Java Docker Skill
Containerize Java applications with optimized Dockerfiles and JVM settings.
Overview
This skill covers Docker best practices for Java including multi-stage builds, JVM container settings, security hardening, and layer optimization.
When to Use This Skill
Use when you need to:
- •Create optimized Java Dockerfiles
- •Configure JVM for containers
- •Implement security best practices
- •Reduce image size
- •Set up health checks
Topics Covered
Dockerfile Optimization
- •Multi-stage builds
- •Layer caching strategy
- •Spring Boot layered JARs
- •Dependency caching
JVM Container Settings
- •UseContainerSupport
- •MaxRAMPercentage
- •GC selection
- •Exit on OOM
Security
- •Non-root users
- •Read-only filesystem
- •Vulnerability scanning
- •Secrets handling
Quick Reference
dockerfile
# Multi-stage optimized Dockerfile
FROM eclipse-temurin:21-jdk-alpine AS builder
WORKDIR /app
# Cache dependencies
COPY pom.xml .
COPY .mvn .mvn
RUN mvn dependency:go-offline -B
# Build and extract layers
COPY src ./src
RUN mvn package -DskipTests && \
java -Djarmode=layertools -jar target/*.jar extract
# Runtime stage
FROM eclipse-temurin:21-jre-alpine
# Security: non-root user
RUN addgroup -S app && adduser -S app -G app
USER app
WORKDIR /app
# Copy layers in order of change frequency
COPY --from=builder /app/dependencies/ ./
COPY --from=builder /app/spring-boot-loader/ ./
COPY --from=builder /app/snapshot-dependencies/ ./
COPY --from=builder /app/application/ ./
# JVM container settings
ENV JAVA_OPTS="-XX:+UseContainerSupport \
-XX:MaxRAMPercentage=75.0 \
-XX:+ExitOnOutOfMemoryError \
-XX:+UseG1GC"
EXPOSE 8080
HEALTHCHECK --interval=30s --timeout=3s --start-period=30s \
CMD wget -qO- http://localhost:8080/actuator/health/liveness || exit 1
ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS org.springframework.boot.loader.launch.JarLauncher"]
JVM Container Flags
bash
# Recommended production settings JAVA_OPTS=" -XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0 -XX:InitialRAMPercentage=50.0 -XX:+ExitOnOutOfMemoryError -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp/heapdump.hprof -XX:+UseG1GC -Djava.security.egd=file:/dev/./urandom "
Base Image Comparison
| Image | Size | Security | Use Case |
|---|---|---|---|
| temurin:21-jre | ~200MB | Good | General use |
| temurin:21-jre-alpine | ~100MB | Good | Size-optimized |
| distroless/java21 | ~80MB | Best | Production |
Security Best Practices
dockerfile
# Non-root user
RUN addgroup -S app && adduser -S app -G app
USER app
# Read-only filesystem
# (Configure at runtime with --read-only)
# No shell access with distroless
FROM gcr.io/distroless/java21-debian12
# Health check
HEALTHCHECK --interval=30s --timeout=3s \
CMD wget -qO- localhost:8080/actuator/health || exit 1
Troubleshooting
Common Issues
| Problem | Cause | Solution |
|---|---|---|
| OOMKilled | Heap > limit | Set MaxRAMPercentage |
| Slow startup | Large image | Multi-stage build |
| Permission denied | Root required | Fix file permissions |
| No memory info | Old JVM | Update to Java 11+ |
Debug Checklist
code
□ Check container memory limits □ Verify JVM sees container limits □ Review health check configuration □ Scan image for vulnerabilities □ Test with resource constraints
Usage
code
Skill("java-docker")
Related Skills
- •
java-maven-gradle- Build integration - •
java-microservices- K8s deployment