OpenSkillIndex← back to search
claude-code

Claude-skill-registry-data docker-deployment

Comprehensive Docker containerization for Python/FastAPI applications, from simple hello-world apps to production-ready deployments with security best practices, multi-stage builds, and optimized configurations. Use when containerizing Python/FastAPI applications for development, testing, or production environments, including Dockerfile creation, Docker Compose setup, security hardening, and production optimization.

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry-data
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry-data "$T" && mkdir -p ~/.claude/skills && cp -r "$T/data/docker-deployment-aqsagull99-hackathon-2-todo-app" ~/.claude/skills/majiayu000-claude-skill-registry-data-docker-deployment && rm -rf "$T"
manifest: data/docker-deployment-aqsagull99-hackathon-2-todo-app/SKILL.md
source content

Docker Deployment for Python/FastAPI Applications

This skill provides comprehensive support for containerizing Python/FastAPI applications, from simple hello-world apps to production-ready deployments with security best practices, including prerequisite verification and resource configuration for AI services.

Prerequisites Validation

Before using this skill, verify your Docker installation and system resources:

Docker Installation Verification

# Check Docker version
docker --version

# Check Docker Compose version
docker compose version

# Test Docker functionality
docker run hello-world

# Check Docker system info
docker info

System Resource Requirements

For AI services and production deployments:

  • Minimum 4GB RAM allocated to Docker
  • Recommended 8GB+ RAM for AI workloads
  • At least 2 CPU cores allocated
  • Sufficient disk space for container images

Docker Desktop Setup (Recommended)

# For Linux
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

# For AI services with GPU support (Linux)
sudo apt install nvidia-container-toolkit
sudo systemctl restart docker

When to Use This Skill

Use this skill when you need to:

  1. Containerize Python/FastAPI applications with optimized Dockerfiles
  2. Create multi-stage builds for security and efficiency
  3. Generate Docker Compose files for multi-service applications
  4. Apply security best practices to Docker configurations
  5. Optimize applications for production deployment
  6. Set up proper environment variables and secrets management
  7. Configure resource allocation for AI services and heavy workloads
  8. Validate Docker installation and system prerequisites

Resource Configuration for AI Services

When deploying AI services or resource-intensive applications, configure Docker resources appropriately:

Docker Run Resource Constraints

# Memory and CPU limits
docker run -m 4g --cpus=2.0 my-ai-service

# With GPU support (NVIDIA)
docker run --gpus all -m 8g --cpus=4.0 my-ai-service

# PID limits for container isolation
docker run --pids-limit 100 my-ai-service

Docker Compose Resource Configuration

version: "3.8"

services:
  ai-service:
    image: my-ai-service:latest
    deploy:
      resources:
        limits:
          cpus: '4.0'
          memory: 8G
          pids: 200
        reservations:
          cpus: '2.0'
          memory: 4G
    # For GPU support
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: all
              capabilities: [gpu]

Docker Desktop Resource Allocation

For Docker Desktop:

  1. Go to Settings > Resources
  2. Allocate sufficient memory (recommended 8GB+ for AI workloads)
  3. Set CPU cores (at least 4 for AI services)
  4. Configure Swap space if needed

Quick Start

Basic Dockerfile Generation

For a simple Python/FastAPI application:

# syntax=docker/dockerfile:1

# === Build stage: Install dependencies and create virtual environment ===
FROM python:3.11-slim AS builder

ENV LANG=C.UTF-8
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV PIP_NO_CACHE_DIR=1
ENV PIP_DISABLE_PIP_VERSION_CHECK=1

WORKDIR /app

# Install system dependencies if needed
RUN apt-get update && apt-get install -y --no-install-recommends \
    gcc \
    && rm -rf /var/lib/apt/lists/*

# Install Python dependencies
COPY requirements.txt .
RUN pip install --user --no-cache-dir -r requirements.txt

# === Final stage: Create minimal runtime image ===
FROM python:3.11-slim

ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1

WORKDIR /app

# Create non-root user for security
RUN useradd --create-home --shell /bin/bash appuser

# Copy Python dependencies from builder stage
COPY --from=builder --chown=appuser:appuser /root/.local /home/appuser/.local

