当前位置：首页 > news >正文

Go语言部署清单：上线检查项

news 2026/5/29 4:59:50

Go语言部署清单：上线检查项

部署是将应用交付生产环境的关键环节。本文详细介绍Go语言应用部署的各项检查项，确保上线过程顺利且安全。

一、配置管理

1.1 配置文件设计

良好的配置管理是部署成功的基础。

import ( "os" "fmt" "gopkg.in/yaml.v3" ) type Config struct { App AppConfig `yaml:"app"` Database DatabaseConfig `yaml:"database"` Redis RedisConfig `yaml:"redis"` Log LogConfig `yaml:"log"` Metrics MetricsConfig `yaml:"metrics"` } type AppConfig struct { Host string `yaml:"host"` Port int `yaml:"port"` Env string `yaml:"env"` } type DatabaseConfig struct { Host string `yaml:"host"` Port int `yaml:"port"` User string `yaml:"user"` Password string `yaml:"password"` Database string `yaml:"database"` MaxOpen int `yaml:"max_open_conns"` MaxIdle int `yaml:"max_idle_conns"` } type RedisConfig struct { Host string `yaml:"host"` Port int `yaml:"port"` Password string `yaml:"password"` DB int `yaml:"db"` } type LogConfig struct { Level string `yaml:"level"` Output string `yaml:"output"` } type MetricsConfig struct { Enabled bool `yaml:"enabled"` Port int `yaml:"port"` } func LoadConfig(path string) (*Config, error) { data, err := os.ReadFile(path) if err != nil { return nil, fmt.Errorf("failed to read config file: %w", err) } var cfg Config if err := yaml.Unmarshal(data, &cfg); err != nil { return nil, fmt.Errorf("failed to parse config file: %w", err) } // 从环境变量覆盖配置 if env := os.Getenv("APP_ENV"); env != "" { cfg.App.Env = env } if env := os.Getenv("DB_PASSWORD"); env != "" { cfg.Database.Password = env } if env := os.Getenv("REDIS_PASSWORD"); env != "" { cfg.Redis.Password = env } return &cfg, nil }

1.2 配置文件示例

# config.yaml app: host: "0.0.0.0" port: 8080 env: "production" database: host: "localhost" port: 3306 user: "app_user" password: "" # 从环境变量DB_PASSWORD读取 database: "myapp" max_open_conns: 100 max_idle_conns: 10 redis: host: "localhost" port: 6379 password: "" # 从环境变量REDIS_PASSWORD读取 db: 0 log: level: "info" output: "/var/log/myapp/app.log" metrics: enabled: true port: 9090

1.3 多环境配置

// config_dev.yaml app: env: "development" database: host: "localhost" port: 3306 // config_prod.yaml app: env: "production" database: host: "prod-db.internal" port: 3306 // 根据环境加载配置 func getConfigPath() string { env := os.Getenv("APP_ENV") if env == "" { env = "development" } return fmt.Sprintf("config_%s.yaml", env) }

二、环境变量

2.1 环境变量设计原则

敏感信息（密码、密钥）必须通过环境变量传入
不同环境使用不同的配置值
提供默认值但生产环境必须显式配置

import "os" type EnvConfig struct { // 数据库 DBHost string DBPort string DBUser string DBPassword string DBName string // Redis RedisHost string RedisPassword string // JWT JWTSecret string // S3存储 AWS_ACCESS_KEY_ID string AWS_SECRET_ACCESS_KEY string AWS_REGION string } func LoadEnvConfig() *EnvConfig { return &EnvConfig{ DBHost: getEnv("DB_HOST", "localhost"), DBPort: getEnv("DB_PORT", "3306"), DBUser: getEnv("DB_USER", "root"), DBPassword: getEnv("DB_PASSWORD", ""), DBName: getEnv("DB_NAME", "myapp"), RedisHost: getEnv("REDIS_HOST", "localhost"), RedisPassword: getEnv("REDIS_PASSWORD", ""), JWTSecret: getEnv("JWT_SECRET", ""), AWS_ACCESS_KEY_ID: os.Getenv("AWS_ACCESS_KEY_ID"), AWS_SECRET_ACCESS_KEY: os.Getenv("AWS_SECRET_ACCESS_KEY"), AWS_REGION: getEnv("AWS_REGION", "us-east-1"), } } func getEnv(key, defaultValue string) string { if value := os.Getenv(key); value != "" { return value } return defaultValue }

2.2 敏感信息检查

func validateRequiredEnvVars() error { required := []string{ "DB_PASSWORD", "JWT_SECRET", } var missing []string for _, key := range required { if os.Getenv(key) == "" { missing = append(missing, key) } } if len(missing) > 0 { return fmt.Errorf("missing required environment variables: %v", missing) } return nil }

