windows server containers- how we hot here and architecture deep dive
TRANSCRIPT
Windows Server Containers
John StarksPrincipal Software Engineering Lead, MicrosoftArnaud PorterieSenior Engineering Manager, Docker
Agenda
Porting DockerBy the numbersTechnical detailsMulti-arch images
Demo!TitleTitleTitle
Docker for Windows
What it isWhat it’s notTitle
System architecture
TitleTitleTitle
Docker for WindowsUnderstanding the basics
Docker for WindowsWhat it is
It’s Docker as you know itSame user experience
It’s Windows as you know itComplete environment inside the container
It’s native containersContained processes run on the host system
It’s available for testing
Docker for WindowsWhat it’s not
It’s not virtualizationDocker for Windows will not run Linux images
It’s not a different project / code baseThe existing Docker tree was ported
It’s not quite finishedRequired Windows Server 2016 (current TP4)
System architectureWindows Server Containers internals
System architectureNamespaces
Silo: extension of Windows Job objectSet of processesResource constraintsNew: set of namespaces
New namespace virtualizationRegistryProcess IDs, sessionsObject namespaceFile system
System architectureObject namespace
System-level namespace, hidden from usersC:\Windows maps to \DosDevices\C:\Windows
Contains all device entry points\DosDevices\C:\Registry\Device\Tcp
Added “chroot”, one namespace per container\Containers\foo\DosDevices\C:\Containers\bar\DosDevices\C:
System architectureFilesystem
Windows applications expect NTFS semanticsTransactions, file IDs, USN journal
Building a full union FS with NTFS semantics is hard
Hybrid modelVirtual block device + NTFS partition per containerSymlinks to layers on host FS to keep block devices small
System architectureBase image
Public Windows API delivered via DLLs, not syscalls
Highly dependent on RPC to system services
FROM scratch
Windows images must derive from Windows base imagewindowsservercore – large, nearly full Win32 compatibilitynanoserver – small, fast to boot, software may need porting
Base images are delivered separately from Docker
System architectureHyper-V containers
New in Windows Server 2016 TP4
Docker runs on host
Launches silo in a stateless, lightweight Hyper-V VM
VM invisible to userAppears like a process-based containerdocker run --isolation=hyperv
Use SMB over VMBus to provide layers, volumes
Porting DockerTwo worlds collide
Porting DockerMicrosoft contributions in numbers
319 pull requests(+) 182,315 (-) 12,113
#4 contributor in terms of pull requests#5 contributor in terms of lines of code
Porting DockerTechnical details
Go build tagsIn source: // +build windowsIn the filename: daemon/containers_windows.go
Go interfacesGraph driver (~ image storage)Execution driver
Porting DockerFuture: multi-architecture images
Example: docker pull redisWhat’s my executing OS?Not just Windows, but also ARM, …
Proposal docker/distribution#1068A new image manifest format to support multi-arch
DemoYay!
DemoA hybrid Swarm cluster
DemoA hybrid Swarm cluster
All components speak the Docker APIDocker daemon on Linux hostDocker daemon on Windows hostSwarm master (hosted on the same Linux host)
Deploying to either is just a scheduling decisionUsing Swarm constraints mechanism