- Hands-On Kubernetes on Windows
- Piotr Tylenda
- 443字
- 2021-06-24 16:53:56
Hyper-V isolation
Hyper-V isolation is the second type of isolation available for Windows containers. In this type of isolation, each container is running inside a dedicated, minimal Hyper-V virtual machine and can be briefly summarized as follows:
- Containers do not share the kernel with host OS. Each container has its own Windows kernel.
- Isolation is provided at the virtual machine hypervisor level (requires Hyper-V role to be installed).
- There are no compatibility limitations between the host OS version and container base OS version.
- This is recommended for the execution of untrusted code and multi-tenant deployments as it provides better security and isolation.
The details of the Hyper-V isolation architecture can be seen in the following diagram:
This type of isolation comes at a cost that you have to take into account when choosing the isolation level:
- Hyper-V isolation involves virtualization overhead, higher memory, and CPU usage footprint compared to process isolation, but still provides much better performance than running a full VM with Windows Nano Server. You can check the memory requirements for running containers with different isolation levels in the following table.
- Container spin-up time is slower compared to process isolation.
- Requires nested virtualization when used for containers running on a VM. This may be a limitation for some hypervisors and cloud deployments. The following table shows the memory requirements for Windows Server 1709 containers:
Container base image Process isolation (WSC) Hyper-V isolation
Nano Server 30 MB 110 MB + 1 GB pagefile
Server Core 45 MB 360 MB + 1 GB pagefile
The container images remain unchanged compared to process isolation; you only need to specify a different isolation level when creating the actual container. You can do this using the --isolation=hyperv parameter:
docker run -d --isolation=hyperv mcr.microsoft.com/windows/nanoserver:1809 cmd /c ping localhost -n 100
Note that in this case, even if you are running Windows 10, version 1903, you can use the container base image version 1809 without any limitations.
- Java多線程編程實戰(zhàn)指南:設計模式篇(第2版)
- Spring Cloud Alibaba核心技術(shù)與實戰(zhàn)案例
- Mastering ServiceStack
- MATLAB圖像處理超級學習手冊
- Android 7編程入門經(jīng)典:使用Android Studio 2(第4版)
- Mastering KnockoutJS
- Ext JS 4 Web Application Development Cookbook
- Advanced Oracle PL/SQL Developer's Guide(Second Edition)
- INSTANT Passbook App Development for iOS How-to
- 劍指大數(shù)據(jù):企業(yè)級數(shù)據(jù)倉庫項目實戰(zhàn)(在線教育版)
- Elasticsearch搜索引擎構(gòu)建入門與實戰(zhàn)
- MySQL核心技術(shù)與最佳實踐
- 移動智能系統(tǒng)測試原理與實踐
- Web 2.0策略指南
- ACE技術(shù)內(nèi)幕:深入解析ACE架構(gòu)設計與實現(xiàn)原理