第五部分-DockerCompose——25. Compose 高级特性

25. Compose 高级特性1. 高级特性概述Docker Compose 提供了许多高级特性用于处理复杂的多容器应用场景包括配置文件管理、服务扩展、健康检查、依赖控制等。┌─────────────────────────────────────────────────────────────┐ │ Compose 高级特性 │ ├─────────────────────────────────────────────────────────────┤ │ │ │ ┌─────────────────────────────────────────────────────┐ │ │ │ 配置管理 │ │ │ │ - configs: 配置文件独立管理 │ │ │ │ - secrets: 敏感信息加密 │ │ │ │ - profiles: 条件启动服务 │ │ │ └─────────────────────────────────────────────────────┘ │ │ │ │ ┌─────────────────────────────────────────────────────┐ │ │ │ 服务扩展 │ │ │ │ - scale: 动态扩缩容 │ │ │ │ - depends_on: 启动顺序控制 │ │ │ │ - healthcheck: 健康检查 │ │ │ └─────────────────────────────────────────────────────┘ │ │ │ │ ┌─────────────────────────────────────────────────────┐ │ │ │ 网络与存储 │ │ │ │ - network_mode: host/container/none │ │ │ │ - sysctls: 内核参数调优 │ │ │ │ - devices: 设备映射 │ │ │ └─────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────┘2. 配置与密钥2.1 Configs配置文件version:3.8services:web:image:nginxconfigs:-source:nginx_configtarget:/etc/nginx/nginx.conf-source:app_configtarget:/app/config.jsonmode:0440configs:nginx_config:file:./nginx.confapp_config:file:./config/prod.json# 外部配置external_config:external:truename:existing-config2.2 Secrets密钥version:3.8services:db:image:postgressecrets:-db_password-db_userenvironment:POSTGRES_PASSWORD_FILE:/run/secrets/db_passwordPOSTGRES_USER_FILE:/run/secrets/db_userapp:image:myappsecrets:-api_key-jwt_secretsecrets:db_password:file:./secrets/db_password.txtdb_user:external:truename:prod-db-userapi_key:external:true3. Profiles配置文件version:3.8services:web:image:nginxprofiles:-production-stagingdev-tools:image:adminerprofiles:-developmentports:-8080:8080debug:image:nicodebo/baseprofiles:-debugcommand:sleep infinitydefault:image:alpine# 无 profiles总是启动# 使用 profilesdocker-compose--profiledevelopment up-ddocker-compose--profileproduction up-d# 多个 profilesdocker-compose--profiledevelopment--profiledebug up-d# 启动所有docker-compose--profile*up-d4. 健康检查高级配置services:web:image:nginxhealthcheck:test:[CMD,curl,-f,http://localhost]interval:30s# 检查间隔timeout:10s# 超时时间retries:3# 失败重试次数start_period:40s# 启动缓冲期# 自定义检测脚本test:[CMD-SHELL,curl -f http://localhost || exit 1]db:image:postgreshealthcheck:test:[CMD,pg_isready,-U,postgres]interval:10stimeout:5sretries:5start_period:30s5. 依赖控制5.1 高级 depends_onservices:db:image:postgreshealthcheck:test:[CMD,pg_isready]interval:10stimeout:5sretries:5redis:image:redishealthcheck:test:[CMD,redis-cli,ping]interval:10sapp:image:myappdepends_on:db:condition:service_healthyredis:condition:service_healthy# 等待启动完成cache:condition:service_started# 服务完成退出depends_on:migrator:condition:service_completed_successfullymigrator:image:myappcommand:npm run migrate6. 资源扩展6.1 服务扩缩容services:web:image:nginxdeploy:replicas:3update_config:parallelism:2# 并行更新数delay:10s# 更新延迟order:start-first# 先启动新容器再停止旧rollback_config:parallelism:1delay:5srestart_policy:condition:on-failuredelay:5smax_attempts:3window:120s# 资源配置resources:limits:cpus:0.5memory:512Mreservations:cpus:0.25memory:256M# 手动扩缩容docker-composeup--scaleweb5-d# 查看服务状态docker-composeps7. 