In the recent days I was rather confused about native Docker for Windows. What are the conditions to run a Docker image on Windows? Linux image or Windows image? Docker on Windows needs Hyper-V, but on my development box I need VMWare Workstation to run testing virtual machines, VMWare does not play with Hyper-V, so how can I use Docker on Windows for the cool new things?
I found out that a lot of my confusion had to do with bad product naming…
There is the Docker Toolbox for Windows (Docker up to 1.11) which is basically a Windows Docker client talking to a Docker server (daemon) running in a Linux VirtualBox environment executing Linux images. I found that rather confusing and unnecessary, I thought it was easier to set up the Linux virtual machine by myself and just use Docker for Linux within the virtual machine.
With Docker 1.12 native support for Windows was announced, requiring an enabled Hyper-V role on the Windows machine. This is a native Windows Docker Client talking to a native Windows Docker Daemon executing Linux images. Wait! Linux images on Windows? Yes, Docker uses Hyper-V to run a minimal Alpine Linux distribution, also known as the “MobyLinuxVM”. In Docker for Linux any container shares the Linux kernel with the host. In Docker for Windows 1.12 the container does not share the kernel with the host (obviously, since this is Windows) but shares the kernel with the Alpine Distribution running under Hyper-V.
Running native Windows Docker images is currently possible with the beta version 26 and higher of Docker, as a small footnote on the download page announces. With this version it is possible to switch between Linux containers and Windows containers by right clicking the Docker Whale systray icon and selecting the “switch to Windows containers” or “switch to Linux containers”.
Choose “Windows containers” run native Windows images.
Steps to use Docker for Windows Beta to run native Windows images:
- Use of these operating systems:
- Windows 10 Professional or Enterprise (Anniversary Edition)
- Windows Server 2016 (available as evaluation version)
- Make sure the Windows Update 3194496 is installed. If this update is not installed any Docker command in a shell will just freeze and never return. (at least in the beta version I used)
- Make sure the Windows features “Containers” and “Hyper-V” are activated. This can be done by opening an elevated PowerShell session and using the following commands:
Enable-WindowsOptionalFeature -Online -FeatureName containers –All
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
Reboot your machine now.
- Right click the Docker Whale systray icon and select “switch to Windows containers”. If you fail to do so any “
docker pull” or “
docker run” command will result in several retries to download the image and finally fail with the message “
Check everything is alright by using the command “
docker version” in a PowerShell. This will output something like this:
API version: 1.24
Go version: go1.6.3
Git commit: 45bed2c
Built: Tue Sep 27 23:38:15 2016
API version: 1.25
Go version: go1.7.1
Git commit: 62d9ff9
Built: Fri Sep 23 20:50:29 2016
Pay attention to the very last line “
OS/Arch” in the “
Server” section. This should read “
windows/amd64“. If this reads “
linux/amd64” you need to “switch to Windows containers” before you can use Windows images.
Switching the containers type seems kind of unstable in the beta, sometimes I experienced errors and crash notices and I had to reboot for the new setting to take effect.
Two types of Windows containers
There are two different types of containers that can be used to run a native Windows image:
- Windows server containers: They share their kernel with the host system (like Docker for Linux) using process and namespace isolation. This type of container is very light weight. Despite their name they are not limited to Windows Server but run on Windows 10 Professional or Enterprise just as good as on Windows Server. Unlucky naming…
This is the default isolation type on Windows Servers.
- Hyper-V containers: These containers do not share their kernel with the host, instead each containers run in an own Hyper-V container. They provide a higher isolation level.
This is the default isolation type on Windows Workstations.
The isolation level can be selected when starting a container based on a Windows image by using the command line parameter “
—isolation“, possible values are “default”, “process” (Windows Server containers) and “hyperv” (Hyper-V containers)
Running native Docker for Windows in a virtual machine
The native Docker for Windows requires Hyper-V. I cannot enable Hyper-V on my developer machine since I am using VMWare Workstation to run several virtual machines for testing and for development. On a machine you can either use VMWare Workstation OR Hyper-V, but not both. So if you enable Hyper-V you will not be able to run any VMWare Workstation virtual machine on that computer. A solution is to create a VMWare Workstation virtual machine and install any of the supported operating system. Before powering on the virtual machine you may need to change a virtual hardware for this machine. Open the settings of the virtual machine, go to “Processors” and check “Virtualize Intel VT-x/EPT or AMD-V/RVI” in the “virtualization engine” settings box. Now you may boot the machine and install the Windows operating system. Remember to follow the steps provided earlier.
Creating Windows Images
Currently there are two main base images you can build your own Docker image upon:
- microsoft/windowsservercore: Windows Server Core, containing a full blown Windows server with full .NET Framework support
- microsoft/nanoserver: Windows Nano Server, running a minimal Windows server and .NET Core Framework.
The product names are rather confusing since Windows Server Core does not have .NET Core Framework but instead comes with the full blown .NET Framework. Unlucky naming, again…
I found it helpful to install Chocolatey in an image based on microsoft/windowsservercore and use “
choco install” to install additional packages. Unfortunately Chocolatey is not available in microsoft/nanoserver, since it requires the regular .NET Framework.
Helpful blog posts: