by It finally happened. With release of Windows Server 2016 you can run Docker containers with Windows inside. There’s no Virtual Machine hiding somewhere in order for that to happen, or some sort of Windows emulation built on top of Linux core. It’s true Windows in true Docker, which supports Dockerfiles, docker-compose and other docker-goodies.
Limitations
However, there’re some limitations: expected and not. Because Docker containers don’t bring along own OS, but rather borrow kernel from the host, Windows container can only run on Windows 10 Pro Anniversary Update and Windows Server 2016.
Another thing is you still cannot run Linux containers natively. There’s Linux subsystem on board of Anniversary Update (which allows you to run Bash, for instance), but it’s not enough to run full blown Linux container, so you still need a VM for that.
Finally, running Windows and Linux containers side by side is a little bit tricky. If you run the following on Windows Server 2016 with Docker installed (can’t believe I’m doing that), it’ll work as expected:
However, if I try running Ubuntu container immediately after that, it’ll fail.
Windows and Linux containers are handled by different Docker engines, which share the same channel (named pipe) for communicating with Docker CLI, so only one engine can be active at the time. However, there’s beta of “Docker for Windows“, which works only on Windows 10 Pro and Enterprise, but it tries to address the issue. At the moment of writing, if you want to switch from Windows containers engine to Linux, you have to do that manually through command line or Docker config menu.
|
1 |
& 'C:\Program Files\Docker\Docker\DockerCli.exe' -SwitchDaemon |
Windows images
There’re only two base images available for Windows Containers:
You cannot build base image from scratch.
Server Core is 10 gigs monstrosity, which is basically a full blown Windows Server OS. Unless your app depends on UI, you can run it in Server Core. MS SQL or .NET Framework can get there with no problem.
Nano Server on the other hand is highly optimized and minified version of Windows Server, which comes without 32 bits support, any glimpse of UI, and even PowerShell itself is optimized, but it weights less than a gig. It’s still capable or running IIS, .NET Core and some other goodies of Microsoft world, though.
And have you ever imagined you’d see something like this in your Dockerfile?
|
1 2 |
FROM microsoft/windowsservercore RUN powershell -Command.... |
It’s Windows in freakin Docker!
Models of isolation
Windows containers can run in 2 levels of isolation:
- Windows Server Containers
- Hyper-V Containers
Containers in first isolation mode behave like traditional Docker containers – kernel is shared, processes are isolated, but still belong to host process tree, and so forth. This is the fastest way to run container on Windows.
The second approach puts container into special Hyper-V VM, which brings resource overhead, but also provides greater level of security.
Summary
This is really exciting news. Even without containerizing your products, Windows containers would be great for isolating unit test runners, development environments, demo servers and all sort of things we had to use VMs for. If Microsoft finds the way to run nanoserver containers on Linux host, I’ll forgive them discontinuing Microsoft Band 2 just two months after I bought it.
