Docker 运行 Windows 申请
Docker running Windows applications
我理解 Docker 是一种容器化工具,具有一组有限的 API,因此与平台无关。我试图了解它对典型 Windows 开发的限制。例如,它是否将访问限制为仅写入文件系统(并因此排除了写入注册表的应用程序)?是否存在 Dock 不适合的复杂程度(但我又听说 docker 将支持 MSSQL)?
这个问题真的很宽泛,很难给出明确的答案,但可以解决其中的几个具体问题。
I understand Docker to be a containerization tool, with a limited set of APIs so as to be platform agnostic.
从某种意义上说,它与平台无关,你可以 运行 CentOS、Ubuntu 或任何其他 Linux 发行版上的容器,但你不能 运行本地 Windows 上的 Linux 容器,或本地 Linux 上的 Windows 容器。 Introducing Docker for Windows Server 2016 是开始了解有关 Windows 容器的信息的好地方。
For example, does it limit access only to write to a file system (and therefore rules out applications that write to the registry)?
基于this MSDN FAQ,没有(强调我的)
Windows Server Containers are a lightweight operating system virtualization method used to separate applications or services from other services running on the same container host. To enable this, each container has its own view of the operating system, processes, file system, registry, and IP addresses.
例如 SQL Server Express image 的 dockerfile 修改注册表。
Is there a level of complexity where Dock is not suitable
问题不在于复杂性,而在于 API 的可用性。这也是来自上面提到的 Docker for Windows Server 2016
With the exception of GUI apps and apps requiring Windows Remote Desktop, most apps that run on Windows Server can be dockerized to run in an image based on microsoft/windowsservercore with minimal effort.
注意:从那时起,您有“How to run lightweight Windows Containers on Windows 10" (January 2019, 2+ years later), from Stefan Scherer。
确实指出,随着 Docker 桌面版 (2.0.0.2+) 在 Windows 10 1809 上的最新版本,您现在可以 运行 Windows 容器处于进程隔离模式
In the past process isolation was only possible with Windows Server.
The Windows 10 operating system uses the same kernel, but with different settings.
With this pull request moby/moby PR 38000 that got merged into Docker 18.09.1 it is now possible to use it on Windows 10 as well.
- You can start more Windows Containers on your machine as they consume less resources
- Containers normally start faster than in hyperv isolation mode
- You can "see" the isolated processes and what they are doing
Especially for developers this is a great enhancement, because you now can use tools like Task Manager, Process Monitor and others to inspect your container processes from the host
The only caveat using the process isolation mode is that the Windows base image that is used for a Docker image must match the kernel of your Windows 10 machine.
Open up a PowerShell terminal and start a Windows container with this command
docker run -d -p 8080:8080 --isolation=process chocolateyfest/appetizer:1.0.0
As you can see in the screen shot you can see the node.exe process in the Task Manager.
If you have the Sysinternals Process Monitor installed you also can see what the containerized process is doing.
This is great when you create an own Docker image from your or a 3rd-party app and something doesn't work as expected or the exe file just doesn't want to start inside the container.
我理解 Docker 是一种容器化工具,具有一组有限的 API,因此与平台无关。我试图了解它对典型 Windows 开发的限制。例如,它是否将访问限制为仅写入文件系统(并因此排除了写入注册表的应用程序)?是否存在 Dock 不适合的复杂程度(但我又听说 docker 将支持 MSSQL)?
这个问题真的很宽泛,很难给出明确的答案,但可以解决其中的几个具体问题。
I understand Docker to be a containerization tool, with a limited set of APIs so as to be platform agnostic.
从某种意义上说,它与平台无关,你可以 运行 CentOS、Ubuntu 或任何其他 Linux 发行版上的容器,但你不能 运行本地 Windows 上的 Linux 容器,或本地 Linux 上的 Windows 容器。 Introducing Docker for Windows Server 2016 是开始了解有关 Windows 容器的信息的好地方。
For example, does it limit access only to write to a file system (and therefore rules out applications that write to the registry)?
基于this MSDN FAQ,没有(强调我的)
Windows Server Containers are a lightweight operating system virtualization method used to separate applications or services from other services running on the same container host. To enable this, each container has its own view of the operating system, processes, file system, registry, and IP addresses.
例如 SQL Server Express image 的 dockerfile 修改注册表。
Is there a level of complexity where Dock is not suitable
问题不在于复杂性,而在于 API 的可用性。这也是来自上面提到的 Docker for Windows Server 2016
With the exception of GUI apps and apps requiring Windows Remote Desktop, most apps that run on Windows Server can be dockerized to run in an image based on microsoft/windowsservercore with minimal effort.
注意:从那时起,您有“How to run lightweight Windows Containers on Windows 10" (January 2019, 2+ years later), from Stefan Scherer。
确实指出,随着 Docker 桌面版 (2.0.0.2+) 在 Windows 10 1809 上的最新版本,您现在可以 运行 Windows 容器处于进程隔离模式
In the past process isolation was only possible with Windows Server.
The Windows 10 operating system uses the same kernel, but with different settings.
With this pull requestmoby/mobyPR 38000 that got merged into Docker 18.09.1 it is now possible to use it on Windows 10 as well.
- You can start more Windows Containers on your machine as they consume less resources
- Containers normally start faster than in hyperv isolation mode
- You can "see" the isolated processes and what they are doing
Especially for developers this is a great enhancement, because you now can use tools like Task Manager, Process Monitor and others to inspect your container processes from the host
The only caveat using the process isolation mode is that the Windows base image that is used for a Docker image must match the kernel of your Windows 10 machine.
Open up a PowerShell terminal and start a Windows container with this command
docker run -d -p 8080:8080 --isolation=process chocolateyfest/appetizer:1.0.0
As you can see in the screen shot you can see the node.exe process in the Task Manager.
If you have the Sysinternals Process Monitor installed you also can see what the containerized process is doing.This is great when you create an own Docker image from your or a 3rd-party app and something doesn't work as expected or the exe file just doesn't want to start inside the container.