Docker源自Linux核心的系統層功能,如控制資源的控制群組機制cgroups、命名空間Namespaces,還有實現層級化功能的共通檔案系統AUFS等,這些都是在Windows所沒有的功能。
類型1:Windows Server容器
微軟設計了兩種容器,第一種稱為Windows Server容器,這很像是Linux上的Docker容器,和其他容器共用同一套Host作業系統的核心。也可以使用Dockerfile來建立描述性的映象檔。
類型2:Hyper-V容器
另一種Windows容器稱為Hyper-V容器,像是一個包在Hyper-V特殊型VM內的Windows Server容器,會有一份專屬OS核心,而不與其他容器共用Host核心。和Windwos Server容器一樣支援相同的Dockerfile映象檔。
微軟首先在新版Windows 中實現了容器需要的三種系統層機制,
控制群組機制(微軟稱為Job objects),
命名空間機制(包括了Object Namespace、Process Table和Networking)
以及層級能力,來提供作業系統層級的運算服務層(Compute Service),
才在Windows上打造出了能與Docker 相容的Container技術。
不只是重現Linux機制,微軟還得兼顧與Windows的相容性,理,例如在命名空間的設計上,微軟除了增加了Silo\來管理Windows系統資源的起點,如\Silos\foo,也將Windows環境下常用的目錄如C:\或C:\Windwos,在Windows容器中,也改由Object namespace來管理,變成了\DosDevices\C:和\DosDevices\C:\Windwos等存取路徑。
微軟設計了兩種Windows Container(簡稱Windows容器),
一種共用系統核心資源的Windows Server Container(簡稱Windows Server容器),
另一種則是有自己獨立系統核心資源的Hyper-V Container(簡稱Hyper-V容器)。
Windows Server容器更像是Linux上的Docker容器,和其他容器共用同一套Host作業系統的核心,
而Hyper-V Container則會有一份專用的作業系統核心,而不會共用Host核心。在同一個作業系統環境中,可以同時執行這兩類的Windows容器。
在Windows作業系統內的Docker引擎,可以呼叫這些Windows系統層級的運算服務來執行和管理Windows容器,就如同在Docker引擎在Linux環境中透過containerd和runc服務來管理Linux容器一樣。從載入Docker映象檔來布建應用的流程來看,Docker引擎成了開發者唯一要面對的作業系統環境抽象層,而不用擔心底層容器技術如何運作,幾乎所有的Docker指令都同樣可以在Windows環境下執行,只有少數指令的運作和Linux環境不同,例如不支援FROM scratch指令。
Windows容器的Dockerfile有點不同
Windows容器同樣也可以使用Dockerfile來建立描述性的映象檔,來將Windows基礎架構配置程式化,微軟還推出了支援Docker的PowerShell指令,可用於命令列模式下,搭配Docker指令來管理Windows容器。
幾乎大多數Docker指令可用於Windows環境中,例如要注意反斜線逸出如WORKDIR c:\\Apache24\\bin才有效。另外,可以在Dockerfile檔中用RUN powershell.exe來執行PowerShell指令設定環境配置。這也意味著Linux環境的Dockerfile得費一番功夫調整才能用於Windows環境。
目前,Windows容器的Dockerfile只能使用兩種基礎映象檔(Base image)來建立容器,一個是windowservercore基礎映象檔(檔案超大約6 GB,但相容性高)和nanoserver基礎映象檔(檔案小約5百MB,啟動速度快,簡單API介面),而無法使用Linux類基礎映象檔,如Docker開發者慣用的Ubuntu,來建立Windows容器。使用這兩種基礎映象檔建立的Dockerfile都可用來建立Windows Server容器或Hyper-V容器。
微軟目前正式推出的是Docker on Windows,可以做到在Windows上能跑Docker,包括Window Server 2016和Windows 10都已支援,但微軟下一步想要實現的是Docker for Windows,能夠將Docker技術高度整合到Windows內,做到可以同時在Windows環境內執行任何類型的Docker容器,也就是能同時執行Windows類容器和Linux類容器,如此一來就「可以在Windows上平行執行Windows應用和Linux應用了」。
Container is a kitchen
Imagine a kitchen. We package up all the appliances and furniture, the pots and pans, the dish soap and hand towels. This is our container
We can now take this container and drop it into whatever host apartment we want, and it will be the same kitchen. All we must do is connect electricity and water to it, and then we’re clear to start cooking (because we have all the appliances we need!)
Container Fundamentals
An application or process which runs in a container is packaged with all the required dependencies and configuration files;
The following key concepts will be helpful as you begin creating and working with Windows Containers.
Container Host: Physical or Virtual computer system configured with the Windows Container feature. The container host will run one or more Windows Containers.
Container Image: As modifications are made to a containers file system or registry—such as with software installation—they are captured in a sandbox. In many cases you may want to capture this state such that new containers can be created that inherit these changes. That’s what an image is – once the container has stopped you can either discard that sandbox or you can convert it into a new container image. For example, let’s imagine that you have deployed a container from the Windows Server Core OS image. You then install MySQL into this container. Creating a new image from this container would act as a deployable version of the container. This image would only contain the changes made (MySQL), however it would work as a layer on top of the Container OS Image.
Sandbox: Once a container has been started, all write actions such as file system modifications, registry modifications or software installations are captured in this ‘sandbox’ layer.
Container OS Image: Containers are deployed from images. The container OS image is the first layer in potentially many image layers that make up a container. This image provides the operating system environment. A Container OS Image is immutable. That is, it cannot be modified.
Container Repository: Each time a container image is created, the container image and its dependencies are stored in a local repository. These images can be reused many times on the container host. The container images can also be stored in a public or private registry, such as DockerHub, so that they can be used across many different container hosts.
refer:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/
For example, you can use containers to spin up light-weight and portable app components – or ‘micro-services’ – for distributed apps and quickly scale each service separately.
