The main goal is not isolation, but ease of deployment…
You don’t need to isolate the container; you can run it on a routed bridge or on a bridge that has a port belonging to your internal network. The former is how we run it in production - see here a video by @mpalmer that explains how it works.
If someone really wants to do this, they can follow the same steps taken by the dockerfile itself to get the right versions of all the tools used by the supported image.
We don’t have a guide since that would require someone to maintain it, and the VAST majority of people who want this either have:
- little experience with servers
- knowledge enough to take what we provide and adapt it to their needs
For example, I know there’s people out there that use launcher to build an image which is deployed via their own tooling (be it lxc, kubernetes, whatever) and that works for them.
Attempting to support (for free) everyone using their own custom install of what is a complicated piece of software would be a nightmare.
Docker is a middle ground. Our system is not perfect; it’s grown a bit over time and we certainly feel the pain of some overdue refactoring. We did create launcher before docker-compose even existed.
We intend to refactor it and/or move to docker-compose, but that’s not a priority at the moment.