Docker & Kubernetes for Go Services

Build tiny images, ship to any cluster, and operate production-grade Go services.

• Production Dockerfiles (Multi-Stage):

  • Stage 1 (builder): enable CGO_ENABLED=0, -ldflags "-s -w" for smaller binaries.

  • Stage 2 (runtime): FROM gcr.io/distroless/base-debian12 or scratch for minimal attack surface.

  • Copy CA certs if needed for outbound TLS; set USER 65532 (non-root).

• Runtime Config & Health:

  • Follow 12-factor: env vars for ports/DSNs, graceful shutdown with context and http.Server.Shutdown.

  • Expose /healthz (liveness) and /readyz (readiness) endpoints; check DB/cache dependencies.

• Kubernetes Essentials:

  • Manifests/Helm: Deploy Deployment + Service + HPA + ConfigMap + Secret.

  • Probes: Liveness for process health, readiness for dependency gating.

  • Scaling: HPA on CPU or custom metrics (RPS, queue depth).

  • Rollouts: Rolling updates, surge/unavailable settings; ensure zero-downtime with connection draining.

• Observability:

  • OpenTelemetry traces + Prometheus metrics (histogram for latency, counter for requests).

  • Structured logs (JSON) with request IDs; wire log level via env.

• Practical Lab:

  • Containerize an HTTP API, push to registry, deploy with Helm, validate probes, simulate failures, and roll back cleanly.