the how and why of windows containers

The Why and How of Windows Containers@Ben_Hall

[email protected] / Katacoda.com

@Ben_Hall / Blog.BenHall.me.uk

Tech Support > Tester > Developer > Founder > Docker London Organiser

Software Development Studio

WH

O AM

I?

Learn via Interactive Browser-Based LabsKatacoda.com

Agenda• Windows Server 2016• Building and deploying Windows Containers• Differences to Linux• Hyper-V Containers• Docker API / Kubernetes / Swarm• Future

Batteries included but removable

http://windows-wallpapers.net/wp-content/uploads/images/1c/windows-98.png

2016

Currently TP5 – RTM in two weeks?

Windows Server Core

Windows Nano

Windows Containers

Windows Hyper-V

Containers

Windows Containers

Windows KernelWindows Server 2016

SQL Server MSMQ IIS /

ASP.NET Docker Engine

Windows Hyper-V Containers

Windows Kernel

Windows Server 2016

SQL Server MSMQ IIS /

ASP.NET

Windows Kernel

Windows Utility VM

Hyper-V

Docker Engine

Windows Server Core• Nearly Win32 Compatible• Same behaviour of Windows• Install all of the same tooling

Windows Nano• Stripped down• Smallest footprint• 1/20th the size of Windows Server Core• Only essential components– Hyper-V, Clustering, Networking, Storage, .Net,

Core CLR

Windows Server Core => Ubuntu Linux

Windows Nano => Alpine Linux

Windows Server Core => Legacy Apps?

Windows Nano => Modern Apps?

Installing Windows Containers

C:\> Install-WindowsFeature containers

C:\> wget -uri https://aka.ms/tp5/Install-ContainerHost -OutFile C:\Install-ContainerHost.ps1

C:\> powershell.exe -NoProfile C:\Install-ContainerHost.ps1

C:\> Install-WindowsFeature containers

C:\> Invoke-WebRequest "https://get.docker.com/builds/Windows/x86_64/docker-1.12.0.zip" -OutFile "$env:TEMP\docker-1.12.0.zip" -UseBasicParsing

C:\> dockerd --register-serviceC:\> Start-Service Docker

Microsoft

Windows Linux Subsystem• Completely unrelated• Maybe not in the future…

What is a Windows Docker Image?

PS C:\> docker imagesREPOSITORY TAG IMAGE ID CREATEDwindowsservercore 10.0.10586.0 6801d964fda5 2 weeks ago windowsservercore latest 6801d964fda5 2 weeks ago nanoserver 10.0.10586.0 8572198a60f1 2 weeks ago nanoserver latest 8572198a60f1 2 weeks ago

PS C:\> docker run -it \ windowsservercore cmd

Thank you to https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/manage_docker

Note: cmd launches a UI


Building Windows based Docker Images

PS C:\> docker run -it \ --name iisbase \ windowsservercore cmd [iisbase] C:\>


PS C:\> docker run -it \ --name iisbase \ windowsservercore cmd C:\> powershell.exe Install-WindowsFeature web-server C:\> exit

PS C:\> docker commit iisbase windowsservercoreiis 4193c9f34e320c4e2c52ec52550df225b2243927ed21f014fbfff3f29474b090

Running Windows Container

PS C:\> docker run -it \ -p 80:80 \ windowsservercoreiis cmd

docker commit is an anti-pattern

Use a Dockerfile

PS C:\> docker search windowservercore

C:\SourceCode\App> type Dockerfile

FROM microsoft/iis:10

RUN echo "Hello World - Dockerfile" > c:\inetpub\wwwroot\index.html

C:\SourceCode> docker build –t app .

