perhaps it aint that simple
"automated workload baselining, instrumentation, isolation and incident response"
Sure thats most of what you want. But not _all_. Logging perhaps?
Thing about a single process container is you have to have all that stuff outside the container. With a vm you have a ton of tools to fill those roles.
Sometimes an awk script on a log makes a good quick alarm system.
Nagios monitors generally require a scripting framework.
Boot options often need sh.
Apps are not just processes, gnu tools are quick and easy.
I dont see anyone hitting the sweetspot between light container and single process. It will be too restrictive. Snaps try. I dont like it.
Anyone that isolates processes for security but lets all your quick and easy hacks n fixes still work might find a big nieche. E.g the main proc in a container with a full os on the outside instead of just esx.
The big players probably dont hack at there processes much cos they have so many. Anyone with one, two... four instances of their core app process probably have a lot of tooling around them doing logging, bespoke monitors, a couple of batch jobs that fork a script etc etc.
Containerised processes with a full os outside could be cool. We've had chroots for ages. And process isolation turns out to be harder than we thought. Ref meltdown etc etc.
Containers without tools are hard work now, perhaps they always will be?