ### 3.2 只读挂载 docker run -v /host/path:/container/path:ro nginx ### 3.3 挂载单个文件 docker run -v /host/file:/container/file nginx ## 4. 数据备份与恢复 ### 4.1 备份数据卷 docker run --rm -v fgedu-data:/data -v $(pwd):/backup alpine tar czf /backup/backup.tar.gz /data ### 4.2 恢复数据卷 docker run --rm -v fgedu-data:/data -v $(pwd):/backup alpine tar xzf /backup/backup.tar.gz -C / STORAGE # 2. 创建存储配置脚本 cat > $PROJECT_DIR/scripts/storage_setup.sh << 'SETUP' #!/bin/bash echo "创建Docker存储..." # 创建数据卷 docker volume create fgedu-mysql-data docker volume create fgedu-redis-data docker volume create fgedu-web-logs # 查看数据卷 docker volume ls echo "Docker存储创建完成" SETUP chmod +x $PROJECT_DIR/scripts/storage_setup.sh # 3. 创建数据备份脚本 cat > $PROJECT_DIR/scripts/backup_volume.sh << 'BACKUP' #!/bin/bash VOLUME_NAME=$1 BACKUP_DIR="/data/backups/docker-volumes" DATE=$(date +%Y%m%d_%H%M%S) if [ -z "$VOLUME_NAME" ]; then echo "Usage: $0
exit 1
fi
mkdir -p $BACKUP_DIR
echo “备份数据卷: $VOLUME_NAME”
docker run –rm \
-v $VOLUME_NAME:/data \
-v $BACKUP_DIR:/backup \
alpine tar czf /backup/${VOLUME_NAME}_${DATE}.tar.gz /data
echo “备份完成: $BACKUP_DIR/${VOLUME_NAME}_${DATE}.tar.gz”
BACKUP
chmod +x $PROJECT_DIR/scripts/backup_volume.sh
echo “容器存储配置完成”
EOF
$ chmod +x /usr/local/bin/docker_storage_setup.sh
输出结果如下:
配置容器存储…
容器存储配置完成
配置容器存储…
容器存储配置完成
10. 最佳实践
10.1 容器化部署最佳实践
生产环境风哥建议:
– 使用多阶段构建减小镜像大小
– 使用健康检查确保服务可用性
– 合理配置资源限制避免资源争抢
– 使用镜像扫描确保镜像安全
– 建立完善的监控和日志体系
– 使用多阶段构建减小镜像大小
– 使用健康检查确保服务可用性
– 合理配置资源限制避免资源争抢
– 使用镜像扫描确保镜像安全
– 建立完善的监控和日志体系
10.2 容器化部署清单
# 容器化部署清单
# 1. 镜像管理
– [ ] 使用官方基础镜像
– [ ] 指定具体镜像版本
– [ ] 最小化镜像大小
– [ ] 进行镜像扫描
# 1. 镜像管理
– [ ] 使用官方基础镜像
– [ ] 指定具体镜像版本
– [ ] 最小化镜像大小
– [ ] 进行镜像扫描
# 2. 容器配置
– [ ] 配置资源限制
– [ ] 配置健康检查
– [ ] 配置环境变量
– [ ] 配置日志收集
# 3. 网络配置
– [ ] 使用自定义网络
– [ ] 配置端口映射
– [ ] 配置DNS解析
– [ ] 配置负载均衡
# 4. 存储配置
– [ ] 使用数据卷持久化
– [ ] 配置数据备份
– [ ] 配置存储配额
– [ ] 配置存储监控
# 5. 安全配置
– [ ] 使用非root用户
– [ ] 配置只读文件系统
– [ ] 限制容器权限
– [ ] 配置安全策略
10.3 容器化部署指标
# 容器化部署指标
# 1. 镜像指标
– 镜像大小:小于100MB
– 镜像层数:小于10层
– 镜像构建时间:小于5分钟
– 镜像扫描漏洞:高危为0
# 1. 镜像指标
– 镜像大小:小于100MB
– 镜像层数:小于10层
– 镜像构建时间:小于5分钟
– 镜像扫描漏洞:高危为0
# 2. 容器指标
– 容器启动时间:小于10秒
– 容器重启次数:小于3次/天
– 容器CPU使用率:小于80%
– 容器内存使用率:小于80%
# 3. 网络指标
– 网络延迟:小于10ms
– 网络吞吐量:满足业务需求
– 网络错误率:小于0.1%
– 网络连接数:合理范围
# 4. 存储指标
– 存储使用率:小于80%
– I/O延迟:小于10ms
– I/O吞吐量:满足业务需求
– 数据备份成功率:100%
生产环境风哥建议:
– 建立容器化部署标准和规范
– 使用自动化工具提高部署效率
– 建立完善的监控和告警体系
– 定期进行容器安全审计
– 持续优化容器化部署流程
– 建立容器化部署标准和规范
– 使用自动化工具提高部署效率
– 建立完善的监控和告警体系
– 定期进行容器安全审计
– 持续优化容器化部署流程
author:www.itpux.com
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息