>_

container-validator

Dockerfile best practices, Kubernetes manifest validation, container security

$ 安裝

git clone https://github.com/benreceveur/claude-workflow-engine /tmp/claude-workflow-engine && cp -r /tmp/claude-workflow-engine/skills/container-validator ~/.claude/skills/claude-workflow-engine

// tip: Run this command in your terminal to install the skill

SKILL.md
View on GitHub →

name: container-validator description: Dockerfile best practices, Kubernetes manifest validation, container security version: 1.0.0 tags: [container, docker, kubernetes, validation, security]

Container Validator Skill

Purpose

The Container Validator Skill validates Docker containers and Kubernetes manifests against best practices, security standards, and compliance requirements. It ensures containers are production-ready, secure, and optimized.

Key Capabilities:

  • Dockerfile best practice validation
  • Kubernetes manifest validation
  • Container security scanning
  • Resource limit verification
  • Image optimization recommendations
  • CIS Docker Benchmark compliance

Target Token Savings: 75% (from ~2400 tokens to ~600 tokens)

When to Use

  • Building Docker images
  • Deploying to Kubernetes
  • Security audits
  • CI/CD pipelines
  • Production deployments
  • Compliance checks

Operations

1. validate-dockerfile

Validates Dockerfile against best practices.

2. validate-k8s

Validates Kubernetes manifests.

3. validate-compose

Validates docker-compose.yml files.

4. validate-all

Comprehensive container validation.

Scripts

# Validate Dockerfile
python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-dockerfile \
  --file Dockerfile

# Validate Kubernetes manifests
python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-k8s \
  --dir ./k8s

# Validate docker-compose
python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-compose \
  --file docker-compose.yml

# Comprehensive validation
python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-all \
  --dir .

Configuration

{
  "container-validator": {
    "dockerfile": {
      "require_user": true,
      "require_healthcheck": true,
      "max_layers": 20,
      "scan_security": true
    },
    "kubernetes": {
      "require_resources": true,
      "require_liveness_probe": true,
      "require_readiness_probe": true,
      "scan_rbac": true
    },
    "security": {
      "allow_privileged": false,
      "require_read_only_root": true,
      "scan_vulnerabilities": true
    }
  }
}

Examples

Example 1: Validate Dockerfile

python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-dockerfile \
  --file Dockerfile

Output:

{
  "success": true,
  "operation": "validate-dockerfile",
  "issues": [
    {
      "line": 15,
      "severity": "critical",
      "type": "root_user",
      "description": "Container runs as root",
      "recommendation": "Add: USER nonroot"
    },
    {
      "line": 8,
      "severity": "medium",
      "type": "no_healthcheck",
      "description": "Missing HEALTHCHECK instruction",
      "recommendation": "Add: HEALTHCHECK CMD curl -f http://localhost/ || exit 1"
    }
  ],
  "execution_time_ms": 45
}

Example 2: Validate Kubernetes Manifests

python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-k8s \
  --dir ./k8s

Output:

{
  "success": true,
  "operation": "validate-k8s",
  "files_validated": 5,
  "issues": [
    {
      "file": "deployment.yaml",
      "severity": "high",
      "type": "missing_resources",
      "description": "Container missing resource limits",
      "recommendation": "Add resources.limits.memory and resources.limits.cpu"
    },
    {
      "file": "deployment.yaml",
      "severity": "medium",
      "type": "missing_probe",
      "description": "Missing livenessProbe",
      "recommendation": "Add livenessProbe to container spec"
    }
  ],
  "execution_time_ms": 123
}

Example 3: Validate Docker Compose

python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-compose \
  --file docker-compose.yml

Output:

{
  "success": true,
  "operation": "validate-compose",
  "services": 3,
  "issues": [
    {
      "service": "web",
      "severity": "high",
      "type": "exposed_port",
      "description": "Port exposed without security configuration",
      "recommendation": "Use internal network or add authentication"
    }
  ],
  "execution_time_ms": 67
}

Example 4: Comprehensive Validation

python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-all \
  --dir .

Output:

{
  "success": true,
  "operation": "validate-all",
  "summary": {
    "dockerfiles": 2,
    "k8s_manifests": 5,
    "compose_files": 1,
    "total_issues": 8,
    "critical": 1,
    "high": 3,
    "medium": 4
  },
  "execution_time_ms": 234
}

Token Economics

Without Skill: ~2400 tokens With Skill: ~600 tokens (75% savings)

Success Metrics

  • Execution time: <100ms for Dockerfile validation
  • Accuracy: >98% issue detection
  • False positive rate: <3%

Container Validator Skill v1.0.0 - Ensuring container best practices

Repository

benreceveur
benreceveur
Author
benreceveur/claude-workflow-engine/skills/container-validator
3
Stars
1
Forks
Updated2d ago
Added1w ago

Actions

View on GitHubDownload ZIPReport Issue

Related Skills

skill-writer
pytorch/pytorch
95.4k
docstring
pytorch/pytorch
95.4k
at-dispatch-v2
pytorch/pytorch
95.4k
add-uint-support
pytorch/pytorch
95.4k
skill-creator
openai/codex
54.7k