docker

Solid

Optimize Docker images with multi-stage builds, distroless bases, BuildKit cache mounts, multi-arch builds, compose watch, security hardening (non-root, seccomp, capabilities drop), and vulnerability scanning via docker scout/trivy. Use when user asks to write a Dockerfile, optimize image size, set up docker-compose, debug containers, harden container security, or scan for CVEs. Do NOT use for Kubernetes deployments (use kubernetes), CI/CD pipeline design (use ci-cd), or Terraform (use terraform).

DevOps & Infrastructure 96 stars 12 forks Updated yesterday MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Docker Architect Production-grade Dockerfiles, multi-stage builds, cache optimization, security scanning, and local development. Applies Google's distroless philosophy and Docker BuildKit best practices. ## Decision Framework Before containerizing, answer: - Does the app need process isolation? → Docker - Will it deploy to Kubernetes? → Docker + distroless + non-root - Is it a monolith with simple deployment? → Docker Compose - Is it a static site? → Consider nginx:alpine single-stage - Is the team already using Docker Compose in dev? → Start there, add K8s when needed - Is the app latency-sensitive (sub-ms)? → Bare metal or VM; container overhead matters at extreme scale ## Workflow ### Quick start: `docker init` For new projects, run `docker init` in the project root. It auto-detects the language/framework and generates a Dockerfile, `.dockerignore`, and `compose.yaml` with best-practice defaults. Always review and harden the output — the generated files are a starting point, not production-ready. ### Step 1: Identify stack and choose template | Stack | Base image | Build stage | Runtime | |-------|-----------|-------------|---------| | Node.js | node:22-slim | Full SDK | gcr.io/distroless/nodejs | | Go | golang:1.23-alpine | Full SDK | scratch | | Python | python:3.12-slim | Full SDK | python:3.12-slim | | Rust | rust:1.78-slim | Full SDK | gcr.io/distroless/cc | **Decision**: If the stack is listed above, use the corresponding production Dockerfile below. If no...

Details

Author: EliasOulkadi
Repository: EliasOulkadi/shokunin
Created: 1 months ago
Last Updated: yesterday
Language: HTML
License: MIT

Integrates with

ChromaDB · Database Docker · Infrastructure Kubernetes · Infrastructure Terraform · Infrastructure Model Context Protocol · AI

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Listed

docker-architect

Docker standards — multi-stage builds, per-language base defaults (distroless Go, slim Python/Node), BuildKit cache mounts, non-root, multi-arch amd64+arm64, digest-pinned bases, Trivy scanning, Compose v2. Use when writing or reviewing Dockerfiles or Compose files.

2 Updated yesterday

ralvarezdev

DevOps & Infrastructure Listed

writing-dockerfiles

Writing optimized, secure, multi-stage Dockerfiles with language-specific patterns (Python, Node.js, Go, Rust), BuildKit features, and distroless images. Use when containerizing applications, optimizing existing Dockerfiles, or reducing image sizes.

374 Updated 6 months ago

ancoleman

DevOps & Infrastructure Listed

dockerfile-best-practices

Create and optimize Dockerfiles with BuildKit, multi-stage builds, advanced caching, and security. Use this skill whenever you need to create, modify, or optimize a Dockerfile or a Docker Compose file. Also trigger when the user discusses container images, build performance, or Docker security — even if they don't explicitly mention 'Dockerfile'.

3 Updated 2 weeks ago

obeone