Docker与Java应用部署
Docker与Java应用部署
Docker是容器化部署的标准工具,掌握Dockerfile编写和多阶段构建是Java开发者的基本功。
基础Dockerfile
FROM openjdk:17-jre-slim
WORKDIR /app
COPY target/app.jar app.jar
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "app.jar"]
多阶段构建优化
# 构建阶段
FROM maven:3.9-eclipse-temurin-17 AS builder
WORKDIR /build
COPY pom.xml .
RUN mvn dependency:go-offline -B
COPY src ./src
RUN mvn package -DskipTests -B
# 运行阶段
FROM eclipse-temurin:17-jre-alpine
RUN addgroup -S app && adduser -S app -G app
WORKDIR /app
COPY --from=builder /build/target/*.jar app.jar
USER app
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "app.jar"]
JVM参数优化
FROM eclipse-temurin:17-jre-alpine
ENV JAVA_OPTS="-XX:+UseContainerSupport \
-XX:MaxRAMPercentage=75.0 \
-XX:InitialRAMPercentage=50.0 \
-XX:+UseG1GC \
-XX:+HeapDumpOnOutOfMemoryError \
-XX:HeapDumpPath=/app/heapdump.hprof \
-Djava.security.egd=file:/dev/./urandom"
COPY target/app.jar app.jar
ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar app.jar"]
Docker Compose编排
version: '3.8'
services:
app:
build: .
ports:
- "8080:8080"
environment:
- SPRING_PROFILES_ACTIVE=prod
- DB_HOST=mysql
depends_on:
mysql:
condition: service_healthy
deploy:
resources:
limits:
memory: 512M
cpus: '1.0'
mysql:
image: mysql:8.0
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: mydb
volumes:
- mysql-data:/var/lib/mysql
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
interval: 10s
timeout: 5s
retries: 5
volumes:
mysql-data:
健康检查
@RestController
public class HealthController {
@Autowired
private DataSource dataSource;
@GetMapping("/actuator/health")
public Map<String, String> health() {
Map<String, String> status = new HashMap<>();
try (Connection conn = dataSource.getConnection()) {
status.put("database", "UP");
} catch (Exception e) {
status.put("database", "DOWN");
}
status.put("status", status.containsValue("DOWN") ? "DOWN" : "UP");
return status;
}
}
镜像安全最佳实践
# 使用非root用户
RUN addgroup -S app && adduser -S app -G app
# 只复制必要文件
COPY --chown=app:app target/app.jar /app/
# 设置只读文件系统
USER app
小结
多阶段构建减小镜像体积,容器参数优化保障Java应用在Docker环境中稳定运行。