windows server containers- how we hot here and architecture deep dive
TRANSCRIPT
![Page 1: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/1.jpg)
Windows Server Containers
John StarksPrincipal Software Engineering Lead, MicrosoftArnaud PorterieSenior Engineering Manager, Docker
![Page 2: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/2.jpg)
Agenda
Porting DockerBy the numbersTechnical detailsMulti-arch images
Demo!TitleTitleTitle
Docker for Windows
What it isWhat it’s notTitle
System architecture
TitleTitleTitle
![Page 3: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/3.jpg)
Docker for WindowsUnderstanding the basics
![Page 4: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/4.jpg)
Docker for WindowsWhat it is
It’s Docker as you know itSame user experience
It’s Windows as you know itComplete environment inside the container
It’s native containersContained processes run on the host system
It’s available for testing
![Page 5: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/5.jpg)
Docker for WindowsWhat it’s not
It’s not virtualizationDocker for Windows will not run Linux images
It’s not a different project / code baseThe existing Docker tree was ported
It’s not quite finishedRequired Windows Server 2016 (current TP4)
![Page 6: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/6.jpg)
System architectureWindows Server Containers internals
![Page 7: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/7.jpg)
System architectureNamespaces
Silo: extension of Windows Job objectSet of processesResource constraintsNew: set of namespaces
New namespace virtualizationRegistryProcess IDs, sessionsObject namespaceFile system
![Page 8: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/8.jpg)
System architectureObject namespace
System-level namespace, hidden from usersC:\Windows maps to \DosDevices\C:\Windows
Contains all device entry points\DosDevices\C:\Registry\Device\Tcp
Added “chroot”, one namespace per container\Containers\foo\DosDevices\C:\Containers\bar\DosDevices\C:
![Page 9: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/9.jpg)
System architectureFilesystem
Windows applications expect NTFS semanticsTransactions, file IDs, USN journal
Building a full union FS with NTFS semantics is hard
Hybrid modelVirtual block device + NTFS partition per containerSymlinks to layers on host FS to keep block devices small
![Page 10: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/10.jpg)
System architectureBase image
Public Windows API delivered via DLLs, not syscalls
Highly dependent on RPC to system services
FROM scratch
Windows images must derive from Windows base imagewindowsservercore – large, nearly full Win32 compatibilitynanoserver – small, fast to boot, software may need porting
Base images are delivered separately from Docker
![Page 11: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/11.jpg)
System architectureHyper-V containers
New in Windows Server 2016 TP4
Docker runs on host
Launches silo in a stateless, lightweight Hyper-V VM
VM invisible to userAppears like a process-based containerdocker run --isolation=hyperv
Use SMB over VMBus to provide layers, volumes
![Page 12: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/12.jpg)
Porting DockerTwo worlds collide
![Page 13: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/13.jpg)
Porting DockerMicrosoft contributions in numbers
319 pull requests(+) 182,315 (-) 12,113
#4 contributor in terms of pull requests#5 contributor in terms of lines of code
![Page 14: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/14.jpg)
Porting DockerTechnical details
Go build tagsIn source: // +build windowsIn the filename: daemon/containers_windows.go
Go interfacesGraph driver (~ image storage)Execution driver
![Page 15: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/15.jpg)
Porting DockerFuture: multi-architecture images
Example: docker pull redisWhat’s my executing OS?Not just Windows, but also ARM, …
Proposal docker/distribution#1068A new image manifest format to support multi-arch
![Page 16: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/16.jpg)
DemoYay!
![Page 17: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/17.jpg)
DemoA hybrid Swarm cluster
![Page 18: Windows Server Containers- How we hot here and architecture deep dive](https://reader036.vdocument.in/reader036/viewer/2022062523/587430fc1a28ab72188b78d3/html5/thumbnails/18.jpg)
DemoA hybrid Swarm cluster
All components speak the Docker APIDocker daemon on Linux hostDocker daemon on Windows hostSwarm master (hosted on the same Linux host)
Deploying to either is just a scheduling decisionUsing Swarm constraints mechanism