Вопрос про production ML
You can run four Python applications as systemd services on one VM or as four containers. What practical guarantees do containers add?
Ответить самому
Сначала сформулируйте ответ как на собеседовании, затем откройте разбор и оцените себя.
Короткий ответ
Containers package dependencies and runtime environment, make deployments reproducible and can enforce isolation limits through cgroups/namespaces. systemd can supervise processes but does not by itself package or isolate environments the same way.
Полный разбор
systemd is a good process supervisor: it can start services, restart them, capture logs and manage dependencies. If all apps share the same Python, libraries and OS assumptions, systemd may be enough. The pain starts when services need different dependency versions or reproducible deployment across machines.
Containers package the application with its runtime dependencies, so the same image can be promoted from CI to staging to production. Namespaces isolate filesystem/process/network views, and cgroups can limit CPU and memory. This reduces dependency conflicts and makes rollback easier because you deploy immutable images rather than hand-mutated VMs.
Containers are not magic security boundaries and they do not replace monitoring, secrets management or orchestration. A strong answer says what containers add and what they do not: packaging, reproducibility and resource isolation, not automatic reliability.