veza/veza-docs/docs/infra/containers/index.mdx

---
id: containers
title: Conteneurs Docker
sidebar_label: Conteneurs Docker
description: Configuration et gestion des conteneurs Docker pour Veza Platform
keywords: [veza, docker, containers, orchestration, kubernetes]
---

# 🐳 Conteneurs Docker

Configuration et gestion des conteneurs Docker pour Veza Platform.

## 🎯 Vue d'Ensemble

Veza Platform utilise Docker pour :
- **Containerisation** de tous les services
- **Environnements** cohérents dev/staging/prod
- **Scalabilité** horizontale des services
- **Déploiement** simplifié et reproductible

## 🏗️ Architecture des Conteneurs

```mermaid
flowchart TB
    subgraph "Docker Hosts"
      subgraph "Frontend Containers"
        WEB[Web App<br/>React + Vite<br/>Port: 5176]
        DESKTOP[Desktop App<br/>Electron<br/>Port: 3000]
      end
      
      subgraph "Backend Containers"
        API[Go API<br/>Gin + GORM<br/>Port: 8081]
        CHAT[Rust Chat<br/>Axum + WebSocket<br/>Port: 3001]
        STREAM[Rust Stream<br/>Axum + Symphonia<br/>Port: 3002]
        AUTH[Auth Service<br/>Go + JWT<br/>Port: 8082]
      end
      
      subgraph "Infrastructure Containers"
        LB[HAProxy<br/>Load Balancer<br/>Port: 80/443]
        WAF[Coraza<br/>WAF<br/>Port: 80/443]
        PG[PostgreSQL<br/>Database<br/>Port: 5432]
        REDIS[Redis<br/>Cache<br/>Port: 6379]
        NATS[NATS<br/>Message Queue<br/>Port: 4222]
      end
      
      subgraph "Monitoring Containers"
        PROM[Prometheus<br/>Metrics<br/>Port: 9090]
        GRAF[Grafana<br/>Dashboards<br/>Port: 3000]
        ELK[ELK Stack<br/>Logs<br/>Port: 9200]
      end
    end
```

## 🐳 Images Docker

### Images Principales

| Service | Image | Tag | Port | Description |
|---------|-------|-----|------|-------------|
| Web App | `veza/web` | `latest` | 5176 | React + Vite |
| Go API | `veza/api` | `latest` | 8081 | Gin + GORM |
| Chat | `veza/chat` | `latest` | 3001 | Rust + Axum |
| Stream | `veza/stream` | `latest` | 3002 | Rust + Axum |
| Auth | `veza/auth` | `latest` | 8082 | Go + JWT |

### Images d'Infrastructure

| Service | Image | Tag | Port | Description |
|---------|-------|-----|------|-------------|
| HAProxy | `haproxy` | `2.8` | 80/443 | Load Balancer |
| PostgreSQL | `postgres` | `15` | 5432 | Database |
| Redis | `redis` | `7` | 6379 | Cache |
| NATS | `nats` | `2.9` | 4222 | Message Queue |
| Prometheus | `prometheus` | `2.45` | 9090 | Metrics |
| Grafana | `grafana` | `10.0` | 3000 | Dashboards |

## 📁 Structure des Dockerfiles

### Go API Service
```dockerfile
# Build stage
FROM golang:1.23-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o main .

# Runtime stage
FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /app/main .
COPY --from=builder /app/config ./config
EXPOSE 8081
CMD ["./main"]
```

### Rust Chat Service
```dockerfile
# Build stage
FROM rust:1.70-alpine AS builder
WORKDIR /app
COPY Cargo.toml Cargo.lock ./
RUN cargo fetch
COPY src ./src
RUN cargo build --release

# Runtime stage
FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /app/target/release/veza-chat-server .
EXPOSE 3001
CMD ["./veza-chat-server"]
```

### React Web App
```dockerfile
# Build stage
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build

# Runtime stage
FROM nginx:alpine
COPY --from=builder /app/dist /usr/share/nginx/html
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 5176
CMD ["nginx", "-g", "daemon off;"]
```

