当前位置：首页 > news >正文

AIri项目容器化部署深度解析：从单机到云原生完整实战

news 2026/6/11 3:53:01

AIri项目容器化部署深度解析：从单机到云原生完整实战

【免费下载链接】airi💖🧸 Self hosted, you-owned Grok Companion, a container of souls of waifu, cyber livings to bring them into our worlds, wishing to achieve Neuro-sama's altitude. Capable of realtime voice chat, Minecraft, Factorio playing. Web / macOS / Windows supported.项目地址: https://gitcode.com/GitHub_Trending/ai/airi

AIri是一个基于大型语言模型的虚拟AI角色项目，旨在创建可与用户互动、玩游戏、聊天的数字伴侣。在当今云原生应用大行其道的时代，容器化部署已成为现代应用交付的标准实践。本文将深入探讨AIri项目的容器化部署方案，涵盖从基础Docker部署到生产级Kubernetes集群的完整实践路径，为开发者提供从入门到进阶的云原生应用部署指南。

项目架构与容器化价值

AIri项目采用微服务架构设计，包含前端Web应用、后端API服务、数据库、缓存以及可观测性组件等多个模块。容器化部署为AIri带来了显著优势：

环境一致性：确保开发、测试、生产环境完全一致
快速部署：通过镜像实现秒级部署和回滚
资源隔离：避免依赖冲突，提高系统稳定性
弹性伸缩：基于容器编排实现自动扩缩容
简化运维：统一部署和管理接口

基础容器化部署方案

Docker单机部署实践

AIri项目已提供完整的Dockerfile配置，位于apps/stage-web/Dockerfile，采用多阶段构建优化镜像大小：

# 构建阶段 FROM node:24-trixie AS build-stage WORKDIR /app COPY . . RUN pnpm install --frozen-lockfile RUN pnpm -F @proj-airi/stage-web run build # 生产阶段 FROM nginx:stable-alpine AS production-stage COPY --from=build-stage /app/apps/stage-web/dist /usr/share/nginx/html EXPOSE 80 CMD ["nginx", "-g", "daemon off;"]

执行以下命令即可完成基础部署：

# 克隆项目仓库 git clone https://gitcode.com/GitHub_Trending/ai/airi cd airi # 构建Docker镜像 docker build -t airi-web -f apps/stage-web/Dockerfile . # 运行容器 docker run -d -p 8080:80 --name airi-web-container airi-web

完整服务栈部署

对于完整的AIri服务栈，项目提供了docker-compose配置，位于apps/server/docker-compose.yml：

services: db: image: ghcr.io/tensorchord/vchord-postgres:pg18-v1.0.0 environment: - POSTGRES_DB=postgres - POSTGRES_USER=postgres - POSTGRES_PASSWORD=example-PAssw0rd-xHjDYR.b7N ports: - '5435:5432' volumes: - ./sql/init.sql:/docker-entrypoint-initdb.d/init.sql - db_data:/var/lib/postgresql healthcheck: test: ['CMD-SHELL', 'pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB'] redis: image: redis:7-alpine ports: - '6379:6379' volumes: - redis_data:/data healthcheck: test: ['CMD', 'redis-cli', 'ping'] api: build: context: ../.. dockerfile: apps/server/Dockerfile command: ['pnpm', '-F', '@proj-airi/server', 'run', 'server', 'api'] depends_on: db: condition: service_healthy redis: condition: service_healthy ports: - '6112:3000' healthcheck: test: ['CMD-SHELL', 'curl -f http://localhost:3000/livez || exit 1']

启动完整服务栈：

cd apps/server docker-compose up -d

生产环境配置优化

环境变量管理

AIri支持通过环境变量进行灵活配置，建议使用.env文件管理敏感信息：

# .env.production API_KEY=your_production_api_key DATABASE_URL=postgresql://user:password@db:5432/airi REDIS_URL=redis://redis:6379 NODE_ENV=production LOG_LEVEL=info

资源限制与健康检查

为生产环境配置合理的资源限制和健康检查策略：

# docker-compose.prod.yml services: api: deploy: resources: limits: cpus: '2' memory: 2G reservations: cpus: '0.5' memory: 512M healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3000/health"] interval: 30s timeout: 10s retries: 3 start_period: 40s logging: driver: "json-file" options: max-size: "10m" max-file: "3"

网络配置优化

配置适当的网络策略确保服务安全：

networks: airi-network: driver: bridge ipam: config: - subnet: 172.20.0.0/16 services: api: networks: - airi-network ports: - target: 3000 published: 6112 protocol: tcp mode: host

Kubernetes集群部署方案

Deployment配置

创建Kubernetes Deployment资源，确保高可用性：

apiVersion: apps/v1 kind: Deployment metadata: name: airi-api labels: app: airi component: api spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: airi component: api template: metadata: labels: app: airi component: api spec: securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 2000 containers: - name: api image: airi-api:latest imagePullPolicy: IfNotPresent ports: - containerPort: 3000 name: http env: - name: DATABASE_URL valueFrom: secretKeyRef: name: airi-secrets key: database-url - name: REDIS_URL valueFrom: configMapKeyRef: name: airi-config key: redis-url resources: requests: memory: "512Mi" cpu: "250m" limits: memory: "1Gi" cpu: "500m" livenessProbe: httpGet: path: /health port: 3000 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /ready port: 3000 initialDelaySeconds: 5 periodSeconds: 5

