If you're talking about k8s or similar, the initial time investment is heavy. After that though, it's not very hard to get containers running with HA, better network segmentation and compatibility across run times. Containers are a lot more portable too, and allow granular levels of isolation and security.
Also, I personally think SELinux is somewhat hard to do well.