Alpine isn't immutable, meaning it opens up for more user error, and security issues, by allowing changes to its system partition.
We run immutable container hosts in production because we want to minimize the level of admin interaction. Basically it goes like this. Terraform idempotent setup of VMs with immutable Linux server OS, running containers.
We even disabled login on these in production, only keep it enabled in staging. All changes are tested in staging. If anything happens in prod, instead of logging in and making manual changes we just revert to an earlier state.
There is less need to configure files and services on the OS when everything runs in a container. You set it up once and start the VM.
We run immutable container hosts in production because we want to minimize the level of admin interaction. Basically it goes like this. Terraform idempotent setup of VMs with immutable Linux server OS, running containers.
We even disabled login on these in production, only keep it enabled in staging. All changes are tested in staging. If anything happens in prod, instead of logging in and making manual changes we just revert to an earlier state.
There is less need to configure files and services on the OS when everything runs in a container. You set it up once and start the VM.