bagelhole/docker-management
devops/containers/docker-management/SKILL.md
Build, optimize, and troubleshoot Docker containers and images. Create efficient Dockerfiles, manage container lifecycle, configure networking and volumes, and debug container issues. Use when working with Docker, containerization, or container troubleshooting.
$ install --global
skillsauthnpx skillsauth add bagelhole/devops-security-agent-skills docker-managementInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 5:02 PM75.2s2 files scanned
SKILL.md
- name:
- docker-management
- description:
- Build, optimize, and troubleshoot Docker containers and images. Create efficient Dockerfiles, manage container lifecycle, configure networking and volumes, and debug container issues. Use when working with Docker, containerization, or container troubleshooting.
- license:
- MIT
- author:
- devops-skills
- version:
- 1.0
Docker Management
Build, run, and manage Docker containers for application deployment and development.
When to Use This Skill
Use this skill when:
- Creating and optimizing Dockerfiles
- Building and tagging Docker images
- Running and managing containers
- Debugging container issues
- Configuring Docker networking and volumes
- Implementing container security best practices
Prerequisites
- Docker Engine installed (20.10+)
- Basic command line knowledge
- Understanding of application deployment
Dockerfile Best Practices
Multi-Stage Build
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build
# Production stage
FROM node:20-alpine AS production
WORKDIR /app
RUN addgroup -g 1001 -S nodejs && \
adduser -S nodejs -u 1001
COPY --from=builder --chown=nodejs:nodejs /app/dist ./dist
COPY --from=builder --chown=nodejs:nodejs /app/node_modules ./node_modules
USER nodejs
EXPOSE 3000
CMD ["node", "dist/index.js"]
Layer Optimization
FROM python:3.12-slim
# Install dependencies first (cached unless requirements change)
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# Copy application code (changes frequently)
COPY . .
CMD ["python", "app.py"]
Security Hardening
FROM node:20-alpine
# Create non-root user
RUN addgroup -g 1001 appgroup && \
adduser -u 1001 -G appgroup -D appuser
WORKDIR /app
# Copy with proper ownership
COPY --chown=appuser:appgroup . .
# Drop privileges
USER appuser
# Use exec form for proper signal handling
CMD ["node", "server.js"]
Building Images
Basic Build
# Build with tag
docker build -t myapp:1.0 .
# Build with build args
docker build --build-arg NODE_ENV=production -t myapp:prod .
# Build for specific platform
docker build --platform linux/amd64 -t myapp:amd64 .
# Build with no cache
docker build --no-cache -t myapp:fresh .
Multi-Platform Builds
# Create builder
docker buildx create --name multiplatform --use
# Build for multiple architectures
docker buildx build \
--platform linux/amd64,linux/arm64 \
-t myregistry/myapp:latest \
--push .
Running Containers
Basic Operations
# Run container
docker run -d --name myapp -p 8080:3000 myapp:latest
# Run with environment variables
docker run -d \
-e DATABASE_URL=postgres://localhost/db \
-e NODE_ENV=production \
myapp:latest
# Run with resource limits
docker run -d \
--memory="512m" \
--cpus="1.0" \
myapp:latest
# Run with restart policy
docker run -d --restart=unless-stopped myapp:latest
Volume Management
# Named volume
docker volume create mydata
docker run -v mydata:/app/data myapp:latest
# Bind mount
docker run -v $(pwd)/config:/app/config:ro myapp:latest
# tmpfs mount (memory)
docker run --tmpfs /tmp:rw,noexec,nosuid myapp:latest
Networking
# Create network
docker network create mynetwork
# Run on network
docker run -d --network mynetwork --name api myapp:latest
# Connect existing container
docker network connect mynetwork existing-container
# Expose specific ports
docker run -d -p 127.0.0.1:8080:3000 myapp:latest
Container Lifecycle
Management Commands
# List containers
docker ps -a
# Stop container
docker stop myapp
# Remove container
docker rm myapp
# Force remove running container
docker rm -f myapp
# Prune stopped containers
docker container prune -f
Logs and Monitoring
# View logs
docker logs myapp
# Follow logs
docker logs -f --tail 100 myapp
# View resource usage
docker stats myapp
# Inspect container
docker inspect myapp
Debugging Containers
Interactive Access
# Execute command in running container
docker exec -it myapp /bin/sh
# Run container with shell
docker run -it --rm myapp:latest /bin/sh
# Debug failed container
docker run -it --entrypoint /bin/sh myapp:latest
Troubleshooting
# Check container logs for errors
docker logs myapp 2>&1 | grep -i error
# Inspect container state
docker inspect --format='{{.State.Status}}' myapp
# Check container processes
docker top myapp
# View container filesystem changes
docker diff myapp
# Export container filesystem
docker export myapp > myapp-fs.tar
Health Checks
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:3000/health || exit 1
# Check health status
docker inspect --format='{{.State.Health.Status}}' myapp
Image Management
Tagging and Pushing
# Tag image
docker tag myapp:latest myregistry.com/myapp:v1.0
# Push to registry
docker push myregistry.com/myapp:v1.0
# Pull image
docker pull myregistry.com/myapp:v1.0
Cleanup
# Remove unused images
docker image prune -a
# Remove all unused resources
docker system prune -a --volumes
# Remove specific image
docker rmi myapp:old
# List image sizes
docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}"
Image Analysis
# View image history
docker history myapp:latest
# Inspect image layers
docker inspect myapp:latest
# Check image vulnerabilities (with Docker Scout)
docker scout cves myapp:latest
Docker Compose Integration
# docker-compose.yml
version: '3.8'
services:
app:
build:
context: .
