Docker Basics
Overview
Use this skill to ensure containerized workloads are reproducible, debuggable, and operationally safe.
Scope Boundaries
- Use this skill when the task matches the trigger condition described in
description. - Do not use this skill when the primary task falls outside this skill's domain.
Shared References
- Runtime risk catalog:
references/docker-runtime-risk-catalog.md
Templates And Assets
- Runtime contract template:
assets/container-runtime-contract-template.md
- Runtime checklist:
assets/docker-runtime-checklist.md
Inputs To Gather
- Application runtime requirements and dependencies.
- Local/dev/prod run differences.
- Required network ports, volumes, and environment variables.
- Security constraints (user, capabilities, filesystem access).
Deliverables
- Container run policy (entrypoint, env, ports, volumes, user).
- Local reproducibility checklist.
- Runtime risk list (permissions, secrets, mutable state).
- Verification steps for startup and health checks.
Quick Example
- Run as non-root user.
- Mount only required volume paths.
- Fail fast if required env vars are missing.
- Expose health endpoint and readiness check.
Quality Standard
- Runtime config is minimal and explicit.
- Container behavior is reproducible across environments.
- Security posture follows least-privilege defaults.
- Health and failure signals are observable.
Workflow
- Define container runtime contract using
assets/container-runtime-contract-template.md. - Configure networking, storage, and environment boundaries.
- Validate startup/health behavior.
- Verify security constraints and secret handling using
assets/docker-runtime-checklist.md. - Document reproducible run commands.
Failure Conditions
- Stop when required runtime dependencies are implicit.
- Stop when container requires unnecessary privileged execution.
- Escalate when runtime differences make behavior non-reproducible.