Epic: Linux Containers on Windows (LCOW)

[PatrickLang]

Microsoft is hard at work adding support to run both Windows & Linux containers side by side on the same node with a single Docker daemon. As Linux containers are launched, Hyper-V will be used to boot and run a Linux kernel which will then be used to host the container natively. Because many areas of Docker will require changes to handle running multiple platforms side by side, we'll be using this epic to track the list of PRs and proposals in a single place.

Preview documentation

https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/linux-containers

Progress

Required for Docker for Windows - Developer Scenarios

Status	Description
Merged	Store Linux images on Windows & launch Linux containers on Window. Right now, platform switching is done with a system-wide environment variable. Side by side support needs the next item.
Merged	Support Linux filesystem operations in single-use VMs instead of reusable ones. This can provide protection in the case where a file parsing bug could lead to a container polluting the filesystem of another container.
Merged	Use a single tag store so both Windows & Linux containers can be stored and managed by the same engine
Merged	Remote filesystem support needed for docker commit, docker cp, and Dockerfile ADD commands
Merged	Support resizing ext4 sandbox VHD instead of defaulting to 20Gb only.
Merged	Bind mount support.
Merged	New --platform parameter for docker run, docker pull, docker import and docker build to choose between platforms and order of precedence when multiple are supported (Windows & Linux) on the same node. See Proposal #34617 .
Merged	Coalesce daemon stores - needed to manage both Windows & Linux containers with the same daemon
In progress	Add docker kill -s for signals != SIGKILL.
Merged	Support WORKDIR in running existing images and building new ones
Not started	Add platform filters to docker search and docker images
Merged	Memory & CPU settings - see: microsoft/opengcs#145
Not started	LCOW: docker run --user seems to be ignored #36469

Required for Kubernetes

Status	Description
Not started	Update docker stats for multiple platforms
Proposal soon	Update docker info & daemon configuration to show what platforms each node is capable of, and restrict to single platforms if needed

Required for Swarm

Status	Description
Not started	Add --platform flag support to docker-compose, and docker stack deploy
Not started	Update docker stats for multiple platforms
Not started	Support multiple platforms for docker volume commands
Not started	Adjust Swarm mode placement to handle running multiple platforms instead of just the node's native platform. Until this is done, use docker service create --no-resolve-image as a workaround

Backlog, need to set priority

Status	Description
Not started	docker top
Not started	docker run flags. Feedback welcome on what's needed vs not
Not started	docker export, docker import, docker save need platform flags
Not started	UID & GID flag support - see: microsoft/opengcs#146
No plans to support	Cross-platform multi stage builds, support for COPY command in Dockerfile

Glossary & References

• LCOW - Linux Containers on Windows
• GCS - guest compute service. Receives commands from the Hyper-V host services (DockerD via HCS) and invokes processes for specific tasks, creating namespaces, and creating containers using runC. (Repo link coming soon)
• HCS - host compute service. Windows-specific service used to manage containers and VMs (doc link coming soon)

There's a brief description of gcs & hcs from a Dockercon 2016 presentation

FAQs

What's needed to fully test this?

• As of LCOW: (Experimental) Require RS5+ builds #39108, Windows 10 or Windows Server version 1809 (build 17763), or a later Windows Insider build
• A build of moby/moby with the PR's above applied
• A bootable UEFI-based Linux image with the right modules & gcs included - see https://github.com/microsoft/opengcs
• At least 4GB of RAM and Intel VT or AMD-V instruction support
  • Note: other apps using these instructions (VMWare, Virtualbox, ...) cannot be run concurrently

[AkihiroSuda]

What would be a usecase of "Cross-platform multi stage builds"?

[PatrickLang]

@AkihiroSuda It would be great for cross platform builds. For example, if you had a collection of bash scripts and a language with cross-compilation support like golang, then you could actually build your code in Linux then copy the binaries into a microsoft/nanoserver image to run it in a Windows native container or vice versa. The same would be feasible for projects based on JVM, .Net Core, or Mono.