trevor/PyGuardian
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4adb00a498041fae020e75622fc093d9407564f3
PyGuardian/deployment/docker/Dockerfile.optimized
Andrey K. Choi 4adb00a498
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details
feat: Complete Docker deployment environment for PyGuardian v2.1.0 
🐳 DOCKER DEPLOYMENT INFRASTRUCTURE:

## New Docker Files:
- deployment/docker/Dockerfile.optimized - Multi-stage optimized builds
- docker-compose.prod.yml - Production cluster deployment
- docker-compose.dev.yml - Development environment
- deploy-docker.sh - One-command deployment script
- Makefile.docker - Advanced management commands
- .env.docker - Environment configuration template
- DOCKER_DEPLOYMENT.md - Complete deployment guide

## Container Images:
- pyguardian:controller - Cluster management (200MB)
- pyguardian:agent - Security monitoring (180MB)
- pyguardian:standalone - All-in-one deployment (220MB)
- pyguardian:development - Dev tools + Jupyter (350MB)

## Deployment Modes:
- Standalone: Single container with all features
- Cluster: Controller + scalable agents with JWT auth
- Production: Enterprise deployment with monitoring
- Development: Hot reload + debugging tools

## Key Features:
 Multi-stage Docker builds for optimization
 Privileged containers for system monitoring
 Host networking for firewall integration
 Volume persistence for data/logs/config
 Health checks and auto-restart
 Prometheus monitoring integration
 SSL/TLS support with custom certificates
 Automated backup and restore
 CI/CD ready builds

## Quick Commands:
./deploy-docker.sh standalone          # Quick start
./deploy-docker.sh cluster --scale 3   # Production cluster
make -f Makefile.docker prod-up        # Advanced management
make -f Makefile.docker health         # Health checks

Ready for enterprise Docker deployment! 🚀
2025-11-26 04:42:36 +09:00

169 lines
4.4 KiB
Docker
Raw Blame History

################################################################################
# PyGuardian Optimized Multi-stage Dockerfile
# Optimized for production deployment with minimal size and security
################################################################################
# Build stage - for compiling dependencies
FROM python:3.11-slim as builder
WORKDIR /build
# Install build dependencies
RUN apt-get update && apt-get install -y \
build-essential \
libffi-dev \
libssl-dev \
pkg-config \
&& rm -rf /var/lib/apt/lists/*
# Copy requirements and install to wheels
COPY requirements.txt .
RUN pip wheel --no-cache-dir --no-deps --wheel-dir /build/wheels -r requirements.txt
# Base runtime stage
FROM python:3.11-slim as runtime-base
# Create pyguardian user and group
RUN groupadd -r pyguardian && useradd -r -g pyguardian -s /bin/false pyguardian
# Install runtime system dependencies
RUN apt-get update && apt-get install -y \
iptables \
iputils-ping \
openssh-client \
curl \
sudo \
procps \
net-tools \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y \
&& apt-get autoclean
# Install Python dependencies from wheels
COPY --from=builder /build/wheels /wheels
COPY requirements.txt .
RUN pip install --no-cache-dir --no-index --find-links /wheels -r requirements.txt \
&& rm -rf /wheels requirements.txt
# Set up working directory
WORKDIR /opt/pyguardian
# Copy application code
COPY src/ ./src/
COPY config/ ./config/
COPY main.py .
COPY deployment/scripts/entrypoint.sh /entrypoint.sh
# Create necessary directories
RUN mkdir -p /opt/pyguardian/{data,logs,temp} \
&& chown -R pyguardian:pyguardian /opt/pyguardian \
&& chmod +x /entrypoint.sh
# Set environment variables
ENV PYTHONPATH=/opt/pyguardian \
PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PIP_NO_CACHE_DIR=1
# Production Controller Stage
FROM runtime-base as controller
# Expose API and monitoring ports
EXPOSE 8443 8444
# Add sudo permissions for iptables (controller needs firewall access)
RUN echo "pyguardian ALL=(root) NOPASSWD: /usr/sbin/iptables, /usr/sbin/ip6tables" >> /etc/sudoers
USER pyguardian
# Health check for controller API
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f -k https://localhost:8443/health || exit 1
# Default environment for controller
ENV PYGUARDIAN_MODE=controller \
PYGUARDIAN_LOG_LEVEL=INFO \
PYGUARDIAN_API_HOST=0.0.0.0 \
PYGUARDIAN_API_PORT=8443
ENTRYPOINT ["/entrypoint.sh"]
CMD ["controller"]
# Production Agent Stage
FROM runtime-base as agent
# Add sudo permissions for monitoring (agent needs system access)
RUN echo "pyguardian ALL=(root) NOPASSWD: /usr/sbin/iptables, /usr/sbin/ip6tables, /bin/systemctl" >> /etc/sudoers
USER pyguardian
# Health check for agent connectivity
HEALTHCHECK --interval=60s --timeout=15s --start-period=30s --retries=3 \
CMD python -c "import psutil; exit(0 if psutil.boot_time() else 1)" || exit 1
# Default environment for agent
ENV PYGUARDIAN_MODE=agent \
PYGUARDIAN_LOG_LEVEL=INFO
ENTRYPOINT ["/entrypoint.sh"]
CMD ["agent"]
# Standalone Mode (Development/Testing)
FROM runtime-base as standalone
# Expose API port
EXPOSE 8443
# Add sudo permissions for full functionality
RUN echo "pyguardian ALL=(root) NOPASSWD: ALL" >> /etc/sudoers
USER pyguardian
# Health check for standalone mode
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD python -c "import requests; requests.get('http://localhost:8443/health', timeout=5)" || exit 1
# Default environment for standalone
ENV PYGUARDIAN_MODE=standalone \
PYGUARDIAN_LOG_LEVEL=DEBUG \
PYGUARDIAN_API_HOST=0.0.0.0 \
PYGUARDIAN_API_PORT=8443
ENTRYPOINT ["/entrypoint.sh"]
CMD ["standalone"]
# Development Mode (with dev tools)
FROM runtime-base as development
# Install development tools
RUN apt-get update && apt-get install -y \
vim \
htop \
strace \
tcpdump \
&& rm -rf /var/lib/apt/lists/*
# Install development Python packages
RUN pip install --no-cache-dir \
pytest \
pytest-cov \
black \
flake8 \
ipython \
jupyter
# Expose additional ports for development
EXPOSE 8443 8888 8080
# Add sudo permissions
RUN echo "pyguardian ALL=(root) NOPASSWD: ALL" >> /etc/sudoers
USER pyguardian
# Development environment
ENV PYGUARDIAN_MODE=development \
PYGUARDIAN_LOG_LEVEL=DEBUG \
PYGUARDIAN_DEBUG=true
ENTRYPOINT ["/entrypoint.sh"]
CMD ["development"]
Reference in New Issue View Git Blame Copy Permalink