Back to Details

container-orchestration

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Container Orchestration

容器编排

Docker and Kubernetes patterns for containerized applications.
适用于容器化应用的Docker与Kubernetes模式。

Dockerfile Best Practices

Dockerfile最佳实践

dockerfile
undefined
dockerfile
undefined

Use specific version, not :latest

Use specific version, not :latest

FROM python:3.11-slim AS builder
FROM python:3.11-slim AS builder

Set working directory

Set working directory

WORKDIR /app
WORKDIR /app

Copy dependency files first (better caching)

Copy dependency files first (better caching)

COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt
COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt

Copy application code

Copy application code

COPY src/ ./src/
COPY src/ ./src/

Production stage (multi-stage build)

Production stage (multi-stage build)

FROM python:3.11-slim
WORKDIR /app
FROM python:3.11-slim
WORKDIR /app

Create non-root user

Create non-root user

RUN useradd --create-home appuser USER appuser
RUN useradd --create-home appuser USER appuser

Copy from builder

Copy from builder

COPY --from=builder /app /app
COPY --from=builder /app /app

Set environment

Set environment

ENV PYTHONUNBUFFERED=1
ENV PYTHONUNBUFFERED=1

Health check

Health check

HEALTHCHECK --interval=30s --timeout=3s
CMD curl -f http://localhost:8000/health || exit 1
EXPOSE 8000 CMD ["python", "-m", "uvicorn", "src.main:app", "--host", "0.0.0.0"]
undefined
HEALTHCHECK --interval=30s --timeout=3s
CMD curl -f http://localhost:8000/health || exit 1
EXPOSE 8000 CMD ["python", "-m", "uvicorn", "src.main:app", "--host", "0.0.0.0"]
undefined

Dockerfile Rules

Dockerfile规则

DO:
- Use specific base image versions
- Use multi-stage builds
- Run as non-root user
- Order commands by change frequency
- Use .dockerignore
- Add health checks

DON'T:
- Use :latest tag
- Run as root
- Copy unnecessary files
- Store secrets in image
- Install dev dependencies in production
DO:
- 使用特定的基础镜像版本
- 使用多阶段构建
- 以非root用户运行
- 按变更频率排序命令
- 使用.dockerignore文件
- 添加健康检查

DON'T:
- 使用:latest标签
- 以root用户运行
- 复制不必要的文件
- 在镜像中存储密钥
- 在生产环境安装开发依赖

Docker Compose

Docker Compose

yaml
undefined
yaml
undefined

docker-compose.yml

docker-compose.yml

version: "3.9"
services: app: build: context: . dockerfile: Dockerfile ports: - "8000:8000" environment: - DATABASE_URL=postgres://user:pass@db:5432/app depends_on: db: condition: service_healthy healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8000/health"] interval: 30s timeout: 10s retries: 3
db: image: postgres:15-alpine volumes: - postgres_data:/var/lib/postgresql/data environment: POSTGRES_USER: user POSTGRES_PASSWORD: pass POSTGRES_DB: app healthcheck: test: ["CMD-SHELL", "pg_isready -U user -d app"] interval: 10s timeout: 5s retries: 5
volumes: postgres_data:
undefined
version: "3.9"
services: app: build: context: . dockerfile: Dockerfile ports: - "8000:8000" environment: - DATABASE_URL=postgres://user:pass@db:5432/app depends_on: db: condition: service_healthy healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8000/health"] interval: 30s timeout: 10s retries: 3
db: image: postgres:15-alpine volumes: - postgres_data:/var/lib/postgresql/data environment: POSTGRES_USER: user POSTGRES_PASSWORD: pass POSTGRES_DB: app healthcheck: test: ["CMD-SHELL", "pg_isready -U user -d app"] interval: 10s timeout: 5s retries: 5
volumes: postgres_data:
undefined

Kubernetes Basics

Kubernetes基础

Deployment

Deployment

yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
  labels:
    app: myapp
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
      - name: app
        image: myapp:1.0.0
        ports:
        - containerPort: 8000
        resources:
          requests:
            memory: "128Mi"
            cpu: "100m"
          limits:
            memory: "256Mi"
            cpu: "500m"
        livenessProbe:
          httpGet:
            path: /health
            port: 8000
          initialDelaySeconds: 10
          periodSeconds: 30
        readinessProbe:
          httpGet:
            path: /ready
            port: 8000
          initialDelaySeconds: 5
          periodSeconds: 10
        env:
        - name: DATABASE_URL
          valueFrom:
            secretKeyRef:
              name: app-secrets
              key: database-url
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
  labels:
    app: myapp
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
      - name: app
        image: myapp:1.0.0
        ports:
        - containerPort: 8000
        resources:
          requests:
            memory: "128Mi"
            cpu: "100m"
          limits:
            memory: "256Mi"
            cpu: "500m"
        livenessProbe:
          httpGet:
            path: /health
            port: 8000
          initialDelaySeconds: 10
          periodSeconds: 30
        readinessProbe:
          httpGet:
            path: /ready
            port: 8000
          initialDelaySeconds: 5
          periodSeconds: 10
        env:
        - name: DATABASE_URL
          valueFrom:
            secretKeyRef:
              name: app-secrets
              key: database-url

Service

Service

yaml
apiVersion: v1
kind: Service
metadata:
  name: app-service
spec:
  selector:
    app: myapp
  ports:
  - port: 80
    targetPort: 8000
  type: ClusterIP
yaml
apiVersion: v1
kind: Service
metadata:
  name: app-service
spec:
  selector:
    app: myapp
  ports:
  - port: 80
    targetPort: 8000
  type: ClusterIP

Ingress

Ingress

yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: app-service
            port:
              number: 80
yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: app-service
            port:
              number: 80

kubectl Quick Reference

Kubectl快速参考

CommandDescription
kubectl get pods
List pods
kubectl logs <pod>
View logs
kubectl exec -it <pod> -- sh
Shell into pod
kubectl apply -f manifest.yaml
Apply config
kubectl rollout restart deployment/app
Restart deployment
kubectl rollout status deployment/app
Check rollout
kubectl describe pod <pod>
Debug pod
kubectl port-forward svc/app 8080:80
Local port forward
命令描述
kubectl get pods
列出Pod
kubectl logs <pod>
查看日志
kubectl exec -it <pod> -- sh
进入Pod的Shell
kubectl apply -f manifest.yaml
应用配置
kubectl rollout restart deployment/app
重启Deployment
kubectl rollout status deployment/app
检查发布状态
kubectl describe pod <pod>
调试Pod
kubectl port-forward svc/app 8080:80
本地端口转发

Additional Resources

额外资源

  • ./references/dockerfile-patterns.md
    - Advanced Dockerfile techniques
  • ./references/k8s-manifests.md
    - Full Kubernetes manifest examples
  • ./references/helm-patterns.md
    - Helm chart structure and values
  • ./references/dockerfile-patterns.md
    - Dockerfile进阶技巧
  • ./references/k8s-manifests.md
    - 完整Kubernetes清单示例
  • ./references/helm-patterns.md
    - Helm Chart结构与配置值

Scripts

脚本

  • ./scripts/build-push.sh
    - Build and push Docker image
  • ./scripts/build-push.sh
    - 构建并推送Docker镜像

Assets

资源文件

  • ./assets/Dockerfile.template
    - Production Dockerfile template
  • ./assets/docker-compose.template.yml
    - Compose starter template
  • ./assets/Dockerfile.template
    - 生产环境Dockerfile模板
  • ./assets/docker-compose.template.yml
    - Compose启动模板