20 容器化部署
第 20 章:容器化部署
20.1 基本 Dockerfile
最小化镜像
# 多阶段构建:编译阶段
FROM nimlang/nim:2.0 AS builder
WORKDIR /app
COPY *.nimble ./
nimble install -d --noColor
COPY . .
nim c -d:release -o:bin/app src/app.nim
# 运行阶段
FROM ubuntu:22.04
RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
COPY --from=builder /app/bin/app /usr/local/bin/app
EXPOSE 8080
CMD ["app"]
Alpine Linux 最小镜像
FROM nimlang/nim:2.0-alpine AS builder
WORKDIR /app
COPY *.nimble ./
RUN nimble install -d --noColor
COPY . .
RUN nim c -d:release -o:bin/app src/app.nim
FROM alpine:3.18
RUN apk add --no-cache ca-certificates
COPY --from=builder /app/bin/app /usr/local/bin/app
EXPOSE 8080
CMD ["app"]
20.2 优化构建
缓存依赖
FROM nimlang/nim:2.0 AS builder
WORKDIR /app
# 先复制依赖文件,利用 Docker 缓存
COPY *.nimble ./
RUN nimble install -d --noColor
# 再复制源码
COPY src/ src/
COPY config.nims ./
RUN nim c -d:release -o:bin/app src/app.nim
FROM scratch
COPY --from=builder /app/bin/app /app
ENTRYPOINT ["/app"]
静态编译
FROM nimlang/nim:2.0 AS builder
WORKDIR /app
COPY . .
RUN nimble install -d --noColor
RUN nim c -d:release --passL:"-static" -o:bin/app src/app.nim
FROM scratch
COPY --from=builder /app/bin/app /app
ENTRYPOINT ["/app"]
20.3 Docker Compose
# docker-compose.yml
version: '3.8'
services:
app:
build: .
ports:
- "8080:8080"
environment:
- DATABASE_URL=postgres://user:pass@db:5432/mydb
- REDIS_URL=redis://redis:6379
depends_on:
- db
- redis
restart: unless-stopped
db:
image: postgres:15
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: pass
POSTGRES_DB: mydb
volumes:
- pgdata:/var/lib/postgresql/data
redis:
image: redis:7-alpine
volumes:
- redisdata:/data
volumes:
pgdata:
redisdata:
20.4 健康检查
FROM nimlang/nim:2.0 AS builder
WORKDIR /app
COPY . .
RUN nimble install -d --noColor
RUN nim c -d:release -o:bin/app src/app.nim
FROM ubuntu:22.04
COPY --from=builder /app/bin/app /usr/local/bin/app
HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
CMD curl -f http://localhost:8080/health || exit 1
EXPOSE 8080
CMD ["app"]
20.5 CI/CD 集成
# .github/workflows/docker.yml
name: Docker Build & Push
on:
push:
tags:
- 'v*'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build Docker image
run: docker build -t myapp:${{ github.ref_name }} .
- name: Run tests in container
run: docker run --rm myapp:${{ github.ref_name }} /app --test
- name: Push to registry
run: |
echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
docker tag myapp:${{ github.ref_name }} myuser/myapp:latest
docker push myuser/myapp:latest
20.6 实战示例
🏢 完整的生产级 Dockerfile
# 多阶段构建
FROM nimlang/nim:2.0 AS deps
WORKDIR /build
# 缓存依赖
COPY *.nimble ./
RUN nimble install -d --noColor
# 编译
FROM deps AS compiler
COPY . .
RUN nim c \
-d:release \
--mm:orc \
--deepcopy:on \
--passL:"-s" \
-o:bin/server \
src/server.nim
# 运行
FROM debian:bookworm-slim
RUN apt-get update && \
apt-get install -y --no-install-recommends ca-certificates && \
rm -rf /var/lib/apt/lists/* && \
useradd -r -s /bin/false appuser
COPY --from=compiler /build/bin/server /usr/local/bin/server
USER appuser
EXPOSE 8080
HEALTHCHECK --interval=30s --timeout=3s \
CMD ["/usr/local/bin/server", "--health"]
CMD ["server"]
本章小结
| 概念 | 用途 |
|---|
| 多阶段构建 | 减小镜像大小 |
| 依赖缓存 | 加速构建 |
| 静态编译 | 使用 scratch 镜像 |
| Docker Compose | 多服务编排 |
| 健康检查 | 容器监控 |
| CI/CD | 自动化构建部署 |
练习
- 为之前的 Web API 项目创建 Dockerfile
- 使用 docker-compose 编排 Web 应用和数据库
- 配置 GitHub Actions 自动构建 Docker 镜像
扩展阅读
← 上一章:测试与质量 | 下一章:性能优化 →