- Windows doesn’t start: Recover partitions, copy files, and reset password with SystemRescue - Tue, Mar 28 2023
- ManageEngine OpManager: Comprehensive monitoring for on-prem, cloud, and containers - Thu, Mar 23 2023
- Install K3s, a lightweight, production-grade Kubernetes distro - Mon, Mar 20 2023
The container host provides the kernel resources needed for containers to run and function. Windows Server 2019 offers many enhancements to container technology. It provides the best Windows Server platform to use in the enterprise for running containers in production and other environments.
We can configure a Windows Server 2019 container host with PowerShell using a few simple and very clear one-line commands. Let's take a look at how your Windows Server 2019 container host can be configured using the PowerShell command line.
PowerShell provides an easy, effective way to configure a Windows Server. With each new version of Microsoft Windows and each new PowerShell release, the administrative experience continues to improve. Installing, configuring, and managing containers is an area where PowerShell provides many great options for the IT admin. This is especially true for configuring the Windows Server 2019 container host. Using PowerShell, we can install the needed providers, install Docker and Hyper-V, check services, pull down container images, and interact with the container images.
What are the prerequisites for using Windows containers on a Windows Server 2019 container host?
Prerequisites
There are a few prerequisites that must be met when you install a Windows Server container host. These include:
Operating system requirements:
- Windows Server 2019, 2016, or Windows 10 Pro/Enterprise editions
- The Hyper-V role is required if you want to take advantage of Hyper-V isolation
- Windows Server container hosts have a restriction that requires the Windows installation be installed on the C: drive; however, this only applies if containers other than Hyper-V isolated containers are used
Virtual Container Hosts:
A popular option for running Windows Server containers is to run containers inside a Hyper-V virtual machine and use Hyper-V isolation. If this is the case, "nested virtualization" will need to be enabled.
Install providers and Docker
There are two providers that you need to install prior to installing the Windows Server 2019 container host: the Nuget and Docker providers.
First, let's install the Nuget provider. It is a simple one-liner in PowerShell.
Install-PackageProvider -Name nuget -force
Installing the Nuget Provider using PowerShell
Next, let's install the DockerMsftProvider as well as the latest version of Docker. We'll use a couple more one-liners in PowerShell:
- Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
- Install-Package -Name docker -ProviderName DockerMsftProvider
As you can see below, you will need to accept the untrusted package source as well as reboot Windows Server after the installation completes to enable the Docker containers feature on your Windows Server 2019 host.
To restart your Windows Server 2019 container host from PowerShell, use the restart-computer cmdlet:
Restart-Computer
Installing the Docker Provider and installing the latest version of Docker
A quick note about updating your Docker Engine from an earlier version or to a specific release—you need another quick PowerShell one-liner such as the following:
Install-Package -Name docker – ProviderName DockerMsftProvider -Update -Force -RequiredVersion <Docker version>
After the Windows Server 2019 container host has rebooted, it is a good idea to check out the Docker information presented on the host as a sanity check.
You can check both the Docker version and the Docker info using PowerShell, all in one line:
docker version; docker info
Check the Docker version and info using PowerShell
Disable Windows Defender for better performance
Another consideration, especially for test systems and those not running containers in production, is whether disable Windows Defender. This allows less load on the CPU for container hosts. In addition, some people have noted that it can interfere with Docker.
Disabling Windows Defender can be done using PowerShell like so:
Uninstall-WindowsFeature Windows-Defender
This will require a restart of your Windows Server 2019 container host. Again, you can use a PowerShell cmdlet:
Restart-Computer
Uninstall Windows Defender using PowerShell
Install the Hyper-V role and Hyper-V management tools
To make use of Hyper-V isolation for the containers running on your Windows Server 2019 container host, you need to install the Hyper-V role. Hyper-V isolation provides even greater security for running containers on top of the bare-metal Windows Server 2019 container host.
To install the Hyper-V role and management tools, you can use the following PowerShell one-liner:
Install-WindowsFeature -Name Hyper-V -IncludeManagementTools
Install Hyper V and management tools using PowerShell
Reboot your Windows Server 2019 container host after installing the Hyper-V role and management tools.
Pull a new Docker image from the Microsoft Container Registry
With Windows Server 2019, Microsoft has introduced the Microsoft Container Registry (MCR). This is a new registry source maintained by Microsoft, where container images will be published by Microsoft moving forward. Starting with Windows Server 2019, you need to look for your images here instead of the Docker Hub as this will be the preferred location.
To pull a new Windows Server 2019 Server Core container from the Microsoft Container Registry, use the following PowerShell command:
docker pull mcr.microsoft.com/windows/servercore:ltsc2019
Docker pull from Microsoft MCR of Server Core is successful
Below, you can see I have pulled down both a Server Core and a Nano Server image to the Windows Server 2019 container host. You can see your images by running:
docker image ls
List docker images in Windows Server 2019
Running your container in Windows Server 2019 using an interactive terminal is easy using the following command. Here, we give the container a friendly name, TestCore, so we can work with it more easily.
Docker run -it –name TestCore mcr.microsoft.com/windows/servercore:ltsc2019 cmd.exe
Run an interactive Docker session with the Server Core image in Windows Server 2019
Below, you can see the interactive session launched. Networking is established in the container using a NAT'ed IP address.
Container running with interactive session
Run a container image with Hyper-V isolation
If you recall, we installed the Hyper-V role. Running your containers with Hyper-V isolation provides much better security for your containers. When Hyper-V container isolation is used, each container runs inside a very specialized virtual machine that allows each running container to have access to its own kernel. How do you run the same container with Hyper-V isolation?
Docker run –isolation=hyperv -it –name TestCore mcr.microsoft.com/windows/servercore:ltsc2019 cmd.exe
This creates your container running inside the specialized Hyper-V VM.
Run a container on Windows Server 2019 with Hyper V isolation
There you have it. From start to finish on a fully patched installation of Windows Server 2019, you can have the prerequisites and other components installed, Docker loaded, and container images pulled down and running in only a few minutes using PowerShell.
Subscribe to 4sysops newsletter!
Conclusion
Configuring your Windows Server 2019 container host with PowerShell enables installing all the components needed to run containers on your Windows Server 2019 container host. As shown, you can install the needed providers, Docker, Hyper-V, remove Windows Defender, pull Docker images, run your containers, and even create Hyper-V isolated containers, all with a few PowerShell one-liners.
