AI Skills
java-docker

java-docker

Containerize Java applications - Dockerfile optimization, JVM settings, security

4星標
0分支
更新於 1/24/2026
獲取技能源代碼
SKILL.md
readonlyread-only
name
java-docker
description

Java version

version
"3.0.0"

Java Docker Skill

Containerize Java applications with optimized Dockerfiles and JVM settings.

Overview

This skill covers Docker best practices for Java including multi-stage builds, JVM container settings, security hardening, and layer optimization.

When to Use This Skill

Use when you need to:

  • Create optimized Java Dockerfiles
  • Configure JVM for containers
  • Implement security best practices
  • Reduce image size
  • Set up health checks

Topics Covered

Dockerfile Optimization

  • Multi-stage builds
  • Layer caching strategy
  • Spring Boot layered JARs
  • Dependency caching

JVM Container Settings

  • UseContainerSupport
  • MaxRAMPercentage
  • GC selection
  • Exit on OOM

Security

  • Non-root users
  • Read-only filesystem
  • Vulnerability scanning
  • Secrets handling

Quick Reference

# Multi-stage optimized Dockerfile
FROM eclipse-temurin:21-jdk-alpine AS builder

WORKDIR /app

# Cache dependencies
COPY pom.xml .
COPY .mvn .mvn
RUN mvn dependency:go-offline -B

# Build and extract layers
COPY src ./src
RUN mvn package -DskipTests && \
    java -Djarmode=layertools -jar target/*.jar extract

# Runtime stage
FROM eclipse-temurin:21-jre-alpine

# Security: non-root user
RUN addgroup -S app && adduser -S app -G app
USER app

WORKDIR /app

# Copy layers in order of change frequency
COPY --from=builder /app/dependencies/ ./
COPY --from=builder /app/spring-boot-loader/ ./
COPY --from=builder /app/snapshot-dependencies/ ./
COPY --from=builder /app/application/ ./

# JVM container settings
ENV JAVA_OPTS="-XX:+UseContainerSupport \
    -XX:MaxRAMPercentage=75.0 \
    -XX:+ExitOnOutOfMemoryError \
    -XX:+UseG1GC"

EXPOSE 8080

HEALTHCHECK --interval=30s --timeout=3s --start-period=30s \
    CMD wget -qO- http://localhost:8080/actuator/health/liveness || exit 1

ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS org.springframework.boot.loader.launch.JarLauncher"]

JVM Container Flags

# Recommended production settings
JAVA_OPTS="
  -XX:+UseContainerSupport
  -XX:MaxRAMPercentage=75.0
  -XX:InitialRAMPercentage=50.0
  -XX:+ExitOnOutOfMemoryError
  -XX:+HeapDumpOnOutOfMemoryError
  -XX:HeapDumpPath=/tmp/heapdump.hprof
  -XX:+UseG1GC
  -Djava.security.egd=file:/dev/./urandom
"

Base Image Comparison

Image Size Security Use Case
temurin:21-jre ~200MB Good General use
temurin:21-jre-alpine ~100MB Good Size-optimized
distroless/java21 ~80MB Best Production

Security Best Practices

# Non-root user
RUN addgroup -S app && adduser -S app -G app
USER app

# Read-only filesystem
# (Configure at runtime with --read-only)

# No shell access with distroless
FROM gcr.io/distroless/java21-debian12

# Health check
HEALTHCHECK --interval=30s --timeout=3s \
    CMD wget -qO- localhost:8080/actuator/health || exit 1

Troubleshooting

Common Issues

Problem Cause Solution
OOMKilled Heap > limit Set MaxRAMPercentage
Slow startup Large image Multi-stage build
Permission denied Root required Fix file permissions
No memory info Old JVM Update to Java 11+

Debug Checklist

□ Check container memory limits
□ Verify JVM sees container limits
□ Review health check configuration
□ Scan image for vulnerabilities
□ Test with resource constraints

Usage

Skill("java-docker")

Related Skills

  • java-maven-gradle - Build integration
  • java-microservices - K8s deployment

You Might Also Like

Related Skills

create-pr

create-pr

170Kdev-devops

Creates GitHub pull requests with properly formatted titles that pass the check-pr-title CI validation. Use when creating PRs, submitting changes for review, or when the user says /pr or asks to create a pull request.

n8n-io avatarn8n-io
獲取
electron-chromium-upgrade

electron-chromium-upgrade

120Kdev-devops

Guide for performing Chromium version upgrades in the Electron project. Use when working on the roller/chromium/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Chromium changes, and proper commit formatting for patch fixes.

electron avatarelectron
獲取
pr-creator

pr-creator

92Kdev-devops

Use this skill when asked to create a pull request (PR). It ensures all PRs follow the repository's established templates and standards.

google-gemini avatargoogle-gemini
獲取
clawdhub

clawdhub

87Kdev-devops

Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.

moltbot avatarmoltbot
獲取
tmux

tmux

87Kdev-devops

Remote-control tmux sessions for interactive CLIs by sending keystrokes and scraping pane output.

moltbot avatarmoltbot
獲取
create-pull-request

create-pull-request

57Kdev-devops

Create a GitHub pull request following project conventions. Use when the user asks to create a PR, submit changes for review, or open a pull request. Handles commit analysis, branch management, and PR creation using the gh CLI tool.

cline avatarcline
獲取