Production-tested. Partner links.
🛸 Proton VPN – Encrypted tunnel
🔐 Proton Pass – Zero-knowledge vault
🦑 GitKraken Pro – Visual Git client
🐧 Linux Foundation – Code: VALDEMAR
Building AI Solutions with Docker Compose and Kubernetes Expertise
By Vladimir Mikhalev · Solutions Architect · Docker Captain · IBM Champion
You’re building AI workloads. So you’re juggling Python packages, GPU drivers, REST APIs, databases, maybe a Kafka pipeline on top of all that. And if you’re still herding it with bash scripts and hope?
You’re doing it wrong.
This guide is about how Docker Compose tames the chaos of a modern AI project. Not the toy version. The version someone runs when they’ve actually shipped containers in production instead of poking at notebooks.
I’ll get into the real usage. Environment handling. Image pull policies. Secrets, resource limits, and the one command, docker compose watch, that saves your sanity during dev cycles. There’s also the part nobody enjoys: handing your Compose stack off to Kubernetes without rage-quitting.
Compose 2.x: A Dev Tool That Grew Up
Compose is still your best friend for local work. No argument there. But it’s also a serious CI/CD asset now, and a genuinely good staging orchestrator, if you know how to drive it.
Enough preamble.
Environment Variable Precedence: Know Who Wins the Fight
By default, Compose favors your shell environment over whatever sits in your .env file.
So this:
export DATABASE_URL=postgres://prod.db…will override this in .env:
DATABASE_URL=postgres://dev.dbGood. That’s exactly the behavior you want in CI/CD, where secrets have no business touching source control.
📖 Environment Variables — Compose Docs
Controlling Image Pulls: Don’t Get Burned by Stale Containers
There are two clean ways to pull fresh images.
-
Force it every time:
Terminal window docker compose up --pull always -
Lock it in the Compose file:
services:app:image: my-image:latestpull_policy: always
pull_policy supports: always, if_not_present, and never.
Use it. Skip it and you’ll burn an afternoon debugging a bug that doesn’t exist, because CI quietly served a stale image from cache while you screamed at your pipeline.
SSH & Secrets: Handling Sensitive Stuff Like an Adult
BuildKit is the default now. That buys you real control over build-time secrets and SSH access.
SSH During Builds
Need to clone a private repo mid-build?
services: app: build: context: . ssh: - default=/home/user/.ssh/id_rsaThe key never lands in the image. No more “oops I leaked my SSH key to Docker Hub”.
Runtime Secrets
Compose doesn’t do Docker Swarm-style secrets. You can fake it with mounted files or env vars. Or, if you’re serious about it, wire in a vault.
Live Reloads with docker compose watch: Real Dev Speed
You want a tight feedback loop. That’s what the watch command is for.
Real-World Example: Node.js App
services: app: image: node:18 volumes: - .:/app working_dir: /app command: npm start environment: NODE_ENV: development ports: - "3000:3000" labels: com.docker.compose.watch: "true"Then run:
docker compose updocker compose watchChange a file locally and the container picks it up. No rebuild. No restart. No staring at the screen wondering why your fix didn’t take.
Override Files: Keep Dev and Prod from Colliding
Still cramming every config into one compose.yaml? Stop. Split it:
compose.override.yamlfor local tweaksdocker compose -f base.yaml -f prod.yamlto layer configsinclude:blocks, if you’re on Compose v2+ and feeling fancy
It’s cleaner, it’s safer, and it’s a lot easier to debug when something breaks at 2am.
YAML Anchors: DRY or Die
Compose files turn into spaghetti fast. Anchors fix that:
x-default-env: &default-env NODE_ENV: production
services: web: image: webapp environment: *default-env
api: image: apiserver environment: <<: *default-env DEBUG: trueLess repetition, fewer bugs, and a file you can actually read six months from now.
Resource Limits: Be a Good Container Citizen
Even on a dev cluster, don’t let one container eat the whole node.
services: ai-worker: image: my-ai-image deploy: resources: limits: cpus: "1.0" memory: "1G" reservations: cpus: "0.5" memory: "512M"Now, a caveat. deploy is ignored by docker compose in local mode. But the second you hand this off to Swarm or translate it to Kubernetes, you’ll be glad it was already there.
Compose to Kubernetes: The Good, The Bad, and The “Use Kompose”
Want to turn a Compose stack into Kubernetes YAMLs? Kompose does it, and the output isn’t terrible.
kompose convertYou’ll still have homework:
- Set up Ingress and controllers by hand
- Configure PVCs and storage
- Handle secrets the Kubernetes way
For MVPs and small internal tools, though, it works fine.
Just don’t ship the raw output to production. Clean it up first.
Final Take
Docker Compose stopped being a one-trick Redis-launcher a while ago. Driven well, it’s a serious tool, and it earns its keep most in AI workflows, the kind that sprawl across a dozen services.
It lets you:
- Develop locally at full speed
- Keep secrets out of your images
- Cut downtime during builds
- Hand off to Kubernetes when the time comes
If you’re shipping AI services and you’re not using Compose properly, you’re just making the job harder than it is.
Related Posts
- 1The Intake Gate Your CISO Is Missing — 300 Million AI Chat Messages Were Public by DefaultAI & MLOps · Over half of AI-enabled apps on major backends carry severe misconfigurations. A hands-on analysis of the 300M-message Firebase breach, the insecure default that caused it, and the 3-layer Operational Discipline Protocol — with specific tooling — to shut down Agent Sprawl before regulators do it for you.
- 2Docker MCP — Turn GPT into a Real DevOps Assistant (Slack, GitHub, Stripe)AI & MLOps · Learn how to turn GPT into a real DevOps assistant using Docker MCP. Discover how AI agents can automate Slack, GitHub, Stripe, and more — securely and at scale.
- 3Why AI Fails Without DevOps — What No One Tells YouAI & MLOps · Without DevOps, AI fails fast. Learn how containers, CI/CD, and GitOps keep LLMs and ML systems like OpenAI and Hugging Face running at scale.
- 4Install Ollama Using Docker ComposeAI & MLOps · Deploy Ollama locally with Docker Compose and Traefik. Step-by-step guide for setting up LLMs with HTTPS, domain routing, and secure container orchestration.
Random Posts
- 1Install Ollama Using Docker ComposeAI & MLOps · Deploy Ollama locally with Docker Compose and Traefik. Step-by-step guide for setting up LLMs with HTTPS, domain routing, and secure container orchestration.
- 2Install CentOS 7 MinimalSysAdmin & IT Pro · Step-by-step guide to install CentOS 7 Minimal with screenshots. Learn how to configure language, network, partitions, and users for a clean Linux setup.
- 3Docker Init The Future of Easy Project InitializationDevOps & Cloud · Learn how to use Docker Init to quickly generate Dockerfiles, .dockerignore, and Compose files. Simplify container setup for Go, Node, Python, and more.
- 4Install Zabbix Using Docker ComposeSelf-Hosting · Step-by-step guide to install Zabbix with Docker Compose using Traefik and Let's Encrypt. Perfect for self-hosted monitoring on Ubuntu Server.