Sponsored: Introduction to Docker Images on Windows Server
Docker Images are the transportable component of containers and provide a template that describes what each container looks like. There are two base Docker images provided by Microsoft, Windows Server 2016 Core and Nano, which can be used as a starting point for your containers.
Windows Server Docker images are larger than their Linux counterparts because, unlike Linux, which can start with a single process, Windows is a highly-integrated system that has dependencies even for performing basic tasks. For example, running just one service will require other services to be started because of OS dependencies.
Docker and Union Filesystem
Docker images are based on read-only layers that either add or replace the layers below, and do not change or have “state.” The layers in an image are stacked to form what will be the container’s root file system. The base layer might contain barebones Windows Nano Server, and then an additional layer could comprise the files required for the IIS server role, and then another layer contains files for a web application, and so on. Only when the container is run does Docker add a read-write layer to the image.
What is “Inside Microsoft Teams”?
“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.
An additional read-only layer is added to the image if changes made while the container is running are committed. Otherwise, all changes are lost when the container is stopped. Docker manages layers using a union filesystem, which combines file system branches to form a coherent image that containers can use.
NTFS + Union Filesystem
To enable Docker support in Windows Server, Microsoft needed a solution that retained all the features of NTFS expected by Win32 apps while adding union file system support. To solve this problem, each container in Windows uses a virtual disk that has full NTFS file system support, but the files on the disk are just symbolic links (reparse points) that reference back to the host OS file system. As files are added or modified, they are written — or “persisted” — on the virtual disk. The Windows Registry, not to be confused with the Docker Registry, is, in fact, a simple file system, so Microsoft built a true union file system.
When a layer is committed, a new image is created based on the changes made to the image in the running container. As layers are committed, metadata can be added, such as author and commit message, to provide information about what the layer contains and who made the changes. Layers can be committed from running containers using [docker commit], or images built using Dockerfiles and the [docker build] command, which is essentially a set of instructions for building a Docker image.
Data doesn’t persist in containers, so volumes can be added that read/write directly to a partition on the host OS, bypassing the union filesystem. Data volumes are useful for persistent or shared data and persist even when containers are deleted.
If you’d like to learn more about deploying containers in Windows, try out Microsoft’s free, hands-on lab Build your first container using Docker on Hyper‑V, where you’ll be guided through the process of installing Windows Containers, Hyper-V, and Docker on Windows Server, and how to deploy and isolate containers.