# NVIDIA Sidecar 限流代理 — 生产 Docker 镜像 (BIZ-46 Phase3 §4) # # 构建: # docker build -t nvidia-sidecar:latest . # # 运行: # docker run -d --name nvidia-sidecar \ # -p 127.0.0.1:9190:9190 \ # -p 127.0.0.1:9191:9191 \ # -e SIDECAR_API_KEY="nvapi-xxx" \ # -e SIDECAR_RATE_RPM=40 \ # -v $(pwd)/logs:/opt/nvidia-sidecar/logs \ # nvidia-sidecar:latest FROM python:3.12-slim AS base WORKDIR /app # 安装依赖(利用 Docker 层缓存) COPY pyproject.toml . RUN pip install --no-cache-dir fastapi>=0.115 \ "uvicorn[standard]>=0.34" httpx>=0.28 PyYAML>=6.0 \ structlog>=24.4 "prometheus-client>=0.21" pydantic>=2.0 # 复制源码 COPY . . # 非 root 用户运行 RUN useradd -r -m -s /bin/false sidecar \ && mkdir -p /opt/nvidia-sidecar/logs \ && chown -R sidecar:sidecar /app /opt/nvidia-sidecar/logs USER sidecar # 健康检查 HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ CMD python -c "import httpx; r=httpx.get('http://127.0.0.1:9190/health'); exit(0 if r.status_code==200 else 1)" EXPOSE 9190 9191 CMD ["uvicorn", "nvidia_sidecar.server:app", "--host", "0.0.0.0", "--port", "9190"]