- Hands-On Kubernetes on Windows
- Piotr Tylenda
- 443字
- 2021-06-24 16:53:56
Hyper-V isolation
Hyper-V isolation is the second type of isolation available for Windows containers. In this type of isolation, each container is running inside a dedicated, minimal Hyper-V virtual machine and can be briefly summarized as follows:
- Containers do not share the kernel with host OS. Each container has its own Windows kernel.
- Isolation is provided at the virtual machine hypervisor level (requires Hyper-V role to be installed).
- There are no compatibility limitations between the host OS version and container base OS version.
- This is recommended for the execution of untrusted code and multi-tenant deployments as it provides better security and isolation.
The details of the Hyper-V isolation architecture can be seen in the following diagram:
This type of isolation comes at a cost that you have to take into account when choosing the isolation level:
- Hyper-V isolation involves virtualization overhead, higher memory, and CPU usage footprint compared to process isolation, but still provides much better performance than running a full VM with Windows Nano Server. You can check the memory requirements for running containers with different isolation levels in the following table.
- Container spin-up time is slower compared to process isolation.
- Requires nested virtualization when used for containers running on a VM. This may be a limitation for some hypervisors and cloud deployments. The following table shows the memory requirements for Windows Server 1709 containers:
Container base image Process isolation (WSC) Hyper-V isolation
Nano Server 30 MB 110 MB + 1 GB pagefile
Server Core 45 MB 360 MB + 1 GB pagefile
The container images remain unchanged compared to process isolation; you only need to specify a different isolation level when creating the actual container. You can do this using the --isolation=hyperv parameter:
docker run -d --isolation=hyperv mcr.microsoft.com/windows/nanoserver:1809 cmd /c ping localhost -n 100
Note that in this case, even if you are running Windows 10, version 1903, you can use the container base image version 1809 without any limitations.
- The Supervised Learning Workshop
- QTP自動化測試進階
- QGIS By Example
- 數據結構習題解析與實驗指導
- Node.js Design Patterns
- Extending Puppet(Second Edition)
- Babylon.js Essentials
- Service Mesh實戰:基于Linkerd和Kubernetes的微服務實踐
- 快樂編程:青少年思維訓練
- 深入理解Kafka:核心設計與實踐原理
- 從“1”開始3D編程
- Switching to Angular 2
- Java程序設計
- 新手學ASP動態網頁開發
- Mastering Web Application Development with Express