Re: After all that time and effort...
The problem is that decent docker containers have a pid 1, which actually acts as pid 1.
Once you strip all the nonsense away, you are building embedded systems, which is it's own specialism and requires rather better knowledge of the linux system model than most people using docker have.
The number of people who think that it's a magic solution is amazing, and the process per container nonsense is just rubbish.
K8s is just nonsense on stilts, that leaving aside that the desire for orchestration is largely predicated on not understanding that the claimed security boundary is largely fictional.
Running multiple services inside a container, running with a pid 1 and an init system starts to give you somewhat lighter virtual machines. There is an argument to be made that Docker makes that usecase easier but for most uses, the fail can be seen from space.
Biting the hand that feeds IT
