Docker Container in Linux and Windows

Exploring the wilderness of Docker Containers in Linux and Windows

Containers in Linux by themselves are confusing with plenty of terminology. Add Windows to the mix and you have a soup of Linux container jargon topped with Windows quirks.

Since Containers and Docker developed rapidly, there is plenty of official and unofficial resources out there, many of which are now superseded or even obsolete. As there is no official documentation on the evolution, it’s very hard to gauge the validity of some of the information in the current state. This is an attempt to parse all the references and extract the relevant information.

Further, there are plenty of resources online to explain the concept of Docker and Containers. This is not one of them. Here I’m just trying to consolidate all the disparate information into one webpage (pardon the pun) “Container”.

Background
Container Image
Container Runtime
Container
    Linux Container
    Windows (Server) Container
Docker
Docker Engine
Docker Compose
Docker Machine
Terminology for Windows
    Virtualization
    Virtual Machine
    Hypervisor
    Hyper-V
    WSL (Windows Subsystem for Linux)
    WSL 2 (Windows Subsystem for Linux 2)
    VHD (Virtual Hard Disk)
Docker (installation) for Linux
    Docker Engine
Docker (installation) for Windows
    Docker Engine
    Docker Toolbox
    Docker Desktop
Docker (execution) on Linux
    Run Linux Container
    Run Windows Container
Docker (execution) on Windows
    Run Linux Container
        VirtualBox (Docker Toolbox)
        Hyper-V backend (Docker Desktop)
        WSL2 backend (Docker Desktop)
    Run Windows (Server) Container
        Process Isolation
        Hyper-V isolation
Virtualization conflicts
Getting started with Containers
Conclusion
References

Background

Containers evolved in the Linux ecosystem using pre-existing Linux kernel features. So containers on Linux are pretty straight forward to understand. As always, not to be left behind, Windows jumped into the fray much later. So native windows containers started only in 2016. Until then, it was all about running Linux containers on Windows using virtualization.

Container Image

It is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings – as well as basic instructions for starting the application. It is a read-only template with instructions for creating a container.

Container Runtime

It is a program that takes a container image, unbundles it and runs the application found inside in an isolated environment. A container runtime is responsible for all the parts of running a container that isn’t actually running the program itself.

Container

It is a runable instance of an image, which is the unbundled image, executing in the isolated environment by the runtime.
A container is considered “native”, if it can run directly on the host operating system.

Linux Container

A Linux application that runs in an isolated Linux environment.
This same container can be run on a Windows OS using virtualization to emulate a Linux environment, but the container is still running on Linux.

Windows (Server) Container

A Windows application that runs in an isolated Windows environment. Note that container images can only be based on Windows Server Core and Nanoserver, not Windows 10.
Theoretically, you can run a Windows VM on Linux and run the Windows container. Practically, there is no easy setup for it.

Docker

Container is not equal to Docker. Docker is just one (and popular) container implementation.

Docker Engine

When people say “Docker” they typically mean Docker Engine.

It is the Docker application which provides tooling and a platform to manage the lifecycle of containers – build, transport, deploy and run. For native container support, Docker Engine for the OS platform is sufficient. It consists of:

  • dockerd or Docker daemon: A server which is a type of long-running program in the background. The daemon creates and manages Docker objects, such as images, containers, networks, and volumes.
  • docker or Docker CLI: A Command Line Interface to control or interact with the Docker daemon through scripting or direct CLI commands.

Docker started on Linux. It takes advantage of several pre-existing features of the Linux kernel to deliver its functionality. Since there is no such thing as Linux containers in the kernelspace, containers are various kernel features tied together.

  • Namespace provides the isolated workspace called the container.
  • Control Group or cgroup limits an application to a specific set of resources.
  • Union File System or UnionFS operate by creating layers, making them very lightweight and fast.

More recently, in collaboration with Microsoft to support Containers natively in Windows, the equivalent of namespaces, control groups and file system extensions were implemented in the Windows kernel.

