Per this announcement:
https://blog.sonm.io/sonm-crypto-iaas-is-here-2ab02e153d31Docker is a container environment and is not meant to provide isolation between containers running on the same system. Will you have multiple containers running unrelated jobs on the same system?
If so, once a bug is discovered or the running code manages to escape the intended execution process, the blast radius of compromise will assume all containers running on that machine. That's why hypervisors which utilize hardware-assisted security for real virtual machines is standard for actual isolation of code.
Just google and read a few of the past problems to get an idea of how folks are going to escape from docker and similar container platforms in the future:
https://www.google.com/search?q=docker+escapeWhat is the plan to mitigate this? Lose the performance improvements without actual isolation and just run (1) container per bare metal? Better to get this right beforehand rather than later.
Are any penetration tests scheduled to get the data to further harden the system?