Multi-Stage Builds and Image Optimization

Your Go application compiles in an 800 MB golang image. The binary itself is 12 MB. Why ship the other 788 MB to production?

That 788 MB includes the Go toolchain, a package manager, a shell, debug tools, and hundreds of system libraries your application never calls. Every megabyte is attack surface. Every unnecessary binary is a potential CVE. And on the CKAD exam, where "define, build and modify container images" is an explicit competency under the Application Design and Build domain (20%), the examiners expect you to know how to fix this.