It is my strong belief that you shouldn't go crazy with all-things-docker when deploying selfhosted services at home. Online forums, especially r/selfhosted, seem to foster an opinion that providing a Dockerfile or better yet a docker-compose.yml or even prebuilt public images on Docker Hub is an acceptable way to distribute software targeting the selfhosting crowd.

I agree it is very convenient to deploy complex multipart services via these tools. But the way many people appear to be doing that is a security nightmare! This is how we get to encounter Heartbleed in the wild four years after it should've been extinct.

There are many comprehensive writeups on Docker/Kubernetes security, I will highlight only a subset of problems below.

This is why containerizing any workload comes with a significant extra cost of designing and automating security maintenance procedures. It is easy to skip this step when you're a hobbyist - but that's just burying your head in the sand and waiting for some script kiddie or botnet to hijack your network.

Here is a rough overview of the required overhead:

Add that on top of usual container orchestration chores - and bare metal suddenly becomes attractive. Docker and Kubernetes are great tools that solve real world problems but using them in a secure manner requires continuous dedicated effort. For enterprise deployments the benefits of containerization usually outweigh the extra maintenance cost, but for hobbyist use I'm not so sure.