Back to Details

docker-basics

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Docker Basics

Docker基础

Overview

概述

Use this skill to ensure containerized workloads are reproducible, debuggable, and operationally safe.
使用本技能可确保容器化工作负载具备可复现性、可调试性,且运行安全。

Scope Boundaries

范围边界

  • Use this skill when the task matches the trigger condition described in 
    description
    .
  • Do not use this skill when the primary task falls outside this skill's domain.
  • 当任务符合
    description
    中描述的触发条件时使用本技能。
  • 当核心任务不属于本技能领域时请勿使用。

Shared References

共享参考

  • Runtime risk catalog: 
    • references/docker-runtime-risk-catalog.md
  • 运行时风险目录: 
    • references/docker-runtime-risk-catalog.md

Templates And Assets

模板与资源

  • Runtime contract template: 
    • assets/container-runtime-contract-template.md
  • Runtime checklist: 
    • assets/docker-runtime-checklist.md
  • 运行时契约模板: 
    • assets/container-runtime-contract-template.md
  • 运行时检查清单: 
    • assets/docker-runtime-checklist.md

Inputs To Gather

待收集输入

  • Application runtime requirements and dependencies.
  • Local/dev/prod run differences.
  • Required network ports, volumes, and environment variables.
  • Security constraints (user, capabilities, filesystem access).
  • 应用运行时需求与依赖。
  • 本地/开发/生产环境运行差异。
  • 所需网络端口、卷与环境变量。
  • 安全约束(用户、权限、文件系统访问)。

Deliverables

交付物

  • Container run policy (entrypoint, env, ports, volumes, user).
  • Local reproducibility checklist.
  • Runtime risk list (permissions, secrets, mutable state).
  • Verification steps for startup and health checks.
  • 容器运行策略(入口点、环境变量、端口、卷、用户)。
  • 本地可复现性检查清单。
  • 运行时风险列表(权限、密钥、可变状态)。
  • 启动与健康检查的验证步骤。

Quick Example

快速示例

  • Run as non-root user.
  • Mount only required volume paths.
  • Fail fast if required env vars are missing.
  • Expose health endpoint and readiness check.
  • 以非root用户运行。
  • 仅挂载所需的卷路径。
  • 缺失必要环境变量时快速失败。
  • 暴露健康端点与就绪检查。

Quality Standard

质量标准

  • Runtime config is minimal and explicit.
  • Container behavior is reproducible across environments.
  • Security posture follows least-privilege defaults.
  • Health and failure signals are observable.
  • 运行时配置最小化且明确。
  • 跨环境的容器行为可复现。
  • 安全态势遵循最小权限默认原则。
  • 健康与故障信号可观测。

Workflow

工作流

  1. Define container runtime contract using 
    assets/container-runtime-contract-template.md
    .
  2. Configure networking, storage, and environment boundaries.
  3. Validate startup/health behavior.
  4. Verify security constraints and secret handling using 
    assets/docker-runtime-checklist.md
    .
  5. Document reproducible run commands.
  1. 使用
    assets/container-runtime-contract-template.md
    定义容器运行时契约。
  2. 配置网络、存储与环境边界。
  3. 验证启动/健康行为。
  4. 使用
    assets/docker-runtime-checklist.md
    验证安全约束与密钥处理逻辑。
  5. 记录可复现的运行命令。

Failure Conditions

失败条件

  • Stop when required runtime dependencies are implicit.
  • Stop when container requires unnecessary privileged execution.
  • Escalate when runtime differences make behavior non-reproducible.
  • 当所需运行时依赖不明确时停止执行。
  • 当容器需要不必要的特权执行权限时停止执行。
  • 当运行时差异导致行为不可复现时上报问题。