Docker Engine combines the namespaces, control groups, and UnionFS into a “low level runtime”. Features around image formats, image management, and sharing images are made available in a “high level runtime”. runc emerged as the low-level container runtime, containerd became the high-level daemon for image management.

Docker Compose

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from the configuration.

Docker Machine

It’s a superseded product, a fancy way of saying that it is no longer actively developed.

Docker Machine is a tool for provisioning and managing the Dockerized hosts (hosts with Docker Engine on them). Typically, you install Docker Machine on your local system. Docker Machine has its own command line client docker-machine and the Docker Engine client, docker.

Docker Machine was the only way to run Docker on Windows previous to Docker v1.12. Starting with Docker v1.12, Docker Desktop for Windows is available as native applications and the better choice for this use case on newer desktops and laptops.

Terminology for Windows

Docker evolved on Linux. Much of the confusion arises with Docker trying to support containerization on Windows. So before we talk about Docker on Windows, more terminology needs to be introduced.

Virtualization

It is the process of creating a software-based, or virtual, representation of something – hardware, storage, networks etc. Virtualization relies on software to simulate hardware functionality and create a virtual computer system.

Virtual Machine

It is the software emulation of a computer system.

Hypervisor

Also known as Virtual Machine Monitor or VMM, it is software that creates and runs Virtual Machines (VMs).

  • Type 1 or Bare Metal Hypervisor acts like a lightweight operating system and runs directly on the host’s hardware. E.g. Microsoft Hyper-V, VMware ESXi.
  • Type 2 or Hosted Hypervisor runs as a software layer on an operating system, like other computer programs. E.g. VirtualBox, VMware Player, VMware Workstation.

Hyper-V

It is Microsoft’s Type 1 (bare metal) hypervisor.

WSL (Windows Subsystem for Linux)

A compatibility layers that lets you run Linux binaries on Windows without a VM. WSL translates the Linux system calls from the process to Windows kernel calls. It is limited to Linux command line interface.

WSL 2 (Windows Subsystem for Linux 2)

Unlike WSL 1, which runs as a translation layer, the WSL 2 has a Hyper-V based virtual machine with an actual Linux Kernel that can immediately react to system calls. Such an architecture enables Full System call capabilities. So it is a lightweight Linux VM integrated directly in Windows.

VHD (Virtual Hard Disk)

It is a common virtual drive format used on Windows systems. Generally, it is used to install Virtual Machine operating systems such as in VirtualBox or Hyper-V. However, you can also create and use VHDs just like a native drive partition on Windows 10 or 7 systems.

Docker (installation) for Linux

Docker Engine

Installation of Docker Engine which provides Docker daemon and CLI client is all you need.

Docker (installation) for Windows

Docker Engine

You can use a OneGet provider PowerShell module published by Microsoft called the DockerMicrosoftProvider. This provider enables the containers feature in Windows and installs the Docker engine and client. This will support only native Windows containers.

Docker Toolbox

Supports only Linux containers. This is a legacy desktop solution and provides a way to use Docker on Windows systems that do not meet minimal system requirements for the Docker Desktop for Windows application. Because the Docker Engine daemon uses Linux-specific kernel features, you can’t run Docker Engine natively on Windows. Instead, you must use the Docker Machine command, docker-machine, to create and attach to a small Linux VM on your machine. This VM hosts Docker Engine for you on your Windows system.

Docker Desktop

Allows you to switch between Linux and Windows containers. It includes Docker Engine, Docker CLI client and Docker Compose.

Docker (execution) on Linux

Run Linux Container

Docker Engine has all the required tools and runtimes.

Run Windows Container

Though this is theoretically possible by having a Windows VM, there is hardly any need or support for it.

Docker (execution) on Windows

Run Linux container

To run a Linux container, it requires a Linux kernel. Docker offers many variants, but what remains common is the need to run a VM, explicitly (VirtualBox) or implicitly (Hyper-V).