# Copy application code
COPY --chown=appuser:appuser . .

# Switch to non-root user
USER appuser

# Make sure scripts in .local are usable
ENV PATH=/home/appuser/.local/bin:$PATH

EXPOSE 8000

HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:8000/health || exit 1

CMD ["python", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

Production Dockerfile with Security Hardened Images (DHI)

For enhanced security in production:

# syntax=docker/dockerfile:1

# === Build stage: Install dependencies and create virtual environment ===
FROM dhi.io/python:3.11-alpine3.18-dev AS builder

ENV LANG=C.UTF-8
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV PATH="/app/venv/bin:$PATH"

WORKDIR /app

RUN python -m venv /app/venv
COPY requirements.txt .

# Install any additional packages if needed using apk
RUN apk add --no-cache gcc musl-dev && \
    pip install --no-cache-dir -r requirements.txt

# === Final stage: Create minimal runtime image ===
FROM dhi.io/python:3.11-alpine3.18

WORKDIR /app

ENV PYTHONUNBUFFERED=1
ENV PATH="/app/venv/bin:$PATH"

# Create non-root user for security
RUN addgroup -g 1001 -S appgroup && \
    adduser -S appuser -u 1001 -G appgroup

COPY app.py ./
COPY --from=builder /app/venv /app/venv

# Switch to non-root user
USER appuser

EXPOSE 8000

CMD ["python", "-m", "uvicorn", "app:app", "--host", "0.0.0.0", "--port", "8000"]

Multi-Service Docker Compose Setup

For applications requiring databases and other services:

version: "3.8"

services:
  web:
    build:
      context: .
      target: final
    ports:
      - "8000:8000"
    environment:
      - DATABASE_URL=postgresql://user:password@db:5432/myapp
      - REDIS_URL=redis://redis:6379
    env_file:
      - .env
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    restart: unless-stopped

  db:
    image: postgres:15
    restart: unless-stopped
    volumes:
      - postgres_data:/var/lib/postgresql/data/
    environment:
      - POSTGRES_DB=myapp
      - POSTGRES_USER=user
      - POSTGRES_PASSWORD=password
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U user -d myapp"]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  postgres_data:

Advanced Security Configuration

For production environments with secrets management:

version: "3.8"

services:
  web:
    build:
      context: .
      target: final
    ports:
      - "8000:8000"
    environment:
      - DATABASE_URL=postgresql://user:password@db:5432/myapp
    env_file:
      - .env
    secrets:
      - db_password
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped
    # Additional security settings
    read_only: true
    tmpfs:
      - /tmp
      - /run
    cap_drop:
      - ALL

  db:
    image: postgres:15
    restart: unless-stopped
    volumes:
      - postgres_data:/var/lib/postgresql/data/
    environment:
      - POSTGRES_DB=myapp
      - POSTGRES_USER=user
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
    secrets:
      - db_password
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U user -d myapp"]
      interval: 10s
      timeout: 5s
      retries: 5
    cap_drop:
      - ALL

secrets:
  db_password:
    file: ./secrets/db_password.txt

volumes:
  postgres_data:

Key Docker Best Practices Applied

  1. Multi-stage builds: Separate build and runtime environments to reduce attack surface
  2. Non-root users: Run containers as non-root users for security
  3. Minimal base images: Use slim/alpine images to reduce vulnerabilities
  4. Health checks: Built-in application health monitoring
  5. Environment variables: Proper configuration management
  6. Secrets management: Secure handling of sensitive data
  7. Resource limits: Optional CPU and memory constraints for stability
  8. Production optimizations: Optimized pip installs, bytecode caching disabled

Scripts Available

See DOCKER-SCRIPTS.md for automated Dockerfile generation scripts.

Security Considerations

See SECURITY.md for detailed security best practices and production hardening techniques.

Optimization Techniques

See OPTIMIZATION.md for performance tuning and optimization strategies.

Prerequisites and Validation

See PREREQUISITES.md for system requirements, Docker installation validation, and resource allocation guidelines for AI services.