## 🚀 Docker Compose

### Développement Local
```yaml
version: '3.8'
services:
  # Frontend
  web:
    build: ./apps/web
    ports:
      - "5176:5176"
    environment:
      - VITE_API_URL=http://localhost:8081
    depends_on:
      - api

  # Backend Services
  api:
    build: ./apps/api
    ports:
      - "8081:8081"
    environment:
      - DB_HOST=postgres
      - REDIS_HOST=redis
    depends_on:
      - postgres
      - redis

  chat:
    build: ./veza-chat-server
    ports:
      - "3001:3001"
    environment:
      - REDIS_HOST=redis
      - NATS_URL=nats://nats:4222
    depends_on:
      - redis
      - nats

  stream:
    build: ./veza-stream-server
    ports:
      - "3002:3002"
    environment:
      - S3_ENDPOINT=http://minio:9000
      - NATS_URL=nats://nats:4222
    depends_on:
      - minio
      - nats

  # Infrastructure
  postgres:
    image: postgres:15
    environment:
      - POSTGRES_DB=veza
      - POSTGRES_USER=veza
      - POSTGRES_PASSWORD=password
    volumes:
      - postgres_data:/var/lib/postgresql/data

  redis:
    image: redis:7
    volumes:
      - redis_data:/data

  nats:
    image: nats:2.9
    command: ["-js"]

  # Monitoring
  prometheus:
    image: prometheus:2.45
    ports:
      - "9090:9090"
    volumes:
      - ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml

  grafana:
    image: grafana:10.0
    ports:
      - "3000:3000"
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=admin
    volumes:
      - grafana_data:/var/lib/grafana

volumes:
  postgres_data:
  redis_data:
  grafana_data:
```

## ☸️ Kubernetes

### Namespace
```yaml
apiVersion: v1
kind: Namespace
metadata:
  name: veza-platform
```

### Deployment Go API
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: veza-api
  namespace: veza-platform
spec:
  replicas: 3
  selector:
    matchLabels:
      app: veza-api
  template:
    metadata:
      labels:
        app: veza-api
    spec:
      containers:
      - name: api
        image: veza/api:latest
        ports:
        - containerPort: 8081
        env:
        - name: DB_HOST
          value: "postgres-service"
        - name: REDIS_HOST
          value: "redis-service"
        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
          limits:
            memory: "512Mi"
            cpu: "500m"
```

### Service
```yaml
apiVersion: v1
kind: Service
metadata:
  name: veza-api-service
  namespace: veza-platform
spec:
  selector:
    app: veza-api
  ports:
  - port: 8081
    targetPort: 8081
  type: ClusterIP
```

## 🔧 Gestion des Conteneurs

### Commandes Docker
```bash
# Construire toutes les images
docker-compose build

# Démarrer tous les services
docker-compose up -d

# Voir les logs
docker-compose logs -f api

# Redémarrer un service
docker-compose restart api

# Arrêter tous les services
docker-compose down

# Nettoyer les volumes
docker-compose down -v
```

### Commandes Kubernetes
```bash
# Appliquer les manifests
kubectl apply -f k8s/

