Date post: | 15-Apr-2017 |
Category: |
Technology |
Upload: | arnaud-porterie |
View: | 553 times |
Download: | 1 times |
Windows Server Containers
John StarksPrincipal Software Engineering Lead, Microsoft
Arnaud PorterieSenior Engineering Manager, Docker
Docker for WindowsSystem architecturePorting DockerDemos!
Agenda
Docker for WindowsUnderstanding the basics
Docker for Windows
4
What it is
It’s Docker as you know itSame user experience
It’s Windows as you know itComplete environment inside the container
It’s native containers Contained processes run on the host system
It’s available for testing
Docker for Windows
5
What it’s not
It’s not virtualizationDocker for Windows will not run Linux images
It’s not a different project / code base The existing Docker tree was ported
It’s not quite finishedRequired Windows Server 2016 (currently TP3)
System architectureWindows Server Containers internals
System architecture
7
Basics
Abstraction layer between Docker and kernel execdriver -> hcsshim -> vmcompute -> ???Internals generally not exposed
Shared kernelResource controls Namespaces
System architecture
8
Namespaces
Silo: extension of Windows Job object Set of processes Resource constraints New: set of namespaces
New namespace virtualizationRegistryProcess IDs, sessionsObject namespaceFile system
System architecture
9
Object namespace
System-level namespace, hidden from users C:\Windows maps to \Global??\C:\Windows
Contains all device entry points\Global??\C: \Registry \Device\Tcp
Added “chroot”, one namespace per container \Containers\foo\Global??\C: \Containers\bar\Global??\C:
System architecture
10
Filesystem
Windows applications expect NTFS semantics Transactions, file IDs, USN journal
Building a full union FS with NTFS semantics is hard
Hybrid model Virtual block device + NTFS partition per containerSymlinks to layers on host FS to keep block devices small
System architecture
11
Base image
Public Windows API delivered via DLLs, not syscalls
Highly dependent on RPC to system services
FROM scratch
Windows images must derive from Windows base image windowsservercore – large, nearly full Win32 compatibilitynanoserver – small, fast to boot, software may need porting
Base images are delivered separately from Docker
System architecture
12
Hyper-V containers
New in Windows Server 2016 TP4
Docker runs on host
Launches silo in a stateless, lightweight Hyper-V VM
VM invisible to userAppears like a process-based containerdocker run --isolation=hyperv
Use SMB over VMBus to provide layers, volumes
Porting DockerTwo worlds collide
Porting Docker
14
Microsoft contributions in numbers
319 pull requests(+) 182,315 (-) 12,113
#4 contributor in terms of pull requests #5 contributor in terms of lines of code
Porting Docker
15
Technical details
Go build tagsIn source: // +build windows In the filename: daemon/containers_windows.go
Go interfaces Graph driver (~ image storage) Execution driver
Porting Docker
16
Future: multi-architecture images
Example: docker pull redis What’s my executing OS?Not just Windows, but also ARM, …
Proposal: docker/distribution#1068A new image manifest format to support multi-arch
Demo 1Yay!
Demo 2A hybrid Swarm cluster
Demo
19
A hybrid Swarm cluster
Demo
20
A hybrid Swarm cluster
All components speak the Docker API Docker daemon on Linux hostDocker daemon on Windows hostSwarm master (hosted on the same Linux host)
Deploying to either is just a scheduling decisionUsing Swarm constraints mechanism