linux-docker

Purpose

This skill allows the AI to handle Docker and Docker Compose operations on Linux, focusing on Dockerfile creation, container management, networking, volumes, lifecycle events, registry interactions, and security hardening to ensure efficient, secure containerized applications.

When to Use

Use this skill for tasks involving containerization of applications, such as building images from source code, deploying multi-service apps with Compose, managing network configurations for inter-container communication, or securing containers against vulnerabilities in a Linux environment.

Key Capabilities

• Build and manage Docker images using Dockerfiles: Specify base images, add layers with COPY/ADD, set ENTRYPOINT/CMD.
• Configure networking: Use bridge, host, or overlay networks with flags like --network bridge.
• Handle volumes: Mount host directories or named volumes with -v /host/path:/container/path.
• Manage container lifecycle: Start, stop, restart containers using commands that handle signals like SIGTERM.
• Interact with registries: Push/pull images to/from repositories like Docker Hub, with authentication.
• Apply security hardening: Use options like --security-opt no-new-privileges to limit capabilities, and scan images with tools like Trivy.

Usage Patterns

To build an image, read a Dockerfile, then execute docker build with appropriate context; for Compose, parse a YAML file and run docker-compose up. Always check for required dependencies like Docker daemon running. For networking, specify networks in Compose YAML under the networks key. Use environment variables for sensitive data, e.g., inject $DOCKER_REGISTRY_URL into container env. For security, always run containers with --read-only flag where possible to prevent writes.