We’ll try to understand the current state of Docker on Windows by demystifying the differences between the Docker experience on Windows and Linux. In today’s article, we will begin with launching our first Windows container on Windows Server 2019, and along the way, we will go through some current aspects of Docker on Windows.
When Docker first released a containerization product, they started with Linux as a base platform. In 2014, Docker and Microsoft announced partnership to provide a consistent platform to build, ship, and run any application. On Windows Server 2016, Docker and Microsoft came out with container technology that provided a consistent experience across both Linux and Windows Server environments.
In 2017, they released Docker Swarm with the ability to create mixed Windows Server and Linux clusters. In 2018, this release followed with added support for the Semi-Annual Channel (SAC) Windows Server 1709 and 1803 versions. With Windows Server 2019 (the 1809 build), Microsoft managed to bring the containers to Windows on par with containers on Linux systems.
At present, thousands of enterprise customers are widely using Docker on Windows in production environments. However, there’s always been a subtle functionality difference between Windows containers and Linux containers. Microsoft Windows Server is closing that gap rapidly with new releases.
Install the Hyper-V feature
On Windows platforms, you can run containers in two modes: process isolation and Hyper-V isolation. In process isolation mode, containers share the OS kernel with the host and hence are lightweight and similar to how containers work on Linux systems.
Conversely, in Hyper-V isolation mode, each container runs inside a special minimal virtual machine. Thus, it provides secure kernel-level isolation and enhanced compatibility. You need to enable Hyper-V in the host OS to run containers in Hyper-V isolation mode.
When we install Docker on a Windows server, the default mode of operation is process isolation. And enabling Hyper-V is optional. However, if we need to run Linux containers, enabling Hyper-V is required.
The second factor that determines whether to go for the Hyper-V feature is the OS build. Windows containers need to have the same build version as the version of the container host OS they run on. Container images tagged as 1809 would work on the latest 1809 Windows version builds. However, if we have built container images on a lower version of Windows than the container host OS, we can run these containers with Hyper-V isolation, which requires enabling Hyper-V.
You can install Hyper-V on Windows Server using the PowerShell command below:
Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart
Also, we need to note here that we can switch between process isolation and Hyper-V isolation during runtime using the parameter isolation while spinning up Docker containers
Container host prerequisites
Though this article’s scope is for Windows Server 2019 (1809), the steps demonstrated here could also very well apply to other Windows Server builds, including Windows Server version 1803, Windows Server version 1709, and Windows Server 2016.
If you want to use Hyper-V isolation in your container, you need to enable virtualization in the hosting platform. If the container host is running on hardware, you need to enable the hardware virtualization feature, such as Intel VT-x, in BIOS. And if the container host is running from Hyper-V or from a cloud environment, you need to enable nested virtualization in the base platform.
Install the containers feature
For containerization to work, you need to install the Windows container feature on the Windows container host. Use the command below to install the containers feature and reboot the computer.
Install-WindowsFeature containers -Restart
Docker consists of two major components: the Docker engine and the Docker client. The Docker engine is available in two editions: Docker Engine CE and Docker Engine EE. The Docker Engine CE is a free product. Conversely, the Docker Engine EE requires a license. The diagram below illustrates the architectural difference between the two.
From a user-experience perspective, Docker provides two sets of products or packaged bundles: namely, Docker Desktop and Docker Enterprise.
As for Docker Desktop Community/Enterprise, they designed this product set considering developers and a development environment in mind. Docker Desktop provides an installation wizard, a management UI, and several other utilities for improving deployment. Docker Desktop is supported on Windows 10 and Mac. It comes with the Docker Engine CE or EE depending on the product tier we choose.
Docker targets its enterprise product suite toward production environments. This includes the Docker enterprise engine along with its certified plug-ins, well-integrated product line, and trusted repositories. Overall, it aligns with the enterprise requirements for use in a production environment.
In this article, we are going to install Docker Engine EE on Windows Server 2019. To get the full functionality of the EE edition, we need to purchase the EE license from Docker.
The process for installing Docker EE on Windows Server is quite simple with the introduction of the OneGet provider PowerShell Module. As a first step, install the Docker-Microsoft PackageManagement Provider module from the PowerShell Gallery.
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
We can use the commands below to view the installed package provider and the Docker package made available through it.
Get-PackageProvider -ListAvailableget-packagesource -ProviderName DockerMsftProvider
Next, we will use the PackageManagement PowerShell module command Install-Package to install the latest version of Docker.
Install-Package -Name docker -ProviderName DockerMsftProvider
After installing the Docker package and we have our command prompt back, we need to start the Docker service using the command below.
When we run the Docker service for the first time, it creates a virtual switch/interface viewable through our Control Panel pane.
Also, we can verify the Docker virtual network creation using the Docker command below. The default name of the bridge or switch in a Windows environment is NAT.
docker network ls
This virtual switch lays the foundation of networking for containers to communicate with each other as well as talk with the container host.
Next, we can run the Docker version command to check the details of our deployment setup. We can verify the Docker engine and client version from the command output.
And lastly, to confirm the Docker client-engine communication is working fine and installation is complete, run the command docker info. This provides us with system metadata along with the current container stats.
Launch a Windows container on Windows Server 2019
Now that we have completed the installation and verified everything is working smoothly, it’s time to run our first Windows container on Docker.
Here we need to consider two factors. First, we can create Windows container images with four container base images: Windows Server Core, Nano Server, Windows, and IoT Core.
When we spin a container from these images, we need to verify the compatibility between the container host OS and the container base image. In other words, containers based on Windows Server Core, Nano Server, or Windows as the base image can run on a Windows 2019 container host. However, a container based on an IoT Core image cannot run on Windows Server 2019. An IoT Core container requires Windows IoT Core as a container host.
Second, to repeat, Windows containers need to match the version of the container host OS. Container images with the 1809 tag work with the latest Windows versions. However, if we have container images built on a lower version of Windows than the container host OS, we can run these containers with Hyper-V isolation
Considering these two factors, let’s verify the build version of our container host with this command: winver
As the container host build version is 1809, let’s try to download a Nano Server image from the Microsoft image/container registry to the local machine:
docker image pull mcr.microsoft.com/windows/nanoserver:1809
We can verify the locally available image along with its metadata information, such as size, image ID, and creation date:
docker image ls
We can use the downloaded image for baking our application into it and creating a new container. But for simplicity, let’s launch a basic container that will run just a simple command inside the OS and exit:
docker container run mcr.microsoft.com/windows/nanoserver:1809 hostname
This command created a new container from the Windows Nano Server image, and the container outputted the machine name of the container, a random ID set by Docker. To see more information about the container we created just now, run the command below.
docker container ls -a
Thus, we have launched a Windows container on Windows Server 2019, considering some factors for Docker on Windows. In the next article, we’ll discuss Linux containers on Windows (LCOW), LinuxKit, Windows Subsystem for Linux 2 and how to run your first Linux container on Windows Server 2019.