[dcosson]

The security point here is something that confuses me about the current state of the ecosystem.

The article mentions that "most vendors still run containers in virtual machines", presumably since if someone hacks an app in a container they might be able to break out of the container and access other apps running on that host. But clustering systems like Kubernetes, CoreOS, AWS Container Service, etc. seem to be all the rage these days and they seem fundamentally at odds with this. The cluster might schedule multiple containers on the same host at which point somebody who hacks one can hack all of them.

How do you reconcile this? Do people running these clusters in production typically run tiers of separate clusters based on how sensitive the data they have access to is?

[Leon]

Once you've automated the entire process of bringing up a container cluster with monitoring, metrics, logging, etc then it becomes trivial to make as many as you want. The same is done with separate virtual networks for security concerns.

It becomes as simple as asking what name the cluster should have.

It also makes sense from managing resource concerns to some extent, such as a cluster with cheap instances for low priority applications but need HA support or a cluster with beefy instances in a subnet that has fewer hops should be used for edge tier applications.