PS C:\> docker imagesREPOSITORY TAG IMAGE ID CREATEDapp latest k23jjin423d 1 minutes ago iis 10 as4w9c928829 9 minutes ago windowsservercore 10.0.10586.0 6801d964fda5 2 weeks ago windowsservercore latest 6801d964fda5 2 weeks ago nanoserver 10.0.10586.0 8572198a60f1 2 weeks ago nanoserver latest 8572198a60f1 2 weeks ago

PS C:\> docker run -it -p 80:80 \ app cmd

PS C:\> docker run -it -p 80:80 \ --isolation=hyperv app cmd

FROM microsoft/windowsservercore

LABEL Description="Nginx" Vendor=Nginx" Version="1.0.13”

RUN powershell -Command \$ErrorActionPreference = 'Stop'; \Invoke-WebRequest -Method Get -Uri

http://nginx.org/download/nginx-1.9.13.zip -OutFile c:\nginx-1.9.13.zip ; \

Expand-Archive -Path c:\nginx-1.9.13.zip -DestinationPath c:\ ; \

Remove-Item c:\nginx-1.9.13.zip –Force

WORKDIR /nginx-1.9.13CMD ["/nginx-1.9.13/nginx.exe"]

FROM microsoft/dotnet35

ENV sql_express_download_url "https://download.microsoft.com/download/1/5/6/156992E6-F7C7-4E55-833D-249BD2348138/ENU/x64/SQLEXPR_x64_ENU.exe"ENV sa_password _ENV attach_dbs "[]”COPY . /WORKDIR /

RUN powershell -Command (New-Object System.Net.WebClient).DownloadFile('%sql_express_download_url%', 'sqlexpress.exe') && /sqlexpress.exe /qs /x:setup && /setup/setup.exe /q /ACTION=Install /INSTANCENAME=SQLEXPRESS /FEATURES=SQLEngine /UPDATEENABLED=0 /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /TCPENABLED=1 /NPENABLED=0 /IACCEPTSQLSERVERLICENSETERMS && del /F /Q sqlexpress.exe && rd /q /s setup

RUN powershell -Command \ set-strictmode -version latest ; \ stop-service MSSQL`$SQLEXPRESS ; \ set-itemproperty -path 'HKLM:\software\microsoft\microsoft sql server\mssql12.SQLEXPRESS\mssqlserver\supersocketnetlib\tcp\ipall' -name tcpdynamicports -value '' ; \ set-itemproperty -path 'HKLM:\software\microsoft\microsoft sql server\mssql12.SQLEXPRESS\mssqlserver\supersocketnetlib\tcp\ipall' -name tcpport -value 1433 ; \ set-itemproperty -path 'HKLM:\software\microsoft\microsoft sql server\mssql12.SQLEXPRESS\mssqlserver\' -name LoginMode -value 2 ;

CMD powershell ./start -sa_password %sa_password% -attach_dbs \"%attach_dbs%\" -Verbose

FROM microsoft/nanoserver

ENV GOLANG_VERSION 1.6ENV GOLANG_DOWNLOAD_URL "https://golang.org/dl/go$GOLANG_VERSION.windows-amd64.zip"

RUN powershell.exe -Command ; \$handler = New-Object System.Net.Http.HttpClientHandler ; \$client = New-Object System.Net.Http.HttpClient($handler) ; \$client.Timeout = New-Object System.TimeSpan(0, 30, 0) ; \$cancelTokenSource = [System.Threading.CancellationTokenSource]::new() ; \$responseMsg = $client.GetAsync([System.Uri]::new('%GOLANG_DOWNLOAD_URL%'),

$cancelTokenSource.Token) ; \$responseMsg.Wait() ; \$downloadedFileStream = [System.IO.FileStream]::new('c:\go.zip',

[System.IO.FileMode]::Create, [System.IO.FileAccess]::Write) ; \$response = $responseMsg.Result ; \$copyStreamOp = $response.Content.CopyToAsync($downloadedFileStream) ; \$copyStreamOp.Wait() ; \$downloadedFileStream.Close() ; \[System.IO.Compression.ZipFile]::ExtractToDirectory('c:\go.zip','c:\') ; \Remove-Item c:\go.zip -Force

RUN powershell.exe -Command $path = $env:path + ';c:\go\bin'; Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\' -Name Path -Value $path

ImmutableDisposable Container Pattern

Windows Updates?

