Docker & Kubernetes Orchestrator
Production-grade containerization and orchestration patterns.
Docker Patterns
Multi-Stage Builds
Node.js optimized build
FROM node:18-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci COPY . . RUN npm run build
FROM node:18-alpine AS runner WORKDIR /app ENV NODE_ENV=production COPY --from=builder /app/dist ./dist COPY --from=builder /app/node_modules ./node_modules COPY package*.json ./ USER node EXPOSE 3000 CMD ["node", "dist/index.js"]
Python optimized build
FROM python:3.11-slim AS builder WORKDIR /app RUN python -m venv /opt/venv ENV PATH="/opt/venv/bin:$PATH" COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt
FROM python:3.11-slim AS runner WORKDIR /app COPY --from=builder /opt/venv /opt/venv ENV PATH="/opt/venv/bin:$PATH" COPY . . USER nobody CMD ["uvicorn", "main:app", "--host", "0.0.0.0"]
Docker Compose for Microservices
version: '3.8'
services: api: build: ./api ports: - "8000:8000" environment: DATABASE_URL: postgresql://postgres:password@db:5432/app REDIS_URL: redis://redis:6379 depends_on: - db - redis networks: - backend healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8000/health"] interval: 30s timeout: 10s retries: 3
worker: build: ./worker environment: CELERY_BROKER_URL: redis://redis:6379/0 depends_on: - redis networks: - backend deploy: replicas: 3
frontend: build: ./frontend ports: - "3000:3000" environment: NEXT_PUBLIC_API_URL: http://localhost:8000 networks: - frontend - backend
db: image: postgres:15-alpine volumes: - postgres_data:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: password networks: - backend
redis: image: redis:7-alpine volumes: - redis_data:/data networks: - backend
nginx: image: nginx:alpine ports: - "80:80" - "443:443" volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./ssl:/etc/nginx/ssl:ro depends_on: - api - frontend networks: - frontend
volumes: postgres_data: redis_data:
networks: frontend: backend:
Kubernetes Patterns
Deployment
apiVersion: apps/v1 kind: Deployment metadata: name: api labels: app: api spec: replicas: 3 selector: matchLabels: app: api template: metadata: labels: app: api spec: containers: - name: api image: myregistry.com/api:latest ports: - containerPort: 8000 env: - name: DATABASE_URL valueFrom: secretKeyRef: name: db-secret key: url resources: requests: memory: "256Mi" cpu: "250m" limits: memory: "512Mi" cpu: "500m" livenessProbe: httpGet: path: /health port: 8000 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /ready port: 8000 initialDelaySeconds: 5 periodSeconds: 5
Service & Ingress
apiVersion: v1 kind: Service metadata: name: api spec: selector: app: api ports:
- protocol: TCP port: 80 targetPort: 8000 type: ClusterIP
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: api annotations: cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/rate-limit: "100" spec: ingressClassName: nginx tls:
- hosts:
- api.example.com secretName: api-tls rules:
- host: api.example.com
http:
paths:
- path: / pathType: Prefix backend: service: name: api port: number: 80
ConfigMap & Secrets
apiVersion: v1 kind: ConfigMap metadata: name: app-config data: LOG_LEVEL: "info" MAX_CONNECTIONS: "100"
apiVersion: v1 kind: Secret metadata: name: db-secret type: Opaque stringData: url: postgresql://user:pass@db:5432/app password: secret123
StatefulSet for Databases
apiVersion: apps/v1 kind: StatefulSet metadata: name: postgres spec: serviceName: postgres replicas: 3 selector: matchLabels: app: postgres template: metadata: labels: app: postgres spec: containers: - name: postgres image: postgres:15 ports: - containerPort: 5432 env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: db-secret key: password volumeMounts: - name: data mountPath: /var/lib/postgresql/data volumeClaimTemplates:
- metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 10Gi
Horizontal Pod Autoscaler
apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: api-hpa spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: api minReplicas: 2 maxReplicas: 10 metrics:
- type: Resource resource: name: cpu target: type: Utilization averageUtilization: 70
- type: Resource resource: name: memory target: type: Utilization averageUtilization: 80
Helm Charts
Chart.yaml
apiVersion: v2 name: myapp version: 1.0.0 appVersion: "1.0"
values.yaml
replicaCount: 3 image: repository: myregistry.com/api tag: latest pullPolicy: IfNotPresent
service: type: ClusterIP port: 80
ingress: enabled: true className: nginx hosts: - host: api.example.com paths: - path: / pathType: Prefix
resources: limits: cpu: 500m memory: 512Mi requests: cpu: 250m memory: 256Mi
autoscaling: enabled: true minReplicas: 2 maxReplicas: 10 targetCPUUtilizationPercentage: 70
Quick Commands
Docker
docker build -t myapp:latest . docker run -p 8000:8000 myapp:latest docker compose up -d docker compose logs -f api docker exec -it container_name sh
Kubernetes
kubectl apply -f deployment.yaml kubectl get pods -w kubectl logs -f pod-name kubectl exec -it pod-name -- sh kubectl port-forward svc/api 8000:80 kubectl scale deployment/api --replicas=5 kubectl rollout restart deployment/api kubectl rollout undo deployment/api
Helm
helm install myapp ./chart helm upgrade myapp ./chart helm rollback myapp 1 helm list
When to Use: Containerizing apps, Docker Compose orchestration, Kubernetes deployments, scaling microservices.