核心技术栈 rt ┌──────────┬─────────────────────────────┬──────────────────┐ │ 层级 │ 阿里云产品 │ 作用 │ ├──────────┼─────────────────────────────┼──────────────────┤ │ 镜像仓库 │ ACR容器镜像服务 │ 存储 Docker 镜像 │ ├──────────┼─────────────────────────────┼──────────────────┤ │ 容器编排 │ ACK容器服务 K8s 版 │ 运行 Pod │ ├──────────┼─────────────────────────────┼──────────────────┤ │ CI/CD │ 云效 Flow / GitHub Actions │ 自动构建部署 │ ├──────────┼─────────────────────────────┼──────────────────┤ │ 配置中心 │ ACM / Nacos / K8s ConfigMap │ 动态配置 │ ├──────────┼─────────────────────────────┼──────────────────┤ │ 负载均衡 │ SLB / ALB Ingress │ 流量入口 │ ├──────────┼─────────────────────────────┼──────────────────┤ │ 日志 │ SLS日志服务 │ 日志采集 │ └──────────┴─────────────────────────────┴──────────────────┘ --- 第一步Dockerfile 构建 Hyperf 是常驻内存进程不能用 php-fpm 镜像必须用 Swoole 镜像。# 多阶段构建减小镜像体积FROM hyperf/hyperf:8.1-alpine-v3.16-swoole AS builder WORKDIR /app# 只复制依赖文件利用 Docker 层缓存COPY composer.json composer.lock ./ RUNcomposerinstall--no-dev --no-scripts --optimize-autoloader COPY..RUNcomposerdump-autoload--optimize# 生产镜像FROM hyperf/hyperf:8.1-alpine-v3.16-swoole WORKDIR /app COPY--frombuilder /app.# 生成路由/注解缓存启动更快RUN php bin/hyperf.php vendor:publish--idconfig\php bin/hyperf.php di:init-proxy EXPOSE9501# 优雅停机SIGTERM 触发 Hyperf 的 graceful shutdownSTOPSIGNAL SIGTERM CMD[php,/app/bin/hyperf.php,start]--- 第二步配置管理 方案 AK8s ConfigMap Secret推荐简单场景# configmap.yamlapiVersion: v1 kind: ConfigMap metadata: name: hyperf-config namespace: production data: APP_ENV: production DB_HOST:rm-xxx.mysql.rds.aliyuncs.comREDIS_HOST:r-xxx.redis.rds.aliyuncs.com--- apiVersion: v1 kind: Secret metadata: name: hyperf-secret namespace: production type: Opaque stringData: DB_PASSWORD:your_passwordREDIS_PASSWORD:your_redis_password方案 B阿里云 ACM / Nacos推荐生产多服务场景 安装官方包# 阿里云 ACM应用配置管理composerrequire hyperf/config-aliyun-acm# 或使用 Nacos更推荐ACM 已逐步迁移到 Nacoscomposerrequire hyperf/config-nacos config/autoload/config_center.php?phpreturn[enabletrue,driverHyperf\ConfigNacos\NacosDriver::class,nacos[hostenv(NACOS_HOST,127.0.0.1),portenv(NACOS_PORT,8848),namespaceenv(NACOS_NAMESPACE,),usernameenv(NACOS_USERNAME,),passwordenv(NACOS_PASSWORD,),data_idenv(NACOS_DATA_ID,hyperf),groupenv(NACOS_GROUP,DEFAULT_GROUP),],];--- 第三步健康检查接口 K8s 的 liveness/readiness probe 必须有 HTTP 接口响应。 // app/Controller/HealthController.php?php namespace App\Controller;use Hyperf\HttpServer\Annotation\AutoController;#[AutoController(prefix: /)]class HealthController{publicfunctionhealth(): array{return[statusok,timestamptime()];}publicfunctionready(): array{// 可在此检查 DB/Redis 连通性return[statusready];}}--- 第四步K8s Deployment 配置# deployment.yamlapiVersion: apps/v1 kind: Deployment metadata: name: hyperf-app namespace: production spec: replicas:3selector: matchLabels: app: hyperf-app strategy: type: RollingUpdate rollingUpdate: maxSurge:1maxUnavailable:0# 零停机滚动更新template: metadata: labels: app: hyperf-app spec: terminationGracePeriodSeconds:60# 给 Hyperf 足够时间处理完请求containers: - name: hyperf image: registry.cn-hangzhou.aliyuncs.com/your-ns/hyperf-app:latest ports: - containerPort:9501envFrom: - configMapRef: name: hyperf-config - secretRef: name: hyperf-secret# 资源限制resources: requests: cpu:500mmemory:256Milimits: cpu:2memory:1Gi# 存活探针失败则重启容器livenessProbe: httpGet: path: /health port:9501initialDelaySeconds:10periodSeconds:15failureThreshold:3# 就绪探针失败则从 Service 摘除流量readinessProbe: httpGet: path: /ready port:9501initialDelaySeconds:5periodSeconds:10failureThreshold:2# 优雅停机钩子lifecycle: preStop: exec: command:[/bin/sh,-c,sleep 5]# 从 ACR 拉取镜像的凭证imagePullSecrets: - name: acr-secret --- apiVersion: v1 kind: Service metadata: name: hyperf-svc namespace: production spec: selector: app: hyperf-app ports: - port:80targetPort:9501type: ClusterIP ---# ALB Ingress阿里云 ALB 控制器apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: hyperf-ingress namespace: production annotations: kubernetes.io/ingress.class:albalb.ingress.kubernetes.io/scheme: internet-facing spec: rules: - host: api.yourdomain.com http: paths: - path: / pathType: Prefix backend: service: name: hyperf-svc port: number:80--- 第五步ACR 镜像仓库配置# 1. 登录 ACRdockerlogin--usernameyour_aliyun_account\registry.cn-hangzhou.aliyuncs.com# 2. 构建并推送dockerbuild-tregistry.cn-hangzhou.aliyuncs.com/your-ns/hyperf-app:v1.0.0.dockerpush registry.cn-hangzhou.aliyuncs.com/your-ns/hyperf-app:v1.0.0# 3. 在 ACK 中创建拉取镜像的 Secretkubectl create secret docker-registry acr-secret\--docker-serverregistry.cn-hangzhou.aliyuncs.com\--docker-usernameyour_aliyun_account\--docker-passwordyour_password\--namespaceproduction --- 第六步CI/CD 流水线GitHub Actions 示例# .github/workflows/deploy.ymlname: Deploy to ACK on: push: branches:[main]env: ACR_REGISTRY: registry.cn-hangzhou.aliyuncs.com ACR_NAMESPACE: your-ns IMAGE_NAME: hyperf-app jobs: build-and-deploy: runs-on: ubuntu-latest steps: - uses: actions/checkoutv4 - name: Login to ACR run:|dockerlogin$ACR_REGISTRY\-u${{ secrets.ALIYUN_USERNAME }}\-p${{ secrets.ALIYUN_PASSWORD }}- name: BuildPush run:|IMAGE_TAG$ACR_REGISTRY/$ACR_NAMESPACE/$IMAGE_NAME:${{ github.sha }}dockerbuild-t$IMAGE_TAG.dockerpush$IMAGE_TAGechoIMAGE_TAG$IMAGE_TAG$GITHUB_ENV- name: Setup kubectl uses: aliyun/ack-set-contextv1 with: access-key-id:${{ secrets.ALIYUN_AK_ID }}access-key-secret:${{ secrets.ALIYUN_AK_SECRET }}cluster-id:${{ secrets.ACK_CLUSTER_ID }}- name: Rolling Deploy run:|kubectlsetimage deployment/hyperf-app\hyperf${{ env.IMAGE_TAG }}\--namespaceproduction kubectl rollout status deployment/hyperf-app\--namespaceproduction--timeout120s --- 第七步HPA 弹性伸缩 apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: hyperf-hpa namespace: production spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: hyperf-app minReplicas:2maxReplicas:20metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization:70- type: Resource resource: name: memory target: type: Utilization averageUtilization:80--- 关键注意事项 Hyperf 特有问题 - Swoole 常驻进程terminationGracePeriodSeconds 必须Hyperf 的 max_wait_time默认 3s建议设 60s - 不要用 php-fpm 基础镜像必须用 hyperf/hyperf 或含 Swoole 的镜像 - 生产环境开启注解缓存scan_cacheable: trueconfig/config.php 阿里云 ACK 特有 - 使用 ACR 企业版而非个人版支持镜像安全扫描和加速 - 开启 ACK 的 ARMS应用实时监控可直接监控 PHP 进程 - 日志用 SLS 采集在 ACK 控制台一键开启日志组件即可