[musicale]

Docker and Kubernetes embody a number of design decisions that might be a good fit for some users (and for Google) but add more complexity and overhead than I usually need or want for my typical use case of basic isolation and resource limits.

Fortunately the container architecture is flexible so that you can use as much or as little of it as you like.

I also tend to think that if you want stronger isolation for security purposes then you will want a lightweight VM rather than a container (and if you are worried about side channels, probably hardware partitioning - good luck.)