I’ve recently added a “Docker Engine” chapter to my Docker Deep Dive book. When I was writing it, I realised I didn’t know that much about how it implemented on Windows.
Anyway, here’s a bit of what I’ve learned…
At a pretty high level, the Docker Engine is a modular beast that’s currently made up of 4 components:
1. The client (arguably not part of the engine)
2. The daemon
4. OCI compliant runtime (E.g. runc)
Well, that’s how it is on Linux. It’s a bit different on Windows.
On a Windows system, the containerd and OCI parts are replaced by a Microsoft layer called the Compute Service layer.
To cut a long story short, Microsoft was working hard implementing containers in Windows at the same time that Docker was refactoring the engine and implementing OCI stuff. Had the timings been different, Windows would probably have implemented containerd and an OCI runtime (my own personal opinion – I do not speak for either Docker or Microsoft).
Q: Is the difference a big deal?
Q: Why not?
A: Because the Compute Services layer does pretty much exactly what containerd and OCI layer do. As a user you’d never know the difference.
The job of the OCI layer (E.g. runc) is to interface with the kernel constructs that we use to build containers. These are things like namespaces and control groups. The OCI layer does this on Linux, the Compute Services layer does it on Windows. Simple.
There are a growing number of OCI runtimes available. runc is the reference implementation and also the default runtime that ships with Docker in Linux. However, other OCI runtimes do exist!
containerd does all the container life-cycle and supervision stuff for Docker on Linux. The Compute Services layer does it on Windows. Simple.
I see no reason why containerd could not be implemented on Linux and Windows with feature parity. On each platform it would make calls to the OCI layer to actually interface with the kernel (Windows or Linux) and build containers. Once the containers are built containerd would then take-ver the job of running them.
The following picture might be useful:
The full Docker Deep Dive book is available on Amazon. It’s bang-up-to-date.
UPDATED 30th Aug 2017: To add clarity following Manuel’s comments. Previously the article made some references to runc when it should have more broadly referenced the OCI layer. Thanks to Manuel for pointing this out.