senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-docs/docs/infra/containers/index.mdx

379 lines
7.9 KiB
Text
Raw Blame History

---
id: containers
title: Conteneurs Docker
sidebar_label: Conteneurs Docker
description: Configuration et gestion des conteneurs Docker pour Veza Platform
keywords: [veza, docker, containers, orchestration, kubernetes]
---
# 🐳 Conteneurs Docker
Configuration et gestion des conteneurs Docker pour Veza Platform.
## 🎯 Vue d'Ensemble
Veza Platform utilise Docker pour :
- **Containerisation** de tous les services
- **Environnements** cohérents dev/staging/prod
- **Scalabilité** horizontale des services
- **Déploiement** simplifié et reproductible
## 🏗️ Architecture des Conteneurs
```mermaid
flowchart TB
subgraph "Docker Hosts"
subgraph "Frontend Containers"
WEB[Web App<br/>React + Vite<br/>Port: 5176]
DESKTOP[Desktop App<br/>Electron<br/>Port: 3000]
end
subgraph "Backend Containers"
API[Go API<br/>Gin + GORM<br/>Port: 8081]
CHAT[Rust Chat<br/>Axum + WebSocket<br/>Port: 3001]
STREAM[Rust Stream<br/>Axum + Symphonia<br/>Port: 3002]
AUTH[Auth Service<br/>Go + JWT<br/>Port: 8082]
end
subgraph "Infrastructure Containers"
LB[HAProxy<br/>Load Balancer<br/>Port: 80/443]
WAF[Coraza<br/>WAF<br/>Port: 80/443]
PG[PostgreSQL<br/>Database<br/>Port: 5432]
REDIS[Redis<br/>Cache<br/>Port: 6379]
NATS[NATS<br/>Message Queue<br/>Port: 4222]
end
subgraph "Monitoring Containers"
PROM[Prometheus<br/>Metrics<br/>Port: 9090]
GRAF[Grafana<br/>Dashboards<br/>Port: 3000]
ELK[ELK Stack<br/>Logs<br/>Port: 9200]
end
end
```
## 🐳 Images Docker
### Images Principales
| Service | Image | Tag | Port | Description |
|---------|-------|-----|------|-------------|
| Web App | `veza/web` | `latest` | 5176 | React + Vite |
| Go API | `veza/api` | `latest` | 8081 | Gin + GORM |
| Chat | `veza/chat` | `latest` | 3001 | Rust + Axum |
| Stream | `veza/stream` | `latest` | 3002 | Rust + Axum |
| Auth | `veza/auth` | `latest` | 8082 | Go + JWT |
### Images d'Infrastructure
| Service | Image | Tag | Port | Description |
|---------|-------|-----|------|-------------|
| HAProxy | `haproxy` | `2.8` | 80/443 | Load Balancer |
| PostgreSQL | `postgres` | `15` | 5432 | Database |
| Redis | `redis` | `7` | 6379 | Cache |
| NATS | `nats` | `2.9` | 4222 | Message Queue |
| Prometheus | `prometheus` | `2.45` | 9090 | Metrics |
| Grafana | `grafana` | `10.0` | 3000 | Dashboards |
## 📁 Structure des Dockerfiles
### Go API Service
```dockerfile
# Build stage
FROM golang:1.23-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o main .
# Runtime stage
FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /app/main .
COPY --from=builder /app/config ./config
EXPOSE 8081
CMD ["./main"]
```
### Rust Chat Service
```dockerfile
# Build stage
FROM rust:1.70-alpine AS builder
WORKDIR /app
COPY Cargo.toml Cargo.lock ./
RUN cargo fetch
COPY src ./src
RUN cargo build --release
# Runtime stage
FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /app/target/release/veza-chat-server .
