| Because all of the containers may not be of the same operating system? Networking on containers is also a bit different. There are also reasons for having some more isolation between guest OSes. On my ESXi box at home I have: * A VM that hosts my NAS shares. This does nothing other than host the NAS shares, as I want to be sure no silly experiment of mine interferes with that. * A general-purpose VM, where I do run some containers out of (UniFi controller, Plex, etc) * A VM running Windows Server for my Domain Controller * A secondary vSwtich with isolated no uplink to the rest of the network. This is my mini malware testing lab. * A VM running pfSense that I'll sometimes use to allow selective access out of the isolated vSwtich out to the internet, but not to the rest of the network. Can't do all that with containers. |