三、容器化

3.1 Dockerfile编写

Go应用应使用多阶段构建减小镜像体积。

# 构建阶段 FROM golang:1.22-alpine AS builder WORKDIR /app # 安装依赖 COPY go.mod go.sum ./ RUN go mod download # 复制源代码 COPY . . # 构建二进制文件 RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -o /app/myapp . # 运行阶段 FROM alpine:3.19 WORKDIR /app # 安装时区数据 RUN apk --no-cache add ca-certificates tzdata # 复制二进制文件 COPY --from=builder /app/myapp . COPY --from=builder /app/config ./config # 创建非root用户 RUN addgroup -g 1000 appgroup && \ adduser -u 1000 -G appgroup -s /bin/sh -D appuser USER appuser EXPOSE 8080 9090 ENTRYPOINT ["./myapp"]

3.2 Docker Compose配置

# docker-compose.yml version: '3.8' services: app: build: context: . dockerfile: Dockerfile ports: - "8080:8080" - "9090:9090" environment: - APP_ENV=production - DB_HOST=db - DB_PASSWORD=${DB_PASSWORD} - REDIS_HOST=redis - REDIS_PASSWORD=${REDIS_PASSWORD} - JWT_SECRET=${JWT_SECRET} volumes: - ./logs:/app/logs - ./config:/app/config:ro depends_on: db: condition: service_healthy redis: condition: service_started restart: unless-stopped healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080/health/live"] interval: 30s timeout: 10s retries: 3 start_period: 40s db: image: mysql:8.0 environment: MYSQL_ROOT_PASSWORD: ${DB_PASSWORD} MYSQL_DATABASE: myapp volumes: - mysql_data:/var/lib/mysql healthcheck: test: ["CMD", "mysqladmin", "ping", "-h", "localhost"] interval: 10s timeout: 5s retries: 5 redis: image: redis:7-alpine command: redis-server --requirepass ${REDIS_PASSWORD} volumes: - redis_data:/data volumes: mysql_data: redis_data:

3.3 Kubernetes部署配置

# deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: myapp labels: app: myapp spec: replicas: 3 selector: matchLabels: app: myapp template: metadata: labels: app: myapp spec: containers: - name: myapp image: myapp:latest ports: - containerPort: 8080 name: http - containerPort: 9090 name: metrics env: - name: APP_ENV value: "production" - name: DB_PASSWORD valueFrom: secretKeyRef: name: myapp-secrets key: db-password - name: JWT_SECRET valueFrom: secretKeyRef: name: myapp-secrets key: jwt-secret resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" readinessProbe: httpGet: path: /health/ready port: 8080 initialDelaySeconds: 5 periodSeconds: 5 livenessProbe: httpGet: path: /health/live port: 8080 initialDelaySeconds: 10 periodSeconds: 10 volumeMounts: - name: config mountPath: /app/config readOnly: true volumes: - name: config configMap: name: myapp-config --- apiVersion: v1 kind: Service metadata: name: myapp spec: selector: app: myapp ports: - port: 80 targetPort: 8080 type: ClusterIP --- apiVersion: v1 kind: ConfigMap metadata: name: myapp-config data: config.yaml: | app: host: "0.0.0.0" port: 8080 env: "production" log: level: "info"

四、健康检查

4.1 健康检查实现

type HealthChecker struct { db *sql.DB redis *redis.Client } func NewHealthChecker(db *sql.DB, redis *redis.Client) *HealthChecker { return &HealthChecker{db: db, redis: redis} } func (h *HealthChecker) Check() error { // 检查数据库连接 if err := h.db.Ping(); err != nil { return fmt.Errorf("database ping failed: %w", err) } // 检查Redis连接 if _, err := h.redis.Ping().Result(); err != nil { return fmt.Errorf("redis ping failed: %w", err) } return nil } func (h *HealthChecker) HandleLive(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) json.NewEncoder(w).Encode(map[string]string{"status": "alive"}) } func (h *HealthChecker) HandleReady(w http.ResponseWriter, r *http.Request) { if err := h.Check(); err != nil { w.WriteHeader(http.StatusServiceUnavailable) json.NewEncoder(w).Encode(map[string]string{ "status": "not ready", "error": err.Error(), }) return } w.WriteHeader(http.StatusOK) json.NewEncoder(w).Encode(map[string]string{"status": "ready"}) }