EXPOSE 3001
CMD ["./veza-chat-server"]
```
### React Web App
```dockerfile
# Build stage
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build
# Runtime stage
FROM nginx:alpine
COPY --from=builder /app/dist /usr/share/nginx/html
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 5176
CMD ["nginx", "-g", "daemon off;"]
```
## 🚀 Docker Compose
### Développement Local
```yaml
version: '3.8'
services:
# Frontend
web:
build: ./apps/web
ports:
- "5176:5176"
environment:
- VITE_API_URL=http://localhost:8081
depends_on:
- api
# Backend Services
api:
build: ./apps/api
ports:
- "8081:8081"
environment:
- DB_HOST=postgres
- REDIS_HOST=redis
depends_on:
- postgres
- redis
chat:
build: ./veza-chat-server
ports:
- "3001:3001"
environment:
- REDIS_HOST=redis
- NATS_URL=nats://nats:4222
depends_on:
- redis
- nats
stream:
build: ./veza-stream-server
ports:
- "3002:3002"
environment:
- S3_ENDPOINT=http://minio:9000
- NATS_URL=nats://nats:4222
depends_on:
- minio
- nats
# Infrastructure
postgres:
image: postgres:15
environment:
- POSTGRES_DB=veza
- POSTGRES_USER=veza
- POSTGRES_PASSWORD=password
volumes:
- postgres_data:/var/lib/postgresql/data
redis:
image: redis:7
volumes:
- redis_data:/data
nats:
image: nats:2.9
command: ["-js"]
# Monitoring
prometheus:
image: prometheus:2.45
ports:
- "9090:9090"
volumes:
- ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml
grafana:
image: grafana:10.0
ports:
- "3000:3000"
environment:
- GF_SECURITY_ADMIN_PASSWORD=admin
volumes:
- grafana_data:/var/lib/grafana
volumes:
postgres_data:
redis_data:
grafana_data:
```
## ☸️ Kubernetes
### Namespace
```yaml
apiVersion: v1
kind: Namespace
metadata:
name: veza-platform
```
### Deployment Go API
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: veza-api
namespace: veza-platform
spec:
replicas: 3
selector:
matchLabels:
app: veza-api
template:
metadata:
labels:
app: veza-api
spec:
containers:
- name: api
image: veza/api:latest
ports:
- containerPort: 8081
env:
- name: DB_HOST
value: "postgres-service"
- name: REDIS_HOST
value: "redis-service"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
```
### Service
```yaml
apiVersion: v1
kind: Service
metadata:
name: veza-api-service
namespace: veza-platform
spec:
selector:
app: veza-api
ports:
- port: 8081
targetPort: 8081
type: ClusterIP
```
## 🔧 Gestion des Conteneurs
### Commandes Docker
```bash
# Construire toutes les images
docker-compose build
# Démarrer tous les services
docker-compose up -d
# Voir les logs
docker-compose logs -f api
# Redémarrer un service
docker-compose restart api
# Arrêter tous les services
docker-compose down
# Nettoyer les volumes
docker-compose down -v
```
### Commandes Kubernetes
```bash
# Appliquer les manifests
kubectl apply -f k8s/
# Voir les pods
kubectl get pods -n veza-platform
# Voir les logs
kubectl logs -f deployment/veza-api -n veza-platform
# Redémarrer un deployment
kubectl rollout restart deployment/veza-api -n veza-platform
# Voir les services
kubectl get services -n veza-platform
```
## 📊 Monitoring des Conteneurs
### Métriques Docker
- **CPU** et **mémoire** par conteneur
- **Réseau** et **I/O** disque
- **Temps de démarrage** et **redémarrages**
- **Taille** des images et volumes
### Métriques Kubernetes
- **Pods** en cours d'exécution
- **Ressources** utilisées vs demandées
- **Événements** et **erreurs**
- **Health checks** et **liveness probes**
## 🔒 Sécurité
### Bonnes Pratiques
- **Images** de base minimales (Alpine)
- **Utilisateur** non-root dans les conteneurs
- **Secrets** gérés via Kubernetes Secrets
- **Scan** de vulnérabilités des images
- **Politiques** de sécurité réseau
### Configuration
```yaml
# Security Context
securityContext:
runAsNonRoot: true
runAsUser: 1000
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
```
## 📚 Documentation
### Guides
- [Guide de Monitoring](/docs/infra/observability)
- [Guide de Sécurité](/docs/infra/security)
## 🤝 Contribution
Pour modifier la configuration des conteneurs :
1. Testez les changements localement
2. Mettez à jour la documentation
3. Créez une PR avec description détaillée
4. Attendez l'approbation de l'équipe DevOps
Reference in a new issue View git blame Copy permalink