Let’s say you do like me and configure multiple LXCs and VMs in Proxmox to keep your services segregated, and you want to run Docker services on all of them… Portainer (plus Portainer Agent on all the different hosts) lets you manage deployment across everything from one central UI. That plus Watchtower on all your hosts to keep all your containers fresh and up to date, and Pushover to send you push notifications as updates are happening… it’s pure magic.
In hindsight maybe not a ton, but my thinking going into it was that if one container were to get compromised, the attacker would find less other stuff on each host. So the most logical way I could see to segregate my services was by purpose (media, productivity, bitcoin etc)