五、优雅关闭

5.1 优雅关闭实现

优雅关闭确保正在处理的请求能够完成。

import ( "context" "net/http" "os" "os/signal" "syscall" "time" ) type Server struct { httpServer *http.Server quit chan os.Signal } func NewServer(mux *http.ServeMux, addr string) *Server { return &Server{ httpServer: &http.Server{ Addr: addr, Handler: mux, ReadTimeout: 30 * time.Second, WriteTimeout: 30 * time.Second, IdleTimeout: 60 * time.Second, }, quit: make(chan os.Signal, 1), } } func (s *Server) Start() error { // 启动服务器 go func() { if err := s.httpServer.ListenAndServe(); err != nil && err != http.ErrServerClosed { log.Fatalf("server error: %v", err) } }() // 等待退出信号 signal.Notify(s.quit, syscall.SIGINT, syscall.SIGTERM) <-s.quit log.Println("shutting down server...") // 创建超时上下文 ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() // 优雅关闭 if err := s.httpServer.Shutdown(ctx); err != nil { return fmt.Errorf("server shutdown failed: %w", err) } log.Println("server stopped") return nil } func (s *Server) Stop() { s.quit <- syscall.SIGTERM }

5.2 信号处理

import ( "log" "os" "os/signal" "syscall" ) func handleSignals(cleanup func()) { sigCh := make(chan os.Signal, 1) signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP) sig := <-sigCh log.Printf("received signal: %v", sig) switch sig { case syscall.SIGINT, syscall.SIGTERM: log.Println("performing graceful shutdown...") cleanup() log.Println("cleanup completed") os.Exit(0) case syscall.SIGHUP: log.Println("received SIGHUP, reloading configuration...") // 可以实现配置重载 } }

六、日志输出

6.1 日志配置

import ( "github.com/sirupsen/logrus" ) func setupLogging(cfg *LogConfig) *logrus.Logger { logger := logrus.New() // 设置日志级别 level, err := logrus.ParseLevel(cfg.Level) if err != nil { level = logrus.InfoLevel } logger.SetLevel(level) // 设置输出格式 if cfg.Output == "stdout" { logger.SetOutput(os.Stdout) } else { file, err := os.OpenFile(cfg.Output, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666) if err == nil { logger.SetOutput(file) } } // JSON格式便于收集 logger.SetFormatter(&logrus.JSONFormatter{ TimestampFormat: time.RFC3339, }) return logger }

6.2 日志轮转

使用logrus的hook实现日志轮转。

import ( "github.com/lestrrat-go/file-rotatelogs" ) func setupRotateLogs(logger *logrus.Logger, path string) { writer, err := rotatelogs.New( path+".%Y%m%d", rotatelogs.WithLinkName(path), rotatelogs.WithMaxAge(7*24*time.Hour), rotatelogs.WithRotationTime(24*time.Hour), ) if err != nil { log.Printf("failed to create rotate logs: %v", err) return } logger.SetOutput(writer) }

七、监控接入

7.1 Prometheus指标暴露

import ( "github.com/prometheus/client_golang/prometheus/promhttp" ) func setupMetrics mux { mux.Handle("/metrics", promhttp.Handler()) }

7.2 Kubernetes服务Monitor

# service-monitor.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: myapp labels: release: prometheus spec: selector: matchLabels: app: myapp endpoints: - port: metrics path: /metrics interval: 15s

八、回滚策略

8.1 版本标记

const VERSION = "1.0.0" func main() { log.Printf("starting myapp version: %s", VERSION) // ... }

8.2 数据库迁移回滚

type Migration struct { Version int Name string Up func(*sql.Tx) error Down func(*sql.Tx) error } func (m *Migration) Apply(db *sql.DB) error { tx, err := db.Begin() if err != nil { return err } if err := m.Up(tx); err != nil { tx.Rollback() return err } // 记录版本 _, err = tx.Exec("INSERT INTO schema_migrations (version, name) VALUES (?, ?)", m.Version, m.Name) if err != nil { tx.Rollback() return err } return tx.Commit() } func (m *Migration) Rollback(db *sql.DB) error { tx, err := db.Begin() if err != nil { return err } if err := m.Down(tx); err != nil { tx.Rollback() return err } _, err = tx.Exec("DELETE FROM schema_migrations WHERE version = ?", m.Version) if err != nil { tx.Rollback() return err } return tx.Commit() }

8.3 Kubernetes回滚命令

# 查看部署历史 kubectl rollout history deployment/myapp # 回滚到上一个版本 kubectl rollout undo deployment/myapp # 回滚到指定版本 kubectl rollout undo deployment/myapp --to-revision=2 # 查看回滚状态 kubectl rollout status deployment/myapp