Thanks Bryant for the good article. FYI, take a look at Nestybox (www.nestybox.com), which has created a container runtime that voids the need for privileged containers, by enabling things like Docker-in-Docker and (very soon) Kubernetes-in-Docker *without* resorting to privileged containers. I am actually the founder, and our goal is to enable containers run any type of software that would run in a VM, seamlessly and with strong isolation.