We understand container vs VM security argument. However, are there real cost savings from not hosting containers in VMs? If so, are the benefits worth the security risks.
In order to gain a security benefits from having the container in VMs instead of bare metal you would have to make sure that the containers which do not trust each other are running on different Hosts (VM or bare metal)<p>If container A is a bad container and wants to attack or interfere with the container B. It is much easier for the container to do so if they are on same host. In this case it does not matter if the host is a VM or a bare metal machine.
Also, don't forget to factor in the management / maintenance / scalability etc.<p>Check K8s platform while evaluating
<a href="https://kubernetes.io/" rel="nofollow">https://kubernetes.io/</a> and <a href="https://www.kubecost.com/" rel="nofollow">https://www.kubecost.com/</a>