Deploying Windows Containers on Windows Server 2016

Deploying Docker Containers on Windows Server 2016

@[email protected]

OcelotUproar.com / Katacoda.com

@Ben_Hall / Blog.BenHall.me.uk

Tech Support > Tester > Developer > Founder

Software Development Studio

WH

O AM

I?

https://www.katacoda.com/

Agenda

• Introduction to Docker• Windows Containers• Deploying IIS / ASP.NET with Containers• Running containers in Production• Future

doger.io

https://www.docker.com/whatisdocker/

Container

Own Process SpaceOwn Network InterfaceOwn Root Directories

Sandboxed

Like a lightweight VM. But it’s not a VM.

Native CPUNative Memory

Native IO

No Pre-AllocationNo Performance Overheard

Milliseconds to launch

Still fully isolated

Docker - An open platform for distributed applications for developers and sysadmins.

Got us to agree on something!

Batteries included but removable

Linux cgroups & namespaces

> docker run –p 6379:6379 redis _.-``__ ''-._ _.-`` `. `_. ''-._ Redis 3.0.3 (00000000/0) 64 bit .-`` .-```. ```\/ _.,_ ''-._ ( ' , .-` | `, ) Running in standalone mode |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379 | `-._ `._ / _.-' | PID: 1 `-._ `-._ `-./ _.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | http://redis.io `-._ `-._`-.__.-'_.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | `-._ `-._`-.__.-'_.-' _.-' `-._ `-.__.-' _.-' `-._ _.-' `-.__.-'

1:M 05 Nov 10:42:24.402 # Server started, Redis version 3.0.31:M 05 Nov 10:42:24.402 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.1:M 05 Nov 10:42:24.402 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.1:M 05 Nov 10:42:24.403 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.1:M 05 Nov 10:42:24.403 * The server is now ready to accept connections on port 6379

RStudio> docker run -d -p 8787:8787 rocker/rstudio

Windows?

Windows Server 2016

• Currently TP4• TP5 is coming “very soon”

• RTM in Q3ish

Windows Server Core

Windows Nano

Windows Containers

Windows Hyper-V

Containers

Windows Containers

Windows Kernel

Windows Server 2016

SQL Server MSMQ IIS /

ASP.NET

Docker Engine

Windows Hyper-V Containers

Windows Kernel

Windows Server 2016

SQL Server MSMQ IIS /

ASP.NET

Windows Kernel

Windows Server 2016

Hyper-V

Docker Engine

Windows Server Core

• Nearly Win32 Compatiable• Same behaviour of Windows• Install all of the same tooling

Windows Nano

• Stripped down• Smallest footprint• 1/20th the size of Windows Server Core• Only essential components– Hyper-V, Clustering, Networking, Storage, .Net,

Core CLR

Windows Server Core => Ubuntu Linux

Windows Nano => Alpine Linux

Windows Server Core => Legacy Apps?

Windows Nano => Modern Apps?

Work In Progress

• https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/work_in_progress

• eg: Windows Containers cannot be managed/interacted with through a RDP session in TP4.

Installing Windows Containers

C:\> Install-WindowsFeature containers

C:\> wget https://aka.ms/tp4/docker -OutFile $env:SystemRoot\system32\docker.exe

C:\> start-process nssm install

Microsoft

Windows Linux Subsystem

• Completely unrelated• Maybe not in the future…

What is a Windows Docker Image?

PS C:\> docker imagesREPOSITORY TAG IMAGE ID CREATEDwindowsservercore 10.0.10586.0 6801d964fda5 2 weeks ago windowsservercore latest 6801d964fda5 2 weeks ago nanoserver 10.0.10586.0 8572198a60f1 2 weeks ago nanoserver latest 8572198a60f1 2 weeks ago

PS C:\> docker run -it \ windowsservercore cmd C:\> dir Users Program Files Windows etc

Thank you to https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/manage_docker

Building Windows based Docker Images

PS C:\> docker run -it \ --name iisbase \ windowsservercore cmd [iisbase] C:\>

Thank you to https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/manage_docker

PS C:\> docker run -it \ --name iisbase \ windowsservercore cmd C:\> powershell.exe Install-WindowsFeature web-server C:\> exit

PS C:\> docker commit iisbase windowsservercoreiis 4193c9f34e320c4e2c52ec52550df225b2243927ed21f014fbfff3f29474b090

