I am trying to devise some best practices for containers that should be immutable.
I know that state should mostly be in named volumes, but here I would like some opinions about /etc:
Note that sometimes there is mutability on /etc : For example I have containers where I add users for ssh login (large containers with applications)
Putting /etc on a named volume makes container upgrading hard: If I update something that needs a new /etc configuration file which I did not mutate, then I need to control for that.
Not putting /etc on a named volume means taking explicit control of mutated files there (copying them somewhere and restoring them on container restart.
Any opinions on how to deal with /etc mutability that one wants to store?