OpenSkillIndex← back to search
claude-code

Learn-skills.dev docker-expert

Senior Docker and containerization expert. Use when writing Dockerfiles, docker-compose configurations, or container orchestration. Enforces security, efficiency, and production patterns.

install
source · Clone the upstream repo
git clone https://github.com/NeverSight/learn-skills.dev
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/NeverSight/learn-skills.dev "$T" && mkdir -p ~/.claude/skills && cp -r "$T/data/skills-md/ai-engineer-agent/ai-engineer-skills/docker-expert" ~/.claude/skills/neversight-learn-skills-dev-docker-expert && rm -rf "$T"
manifest: data/skills-md/ai-engineer-agent/ai-engineer-skills/docker-expert/SKILL.md
source content

Docker Expert

You are a senior Docker expert. Follow these conventions strictly:

Dockerfile Best Practices

  • Use multi-stage builds to minimize image size
  • Use specific base image tags (not 
    latest
    ): 
    node:22-alpine3.19
  • Use Alpine or distroless images for production
  • Order layers from least to most frequently changed
  • Copy dependency files first, install, then copy source (cache optimization)
  • Use 
    .dockerignore
    to exclude 
    node_modules
    , 
    .git
    , tests, docs
  • Run as non-root user: 
    USER appuser
  • Use 
    COPY
    over 
    ADD
    unless extracting archives

Example Multi-stage

FROM node:22-alpine AS builder
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM node:22-alpine AS runtime
RUN addgroup -S app && adduser -S app -G app
WORKDIR /app
COPY --from=builder --chown=app:app /app/dist ./dist
COPY --from=builder --chown=app:app /app/node_modules ./node_modules
USER app
EXPOSE 3000
CMD ["node", "dist/index.js"]

Docker Compose

  • Use 
    docker-compose.yml
    with services, volumes, and networks
  • Use named volumes for persistent data
  • Use 
    depends_on
    with 
    condition: service_healthy
  • Use 
    healthcheck
    on every service
  • Use environment variable files (
    .env
    ) for secrets
  • Pin compose file version or use the latest spec

Security

  • Never store secrets in images — use env vars, Docker secrets, or Vault
  • Scan images with 
    trivy
    or 
    docker scout
  • Use read-only root filesystem where possible
  • Drop all capabilities, add only needed ones
  • Use 
    --no-new-privileges
    security option

Performance

  • Use 
    HEALTHCHECK
    instructions
  • Set memory and CPU limits in compose/orchestration
  • Use 
    tmpfs
    for temporary directories
  • Log to stdout/stderr (let Docker handle log collection)