Claude-skill-registry java-docker
Containerize Java applications - Dockerfile optimization, JVM settings, security
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/java-docker" ~/.claude/skills/majiayu000-claude-skill-registry-java-docker && rm -rf "$T"
manifest:
skills/data/java-docker/SKILL.mdsource content
Java Docker Skill
Containerize Java applications with optimized Dockerfiles and JVM settings.
Overview
This skill covers Docker best practices for Java including multi-stage builds, JVM container settings, security hardening, and layer optimization.
When to Use This Skill
Use when you need to:
- Create optimized Java Dockerfiles
- Configure JVM for containers
- Implement security best practices
- Reduce image size
- Set up health checks
Topics Covered
Dockerfile Optimization
- Multi-stage builds
- Layer caching strategy
- Spring Boot layered JARs
- Dependency caching
JVM Container Settings
- UseContainerSupport
- MaxRAMPercentage
- GC selection
- Exit on OOM
Security
- Non-root users
- Read-only filesystem
- Vulnerability scanning
- Secrets handling
Quick Reference
# Multi-stage optimized Dockerfile FROM eclipse-temurin:21-jdk-alpine AS builder WORKDIR /app # Cache dependencies COPY pom.xml . COPY .mvn .mvn RUN mvn dependency:go-offline -B # Build and extract layers COPY src ./src RUN mvn package -DskipTests && \ java -Djarmode=layertools -jar target/*.jar extract # Runtime stage FROM eclipse-temurin:21-jre-alpine # Security: non-root user RUN addgroup -S app && adduser -S app -G app USER app WORKDIR /app # Copy layers in order of change frequency COPY --from=builder /app/dependencies/ ./ COPY --from=builder /app/spring-boot-loader/ ./ COPY --from=builder /app/snapshot-dependencies/ ./ COPY --from=builder /app/application/ ./ # JVM container settings ENV JAVA_OPTS="-XX:+UseContainerSupport \ -XX:MaxRAMPercentage=75.0 \ -XX:+ExitOnOutOfMemoryError \ -XX:+UseG1GC" EXPOSE 8080 HEALTHCHECK --interval=30s --timeout=3s --start-period=30s \ CMD wget -qO- http://localhost:8080/actuator/health/liveness || exit 1 ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS org.springframework.boot.loader.launch.JarLauncher"]
JVM Container Flags
# Recommended production settings JAVA_OPTS=" -XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0 -XX:InitialRAMPercentage=50.0 -XX:+ExitOnOutOfMemoryError -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp/heapdump.hprof -XX:+UseG1GC -Djava.security.egd=file:/dev/./urandom "
Base Image Comparison
| Image | Size | Security | Use Case |
|---|---|---|---|
| temurin:21-jre | ~200MB | Good | General use |
| temurin:21-jre-alpine | ~100MB | Good | Size-optimized |
| distroless/java21 | ~80MB | Best | Production |
Security Best Practices
# Non-root user RUN addgroup -S app && adduser -S app -G app USER app # Read-only filesystem # (Configure at runtime with --read-only) # No shell access with distroless FROM gcr.io/distroless/java21-debian12 # Health check HEALTHCHECK --interval=30s --timeout=3s \ CMD wget -qO- localhost:8080/actuator/health || exit 1
Troubleshooting
Common Issues
| Problem | Cause | Solution |
|---|---|---|
| OOMKilled | Heap > limit | Set MaxRAMPercentage |
| Slow startup | Large image | Multi-stage build |
| Permission denied | Root required | Fix file permissions |
| No memory info | Old JVM | Update to Java 11+ |
Debug Checklist
□ Check container memory limits □ Verify JVM sees container limits □ Review health check configuration □ Scan image for vulnerabilities □ Test with resource constraints
Usage
Skill("java-docker")
Related Skills
- Build integrationjava-maven-gradle
- K8s deploymentjava-microservices