# Voir les pods
kubectl get pods -n veza-platform

# Voir les logs
kubectl logs -f deployment/veza-api -n veza-platform

# Redémarrer un deployment
kubectl rollout restart deployment/veza-api -n veza-platform

# Voir les services
kubectl get services -n veza-platform
```

## 📊 Monitoring des Conteneurs

### Métriques Docker
- **CPU** et **mémoire** par conteneur
- **Réseau** et **I/O** disque
- **Temps de démarrage** et **redémarrages**
- **Taille** des images et volumes

### Métriques Kubernetes
- **Pods** en cours d'exécution
- **Ressources** utilisées vs demandées
- **Événements** et **erreurs**
- **Health checks** et **liveness probes**

## 🔒 Sécurité

### Bonnes Pratiques
- **Images** de base minimales (Alpine)
- **Utilisateur** non-root dans les conteneurs
- **Secrets** gérés via Kubernetes Secrets
- **Scan** de vulnérabilités des images
- **Politiques** de sécurité réseau

### Configuration
```yaml
# Security Context
securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  capabilities:
    drop:
    - ALL
```

## 📚 Documentation

### Guides
- [Guide de Monitoring](/docs/infra/observability)
- [Guide de Sécurité](/docs/infra/security)

## 🤝 Contribution

Pour modifier la configuration des conteneurs :
1. Testez les changements localement
2. Mettez à jour la documentation
3. Créez une PR avec description détaillée
4. Attendez l'approbation de l'équipe DevOps
adding initial veza-rust-common, veza-docs, veza-desktop, veza-mobile 2025-12-03 21:29:57 +00:00			`---`
			`id: containers`
			`title: Conteneurs Docker`
			`sidebar_label: Conteneurs Docker`
			`description: Configuration et gestion des conteneurs Docker pour Veza Platform`
			`keywords: [veza, docker, containers, orchestration, kubernetes]`
			`---`

			`# 🐳 Conteneurs Docker`

			`Configuration et gestion des conteneurs Docker pour Veza Platform.`

			`## 🎯 Vue d'Ensemble`

			`Veza Platform utilise Docker pour :`
			`- Containerisation de tous les services`
			`- Environnements cohérents dev/staging/prod`
			`- Scalabilité horizontale des services`
			`- Déploiement simplifié et reproductible`

			`## 🏗️ Architecture des Conteneurs`

			```mermaid
			`flowchart TB`
			`subgraph "Docker Hosts"`
			`subgraph "Frontend Containers"`
			`WEB[Web App<br/>React + Vite<br/>Port: 5176]`
			`DESKTOP[Desktop App<br/>Electron<br/>Port: 3000]`
			`end`

			`subgraph "Backend Containers"`
			`API[Go API<br/>Gin + GORM<br/>Port: 8081]`
			`CHAT[Rust Chat<br/>Axum + WebSocket<br/>Port: 3001]`
			`STREAM[Rust Stream<br/>Axum + Symphonia<br/>Port: 3002]`
			`AUTH[Auth Service<br/>Go + JWT<br/>Port: 8082]`
			`end`

			`subgraph "Infrastructure Containers"`
			`LB[HAProxy<br/>Load Balancer<br/>Port: 80/443]`
			`WAF[Coraza<br/>WAF<br/>Port: 80/443]`
			`PG[PostgreSQL<br/>Database<br/>Port: 5432]`
			`REDIS[Redis<br/>Cache<br/>Port: 6379]`
			`NATS[NATS<br/>Message Queue<br/>Port: 4222]`
			`end`

			`subgraph "Monitoring Containers"`
			`PROM[Prometheus<br/>Metrics<br/>Port: 9090]`
			`GRAF[Grafana<br/>Dashboards<br/>Port: 3000]`
			`ELK[ELK Stack<br/>Logs<br/>Port: 9200]`
			`end`
			`end`
			```

			`## 🐳 Images Docker`

			`### Images Principales`

			`\| Service \| Image \| Tag \| Port \| Description \|`
			`\|---------\|-------\|-----\|------\|-------------\|`
			\| Web App \| `veza/web` \| `latest` \| 5176 \| React + Vite \|
			\| Go API \| `veza/api` \| `latest` \| 8081 \| Gin + GORM \|
			\| Chat \| `veza/chat` \| `latest` \| 3001 \| Rust + Axum \|
			\| Stream \| `veza/stream` \| `latest` \| 3002 \| Rust + Axum \|
			\| Auth \| `veza/auth` \| `latest` \| 8082 \| Go + JWT \|

			`### Images d'Infrastructure`

			`\| Service \| Image \| Tag \| Port \| Description \|`
			`\|---------\|-------\|-----\|------\|-------------\|`
			\| HAProxy \| `haproxy` \| `2.8` \| 80/443 \| Load Balancer \|
			\| PostgreSQL \| `postgres` \| `15` \| 5432 \| Database \|
			\| Redis \| `redis` \| `7` \| 6379 \| Cache \|
			\| NATS \| `nats` \| `2.9` \| 4222 \| Message Queue \|
			\| Prometheus \| `prometheus` \| `2.45` \| 9090 \| Metrics \|
			\| Grafana \| `grafana` \| `10.0` \| 3000 \| Dashboards \|

			`## 📁 Structure des Dockerfiles`

			`### Go API Service`
			```dockerfile
			`# Build stage`
			`FROM golang:1.23-alpine AS builder`
			`WORKDIR /app`
			`COPY go.mod go.sum ./`
			`RUN go mod download`
			`COPY . .`
			`RUN CGO_ENABLED=0 GOOS=linux go build -o main .`

