arosenkranz/docker-patterns
plugins/backend-and-infra/skills/docker-patterns/SKILL.md
Docker and Docker Compose reference patterns for local development, container security, networking, volume strategies, and multi-service orchestration. Complements docker-compose-setup (scaffolding) with best-practice reference.
$ install --global
skillsauthnpx skillsauth add arosenkranz/claude-code-config docker-patternsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 5:14 AM64.3s1 file scanned
SKILL.md
- name:
- docker-patterns
- description:
- Docker and Docker Compose reference patterns for local development, container security, networking, volume strategies, and multi-service orchestration. Complements docker-compose-setup (scaffolding) with best-practice reference.
Docker Patterns
Reference guide for Docker and Docker Compose best practices. Use alongside /docker-compose-setup for scaffolding.
When to Activate
- Setting up Docker Compose for local development
- Designing multi-container architectures
- Troubleshooting container networking or volume issues
- Reviewing Dockerfiles for security and size
- Homelab stack work on Raspberry Pi 5
Multi-Stage Dockerfile (Dev + Production)
# Stage: dependencies
FROM node:22-alpine AS deps
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
# Stage: dev (hot reload)
FROM node:22-alpine AS dev
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
EXPOSE 3000
CMD ["npm", "run", "dev"]
# Stage: production (minimal image)
FROM node:22-alpine AS production
WORKDIR /app
RUN addgroup -g 1001 -S appgroup && adduser -S appuser -u 1001
USER appuser
COPY --from=build --chown=appuser:appgroup /app/dist ./dist
COPY --from=build --chown=appuser:appgroup /app/node_modules ./node_modules
ENV NODE_ENV=production
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:3000/health || exit 1
CMD ["node", "dist/server.js"]
Compose Patterns
Service Discovery
Services in the same Compose network resolve by service name:
postgres://postgres:postgres@db:5432/app_dev
redis://redis:6379/0
Network Isolation
services:
frontend:
networks: [frontend-net]
api:
networks: [frontend-net, backend-net]
db:
networks: [backend-net] # Only reachable from api
Volume Strategies
volumes:
- .:/app # Bind mount for hot reload
- /app/node_modules # Protect container deps from host
- pgdata:/var/lib/postgresql/data # Named volume for persistence
Override Files
docker compose up # Auto-loads override (dev)
docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d # Production
Container Security Checklist
- Use specific image tags (never
:latest) - Run as non-root user
security_opt: [no-new-privileges:true]read_only: truewith tmpfs for writable dirscap_drop: [ALL], add back only what's needed- Never put secrets in image layers — use
.envfiles or Docker secrets - Expose ports to
127.0.0.1only when not needed on network
Raspberry Pi / ARM64 Considerations
- Verify images support
linux/arm64(check Docker Hub tags) - Use Alpine-based images for lower memory footprint
- Set memory limits:
deploy.resources.limits.memory: 256M - Use
platform: linux/arm64in compose to catch mismatches early - Monitor with Datadog Agent (already running on Pi 5)
Debugging Quick Reference
docker compose logs -f app # Follow logs
docker compose exec app sh # Shell in
docker compose exec db psql -U postgres
docker compose ps # Running services
docker stats # Resource usage
docker compose down -v # Stop + remove volumes (DESTRUCTIVE)
docker system prune # Clean unused images
Anti-Patterns
- Running compose in production without orchestration
- Storing data in containers without volumes
- Running as root
- One giant container with all services
- Putting secrets in docker-compose.yml
Related Skills
arosenkranz/spec-and-plan
tools
VerifiedTrustedCommunity
Lightweight orchestrator for spec-before-plan workflow. Use when starting a feature with ambiguous requirements. Walks SPEC.md → PLAN.md → execute, delegating to /superpowers:writing-plans and /superpowers:executing-plans. Invoke when asked to "spec this out", "spec-first", "spec and plan for X", or when feature requirements are vague.
1SKILL.mdUpdated May 12, 2026
arosenkranz/problem-statement
tools
VerifiedTrustedCommunity
Problem Statement Co-Authoring Skill
1SKILL.mdUpdated Apr 23, 2026
arosenkranz/maintaining-brag-docs
development
VerifiedTrustedCommunity
Structure and maintain professional brag documents with clear templates for accomplishments, projects, and growth tracking. Use when documenting achievements, creating brag document entries, formatting accomplishments, or tracking career progress.
1SKILL.mdUpdated Apr 23, 2026
arosenkranz/linting-technical-writing
development
VerifiedTrustedCommunity
Analyze technical documentation for clarity, conciseness, and effectiveness using Google Technical Writing principles. Use when reviewing documentation, checking writing quality, improving docs, or providing writing feedback.
1SKILL.mdUpdated Apr 23, 2026