The Containers feature on Windows Server 2016 runs applications in containers. A container is an instance of an OS image. Let’s explore what an image is.
For Windows containers we can start with one of two base images:
- Windows Server Core
- Windows Nano Server
The base images are provided by Microsoft, and kept in the Microsoft repository in the Docker Hub registry.
To get a copy of the current Nano Server base image, we use the command:
docker pull microsoft/nanoserver
This downloads, unzips and saves the image in the Docker folder at C:\ProgramData\docker\windowsfilter.
- Docker commands are run by the docker client from either the Command Prompt or PowerShell
- The command processor must run elevated
- The place where the images are stored, by default, can be changed in the configuration of Docker
- By default Docker pulls the latest version of the image. Other versions can be specified explicitly.
An image is a set of files. Here are the image files for Nano Server:
The image consists of files and registry hives. Here are the contents of one of the folders for the Nano Server image:
The files look like a standard system drive:
The Hives folder is a collection of registry hives:
You can load the registry hives into Regedit in the normal way:
We also have a Utility VM folder with two Hyper-V Virtual Hard Disk (vhdx) files:
These are used when the container is run in a small Hyper-V virtual machine instead of directly on the host OS (Hyper-V isolation mode).
In my example of the Nano Server base image, there were two folders:
Each folder represents a layer. When an image is modified, the changes are saved in a new layer.
The command:
docker image ls
shows one image:
The command:
docker image history microsoft/nanoserver
shows two layers. The first layer is the original release of Nano Server, 10.0.14393.0, and the second layer is an update, 10.0.14393.1593. You can see the name, date, action that created it, and size of each layer:
The command:
docker image inspect microsoft/nanoserver
shows the details of the image. These include:
- The unique ID of the image
- The OS version
- The unique ID of each of the two layers
If we look back at the Microsoft repository on Docker Hub, we can see the tags for different updates:
| Update | 10.0.14393.1066 |
| Update | 10.0.14393.1198 |
| Update | 10.0.14393.1358 |
| Update | 10.0.14393.1480 |
| Update | 10.0.14393.1593 |
| Update | 10.0.14393.1715 |
Update 1715 is newer than the one I pulled recently. If I run the command:
docker pull microsoft/nanoserver
again, I get the latest image. If I run the command with a tag appended, I get that specific image. In this case they are different update levels, but they could be different configurations or any other variation.
Now a third folder is added in C:\ProgramData\docker\windowsfilter:
The command
docker image ls
shows that I have two images:
The command:
docker image history microsoft/nanoserver
again shows two layers in the latest image. One layer is the new update, and the other layer is the same original layer as in the previous version:
The image name “microsoft/nanoserver” refers, by default to the latest version of the image, consisting only of the original layer and the newest layer. Docker keeps track of images and layers in a local database:
Summary:
- Windows containers are instances of an image
- An image is a set of files and registry hives
- An image comprises one or more layers
- All Windows container images start from either Windows Server Core or Nano Server
- The layers may comprise updates, roles or features, language, applications, or any other change to the original OS.