Docker/Windows: Difference between revisions
(→Config) |
|||
Line 39: | Line 39: | ||
C:\programdata\docker\config\daemon.json | C:\programdata\docker\config\daemon.json | ||
dockerd | Docker Docs | |||
https://docs.docker.com/reference/cli/dockerd/#/windows-configuration-file | |||
ref: | |||
* Configure Docker in Windows | Microsoft Learn - https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon | |||
== Isolation == | |||
Configure container isolation technology (Windows) | |||
https://docs.docker.com/reference/cli/dockerd/#configure-container-isolation-technology-windows | |||
For Windows containers, you can specify the default container isolation technology to use, using the '''--exec-opt isolation''' flag. | |||
The following example makes '''hyperv''' the default isolation technology: | |||
dockerd --exec-opt isolation=hyperv | |||
dockerd --exec-opt isolation=process | |||
If no isolation value is specified on daemon start, on Windows client, the default is '''hyperv''', and on Windows server, the default is '''process'''. | |||
== Isolation == | == Isolation == |
Revision as of 07:03, 2 October 2024
Windows
Windows Containers GitHub
Github microsoft/Windows-Containers https://github.com/microsoft/Windows-Containers
Install Docker Community Edition
Docker Community Edition (CE) provides a standard runtime environment for containers with a common API and command-line interface (CLI). It is managed by the open source community as part of the Moby Project.
Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/Windows-Containers/Main/helpful_tools/Install-DockerCE/install-docker-ce.ps1" -o install-docker-ce.ps1 .\install-docker-ce.ps1
src:
https://raw.githubusercontent.com/microsoft/Windows-Containers/Main/helpful_tools/Install-DockerCE/install-docker-ce.ps1
---
Get started: Prep Windows for containers https://learn.microsoft.com/en-us/virtualization/windowscontainers/quick-start/set-up-environment?tabs=dockerce
Docker Engine on Windows https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon
Install Docker Community Edition (CE) reference:
Prepare Windows operating system containers | Microsoft Learn https://learn.microsoft.com/en-us/virtualization/windowscontainers/quick-start/set-up-environment?tabs=dockerce#windows-server-1
Windows Test Image
Hello World:
docker run hello-world:nanoserver
Something more ambition - try run powershell:
docker run -it mcr.microsoft.com/windows/servercore:ltsc2022 powershell
Config
C:\programdata\docker\config\daemon.json
dockerd | Docker Docs https://docs.docker.com/reference/cli/dockerd/#/windows-configuration-file
ref:
- Configure Docker in Windows | Microsoft Learn - https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon
Isolation
Configure container isolation technology (Windows) https://docs.docker.com/reference/cli/dockerd/#configure-container-isolation-technology-windows
For Windows containers, you can specify the default container isolation technology to use, using the --exec-opt isolation flag.
The following example makes hyperv the default isolation technology:
dockerd --exec-opt isolation=hyperv dockerd --exec-opt isolation=process
If no isolation value is specified on daemon start, on Windows client, the default is hyperv, and on Windows server, the default is process.
Isolation
Windows Server Containers use Hyper-V isolation by default on Windows 10 and 11 to provide developers with the same kernel version and configuration that will be used in production.
Switch to Windows Containers
& $Env:ProgramFiles\Docker\Docker\DockerCli.exe -SwitchDaemon .
Service
See service:
sc qc docker
Service is running as: docker
C:\WINDOWS\system32\dockerd.exe --run-service --service-name docker
Add a Docker Group to allow normal users to manage docker: (run as administrator)
net localgroup docker-users /add
Add user to group:
net localgroup docker-users [USER] /add
Update service to use docker-users group:
# -G, --group string Group for the unix socket (default "docker") sc config docker binPath="C:\WINDOWS\system32\dockerd.exe --run-service --service-name docker -G docker-users"
sc config docker binPath="C:\Windows\System32\dockerd.exe --run-service --config-file=C:\ProgramData\docker\config\daemon.json"
Restart service:
net stop docker net start docker
See updated service:
C:\> sc qc docker [SC] QueryServiceConfig SUCCESS SERVICE_NAME: docker TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\dockerd.exe --run-service --service-name docker -G docker-users LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Docker Engine DEPENDENCIES : SERVICE_START_NAME : LocalSystem
daemon.json option:
C:\ProgramData\docker\config\daemon.json
{ "registry-mirrors": ["https://internal-docker-mirror:6609"], "group": "docker-users", "debug": true, "hosts": ["npipe://", "tcp://0.0.0.0:2375"], "experimental": false, "exec-opts": ["isolation=process"], "max-concurrent-downloads": 100, "max-concurrent-uploads": 100, "data-root": "C:\\docker_data", "storage-opts" : [ "size=200G" ] }
Moby Project
Moby Project https://mobyproject.org/
What is Moby? Moby is an open framework created by Docker to assemble specialized container systems without reinventing the wheel. It provides a “lego set” of dozens of standard components and a framework for assembling them into custom platforms.