Sunday, October 14, 2018

Windows Container, Docker on Windows Server

Both Docker and M $ have reportedly been able to run the Docker Container on Windows Server. For me this is quite shocking news since I always thought that running the docker engine directly on Windows (not through the Linux virtual machine) or create a container with non-Linux OS is impossible . So I decided to find out what it was.
Before going back to the previous versions of the docker and see how some of the relationship between the docker and Windows.
1. Five minutes introduction
About container it is not a new technology (not by Docker invented which it had before it a while ago with applications like chroot on Linux, jails on BSD, zone on Solaris or a technology quite The common feature of OpenVZ is that the container kernel is the shared kernel between the guest (container) and the host. Of course, the container and host OS must be identical.
To be able to create containers with properties like: (actually virtualization technologies are similar)
  • Isolation (user, process, filesystem …)
  • Limit resource (memory, cpu, I/O …)
  • Security
Prior to version 0.9, the Docker (engine) used LXC as an intermediate layer to communicate with the Linux kernel. Linux kernel provides a number of features that help create a container with the above characteristics such as namespaces cgroups AppArmor SELinux ... Since version 0.9, Docker provides a driver is libcontainer allows Docker engine to communicate directly to the kernel of Linux without the LXC through (LXC is an option)
 depend on Linux. The docker's source code is written in Go, which can be compiled into binary and runs on Windows normally, see also pull request
2.2 Docker engine
In the first version, in order to run the docker engine on Windows you can use two ways
  • Install a virtualbox, vmware, then install a Linux virtual machine (Ubuntu, CentOS) and install the docker engine on this virtual machine.
  • Using boot2docker (tinycore), boot2docker will do it for you, including the communication from Windows to the VM and into the container always.
In later versions (1.12) the docker provided Docker for Mac and Docker for Windows
The difference is that you do not have to use VirtualBox. For Macs, the Docker Engine will run on the x86 Virtual Machine (VM), which is a lightweight virtualization solution on OSX. For Windows, the Docker Engine runs on Windows' virtualization technology, Hyper-V. Both use Alpine Linux, an extremely small distribution.
In a nutshell, to run a docker engine with a Linux container on a Windows machine, you must also run the virtual machine.
3. Windows Container vs Docker
From this article Windows Containers on Windows Server and Build And Run Your First Docker Windows Server Container . I want to solve and answer three issues:
  • What is a Windows Container?
  • How can I create a Windows container (not Linux as at the beginning of the post).
  • How to use Docker Engine on Windows (Docker engine can manage Windows Container)
3.1 Windows Container
In the quick_start section , M $ introduced the Windows container similarly to the container properties above the [1] entry, meaning that it was also isolated limiting resources and creating a portable environment.
Windows Container is divided into two types:
  • Windows Server Containers: Provides a stand-alone application environment with namespace isolation. The Windows Server Container will share the kernel with the host and with all other containers
  • Hyper-V Containers: Extends the isolation mechanism provided by Windows Server Containers by running each container on an optimized VM. Of course when you run the container on the virtual machine, the Hyper-V Container does not have to share with the real machine. (Each hyper-v container will be run on a virtual machine, 10 containers will have 10 virtual machines, not sure what the OS is for the virtual machine.)
In a nutshell: Windows containers have the properties of containers, and of course the container and host must share the kernel. Windows Container will run the OS as Windows and it means that it shares the Windows kernel with the server.
3.2 How can create a Windows container
In order to run a Windows container the OS of the container and host OS must be the same. Here, of course, the OS is both Windows.
The problem is that in order to be able to provide isolated and limited resources , we need at least two features supported by the Linux kernel: namespaces and cgroups. OR Windows must do something to support certain functions. Similarly to your kernel.
According to M $'s documentation, the capabilities are new features added from Windows 10 and Windows Server 2016
Also, I found an illustration
screen-shot-2016-10-10-at-3-24-22-pm
From this picture I guess that M $ has developed some features for the Windows kernel similar to the Linux kernel to support the creation of the container. The job object has the same functionality as cgroups for resource constraints, Object Namespace Process Table Networking, and the namespace for isolation .
3.3 How to use Docker Engine on Windows
Docker Engine will help us deal with the management of objects in the container ecosystem such as container, image, volume, network. Generally when the docker runs , the docker build , the docker ps , the docker client will communicate with the docker engine to return to the corresponding tasks.
The docker engine is written in Go, so it can be build binary and run on Windows . The problem is that only Kernel support for Linux-like features is. This problem was solved by M $ in their kernel, as explained in Section 3.2. This is a commercial partnership between Docker Inc and M $
Here are some questions:
  • Docker engine for Linux and Windows is a common source code or two standalone projects.
  • The Windows kernel has good support for cgroup namespace unionfs features like Linux. If the docker engine shared the source code, does the code have a bulge in it?
I can not find the answer but I personally think the high possibility that the docker engine for these two platforms are using the same source code. If the same source code will be able to generate problems such as:
  • The two platforms are different, so the possibility of not being able to support both platforms is good
  • The code swells out and may not handle as well as the new M $ development features to support the container
4. Conclusion
  • Container is the technology by which the guest container and container host must share the kernel. So whether Windows Container or Linux Container, the guest and host must be the same OS. That is, Windows containers only run on Windows hosts, Linux containers run only on Linux hosts.
  • Docker support Windows Container enrich the Container ecosystem. However, integrating the codebase can make things even more complex
  • Since version 1.12 with integrated orchestration features on the Docker Engine , the docker has a lot of negative reactions from the community . So his personal view is that he does not appreciate this.
PS: The Windows Container itself does not have a test build and run, because I do not use Windows. It should be based on the documents of M $ and Docker.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)