Docker容器自动化运维与监控指南

一、Docker自动化运维

1. 容器编排工具

Docker Compose:

version: '3'
services:
  web:
    image: nginx:latest
    ports:
      - "80:80"
    deploy:
      replicas: 3
      restart_policy:
        condition: on-failure

Kubernetes:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

2. 自动化部署策略

• 蓝绿部署: 通过负载均衡切换流量
• 金丝雀发布: 逐步替换旧版本
• 滚动更新: 逐步替换容器实例

3. CI/CD集成

GitLab CI示例:

stages:
  - build
  - test
  - deploy

build_image:
  stage: build
  script:
    - docker build -t myapp:$CI_COMMIT_SHA .
    - docker push myapp:$CI_COMMIT_SHA

deploy_prod:
  stage: deploy
  script:
    - kubectl set image deployment/myapp myapp=myapp:$CI_COMMIT_SHA
  when: manual
  only:
    - master

二、Docker监控方案

1. 原生监控命令

# 查看容器资源使用
docker stats

# 查看容器日志
docker logs -f container_name

# 检查容器健康状态
docker inspect --format='{{json .State.Health}}' container_name

2. 监控工具集成

Prometheus + Grafana: 1. 配置Docker daemon暴露metrics: json { "metrics-addr" : "0.0.0.0:9323", "experimental" : true } 2. Prometheus配置: yaml scrape_configs: - job_name: 'docker' static_configs: - targets: ['docker-host:9323']

cAdvisor:

docker run \
  --volume=/:/rootfs:ro \
  --volume=/var/run:/var/run:ro \
  --volume=/sys:/sys:ro \
  --volume=/var/lib/docker/:/var/lib/docker:ro \
  --volume=/dev/disk/:/dev/disk:ro \
  --publish=8080:8080 \
  --detach=true \
  --name=cadvisor \
  google/cadvisor:latest

3. 日志管理方案

ELK Stack:

# docker-compose.yml
version: '3'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2
    environment:
      - discovery.type=single-node
    ports:
      - "9200:9200"

  logstash:
    image: docker.elastic.co/logstash/logstash:7.9.2
    volumes:
      - ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf
    depends_on:
      - elasticsearch

  kibana:
    image: docker.elastic.co/kibana/kibana:7.9.2
    ports:
      - "5601:5601"
    depends_on:
      - elasticsearch

Fluentd:

docker run -d -p 24224:24224 -v /data:/fluentd/etc -e FLUENTD_CONF=fluent.conf fluent/fluentd

三、最佳实践

1. 资源限制: 为容器设置CPU和内存限制

   docker run -it --cpus=".5" --memory="512m" nginx
   

2. 健康检查:

   HEALTHCHECK --interval=5m --timeout=3s \
    CMD curl -f http://localhost/ || exit 1
   

3. 自动修复:

   docker run --restart=unless-stopped nginx
   

4. 安全扫描:

   docker scan nginx:latest
   

5. 网络监控:

   docker network inspect bridge
   

通过以上方法和工具的组合使用，可以实现Docker容器的全面自动化运维和监控，确保容器化应用的稳定运行。