Once Microsoft makes WSL 2 generally available, Docker plans to enable the WSL 2 engine on all supported Windows versions by default. It will still support the Hyper-V backend until Microsoft stops supporting Windows versions without WSL 2 though, but only as a fallback mechanism.

VirtualBox (Docker Toolbox)

A VirtualBox (type 2 hosted VM) is installed with a lightweight Linux. Docker Engine is then installed in this VM.

Hyper-V backend (Docker Desktop)

Hyper-V runs a Linux VM. This Linux VM is entirely built using LinuxKit. Before starting the VM, a VHD is attached to store container images and configs.

WSL2 backend (Docker Desktop)

The new WSL2 backend design is very close to the Hyper-V backend, with the difference that the LinuxKit distro is not run in a VM but in a container. There are in fact 2 distros being run. From a high level perspective, the bootstrapping distro essentially replaces Hyper-V, while the data store distro replaces the VHD.

Run Windows (Server) Container

Process Isolation

This is the “traditional” isolation mode for containers. With process isolation, multiple container instances run concurrently on a given host with isolation provided through namespace, resource control, and process isolation technologies. When running in this mode, containers share the same kernel with the host as well as each other. This is approximately the same as how Linux containers run.

Hyper-V isolation

This isolation mode offers enhanced security and broader compatibility between host and container versions. With Hyper-V isolation, multiple container instances run concurrently on a host; However, each container runs inside of a highly optimized virtual machine and effectively gets its own kernel. The presence of the virtual machine provides hardware-level isolation between each container as well as the container host.

Virtualization conflicts

Enabling Hyper-V may cause conflicts with hosted VMs like Oracle VirtualBox and VMWare Player/Workstation, where the hosted VMs will fail. There are now blogs that claim Hyper-V and hosted VMs can coexist for certain versions of Windows with new versions of hosted VMs. It is not clear until there is official documentation from either Microsoft or VM vendor(s). So Docker on Windows becomes risky if you rely on hosted VMs for other work.

Getting started with Containers

If your goal is to just learn and explore Containers, Linux (provided you are comfortable with it) is the best option. It’s very easy to install Docker Engine and get started.

Even if your primary machine is Windows, it is better to explicitly install a hosted VM with a Linux distribution and Docker Engine. So there will be no Windows complications, confusion and conflicts. Also, the Windows Docker implementation is new. Given the history of Windows delivering premature unstable products, use it at your own risk. Furthermore, Docker is primarily a command line interface, so running on Windows doesn’t add much value. If you are not familiar with PowerShell, you’ve got another unknown to deal with.

Conclusion

Docker is evolving and the technology stack can change rapidly. If you find inaccuracies or obsolete information, please share your comments so this post can be updated.

References

  1. Docker: What is a container?
  2. From Docker to OCI: What is a container?
  3. Docker: Overview and Docker Engine
  4. Microsoft: Docker Engine on Windows
  5. Docker vs. containerd vs. Nabla vs. Kata vs. Firecracker and more!
  6. An Introduction to Container Runtimes
  7. Docker: What is containerd?
  8. An Overall View On Docker Ecosystem — Containers, Moby, Swarm, Linuxkit, containerd & Kubernetes
  9. What is Windows Subsystem for Linux (WSL and WSL2)?
  10. Microsoft: Install Docker Engine for Windows
  11. Docker: Install Docker Toolbox on Windows
  12. Docker: Introducing the Docker Desktop WSL 2 Backend
  13. Microsoft: Using Docker in WSL 2
  14. Docker: Introducing Docker for Windows Server 2016
  15. The Differences Between Linux and Windows Containers
  16. How to use VirtualBox and Hyper-V together on Windows 10
  17. Run Hyper-V, VirtualBox and VMware on same Computer
  18. StackOverflow: Can Windows Containers be hosted on linux?
  19. StackOverflow: If Docker runs natively on windows, then why does it need hyper-v

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s