Windows containers without Docker

The container world for Windows has recently gone through a pretty drastic change with Docker (the company) having changed their licensing to no longer be free for commercial use. But on the bright side, for normal end-users it'll still be free for personal use. Link To Docker Blog Post.

Now, for you Windows sysadmin guru's out there, you may be thinking, "Oh! Well it doesn't effect me because I'm on Windows server and I just use the Microsoft Docker Provider (aka: DockerMsftProvider)." Well tough luck buddy, because that too has changed. Microsoft has sold that off to a company called Mirantis. For the time being, you'll be able to keep using DockerMsftProvider for free until September of 2022, at wich point, you will need to purchase a support agreement/license from Mirantis.
More information in the following links

• Microsoft Blog Post Link
• and Mirantis Blog Post Link

In this post, I will attempt to cover a few different things:

1. Which free and paid options are available.
2. Provide a tutorial on how to run Windows containers without Docker.
3. Cover some of the caveats of using nerdctl + containerd.

Options:

To the best of my ability, at the time of writing this, these are the best options I can find for being able to run containers on Window and Windows Server:

• Paid options (recommended for businesses):

  • Buy a Docker Desktop license - Link
  • Buy a Docker/Mirantis support license - Link

• Free options (not-recommended for businesses, but okay for development purposes):

  • containerd + nerdctl (I think this is the best option if you need a free way to run windows containers. In the next section, I provide a tutorial below on how to do this.)
  • Compile and install Moby (This one is a bit hard to do in my) - Link
  • Setup a k8s cluster and add a Windows worker node (Takes a bit of work, but there's a lot of documentation out there already on how to add a Windows worker node.)

Running Windows containers without Docker

If you need a free (and legal) way to run Windows containers on Windows desktop and Windows server without using either Docker, or DockerMsftProvider, then this is might be a good alternative.

1. Download the latest release of containerd, for Windows amd64, from the releases page of their GitHub repo. In the releases you'll see packages for "cri-containerd" and just regular "containerd". Get the says "cri-containerd". (Link to releases)
2. Extract the contents directly to c:\Program Files\containerd.
3. In c:\Program Files\containerd\cni create a directory called "bin".
4. Copy all .exe files from c:\Program Files\containerd\cni to c:\Program Files\containerd\cni\bin.
5. Add both c:\Program Files\containerd\cni and c:\Program Files\containerd\cni\bin to your PATH environment variable.
6. Open a new cmd or powershell command window and run containerd --register-service.
7. Download the latest release of nerdctl . Nerdctl will act as our primary CLI for interacting with containerd. Nerdclt aims to replicat most of the commands and options that you had available with the Docker CLI. Download from the releases page (Link).
8. Extract nerdctl to c:\Program Files\containerd\cni.
9. This step is optional. Out of the box, if you run containerd, it will run based on a long list of default settings that are builtin to containerd. If you want a config file that allows you to configure the startup options for containerd, then run the following command: containerd.exe config dump > 'C:\Program Files\containerd\config.toml'
10. From a fresh powershell command prompt, start the containerd service: Start-Service containerd
11. And now we can finally start to try and pull and run containers. You can try running the following commands:

nerdctl pull hello-world:nanoserver-1809
nerdctl run -it hello-world:nanoserver-1809

Your expected output should look like the following:

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (windows-amd64, nanoserver-1809)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run a Windows Server container with:
 PS C:\> docker run -it mcr.microsoft.com/windows/servercore:ltsc2019 powershell

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

Just ignore that part at the top that says "Hello from Docker!", because you are NOT actually running docker. It's just some text that the container that we just ran was setup to print when the container gets run/turned-on.

Important notes about nerdctl with containerd on Windows

• Although containerd is production ready, nerdctl is not. Because of that, I would not recommend using this setup in a production environment. For production, just pay the money for a Docker or Mirantis license.
• Nerdctl has not yet reached 100% feature parity with the Docker CLI. At the time of writing this tutorial, nerdctl was at version v0.16.0. Using nerdctl in a linux/mac environment will be less of an issue, but right now for Windows, there's still a lot of bugs and there are still many more features that need to be built out. For a full list of nerdctl features that are working for Windows, see the following link. (Link)