- Home
- Skills
- Affaan M
- Everything Claude Code
- Docker Patterns
docker-patterns_skill
- JavaScript
46.5k
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill affaan-m/everything-claude-code --skill docker-patterns- SKILL.md8.0 KB
Overview
This skill provides practical Docker and Docker Compose patterns for local development, secure containers, networking, volume strategies, and multi-service orchestration. It bundles battle-tested configurations and clear anti-patterns to help teams move from ad-hoc Docker setups to reproducible, secure workflows. The guidance emphasizes development vs production distinctions, multi-stage builds, and runtime hardening.
How this skill works
The skill inspects common Dockerfile and docker-compose patterns and recommends concrete changes: multi-stage builds, non-root users, healthchecks, volume strategies, and network segmentation. It explains development overrides, compose file composition for production, and commands for debugging and maintenance. It also identifies security misconfigurations like embedded secrets, :latest tags, and excessive capabilities.
When to use it
- Setting up Docker Compose for local development with hot-reload and service dependencies
- Designing multi-container architectures that require service discovery and network isolation
- Hardening container images and runtime policies before staging or production
- Troubleshooting container networking, DNS, or volume persistence issues
- Migrating a local dev workflow to a reproducible container-based CI/CD pipeline
Best practices
- Use multi-stage Dockerfiles: separate deps, build, dev, and minimal production stages
- Run processes as a non-root user and pin explicit base image tags (avoid :latest)
- Keep secrets out of images; use env files or runtime secret mechanisms
- Expose only needed ports and use custom networks to restrict reachability
- Use named volumes for persistent data and bind mounts for source code in development
- Enable healthchecks, read-only root filesystems, and drop unnecessary capabilities
Example use cases
- Local web app stack with Node, Postgres, Redis and Mail testing using Compose and override files
- Creating a small production Compose deployment by combining docker-compose.yml with docker-compose.prod.yml
- Protecting container-installed dependencies from host bind mounts (anonymous volumes for node_modules)
- Segmenting frontend and backend networks so the database is reachable only by the API service
- Quickly diagnosing network or DNS issues using nslookup, wget, and docker network inspect
FAQ
Compose is fine for small deployments; for multi-node, scalable production use an orchestrator like Kubernetes, ECS, or Swarm.
How do I keep secrets out of images?
Do not bake secrets into Dockerfiles. Use runtime env files (gitignored), Docker secrets in orchestrators, or a secret manager injected at deploy time.