Networking> docker run -it --mac="92:d0:c6:0a:29:33" \ windowsservercore cmd

> docker run –it -p 8082:80 \ windowsservercore cmd

> Multi-host out the box

Persisting Data – Data Volumes

> docker run –v <host-dir>:<container-dir> image

-v C:\source:C:\dest

-v C:\container-share\config.ini

-v d:

Limit CPU Shares> docker run -it --cpu-shares 2 \ --name dockerdemo \ windowsservercore cmd

Powershell APIPS C:\> Get-ContainerImageName Publisher Version IsOSImage---- --------- ------- ---------NanoServer CN=Microsoft 10.0.10584.1000 TrueWindowsServerCore CN=Microsoft 10.0.10584.1000 True

PS C:\> New-Container -ContainerImageName WindowsServerCore -Name demo -ContainerComputerName demo

Name State Uptime ParentImageName---- ----- ------ ---------------demo Off 00:00:00 WindowsServerCore

What’s happening under the covers?

{ "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.image.manifest.v2+json", "size": 7143, "digest": "sha256:e692418e4cbaf90ca69d05a66403747baa33ee08806650b51fab815ad7fc331f", "platform": { "architecture": ”amd64", "os": "linux", } }, { "mediaType": "application/vnd.docker.image.manifest.v2+json", "size": 7682, "digest": "sha256:5b0bcabd1ed22e9fb1310cf6c2dec7cdef19f0ad69efa1f392e94a4333501270", "platform": { "architecture": "amd64", "os": ”windows", "features": [ "sse4" ] } } ]}

No Containerd / RunC

Introducing the Compute Service

http://www.slideshare.net/Docker/windows-server-and-docker-the-internals-behind-bringing-docker-and-containers-to-windows-by-taylor-brown-and-john-starks

[DllImport("vmcompute.dll", PreserveSig = false, ExactSpelling = true)]

IntPtr computeSystem;h.CreateComputeSystem(id, JsonHelper.ToJson(hcsSettings), IntPtr.Zero, out computeSystem);return Container.Initialize(id, computeSystem, settings.KillOnClose, h);

Windows Hyper-V Isolation

Windows Hyper-V Isolation• Problem: Shared Kernel• Solution: Super lightweight virtual machines

• Intel Clear Containers• Ubuntu LXD• IBM are working on something

PS C:\> docker run -it -p 80:80 \ --isolation=hyperv app cmd

1) Windows starts 'Utility VM‘ and freezes state2) Forks VM state, brings up a fresh second VM3) Launches container on VM

Properties of Windows Utility VM• Invisible to Docker and containers• All writes are degraded• Separate Kernel to host• SMB file share to access host data

• In the future used for Linux containers?

Now Available• Windows 10 Insider Release

• https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start_windows_10

https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start_windows_10




Running Containers in Production

https://stefanscherer.github.io/build-your-local-windows-docker-swarm/

Constraint Scheduler$ docker run \ -e constraint:ostypelabel==windowscompat \ windowservercore cmd

$ docker run \ -e constraint:ostypelabel==linuxcompat \ ubuntu bash

Microsoft, Apprenda, Red Hathttps://github.com/kubernetes/kubernetes/issues/22623

Mesosphere DC/OS

Powering Azure Container Service

Host Fingerprinting• Constraints based deployment

• Container is based on Nano Server, within cluster, deploy to server capable of running Nano Server (ie. Windows Server 2016)Host Fingerprinting

The Future?

SQL Server as a Container

Visual Studio as a Container?

Everything as a Container

Deploy Anywhere

www.katacoda.com

Next Steps• Katacoda

• Microsoft Ignite Conference in two/three weeks

• Windows Server 2016 on Azure

• Windows 10 Insider Release

Thank you!

@[email protected]

www.Katacoda.com

the how and why of windows containers

Engineering