未加星标

Will You Be Able to Run a Fully Supported #WindowsContainer Environment?

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二04 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

Microsoft is putting a lot of effort in providing a production ready container runtime managed by Docker. Although I am a big fan of containerization , I am a bit worried by the support statement concerning windows containers.

In the online documentation of Windows containers , Microsoft publishes the official support statement . The contents are a surprise considering that containers provide a virtualization layer. You would expect that virtualization makes two components independent… see for yourself, the following excerpt expresses the requirements:

If the build number matches but the revision number is different, it is not blocked from starting - for example 10.0.14393 (Windows Server 2016 RTM) and 10.0.14393.206 (Windows Server 2016 GA). Even though they are not technically blocked, this is a configuration that may not function properly under all circumstances and thus cannot be supported for production environments.

To grasp the implications of this statement, we need to take a closer look at version numbers. Every Windows instance is identified by a version in the following format: <major>.<minor>.<build>.<revision> .

The first requirement is a technical limitation. Containers will not launch if the build number of the host operating system and the container image differs. This is caused by the changes between releases of the Windows server and is an acceptable limitation.

The second requirement is a lot harder to implement. Microsoft does not support running different revisions of the host operating system and the container image.

Consider the following scenario: You have containerized several business critical applications in Windows containers. The environment performs well. Then you hit one of the following situations:

It is Patch Tuesday and Microsoft publishes several security updates for Windows Server 2016. Company policy states that you need to deploy then to your staging environment and apply them to production with two weeks delay (if staging doesn’t break). You realize that you need to update your Windows containers to match the revision. “Luckily” you have two weeks (due to the delay) to rebuild all container images, test them and deploy them in production.

You are planning to deploy one of the containerized applications on new container hosts. Due to different security requirements, the hosts are behind one month of security updates. The support statement forces you to use an oudated base image for your application container images. Unfortunately, you need to backport updates which have been integrated in images based on the latest base image. In addition, you need to maintain two separate builds of your containerized application due to different revisions of the container hosts which they are deployed on.

If you are running containers in production you will inevitably be hit by the first consequence described above because everybody will have to apply updates regularly.

The support statement effectively blocks some of the advantages of containerization. Instead of making applications quick to deploy, you need to make sure that the base image matches your container host. This will become even more painful when the number of Windows container image on Docker Hub increases.

Therefore… Microsoft, please make sure that host and container may be based on different revisions. Otherwise, this will be a huge obstacle in the adoption of Windows containers.

Feedback is always welcome! If you'd like to get in touch with me concerning the contents of this article, please use Twitter .

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

分页:12
转载请注明
本文标题:Will You Be Able to Run a Fully Supported #WindowsContainer Environment?
本站链接:http://www.codesec.net/view/531475.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(19)