Comment by dns_snek

I don't think running a VM (at least) for a core piece of network infrastructure is silly at all, in fact I think it would be silly not to. That is something that should never - ever - break because it would be a very bad day if it did.

The only way to approach certain stability is by removing variables and making the environment as predictable as you possibly can. Containers partially address this issue by shipping a predictable user-space environment, but that still leaves the kernel.

Other examples would include OpenMediaVault, TrueNAS, Mikrotik CHR, VyOS which are all distributed as VM appliances (or host system installs) even though technically, I'm sure all of them could be distributed as containers (and I think VyOS can be used this way, but I don't believe it's meant for production usage).

And personally I want a much thicker security boundary that VMs provide when it comes to critical services like network controllers. Of course that would require a slightly different setup to begin with, i.e. having UniFi in one VM, and having random containers in another VM which is how I prefer to run things at home (in general, I don't use UniFi products).