Hi @Justin Millette. It isn't possible to support multiple in-process Python virtual environments simultaneously. This is because a Python virtual environment is defined at the operating system level, not the application level. A virtual environment consists of a specific Python executable and a set of associated libraries running within an OS-level process. Since IRIS itself is an OS-level process, it can only host a single Python interpreter when running Python code in-process. Supporting multiple virtual environments in this context would require multiple OS processes, which would negate the benefits of embedded execution. If you really need virtual environments, use normal client-side Python. 

Sounds like it's more accurate to say you want to exclude web applications that ship with IRIS, not only those that are of type "System." 

Using the security.applications table @David Hockenbroch mentioned, I'd exclude those from  namespaces InterSystems uses for product, e.g.:

SELECT name,namespace,resource,type FROM security.applications 
WHERE NameSpace not in ('%SYS','HSSYS','HSLIB','HSCUSTOM')

Let me comment separately on the venv question. Remember, you could choose to run your flask app in a separate container and use Docker compose to orchestrate the containers. That will give you all the normal venv options.

If, however, you choose to run your flask app embedded in IRIS (running using embedded Python), you are running in-process with IRIS, and that process can't load and unload Python virtual environments while maintaining the benefits of running in embedded mode, so therefore the implication for containerization is that yes you do have to create a new base image when you want to add a package, but that's the tradeoff.

Have you seen https://github.com/grongierisc/iris-flask-template? This agrees with a lot of what you found out, but might be a little simpler. The only thing I changed for my work is my pip3 install command in Dockerfile adds a --target as recommended by @Dmitry Maslennikov:

RUN pip3 install -r requirements.txt --target /usr/irissys/mgr/python

As @Brett Saviano says, if you simply need to work with JSON data, use dynamic objects. If your question is really about the future of data-centric web development with InterSystems, let me step back and offer a higher level viewpoint. %ZEN has been deprecated because it requires some browser features that have been deprecated and may go away at any time. Therefore, we cannot continue to recommend usage to our developers when browsers could break Zen applications and any moment. The DeepSee v3 REST API uses %ZEN classes because it has not been rewritten since the deprecation. 

Zen was developed a long time ago, and many great application development frameworks have gained popularity since then. There are examples of Angular, React, Django and more recently, Streamlit being used in conjunction with IRIS.

There doesn't seem to be a strong desire for offering a proprietary web development framework that could never achieve feature parity with those mass market offerings, and could only beat them in providing faster, more efficient access to the data layer. But I'd love to hear more voices from the community on this topic.