			`# Runtime stage`
			`FROM alpine:latest`
			`RUN apk --no-cache add ca-certificates`
			`WORKDIR /root/`
			`COPY --from=builder /app/main .`
			`COPY --from=builder /app/config ./config`
			`EXPOSE 8081`
			`CMD ["./main"]`
			```

			`### Rust Chat Service`
			```dockerfile
			`# Build stage`
			`FROM rust:1.70-alpine AS builder`
			`WORKDIR /app`
			`COPY Cargo.toml Cargo.lock ./`
			`RUN cargo fetch`
			`COPY src ./src`
			`RUN cargo build --release`

			`# Runtime stage`
			`FROM alpine:latest`
			`RUN apk --no-cache add ca-certificates`
			`WORKDIR /root/`
			`COPY --from=builder /app/target/release/veza-chat-server .`
			`EXPOSE 3001`
			`CMD ["./veza-chat-server"]`
			```

			`### React Web App`
			```dockerfile
			`# Build stage`
			`FROM node:18-alpine AS builder`
			`WORKDIR /app`
			`COPY package*.json ./`
			`RUN npm ci --only=production`
			`COPY . .`
			`RUN npm run build`

			`# Runtime stage`
			`FROM nginx:alpine`
			`COPY --from=builder /app/dist /usr/share/nginx/html`
			`COPY nginx.conf /etc/nginx/nginx.conf`
			`EXPOSE 5176`
			`CMD ["nginx", "-g", "daemon off;"]`
			```

			`## 🚀 Docker Compose`

			`### Développement Local`
			```yaml
			`version: '3.8'`
			`services:`
			`# Frontend`
			`web:`
			`build: ./apps/web`
			`ports:`
			`- "5176:5176"`
			`environment:`
			`- VITE_API_URL=http://localhost:8081`
			`depends_on:`
			`- api`

			`# Backend Services`
			`api:`
			`build: ./apps/api`
			`ports:`
			`- "8081:8081"`
			`environment:`
			`- DB_HOST=postgres`
			`- REDIS_HOST=redis`
			`depends_on:`
			`- postgres`
			`- redis`

			`chat:`
			`build: ./veza-chat-server`
			`ports:`
			`- "3001:3001"`
			`environment:`
			`- REDIS_HOST=redis`
			`- NATS_URL=nats://nats:4222`
			`depends_on:`
			`- redis`
			`- nats`

			`stream:`
			`build: ./veza-stream-server`
			`ports:`
			`- "3002:3002"`
			`environment:`
			`- S3_ENDPOINT=http://minio:9000`
			`- NATS_URL=nats://nats:4222`
			`depends_on:`
			`- minio`
			`- nats`

			`# Infrastructure`
			`postgres:`
			`image: postgres:15`
			`environment:`
			`- POSTGRES_DB=veza`
			`- POSTGRES_USER=veza`
			`- POSTGRES_PASSWORD=password`
			`volumes:`
			`- postgres_data:/var/lib/postgresql/data`

			`redis:`
			`image: redis:7`
			`volumes:`
			`- redis_data:/data`

			`nats:`
			`image: nats:2.9`
			`command: ["-js"]`

			`# Monitoring`
			`prometheus:`
			`image: prometheus:2.45`
			`ports:`
			`- "9090:9090"`
			`volumes:`
			`- ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml`

