WRT containerization, I honestly really do get the appeal. You can pretend it's all about making your dev environment mimic production, etc... but it all boils down to that "new server feeling", every single time you deploy a container.
Sysadmins used to brag about their
uptimerecords... now it's a soft sign that you might not be keeping up with the latest security patches
Is it worth the overhead? That's up to you... I like tinkering with my servers, personally. Pretty soon it'll be a lost art.
If you love containers, try SmartOS, OmniOSCE, or anything IllumOS based for that matter. They do containers right. And if you really want/need Docker, you can run them in a SmartOS container, for "double hulled" (sticking with the shipping analogy) isolation and security.
I'd also rank FreeBSD's jails as superior to Docker. Now cgroups done right? That may be a different matter. Rkt? Hmmm... maybe but I've not been keeping up with Linux since systemd bit me in the arse ten times too many (and before any of y'all Lennart lovers lock and load, I've been doing this stuff since the early 80's when VT52's were the cat's meow and we ran BSD on Digital VMS Vax monsters in the SDSC running tape drives - so no, they weren't pebkac errors).
https://www.qubes-os.org/ - Saw this a long time ago haven't kept up with it but it was interesting.