Marico's space
最近折腾了 Docker 容器化,踩了几个坑,这篇把问题说清楚。容器化是现代 DevOps(开发运维)的核心技能,从 Dockerfile 编写到 Docker Compose 编排,带你掌握容器化全流程。
# 构建阶段
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build # 运行阶段
FROM node:18-alpine
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
EXPOSE 3000
CMD ["node", "dist/server.js"]
# 1. 使用 Alpine 基础镜像
FROM python:3.11-alpine # 2. 合并 RUN 指令减少层数
RUN apk add --no-cache gcc musl-dev && \
pip install --no-cache-dir -r requirements.txt && \
apk del gcc musl-dev # 3. 使用 .dockerignore
# .dockerignore 内容:
# .git
# node_modules
# *.md
# .env
version: '3.8' services: web: build: . ports: - "3000:3000" environment: - DATABASE_URL=postgres://user:pass@db:5432/mydb - REDIS_URL=redis://cache:6379 depends_on: db: condition: service_healthy cache: condition: service_started restart: unless-stopped healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3000/health"] interval: 30s timeout: 10s retries: 3 db: image: postgres:15-alpine volumes: - pgdata:/var/lib/postgresql/data environment: - POSTGRES_DB=mydb - POSTGRES_USER=user - POSTGRES_PASSWORD=pass healthcheck: test: ["CMD-SHELL", "pg_isready -U user -d mydb"] interval: 10s timeout: 5s retries: 5 cache: image: redis:7-alpine volumes: - redisdata:/data command: redis-server --appendonly yes --maxmemory 256mb volumes: pgdata: redisdata:
FROM node:18-alpine
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
WORKDIR /app
COPY --chown=appuser:appgroup . .
USER appuser
CMD ["node", "server.js"]
# 使用 Trivy 扫描镜像漏洞
trivy image myapp:latest # 使用 Docker Scout
docker scout cves myapp:latest
# docker-compose.yml 中配置日志
services: web: logging: driver: json-file options: max-size: "10m" max-file: "3"
# .github/workflows/docker.yml
name: Docker Build & Push
on: push: branches: [main] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USER }} password: ${{ secrets.DOCKER_PASS }} - uses: docker/build-push-action@v5 with: push: true tags: myapp:latest cache-from: type=gha cache-to: type=gha,mode=max
Docker 容器化的核心要点:
掌握这些,你就能把应用从容开发到生产了!