Примечание
Kubernetes предназначен для управления контейнеризованными приложениями в крупномасштабных производственных средах. Он поддерживает автоматическое масштабирование, обнаружение сервисов и управление отказами.
Развертывание в Docker-compose затрудняет масштабирование и не обеспечивает отказоустойчивость.
В данном примере рассматривается вариант развертывания всех компонентов системы, включая общесистемные PostgreSQL, Redis, RabbitMQ, на одной виртуальной машине.
Для установки Docker на ВМ и включения автозагрузки при перезапуске выполните команды:
sudo dnf install docker-ce docker-ce-cli docker-compose
sudo systemctl enable docker --now
sudo systemctl status docker
Подробнее об установке на РЕД ОС — https://redos.red-soft.ru/base/redos-7_3/7_3-administation/7_3-containers/7_3-docker-install/?nocache=1729788973214.
Включите доступ пользователя к сервису:
usermod -aG docker <имя_пользователя>
Если для обращения к сервису планируется использовать доменное имя (например, https://timetta.my-company.com), то требуется создание соответствующий DNS-записей. Альтернатива — обращаться по IP адресу.
Для работы приложения потребуются сертификаты для всех IP адресов и/или доменных имен, по которым будут опубликованы сервисы приложения.
Скопируйте все файлы в одну папку, а именно:
В данной папке выполните:
docker-compose up -d
Замените op.timetta-test.com на ваше доменное имя или IP адрес.
name: timetta
configs:
app_settings:
file: ./settings.json
client_settings:
file: ./client-settings.json
nginx_config:
content: |
user nginx;
worker_processes 1;
events{}
http {
include /etc/nginx/mime.types;
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/key.pem;
root /usr/share/nginx/html;
index index.html;
location / {
try_files $$uri $$uri/ /index.html =404;
}
}
}
cert_pfx:
file: ./cert.pfx
key_pem:
file: ./key.pem
cert_crt:
file: ./cert.crt
# Data storage.
volumes:
pgdata:
driver: local
services:
redis:
image: redis:latest
container_name: redis
restart: always
ports:
- "6379:6379"
volumes:
- /path/to/local/dаta:/root/redis
- /path/to/local/redis.conf:/usr/local/etc/redis/redis.conf
environment:
- REDIS_PASSWORD=1
- REDIS_PORT=6379
- REDIS_DATABASES=16
rabbitmq:
container_name: rabbitmq
image: rabbitmq:latest
restart: always
environment:
- RABBITMQ_DEFAULT_USER=admin
- RABBITMQ_DEFAULT_PASS=1
ports:
- 5672:5672
postgres:
image: postgres:latest
container_name: postgres
environment:
POSTGRES_USER: dba
POSTGRES_PASSWORD: 1
POSTGRES_DB: postgres_db
PGDATA: /var/lib/postgresql/data/pgdata
ports:
- "5430:5432"
volumes:
- ./pgdata:/var/lib/postgresql/data/pgdata
deploy:
resources:
limits:
cpus: '1'
memory: 4G
reservations:
cpus: '0.5'
memory: 1024M
command: >+
postgres -c max_connections=1000
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U postgres_user -d postgres_db" ]
interval: 30s
timeout: 10s
retries: 5
restart: always
tty: true
stdin_open: true
api:
container_name: api
# If a self-signed certificate is used, it must be trusted.
# API services contact Passport services to obtain configuration using TLS.
build:
context: .
dockerfile_inline: |
FROM cr.yandex/crpr8bvek949tq2fuqkf/api:latest
COPY cert.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
ports:
- "5400:5400/tcp"
links:
- passport:op.timetta-test.com
environment:
- ASPNETCORE_URLS=https://*:5400
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_HTTPS_PORTS=5400
- ASPNETCORE_Kestrel__Certificates__Default__Path=/app/secrets/cert.crt
- ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/app/secrets/key.pem
deploy:
resources:
limits:
cpus: '1'
memory: 4G
reservations:
cpus: '0.5'
memory: 2G
configs:
- source: app_settings
target: /app/secrets/settings.json
- source: cert_crt
target: /app/secrets/cert.crt
- source: key_pem
target: /app/secrets/key.pem
passport:
container_name: passport
image: cr.yandex/crpr8bvek949tq2fuqkf/passport:latest
ports:
- "5401:5401/tcp"
environment:
- ASPNETCORE_URLS=https://*:5401
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_HTTPS_PORTS=5401
- ASPNETCORE_Kestrel__Certificates__Default__Path=/app/secrets/cert.crt
- ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/app/secrets/key.pem
configs:
- source: app_settings
target: /app/secrets/settings.json
- source: cert_pfx
target: /app/secrets/cert.pfx
- source: cert_crt
target: /app/secrets/cert.crt
- source: key_pem
target: /app/secrets/key.pem
consumer:
container_name: consumer
image: cr.yandex/crpr8bvek949tq2fuqkf/consumer:latest
ports:
- "5403:5403/tcp"
configs:
- source: app_settings
target: /app/secrets/settings.json
scheduler:
container_name: scheduler
image: cr.yandex/crpr8bvek949tq2fuqkf/scheduler:latest
ports:
- "5406:5406/tcp"
configs:
- source: app_settings
target: /app/secrets/settings.json
web-socket:
container_name: web-socket
image: cr.yandex/crpr8bvek949tq2fuqkf/web-socket-hub:latest
build:
context: .
dockerfile_inline: |
FROM cr.yandex/crpr8bvek949tq2fuqkf/api:latest
COPY cert.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
ports:
- "5404:5404/tcp"
environment:
- ASPNETCORE_URLS=https://*:5404
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_HTTPS_PORTS=5404
- ASPNETCORE_Kestrel__Certificates__Default__Path=/app/secrets/cert.crt
- ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/app/secrets/key.pem
configs:
- source: app_settings
target: /app/secrets/settings.json
- source: cert_crt
target: /app/secrets/cert.crt
- source: key_pem
target: /app/secrets/key.pem
reporting:
container_name: reporting
image: cr.yandex/crpr8bvek949tq2fuqkf/reporting:latest
build:
context: .
dockerfile_inline: |
FROM cr.yandex/crpr8bvek949tq2fuqkf/api:latest
COPY cert.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
ports:
- "5405:5405/tcp"
environment:
- ASPNETCORE_URLS=https://*:5405
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_HTTPS_PORTS=5405
- ASPNETCORE_Kestrel__Certificates__Default__Path=/app/secrets/cert.crt
- ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/app/secrets/key.pem
configs:
- source: app_settings
target: /app/secrets/settings.json
- source: cert_crt
target: /app/secrets/cert.crt
- source: key_pem
target: /app/secrets/key.pem
client:
container_name: client
image: cr.yandex/crpr8bvek949tq2fuqkf/client-host:latest
ports:
- "443:443/tcp"
deploy:
update_config:
parallelism: 1
delay: 0s
order: stop-first
configs:
- source: nginx_config
target: /etc/nginx/nginx.conf
- source: client_settings
target: /usr/share/nginx/html/assets/config.json
- source: cert_crt
target: /etc/nginx/cert.crt
- source: key_pem
target: /etc/nginx/key.pem
Перейти на русскую версию?