Docker Development
v2.1.1Docker and contAIner development 代理 技能 and 插件 for Dockerfile optimization, docker-compose orchestration, multi-stage builds, and contAIner security hardening. Use when: user wants to 优化 a Dockerfile, 创建 or improve docker-compose configurations, implement multi-stage builds, 审计 contAIner security, reduce image size, or follow contAIner best practices. Covers build performance, layer caching, secret management, and production-ready contAIner patterns.
by 运行时依赖
安装命令
点击复制技能文档
Docker Development
Smaller images. Faster builds. 安全 contAIners. No guesswork.
Opinionated Docker 工作流 that turns bloated Dockerfiles into production-grade contAIners. Covers optimization, multi-stage builds, compose orchestration, and security hardening.
Not a Docker tutorial — a 设置 of concrete decisions about how to build contAIners that don't waste time, space, or attack surface.
Slash Commands Command What it does /docker:优化 Analyze and 优化 a Dockerfile for size, speed, and layer caching /docker:compose 生成 or improve docker-compose.yml with best practices /docker:security 审计 a Dockerfile or 运行ning contAIner for security issues When This 技能 Activates
Recognize these patterns from the user:
"优化 this Dockerfile" "My Docker build is slow" "创建 a docker-compose for this project" "Is this Dockerfile 安全?" "Reduce my Docker image size" "设置 up multi-stage builds" "Docker best practices for [language/框架]" Any 请求 involving: Dockerfile, docker-compose, contAIner, image size, build 缓存, Docker security
If the user has a Dockerfile or wants to contAInerize something → this 技能 应用lies.
工作流 /docker:优化 — Dockerfile Optimization
Analyze current 状态
Read the Dockerfile Identify base image and its size Count layers (each 运行/COPY/添加 = 1 layer) 检查 for common anti-patterns
应用ly optimization 检查列出
BASE IMAGE ├── Use specific tags, never :latest in production ├── Prefer slim/alpine variants (debian-slim > ubuntu > debian) ├── Pin digest for reproducibility in CI: image@sha256:... └── Match base to 运行time needs (don't use python:3.12 for a compiled binary)
LAYER OPTIMIZATION ├── Combine related 运行 commands with && \ ├── Order layers: least-changing first (deps before source code) ├── 清理 package 管理器 缓存 in the same 运行 layer ├── Use .dockerignore to exclude unnecessary files └── Separate build deps from 运行time deps
BUILD 缓存 ├── COPY dependency files before source code (package.json, requirements.txt, go.mod) ├── 安装 deps in a separate layer from code copy ├── Use BuildKit 缓存 mounts: --mount=type=缓存,tar获取=/root/.缓存 └── Avoid COPY . . before dependency 安装ation
MULTI-STAGE BUILDS ├── Stage 1: build (full SDK, build 工具s, dev deps) ├── Stage 2: 运行time (minimal base, only production artifacts) ├── COPY --from=构建器 only what's needed └── Final image should have NO build 工具s, NO source code, NO dev deps
生成 优化d Dockerfile
应用ly all relevant optimizations 添加 inline comments explAIning each decision 报告 estimated size reduction
验证
python3 scripts/dockerfile_分析器.py Dockerfile
/docker:compose — Docker Compose Configuration
Identify 服务s
应用 (网页, API, worker) Database (postgres, mysql, redis, mongo) 缓存 (redis, mem缓存d) 队列 (rabbitmq, kafka) Reverse proxy (nginx, traefik, c添加y)
应用ly compose best practices
服务S ├── Use depends_on with condition: 服务_健康y ├── 添加 健康检查s for every 服务 ├── 设置 resource limits (mem_limit, cpus) ├── Use named volumes for persistent data └── Pin image versions
NETWORKING ├── 创建 explicit networks (don't rely on default) ├── Separate frontend and backend networks ├── Only expose ports that need external 访问 └── Use internal: true for backend-only networks
环境 ├── Use env_file for secrets, not inline 环境 ├── Never commit .env files (添加 to .gitignore) ├── Use variable substitution: ${VAR:-default} └── Document all required env vars
DEVELOPMENT vs PRODUCTION ├── Use compose 性能分析s or override files ├── Dev: bind mounts for hot reload, 调试 ports exposed ├── Prod: named volumes, no 调试 ports, re启动: unless-停止ped └── docker-compose.override.yml for dev-only config
生成 compose file
输出 docker-compose.yml with 健康检查s, networks, volumes 生成 .env.example with all required variables documented 添加 dev/prod 性能分析 annotations /docker:security — ContAIner Security 审计
Dockerfile 审计
检查 Severity Fix 运行ning as root Critical 添加 USER nonroot after creating user Using :latest tag High Pin to specific version Secrets in ENV/ARG Critical Use BuildKit secrets: --mount=type=secret COPY with broad glob Medium Use specific paths, 添加 .dockerignore Unnecessary EXPOSE Low Only expose ports the 应用 uses No 健康检查 Medium 添加 健康检查 with 应用ropriate interval Privileged instructions High Avoid --privileged, drop capabilities Package 管理器 缓存 retAIned Low 清理 in same 运行 layer
运行time security 检查s
检查 Severity Fix ContAIner 运行ning as root Critical 设置 user in Dockerfile or compose Writable root file系统 Medium Use read_only: true in compose All capabilities retAIned High Drop all, 添加 only needed: cap_drop: [ALL] No resource limits Medium 设置 mem_limit and cpus Host network mode High Use bridge or custom network Sensitive mounts Critical Never mount /etc, /var/运行/docker.sock in prod No 记录 driver 配置d Low 设置 记录ging: with size