In Docker Desktop for windows 10 with WSL2, where does docker containers live & how Linux containers can run a java app, but not windows nanoserver?

Question

I have Windows 10 Enterprise Version and I have installed Docker Desktop, enabled WSL2 backend, and downloaded and installed the Linux kernel update package.

I am learning Docker and I have some doubts about how Docker works behind the scenes.

• I have drawn a basic architecture diagram of Docker on windows with WSL2, is this correct?
• Whenever we create a new Linux container it gets created in the same lightweight utility VM provided by WSL2?
• And if we create a windows container it gets created on windows os?
• Can these containers access windows and Linux kernels both when required? Like when running a java app in a Linux container it requires windows kernel, right?

1. So, by default docker runs Linux containers, when do we need windows containers? I can containerize a java application by using openjdk:8, but I am not able to pull windows nanoserver image when I run Linux containers, it works only when I switch to Windows Containers. What is going on here? Does this mean the openjdk:8 image is a Linux image(i do not know how to say it), and windows nanoserver a windows image?
2. How Linux Containers can run my java application? It must need the windows kernel, right?
3. If the docker containers reside within the lightweight utility VM created by WSL2, can it access both the Linux kernel that it ships with and the Windows Kernel?

I have the default Linux container mode and I tried these two commands.

• docker run --platform=linux -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done"
• docker pull mcr.microsoft.com/windows/nanoserver:1903

The first one worked for the second one I got the following error.

1903: Pulling from windows/nanoserver no matching manifest for Linux/amd64 in the manifest list entries

But when I switch to windows containers it works.

1. So what is the difference between my java app on openjdk:8 image and windows nanoserver?
2. Do these not require windows kernel to run?
3. How is the java thing running on Linux containers then?

Edits :- Need more clarification on this- Copying the question from comment section.

• And one more thing, the containers do not access windows and Linux kernels simultaneously in WSL2 right? After all they are just isolated spaces in an OS, so either they can be in windows or Linux? Please correct me if I am wrong. The Linux images are built in such a way that it has everything to run my java and as java is a cross platform language so it can run on Linux kernel, is this the concept?

• About the architecture diagram that I have made here- the containers(isolated processes in an operating system with app files) , in case of Linux containers all of them(multiple containers) runs on the same WSL2 VM, right?

Answer 1

Hi,

In practice exist two great use-cases/types of hypervisors:

a)Hyper-V is hypervisor(software which controls the containers=VMs) which is type-1 so it worked directly(bare-metal) on machine=PC=hardware:

• Hyper-V(hypervisor type-1) <---->PC-machine

In this first type The Hypervisor take control over hardware directly(it avoid using of the Host-OS because the control taken from machine's BIOS) That means that not use Host-OS but not means that Host-OS not exist!!!!

b)Virtual Box(VB) is hypervisor type 2(heavy software). So VB worked with machine via Host-OperationSystem(Host-OS):

• VB(hypervisor type2) <---> Host-OS <----> PC-machine

So in this last case the control of hardware(PC-machine) is heavy because the control over machine=PC=hardware is exercised via supplemental or tertial-part=component which is Host-OS

Also need to know that the containers=VMs(regardless of type 1 or 2) have each the OS one but it is named OS-guest(fr. invite). So in both case(type 1 and type 2) the Hypervisor work as backend for containers/VMs(which are frontends).

For more details read about in this tutorial/article:

• https://www.nakivo.com/blog/hyper-v-virtualbox-one-choose-infrastructure/

PS: One Virtual-Machine (VM) can controls many Containers like in the image Thanks

or use this google images search(firstly 3 images)

Another explanation about communication from VM and its isolated-Containers can be fount in this article.

Answer 2

The diagram is not quite correct. Both the Windows Kernel and a lightweight VM that hosts WSL2 KVM sit on top of the Hyper-V hypervisor. In other words, WSL2 leverages Hyper-V. (An alternative would be to use only Hyper-V, but with WSL2 it is more seamless.) WSL2 uses docker-desktop as the main bootstrap VM and docker-desktop-data for storing images and containers data. 9p network protocol is used for seamless host-to-guest and guest-to-host file access:

https://wiki.qemu.org/File:9pfs_topology.png

This way, docker commands can be run from both Windows and from within a distro installed under WSL2 such as Ubuntu etc. In both cases, containers run under Linux. A rationale for this architecture is that Linux Docker cannot be installed on Hyper-V VM nor inside a WSL2 Linux.

Answer 3

Firstly, good question.

I hope I can answer it as best as possible.

So, by default docker runs Linux containers, when do we need windows containers?

you don't need windows containers. You should always consider what your application needs. For instance, if you are working on a java app, you would pull a java image and not an entire host OS. The only time I ever pulled a windows image was when I dockerized an ASP.NET application that can only be run on windows.

How Linux Containers can run my java application? It must need the windows kernel, right?

In the context of docker:

Docker for Windows allows you to simulate running Linux containers on Windows, but under the hood a Linux VM is created, so still Linux containers are running on Linux, and Windows containers are running on Windows.

if the docker containers reside within the lightweight utility VM created by WSL2, can it access both the Linux kernel that it ships with and the Windows Kernel?

Containers are using the underlying Operating System resources and drivers, so Windows containers can run on Windows only, and Linux containers can run on Linux only. Docker for Windows allows you to simulate running Linux containers on Windows, but under the hood a Linux VM is created, so still Linux containers are running on Linux, and Windows containers are running on Windows.

So what is the difference between my java app on openjdk:8 image and windows nanoserver?

The openJdk image and windows nano server core difference is the very base image that they use. openJdk is probably using some very bare unix os as the base where as the nanoserver is an entire os which is windows.

Do these not require windows kernel to run? The openjdk image does not require windows to run as it is built from linux. Docker for windows will use the WsL to run. The nanoserver will only run on windows (as windows images can only run on windows).

How is the java thing running on Linux containers then? I understand this question to be "How does the openjdk image run on linux and windows?"

if so, because it uses a linux os as its base image, it can run by default on linux. But because the WsL2 exists, a VM is created and simulates a linux OS in windows. That is why we can run windows images and linux images on Docker for windows.

I hope this helped, here are some extra tips from the questions for you to consider.

1. The images will always perform best when the image is the same type as the OS. This is because docker will utilise resources of the host and performance is better when the host and container are of the same os.
2. Use images that are best fit for purpose. Don't use an entire os image just to run a java app. Rather use the java image. This applies to a wide range of frameworks and languages.

Read this This is the crediting article if you want to read more.