Best practices for containerizing applications with Docker.
Provides Docker best practices for creating optimized, secure containers. Use when writing Dockerfiles or docker-compose.yml files to get multi-stage builds, security hardening, and layer optimization patterns.
/plugin marketplace add mindmorass/reflex/plugin install reflex@mindmorass-reflexThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Best practices for containerizing applications with Docker.
Separate build and runtime environments to minimize image size.
# Build stage
FROM python:3.12-slim AS builder
WORKDIR /app
# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
&& rm -rf /var/lib/apt/lists/*
# Install Python dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir --user -r requirements.txt
# Production stage
FROM python:3.12-slim
WORKDIR /app
# Copy only runtime dependencies
COPY --from=builder /root/.local /root/.local
ENV PATH=/root/.local/bin:$PATH
# Copy application code
COPY . .
# Run as non-root user
RUN useradd -m -r appuser && chown -R appuser:appuser /app
USER appuser
EXPOSE 8000
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build
# Production stage
FROM node:20-alpine
WORKDIR /app
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/dist ./dist
COPY package*.json ./
USER node
EXPOSE 3000
CMD ["node", "dist/index.js"]
# Build stage
FROM golang:1.22-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o /app/server
# Production stage - scratch for minimal size
FROM scratch
COPY --from=builder /app/server /server
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
EXPOSE 8080
ENTRYPOINT ["/server"]
Put rarely-changing layers first to maximize cache hits.
# Least frequently changed (maximize cache)
FROM python:3.12-slim
WORKDIR /app
# Dependencies change occasionally
COPY requirements.txt .
RUN pip install -r requirements.txt
# Application code changes frequently
COPY . .
CMD ["python", "main.py"]
Reduce layers by combining commands.
# Bad - 3 layers
RUN apt-get update
RUN apt-get install -y curl
RUN rm -rf /var/lib/apt/lists/*
# Good - 1 layer
RUN apt-get update \
&& apt-get install -y --no-install-recommends curl \
&& rm -rf /var/lib/apt/lists/*
# Create and switch to non-root user
RUN useradd -m -r -s /bin/false appuser
USER appuser
# docker-compose.yml
services:
app:
read_only: true
tmpfs:
- /tmp
# Bad - unpredictable
FROM python:latest
# Good - reproducible
FROM python:3.12.1-slim-bookworm
# Using Docker Scout
docker scout cves myimage:latest
# Using Trivy
trivy image myimage:latest
Always include to avoid copying unnecessary files.
# Git
.git
.gitignore
# Python
__pycache__
*.pyc
*.pyo
.venv
venv
# Node
node_modules
npm-debug.log
# IDE
.vscode
.idea
*.swp
# Docker
Dockerfile*
docker-compose*
.docker
# Local config
.env
*.local
# Build artifacts
dist
build
*.egg-info
# Tests
tests
*_test.py
test_*
# Documentation
docs
*.md
!README.md
version: '3.8'
services:
app:
build:
context: .
target: development
volumes:
- .:/app # Live reload
- /app/node_modules # Preserve node_modules
environment:
- NODE_ENV=development
- DEBUG=true
ports:
- "3000:3000"
depends_on:
db:
condition: service_healthy
db:
image: postgres:16
environment:
POSTGRES_USER: dev
POSTGRES_PASSWORD: devpass
POSTGRES_DB: devdb
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U dev"]
interval: 5s
timeout: 5s
retries: 5
volumes:
postgres_data:
version: '3.8'
services:
app:
image: myregistry/myapp:${VERSION:-latest}
deploy:
replicas: 3
resources:
limits:
cpus: '0.5'
memory: 512M
reservations:
cpus: '0.25'
memory: 256M
restart_policy:
condition: on-failure
max_attempts: 3
environment:
- NODE_ENV=production
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
COPY healthcheck.sh /usr/local/bin/
HEALTHCHECK --interval=30s --timeout=10s --retries=3 \
CMD healthcheck.sh
# Build-time arguments (not in final image)
ARG BUILD_VERSION=unknown
# Runtime environment variables
ENV APP_VERSION=${BUILD_VERSION}
ENV LOG_LEVEL=info
# docker-compose.yml
services:
app:
env_file:
- .env # Base config
- .env.${ENV:-local} # Environment-specific
services:
frontend:
networks:
- frontend
- backend
api:
networks:
- backend
db:
networks:
- backend
networks:
frontend:
backend:
internal: true # No external access
volumes:
postgres_data:
driver: local
redis_data:
volumes:
- ./src:/app/src:ro # Read-only
- ./config:/app/config # Read-write
# Check what's taking space
docker history myimage:latest
# Solutions:
# - Use multi-stage builds
# - Use slim/alpine base images
# - Clean up package manager cache
# - Use .dockerignore
# Solutions:
# - Optimize layer ordering
# - Use BuildKit: DOCKER_BUILDKIT=1
# - Use cache mounts for package managers
RUN --mount=type=cache,target=/root/.cache/pip \
pip install -r requirements.txt
# Debug steps:
docker logs <container>
docker exec -it <container> /bin/sh
docker inspect <container>
Before deploying:
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.