Service与Ingress配置

配置服务发现和外部访问：

apiVersion: v1 kind: Service metadata: name: airi-service spec: selector: app: airi ports: - name: http port: 80 targetPort: 3000 type: ClusterIP --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: airi-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/ssl-redirect: "true" cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: tls: - hosts: - airi.example.com secretName: airi-tls rules: - host: airi.example.com http: paths: - path: / pathType: Prefix backend: service: name: airi-service port: number: 80

可观测性集成

AIri项目已集成OpenTelemetry，可通过以下配置启用完整的可观测性栈：

# apps/server/docker-compose.otel.yml 中的配置 services: otel-collector: image: otel/opentelemetry-collector-contrib:0.120.0 command: ['--config=/etc/otelcol/otel-collector.yaml'] ports: - '4317:4317' # OTLP gRPC - '4318:4318' # OTLP HTTP prometheus: image: prom/prometheus:v3.2.1 volumes: - ./otel/prometheus/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro loki: image: grafana/loki:3.4.3 command: -config.file=/etc/loki/loki.yaml tempo: image: grafana/tempo:2.7.2 command: ['-config.file=/etc/tempo/tempo.yaml'] grafana: image: grafana/grafana:11.5.2 environment: - GF_SECURITY_ADMIN_USER=admin - GF_SECURITY_ADMIN_PASSWORD=admin ports: - '3001:3000'

高级部署策略

蓝绿部署与金丝雀发布

实现零停机部署策略：

apiVersion: flagger.app/v1beta1 kind: Canary metadata: name: airi-api spec: targetRef: apiVersion: apps/v1 kind: Deployment name: airi-api service: port: 3000 targetPort: 3000 analysis: interval: 1m threshold: 5 maxWeight: 50 stepWeight: 10 metrics: - name: request-success-rate threshold: 99 interval: 1m - name: request-duration threshold: 500 interval: 1m

自动扩缩容配置

基于资源使用率自动调整副本数量：

apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: airi-api-hpa spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: airi-api minReplicas: 2 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 70 - type: Resource resource: name: memory target: type: Utilization averageUtilization: 80

持久化存储配置

配置持久化存储确保数据安全：

apiVersion: v1 kind: PersistentVolumeClaim metadata: name: airi-postgres-pvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: standard --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: airi-redis-pvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi storageClassName: standard

安全加固实践

安全上下文配置

实施最小权限原则：

securityContext: runAsNonRoot: true runAsUser: 1000 allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault

网络策略实施

限制Pod间网络通信：

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: airi-network-policy spec: podSelector: matchLabels: app: airi policyTypes: - Ingress - Egress ingress: - from: - podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 3000 egress: - to: - podSelector: matchLabels: component: database ports: - protocol: TCP port: 5432

密钥管理最佳实践

使用Kubernetes Secret管理敏感信息：

# 创建加密Secret kubectl create secret generic airi-secrets \ --from-literal=api-key=$(echo -n "your-api-key" | base64) \ --from-literal=database-password=$(echo -n "secure-password" | base64) \ --from-file=ssl-certificate=./cert.pem \ --from-file=ssl-key=./key.pem # 使用外部Secret存储 kubectl create secret generic airi-external-secrets \ --from-literal=vault-addr=https://vault.example.com \ --from-literal=vault-token=$(cat /path/to/token)

监控与告警配置

Prometheus监控规则

定义关键业务指标监控：

groups: - name: airi.rules rules: - alert: HighErrorRate expr: | rate(http_requests_total{status=~"5.."}[5m]) / rate(http_requests_total[5m]) > 0.05 for: 5m labels: severity: warning annotations: summary: "High error rate detected" description: "Error rate is {{ $value }} for service {{ $labels.service }}" - alert: HighLatency expr: | histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m])) > 1 for: 5m labels: severity: warning annotations: summary: "High latency detected" description: "95th percentile latency is {{ $value }}s for service {{ $labels.service }}"

Grafana仪表板配置

创建业务监控仪表板：

{ "dashboard": { "title": "AIri Service Dashboard", "panels": [ { "title": "Request Rate", "targets": [{ "expr": "rate(http_requests_total[5m])", "legendFormat": "{{method}} {{status}}" }] }, { "title": "Error Rate", "targets": [{ "expr": "rate(http_requests_total{status=~\"5..\"}[5m]) / rate(http_requests_total[5m])", "legendFormat": "Error Rate" }] }, { "title": "Response Time", "targets": [{ "expr": "histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))", "legendFormat": "95th Percentile" }] } ] } }

持续集成与部署流水线

GitHub Actions自动化部署

配置完整的CI/CD流水线：

name: Deploy AIri to Production on: push: branches: [ main ] pull_request: branches: [ main ] jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '20' - name: Install pnpm uses: pnpm/action-setup@v2 with: version: 8 - name: Install dependencies run: pnpm install --frozen-lockfile - name: Run tests run: pnpm test build-and-push: needs: test runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . file: ./apps/stage-web/Dockerfile push: true tags: | ${{ secrets.DOCKER_USERNAME }}/airi-web:latest ${{ secrets.DOCKER_USERNAME }}/airi-web:${{ github.sha }} deploy: needs: build-and-push runs-on: ubuntu-latest steps: - name: Deploy to Kubernetes uses: azure/k8s-deploy@v4 with: namespace: production manifests: | k8s/deployment.yaml k8s/service.yaml k8s/ingress.yaml images: | ${{ secrets.DOCKER_USERNAME }}/airi-web:${{ github.sha }}