If Docker runs natively on windows, then why does it need hyper-v
Docker support for Windows has several variants:
Docker Toolbox which includes Docker Machine that will spin up a boot2docker image inside of VirtualBox. These are Linux containers running with a Linux kernel inside the VM. This was originally the only option for Windows users.
Docker for Windows using Hyper-V to run the Moby VM, based on LinuxKit, to run Linux images. LinuxKit provides a container based Linux OS, and there's some integration to make it appear less like a VM to the end user, e.g. you can use 127.0.0.1 instead of the IP of the VirtualBox VM. If you have Hyper-V available and want to run Linux containers on Windows, this is the preferred option.
Windows Server Containers which run Windows binaries on the same host OS, similar to how Linux containers on a Linux OS do not need a VM.
Hyper-V Containers which run Windows binaries inside of a separate VM for additional isolation.
You can read more about the latter two options in Microsoft's docs.
What's important to note is that when you install Docker for Windows on a supported server, like 2016, you have options 2, 3, and 4, that you can toggle between. For Linux and Windows containers, there's a switch in the settings that affects all running containers and commands. And between Windows Server Containers and Hyper-V containers, there's an --isolation
option on the docker run
command line. So I believe you're required to have Hyper-V support to cover 2 and 4 even if you only want option 3.
Windows does support "Process Isolation" in addition to "Hyper-v Isolation".
Process isolation containers on Windows run without an additional layer of virtualization (similar to what you may be used to with docker on linux); I believe this is what the OP is looking for when referring to "native" containers.
Process isolation support is still fairly new but the latest versions of Windows Server 2019 and Windows 10 can indeed run windows containers without the extra overhead of a hyper-v virtual host. One thing to note is that your windows container base image kernel version must match the kernel version on your host machine. So you probably won't be able to simply use the exact same containers you've be running on hyper-v.
Here is a Windows container version compatibility table which highlights which host OSs support process
or hyperv
isolation.
Even though this^ page doesn't indicate it, Windows 10 Update 1809 is the first update to support Docker process isolation as noted in the Docker Engine Release Notes.
Support for Docker on Windows is not native, Docker was written to be run on Linux initially. So the requirements for running Docker CE on Windows are:
Virtualization must be enabled since docker-ce creates a VM on Hyper-V. Since all hypervisors require hardware virtualization to be enabled, Hyper-V in this matter is not exceptional. The Docker for Windows installer will enable Hyper-V for you, if needed, and restart your machine.
For older Windows systems that don’t support hardware virtualization, it’s recommended to use Docker Toolbox which uses Oracle Virtualbox to spin up VMs that will host docker containers instead of Hyper-V.