网络高级配置7.1 网络模式services:# host 模式web-host:image:nginxnetwork_mode:host# 共享其他容器网络sidecar:image:fluentdnetwork_mode:service:web# none 模式isolated:image:alpinenetwork_mode:none# 使用现有网络app:image:myappnetworks:-default-external-netnetworks:external-net:external:truename:my-existing-network7.2 网络定制networks:frontend:driver:bridgedriver_opts:com.docker.network.bridge.name:front_bridgecom.docker.network.bridge.enable_icc:truecom.docker.network.bridge.enable_ip_masquerade:falseipam:driver:defaultconfig:-subnet:10.10.0.0/16gateway:10.10.0.1ip_range:10.10.1.0/24labels:-projectmyappinternal:falseattachable:true8. 系统调优8.1 内核参数services:app:image:myappsysctls:-net.core.somaxconn1024-net.ipv4.tcp_syncookies0-net.ipv4.tcp_tw_reuse1ulimits:nproc:65535nofile:soft:20000hard:400008.2 设备映射services:app:image:myappdevices:-/dev/ttyUSB0:/dev/ttyUSB0-/dev/sda:/dev/xvda:rwm9. 日志管理services:web:image:nginxlogging:driver:json-fileoptions:max-size:10mmax-file:3compress:trueapp:image:myapplogging:driver:syslogoptions:syslog-address:tcp://192.168.1.100:514syslog-facility:local0tag:myapp-{{.Name}}worker:image:myworkerlogging:driver:fluentdoptions:fluentd-address:localhost:24224tag:myapp.worker10. 完整高级示例version:3.8services:web:image:nginx:alpineprofiles:[production,staging]ports:-80:80configs:-source:nginx_configtarget:/etc/nginx/nginx.confsecrets:-tls_cert-tls_keyhealthcheck:test:[CMD,curl,-f,http://localhost]interval:30stimeout:10sretries:3deploy:replicas:3update_config:parallelism:1delay:10sresources:limits:cpus:0.5memory:512Mlogging:driver:json-fileoptions:max-size:10mmax-file:3app:image:myapp:${TAG}profiles:[development,staging,production]depends_on:db:condition:service_healthyredis:condition:service_startedenvironment:-DB_HOSTdb-REDIS_HOSTredissysctls:-net.core.somaxconn1024ulimits:nofile:soft:20000hard:40000deploy:resources:limits:cpus:1memory:1Greservations:cpus:0.5memory:512Mdb:image:postgres:13profiles:[development,staging,production]secrets:-db_passwordenvironment:POSTGRES_PASSWORD_FILE:/run/secrets/db_passwordvolumes:-db-data:/var/lib/postgresql/datahealthcheck:test:[CMD,pg_isready,-U,postgres]interval:10stimeout:5sretries:5start_period:30sredis:image:redis:alpineprofiles:[development,staging,production]command:redis-server--appendonly yesvolumes:-redis-data:/datahealthcheck:test:[CMD,redis-cli,ping]interval:10stimeout:5sretries:3dev-tools:image:adminerprofiles:[development]ports:-8080:8080depends_on:-dbprofiles:-developmentconfigs:nginx_config:file:./nginx.confsecrets:tls_cert:file:./certs/cert.pemtls_key:file:./certs/key.pemdb_password:external:truevolumes:db-data:redis-data:networks:default:driver:bridge11. 命令速查命令说明docker-compose --profile dev up使用 profilesdocker-compose up --scale web5扩缩容docker-compose config查看合并配置docker-compose exec web bash进入容器docker-compose logs -f web查看日志docker-compose events实时事件12. 小结Configs/Secrets配置和密钥管理Profiles条件启动服务健康检查服务可用性检测依赖控制启动顺序和条件扩缩容动态调整实例数网络高级host/container/none 模式系统调优内核参数、文件描述符日志管理多种日志驱动