4.5 KiB
Executable File
4.5 KiB
Executable File
Docker & Containers — Guide Expert
Dockerfile Best Practices
# Multi-stage build pour image minimale
FROM php:8.2-fpm-alpine AS builder
WORKDIR /app
COPY composer.json composer.lock ./
RUN composer install --no-dev --optimize-autoloader
FROM php:8.2-fpm-alpine AS production
# Installer extensions nécessaires seulement
RUN docker-php-ext-install pdo pdo_pgsql opcache
# Copier uniquement le nécessaire du builder
COPY --from=builder /app/vendor /app/vendor
COPY . /app
# User non-root
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
USER appuser
EXPOSE 9000
CMD ["php-fpm"]
Règles d'or
- 1 processus = 1 container (pas Apache + PHP + PostgreSQL dans le même)
- Ordre des layers : Ce qui change le moins en haut (OS, extensions), ce qui change souvent en bas (code)
- Multi-stage builds : Builder séparé de production (image finale 10x plus petite)
- .dockerignore : Exclure .git, node_modules, .env, logs
- Non-root : TOUJOURS exécuter en user non-root en production
- No latest : Toujours tagger les images avec version spécifique
- HEALTHCHECK : Inclure un healthcheck pour l'orchestrateur
Docker Compose — Architecture WEVADS
version: '3.8'
services:
wevads-app:
build: ./wevads
ports:
- "5821:80"
volumes:
- ./wevads/config:/app/config:ro
environment:
- DB_HOST=postgres
- DB_NAME=adx_system
depends_on:
postgres:
condition: service_healthy
restart: unless-stopped
arsenal:
build: ./arsenal
ports:
- "5890:80"
depends_on:
- wevads-app
restart: unless-stopped
postgres:
image: pgvector/pgvector:pg15
volumes:
- pg_data:/var/lib/postgresql/data
- ./init.sql:/docker-entrypoint-initdb.d/init.sql
environment:
POSTGRES_DB: adx_system
POSTGRES_USER: wevads
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
secrets:
- db_password
healthcheck:
test: ["CMD-SHELL", "pg_isready -U wevads"]
interval: 10s
timeout: 5s
retries: 3
restart: unless-stopped
ollama:
image: ollama/ollama:latest
ports:
- "11434:11434"
volumes:
- ollama_data:/root/.ollama
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities: [gpu]
restart: unless-stopped
volumes:
pg_data:
ollama_data:
secrets:
db_password:
file: ./secrets/db_password.txt
Commandes Docker essentielles
# Build et démarrer
docker compose up -d --build
# Logs en temps réel
docker compose logs -f wevads-app
# Shell dans un container
docker exec -it wevads-app /bin/sh
# Inspecter un container
docker inspect wevads-app | jq '.[0].NetworkSettings'
# Nettoyage (ATTENTION en prod)
docker system prune -a --volumes # Supprime TOUT ce qui n'est pas utilisé
docker image prune # Supprime les images sans tag
# Backup un volume
docker run --rm -v pg_data:/data -v $(pwd):/backup alpine tar czf /backup/pg_backup.tar.gz /data
# Stats en temps réel
docker stats
# Health check
docker inspect --format='{{.State.Health.Status}}' postgres
Kubernetes Basics (pour scale future)
Pod = plus petite unité déployable
apiVersion: v1
kind: Pod
metadata:
name: wevads-app
labels:
app: wevads
spec:
containers:
- name: wevads
image: weval/wevads:1.0.0
ports:
- containerPort: 80
resources:
requests:
cpu: "250m"
memory: "256Mi"
limits:
cpu: "500m"
memory: "512Mi"
livenessProbe:
httpGet:
path: /health
port: 80
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /ready
port: 80
initialDelaySeconds: 5
periodSeconds: 10
Deployment = gère les replicas
apiVersion: apps/v1
kind: Deployment
metadata:
name: wevads-app
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: wevads
template:
metadata:
labels:
app: wevads
spec:
containers:
- name: wevads
image: weval/wevads:1.0.0
Service = expose les pods
apiVersion: v1
kind: Service
metadata:
name: wevads-service
spec:
selector:
app: wevads
ports:
- port: 80
targetPort: 80
type: ClusterIP # Interne au cluster