Windows Container, Docker on Windows Server

Recently both Docker and M $ have reported that they can run Docker Container on Windows Server. For me this is pretty shocking news because I have always assumed that running docker engine directly on Windows (not through a Linux virtual machine) or creating a container with a non-Linux OS is impossible . So I decided to find out what it was.

Before starting, go back to previous versions of docker and see how some of the connections between docker and Windows are.

1. Five minutes of introduction

Regarding the container, it is not a new technology (not because Docker invented it, it has been around for a long time with applications like chroot on Linux, jails on BSD, zone on Solaris or a pretty technology. The common feature of OpenVZ is that the feature of a container is to share a kernel between guest (container) and host (real machine), so of course the OS of the container and the real machine must be the same.

To be able to create containers with properties such as: (actually virtualization technologies are similar)

  • Isolation (user, process, filesystem …)
  • Resource limit (memory, cpu, I / O …)
  • Security

Before version 0.9, Docker (engine) used LXC as an intermediate layer to communicate with the Linux Kernel. Linux kernel provides a number of features that help create a container with the above characteristics such as namespaces, cgroups, AppArmor, SELinux … Since version 0.9, Docker provides a driver is libcontainer allows Docker engine to communicate directly to the kernel of Linux without going through LXC (LXC is an option)

screen-shot-2016-10-10-at-3-23-57-pm

As you can see, it is possible to create a real-time container that can limit resources and provide security, and Docker needs Linux (Linux kernel features needed).

2. Docker with Windows

We will talk about two specific components that are client docker and docker engine .

2.1 Docker client

With docker client , there is a blog post in 2014. This article says that it is possible to run docker cli (docker client) on Windows.

In this article, I have introduced docker using client-server architecture.

Docker Client will talk to Docker Engine through a RESTful API, to execute commands like build, ship and run a container.

So nature is a client docker completely independent of Linux. The source code of docker is written in Go, can compile to binary and run on normal Windows, see more pull request

2.2 Docker engine

In the early versions, to be able to run the docker engine on Windows you can use two ways

  • Install virtualbox, vmware, then install a Linux virtual machine (Ubuntu, CentOS) and install docker engine on this virtual machine
  • Using boot2docker (tinycore), boot2docker will do all for you, including communication from Windows to VM and into the container.

In later versions (1.12) docker provides Docker for Mac and Docker for Windows

The difference is that you don't have to use VirtualBox. For Mac, Docker Engine will run on xhyve Virtual Machine (VM), xhyve is a lightweight virtualization solution on OSX. For Windows, Docker Engine runs on Windows virtualization technology, Hyper-V. Both use Alpine Linux, a very small distribution.

In short, to run docker engine with a Linux container on Windows, we have to run virtual machines anyway.

3. Windows Container vs Docker

Starting from these 2 articles Windows Containers on Windows Server and Build And Run Your First Docker Windows Server Container . I want to solve and answer 3 issues:

  • What is Windows Container?
  • How can I create a Windows container (not Linux like at the beginning of the talk).
  • How to use Docker Engine on Windows (Docker engine can manage Windows Containers)

3.1 Windows Container

In the quick_start section, M $ introduces a Windows container similar to the properties of the container above [1], meaning that it is also isolated , also limit resource and creates a portable environment.

Windows Container is divided into 2 categories:

  • Windows Server Containers: Provides a standalone environment for application with namespace isolation techniques. Windows Server Container will share the kernel with the real machine (host) and with all other containers
  • Hyper-V Containers: extend the isolation mechanism provided by Windows Server Containers by running each container on an optimized virtual machine (VM). Of course, when you run the container on the virtual machine, Hyper-V Container's kernel doesn't need to be shared with the real machine. (Each hyper-v container will be run on a virtual machine, 10 containers have 10 virtual machines, it is not clear what the OS for virtual machines is)

In summary: The Windows Container has the characteristics of containers, and of course, kernel kernel and guest host shares together. Windows Container will run OS as Windows and it will share Windows kernel with server.

3.2 How can create a Windows container

To be able to run a Windows container, the OS's container and OS's host must be the same. Of course, the OS of both is Windows.

But the problem is that to be able to provide isolated capabilities and limit resource , we need at least 2 features supported by the Linux kernel that are namespace and cgroups OR Windows must do something to support certain features that are available Similar capabilities to your kernel.

According to M $ documentation, the possibility is that these features will be added from Windows 10 and Windows Server 2016 versions

Also I have found an illustration

screen-shot-2016-10-10 at -3-24-22-pm

From this figure I guess that M $ has developed some features for Windows kernel similar to Linux kernel to support Container creation. Job objects function similarly to cgroups for limiting resources, Object Namespace , Process Table , and Networking similar to namespaces for isolation ….

3.3 How to use Docker Engine on Windows

Docker Engine will help us with tasks related to managing objects in container ecosystems such as containers, images, volume, network. Generally when running the docker run commands , docker build , docker ps , the docker client will communicate with docker engine to return us the corresponding tasks.

docker engine written in Go, so you can build binary and run on Windows . The problem is that Kernel only supports the same features as Linux. This problem has been actively addressed by M $ in their kernel, as explained in section 3.2. This is a partnership between Docker Inc and M $

Here, some questions arise:

  • Docker engine for Linux and Windows is a common source code or two independent projects.
  • Has the Kernel Windows supported the features of cgroup , namespace , unionfs like Linux yet? If docker engine has the same source code, is the code bloated or not?

I can't find the answer, but I personally think the high possibility that docker engine for these two platforms uses the same source code. If the source code is the same, then issues such as:

  • Two different platforms, so the ability to not support both platforms equally well
  • Code bulges and may not handle well because M $ recently developed features to support containers

4. Conclusion

  • The container is the technology that the guest container and the kernel share container host have together. So whether it's Windows Container or Linux Container, guest and host must be the same on OS. This means that Windows container only runs on Windows host, Linux container only runs on Linux host.
  • Docker supports Windows Container to enrich the Container ecosystem. However, if you integrate common codebase, it can make things more complicated
  • From version 1.12 with the integration of orchestration feature into Docker Engine , docker met quite a lot of bad reactions from the community . So my personal opinion is not to appreciate this.

PS: Windows Container section I have not tested creating and running, because I do not use Windows. There should be many judgments based on the documents of M $ and Docker.

ITZone via Kipalog

Share the news now