			`grafana:`
			`image: grafana:10.0`
			`ports:`
			`- "3000:3000"`
			`environment:`
			`- GF_SECURITY_ADMIN_PASSWORD=admin`
			`volumes:`
			`- grafana_data:/var/lib/grafana`

			`volumes:`
			`postgres_data:`
			`redis_data:`
			`grafana_data:`
			```

			`## ☸️ Kubernetes`

			`### Namespace`
			```yaml
			`apiVersion: v1`
			`kind: Namespace`
			`metadata:`
			`name: veza-platform`
			```

			`### Deployment Go API`
			```yaml
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: veza-api`
			`namespace: veza-platform`
			`spec:`
			`replicas: 3`
			`selector:`
			`matchLabels:`
			`app: veza-api`
			`template:`
			`metadata:`
			`labels:`
			`app: veza-api`
			`spec:`
			`containers:`
			`- name: api`
			`image: veza/api:latest`
			`ports:`
			`- containerPort: 8081`
			`env:`
			`- name: DB_HOST`
			`value: "postgres-service"`
			`- name: REDIS_HOST`
			`value: "redis-service"`
			`resources:`
			`requests:`
			`memory: "256Mi"`
			`cpu: "250m"`
			`limits:`
			`memory: "512Mi"`
			`cpu: "500m"`
			```

			`### Service`
			```yaml
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: veza-api-service`
			`namespace: veza-platform`
			`spec:`
			`selector:`
			`app: veza-api`
			`ports:`
			`- port: 8081`
			`targetPort: 8081`
			`type: ClusterIP`
			```

			`## 🔧 Gestion des Conteneurs`

			`### Commandes Docker`
			```bash
			`# Construire toutes les images`
			`docker-compose build`

			`# Démarrer tous les services`
			`docker-compose up -d`

			`# Voir les logs`
			`docker-compose logs -f api`

			`# Redémarrer un service`
			`docker-compose restart api`

			`# Arrêter tous les services`
			`docker-compose down`

			`# Nettoyer les volumes`
			`docker-compose down -v`
			```

			`### Commandes Kubernetes`
			```bash
			`# Appliquer les manifests`
			`kubectl apply -f k8s/`

			`# Voir les pods`
			`kubectl get pods -n veza-platform`

			`# Voir les logs`
			`kubectl logs -f deployment/veza-api -n veza-platform`

			`# Redémarrer un deployment`
			`kubectl rollout restart deployment/veza-api -n veza-platform`

			`# Voir les services`
			`kubectl get services -n veza-platform`
			```

			`## 📊 Monitoring des Conteneurs`

			`### Métriques Docker`
			`- CPU et mémoire par conteneur`
			`- Réseau et I/O disque`
			`- Temps de démarrage et redémarrages`
			`- Taille des images et volumes`

			`### Métriques Kubernetes`
			`- Pods en cours d'exécution`
			`- Ressources utilisées vs demandées`
			`- Événements et erreurs`
			`- Health checks et liveness probes`

			`## 🔒 Sécurité`

			`### Bonnes Pratiques`
			`- Images de base minimales (Alpine)`
			`- Utilisateur non-root dans les conteneurs`
			`- Secrets gérés via Kubernetes Secrets`
			`- Scan de vulnérabilités des images`
			`- Politiques de sécurité réseau`

			`### Configuration`
			```yaml
			`# Security Context`
			`securityContext:`
			`runAsNonRoot: true`
			`runAsUser: 1000`
			`allowPrivilegeEscalation: false`
			`readOnlyRootFilesystem: true`
			`capabilities:`
			`drop:`
			`- ALL`
			```

			`## 📚 Documentation`

			`### Guides`
			`- [Guide de Monitoring](/docs/infra/observability)`
			`- [Guide de Sécurité](/docs/infra/security)`

			`## 🤝 Contribution`

			`Pour modifier la configuration des conteneurs :`
			`1. Testez les changements localement`
			`2. Mettez à jour la documentation`
			`3. Créez une PR avec description détaillée`
			`4. Attendez l'approbation de l'équipe DevOps`