
---

# 🚀 10. Advanced Topics

## A) Contexts & Remote Hosts

Switch Docker client between local/remote engines.

```bash
docker context create prod --docker "host=ssh://user@host"
docker context use prod
docker context ls
```

## B) BuildKit (fast, cache-smart builds)

Enable + use cache mounts.

```bash
export DOCKER_BUILDKIT=1
docker build --progress=plain -t app .
```

```dockerfile
# syntax=docker/dockerfile:1.4
RUN --mount=type=cache,target=/root/.cache pip install -r requirements.txt
```

## C) Buildx & Multi-arch

Build for amd64 + arm64 in one go (push required).

```bash
docker buildx create --use
docker buildx build --platform linux/amd64,linux/arm64 -t user/app:v1 --push .
```

## D) Healthchecks

Have Docker mark containers healthy/unhealthy.

```dockerfile
HEALTHCHECK --interval=30s --timeout=10s --retries=3 \
  CMD curl -fsS http://localhost/health || exit 1
```

Check:

```bash
docker inspect -f '{{.State.Health.Status}}' <container>
```

## E) Process-1 & `--init`

Avoid zombie processes; use a tiny init.

```bash
docker run --init -d myapp
# or bake tini into image and set as ENTRYPOINT
```

## F) Rootless Docker (Linux)

Run daemon without root (least privilege).

```bash
dockerd-rootless-setuptool.sh install
systemctl --user enable --now docker
# then use this context or DOCKER_HOST=unix:///run/user/$UID/docker.sock
```

## G) Distroless / `scratch` Images

Ship only your app (no shell/package manager) → smaller attack surface.

```dockerfile
# static binary example
FROM scratch
COPY mybin /mybin
ENTRYPOINT ["/mybin"]
```

*(Or use `gcr.io/distroless/*` bases.)*

## H) Copy-on-Write & Layers (optimize)

Layers are reused; order instructions for cache hits.

```bash
docker history user/app:latest   # inspect layers
docker build --no-cache -t app . # force rebuild when debugging cache
```

> That’s it—8 advanced essentials you’ll actually use.