Running Windows Container

PS C:\> docker run -it \ --name iisdemo -p 80:80 \ windowsservercoreiis cmd

docker commit is an anti-pattern

Use a Dockerfile

C:\docker-iis> type Dockerfile

FROM windowsservercore:10.0.10586RUN dism /online \ /enable-feature \ /all \ /featurename:iis-webserver \ /NoRestart

C:\>docker build –t iis:10 c:\docker-iis

C:\> docker imagesREPOSITORY TAG IMAGE ID CREATEDiis 10 as4w9c928829 9 seconds ago windowsservercore 10.0.10586.0 6801d964fda5 2 weeks ago windowsservercore latest 6801d964fda5 2 weeks ago nanoserver 10.0.10586.0 8572198a60f1 2 weeks ago nanoserver latest 8572198a60f1 2 weeks ago

C:\SourceCode\App> type Dockerfile

RUN echo "Hello World - Dockerfile" > c:\inetpub\wwwroot\index.html

C:\SourceCode> docker build –t app .

PS C:\> docker imagesREPOSITORY TAG IMAGE ID CREATEDapp latest k23jjin423d 1 minutes ago iis 10 as4w9c928829 9 minutes ago windowsservercore 10.0.10586.0 6801d964fda5 2 weeks ago windowsservercore latest 6801d964fda5 2 weeks ago nanoserver 10.0.10586.0 8572198a60f1 2 weeks ago nanoserver latest 8572198a60f1 2 weeks ago

PS C:\> docker run –name -it -p 80:80 app cmd

PS C:\> docker run –name -it -p 80:80 --isolation=hyperv app cmd

Building Windows Nano image?

• Wait until TP5

> docker run --name iisnanobase -it -v c:\share:c:\iisinstall --isolation=hyperv nanoserver cmd

> docker commit iisnanobase nanoserveriis

ImmutableDisposable Container Pattern

Simplification of deployments via automation

Jenkins• Builds Docker

ImageTesting QA Production

Build Lifecycle

Powershell API

PS C:\> Get-ContainerImageName Publisher Version IsOSImage---- --------- ------- ---------NanoServer CN=Microsoft 10.0.10584.1000 TrueWindowsServerCore CN=Microsoft 10.0.10584.1000 True

PS C:\> New-Container -ContainerImageName WindowsServerCore -Name demo -ContainerComputerName demo

Name State Uptime ParentImageName---- ----- ------ ---------------demo Off 00:00:00 WindowsServerCore

Persisting Data> docker run –v <host-dir>:<container-dir> image

-v /opt/docker/elasticsearch:/data

-v /opt/docker/mysql:/var/lib/mysql

-v /docker/scrapbook/uploads:/app/public/uploads

-v $(PWD):/host

-v /var/log/syslog:/var/log/syslog

Users and Domains

• Local user accounts may be created and used for running Windows services and applications in containers

• Containers cannot join Active Directory domains, and cannot run services or applications as domain users, service accounts, or machine accounts.

• "Microsoft are actively looking at solutions to support these types of scenarios."

Difference to Docker on Linux

Docker Images will behave as expected

• Linux Manifest• Windows Manifest• ARM Manifest• Future IoT thing Manifest

• docker pull redis– Image pulled depends on Docker Engine

What’s happening under the covers?

Linux / Windows

• Linux has cgroups and namespaces– cgroups – How much access/resources do I have?– namespaces – What can I see?

• Windows wanted this in the Kernel• Prototype was called Drawbridge• Server 2016 Kernel brings in the new

cgroups/namespaces• Microsoft reached out to Docker to partner

Security?

What about developers?

Running Containers in Production

Bin Packing Pattern

Mesosphere DC/OS

Powering Azure Container Service

Host Fingerprinting

• Constraints based deployment

• Container is based on Nano Server, within cluster, deploy to server capable of running Nano Server (ie. Windows Server 2016)

The Future?

SQL Server as a Container

Visual Studio as a Container?

Everything as a Container

Deploy Anywhere

Resources

• https://channel9.msdn.com/Blogs/containers

• https://aka.ms/containers

www.katacoda.com

Summary

• Docker and Containers have changed how Linux processes are managed

• Real container support coming to Windows Kernel

• Automation will be easier

• Better ROI and cluster management

Thank you!

@[email protected]

www.Katacoda.com

Questions / Beer?