dockerfile: Dockerfile
ports:
- "3000:3000"
environment:
- NODE_ENV=production
volumes:
- app-data:/app/data
depends_on:
- db
restart: unless-stopped
db:
image: postgres:15-alpine
environment:
POSTGRES_PASSWORD: secret
volumes:
- db-data:/var/lib/postgresql/data
volumes:
app-data:
db-data:
Security Best Practices
Image Security
# Use specific version tags
FROM node:20.10-alpine3.18
# Don't run as root
USER nobody
# Remove unnecessary packages
RUN apk del --purge build-dependencies
# Use COPY instead of ADD
COPY . .
Runtime Security
# Run with security options
docker run -d \
--security-opt=no-new-privileges \
--cap-drop=ALL \
--cap-add=NET_BIND_SERVICE \
--read-only \
myapp:latest
# Use user namespace remapping
# Add to /etc/docker/daemon.json: {"userns-remap": "default"}
Common Issues
Issue: Container Exits Immediately
Problem: Container starts and stops instantly
Solution: Check if CMD/ENTRYPOINT runs foreground process, use docker logs to see errors
Issue: Cannot Connect to Container
Problem: Port not accessible Solution: Verify port mapping (-p), check container is running, verify firewall rules
Issue: Out of Disk Space
Problem: Docker using too much disk
Solution: Run docker system prune -a --volumes, check for large unused images
Issue: Build Cache Not Working
Problem: Every build downloads dependencies Solution: Order Dockerfile instructions from least to most frequently changing
Best Practices
- Use multi-stage builds to minimize image size
- Never store secrets in images - use runtime injection
- Pin base image versions for reproducibility
- Implement health checks for production containers
- Use .dockerignore to exclude unnecessary files
- Run containers as non-root users
- Scan images for vulnerabilities regularly
- Use Docker BuildKit for faster builds
Related Skills
- docker-compose - Multi-container applications
- container-scanning - Security scanning
- container-hardening - Security hardening
Related Skills
bagelhole/sre-dashboards
development
VerifiedTrustedCommunity
Design and operationalize SRE dashboards that surface reliability, latency, error, saturation, and capacity signals across services. Use when building observability views for SLOs, incident response, and executive reliability reporting.
28SKILL.mdUpdated May 23, 2026
bagelhole/openclaw-security-hardening
testing
VerifiedTrustedCommunity
Harden OpenClaw self-hosted environments with baseline host controls, auth tightening, secret handling, network segmentation, and safe update/rollback workflows. Use when deploying OpenClaw in home labs, startups, or production-like local AI infrastructure.
28SKILL.mdUpdated Apr 3, 2026
bagelhole/vector-database-ops
devops
VerifiedTrustedCommunity
Deploy, manage, and optimize vector databases for AI applications. Covers Qdrant, Weaviate, pgvector, and Pinecone — collection management, indexing strategies, backup, and performance tuning for production RAG and semantic search workloads.
28SKILL.mdUpdated Apr 3, 2026
bagelhole/model-serving-kubernetes
testing
VerifiedTrustedCommunity
Deploy ML models on Kubernetes with KServe (formerly KFServing) and NVIDIA Triton Inference Server. Includes canary deployments, autoscaling, model versioning, A/B testing, and GPU resource management for production model serving.
28SKILL.mdUpdated Apr 3, 2026