Which of the following is the main advantage of using Distroless images for Docker containers?
Think about what is removed from Distroless images compared to traditional base images.
Distroless images remove unnecessary OS components like shells and package managers, making the image smaller and more secure by reducing the attack surface.
What will happen if you try to run docker run -it distroless/base and then try to execute bash inside the container?
Distroless images do not include shells like bash.
Distroless images exclude shells, so trying to run bash inside will result in 'command not found' error.
Which Dockerfile snippet correctly builds a Go application and uses a Distroless image for the final container?
Look for a multi-stage build that compiles the app first, then copies the binary into a Distroless image.
Option A uses a multi-stage build: first it builds the Go app in a golang image, then copies the binary into a Distroless base image for a minimal final container.
You built a container using a Distroless image but it fails to start with the error: no such file or directory. What is the most likely cause?
Distroless images include only minimal runtime dependencies.
If the binary depends on shared libraries not present in the Distroless image, it will fail to start with 'no such file or directory' because the loader cannot find required libraries.
Since Distroless containers lack shells and debugging tools, what is the best practice to debug issues inside such containers?
Think about how to keep the final image minimal but still debug when needed.
Best practice is to use multi-stage builds to create a separate debug image that includes shells and tools, so you can debug without bloating the production image.