In April, Microsoft announced that it was bringing support for Linux Containers to Windows Server. You can read more about that announcement here on Petri. In this Ask the Admin, I’ll look in more detail at the mechanics of how Linux containers will be supported.
DevOps teams have been looking for more flexibility in where they can run Linux containers. Docker supports Windows Containers running on Windows Server but there is no official support for Linux containers.
Docker for Windows
When container support was first announced in Windows Server three years ago, Microsoft made it clear that only Windows Server images would run natively in containers. But Docker for Windows, a community edition app from Docker for Windows 10, supports Linux containers in a Hyper-V Virtual Machine running Moby Linux. This allows developers to work in Windows 10. Paradoxically, Docker for Windows has limited support for Windows Containers and Docker suggests testing Windows Containers on Windows Server 2016. Docker for Windows is not required for Docker support in Windows Server 2016.
Imagine if it were possible to run Linux containers not only on Linux, but on Windows Server, or on any other platform that supports containers. Last year, Docker collaborated with several companies, including Microsoft and the Linux Foundation, to take up the challenge.
Container-Specific Operating Systems
The result of that project is LinuxKit. This is a secure and portable Linux subsystem that provides Linux container functionality. It will be part of the Docker platform. Linux containers can run on operating systems that support containers but do not include Linux out-of-the-box.
LinuxKit is a toolkit, based on Moby Linux, that allows developers to build Linux subsystems with only the required components. LinuxKit daemons and all its dependencies run in containers that can be added as needed. This helps to improve security by reducing the attack surface. It also helps to improve portability by ensuring images stay as small as possible. LinuxKit is a container-specific OS specially designed for use with Docker. Another example of a container-specific OS is Core OS, which is designed to host Docker apps:
“CoreOS is designed for security, consistency, and reliability. Instead of installing packages via yum or apt, CoreOS uses Linux containers to manage your services at a higher level of abstraction. A single service’s code and all dependencies are packaged within a container that can be run on one or many CoreOS machines.”
Linux Container Support in Windows Server
Microsoft is now working with Docker to integrate LinuxKit with Hyper-V Containers so that it can provide commercial support for customers. This work will also benefit developers using Windows 10. Linux containers will only run in Hyper-V Containers, not Windows Containers. Hyper-V Containers provide a greater level of isolation than Windows Containers, which can be useful in multi-tenant hosting scenarios or when a higher level of trust is required for sensitive applications.
We do not have a timeline for when Microsoft and Docker will officially support Linux containers in Windows Server. The first Insider release of Windows Server, build 16237, does not contain any changes that indicate work has progressed since the announcement. But it is likely that we will see some changes to Insider builds coming soon. This should enable Linux container support.
For more information on getting started with containers in Windows Server, see First Steps: Docker and Containers in Windows Server 2016 on Petri.
Follow Russell on Twitter @smithrussell.