Docker has released a new fileshare implementation for Docker Desktop for Windows as part of the 2.1.7.0 edge release. This new fileshare makes use of FUSE (Filesystem in Userspace) and allows for more seamless sharing of files between host and container. This includes being able to edit source on the host, save, and see the changes live in the browser on the container.
With this release the previously experimental gRPC FUSE system is now on by default. This change improves the workflow of editing files on the host machine using a preferred IDE while hosting the app in a container. By switching from Samba to FUSE it allows the file system to run as a regular Windows process, which removes the requirement of Administrator privileges to share the drive. The user also no longer needs to enter their domain credentials to facilitate the connection.
This change also has traffic flowing over hypervisor sockets instead of being routed via DNS. Since the traffic is not flowing over the virtual ethernet/IP network this new approach is not affected by firewall policies. Previous implementations could also be impacted by enterprise VPN clients and endpoint security software which is now no longer the case.
The Docker team performed benchmarking to compare the performance of this new filesystem against the old Samba-based model. They also compared the use case of not sharing the files between the container and the host, as this represents the upper limit on performance. As noted by David Scott, member of technical staff at Docker, "The initial (uncached) fetch is already better than with the previous Desktop version, but the second (cached) fetch is 60% faster!"
FUSE is a software interface that allows non-privileged users to create their own file systems without having to edit kernel code. This file system is run in the user space with the FUSE module, providing a bridge to the actual kernel interface.
In this new implementation, a read request for a file from the web server running on a container will call the Linux command read
. This command will be handled by the kernel's VFS (virtual file system) layer. The VFS is modular and supports multiple file system implementations, including FUSE. Running inside the VM is a helper process known as the FUSE client. The client runs in the same namespace as the Docker engine.
When the FUSE client needs access to the host filesystem, it connects to the host via a hypervisor socket. Hypervisor sockets are a shared memory communication mechanism that allows VMs to communicate with each other and their host. This provides a number of the advantages, mentioned previously, as traffic does not need to travel over regular virtual networking. The filesystem requests are written into shared memory and read by the VMBus implementation in the Windows kernel. These requests are received by the FUSE server which runs as a regular Windows process. The FUSE server makes use of the Windows API to perform file activites and returns the result to the caller.
An additional improvement with this change is the generation of inotify
events when a file is changed. When files are modified in Linux, the kernel will generate an inotify
event. Applications can listen for these events and trigger actions. For example, an application could trigger a recompile and a browser refresh when its source files are changed.
While this feature provides general improvements to the file system performance, there are other third-party tools available to facilitate the sharing of files between host and container. Telepresence is an open-source CNCF sandbox project originally created by Datawire. It works for both MacOS and Linux and allows for local development, including live coding and debugging of services running inside Kubernetes. Ksync is another open-source option available for Linux, MacOS, and Windows that also allows for local development on services running within Kubernetes.
This feature is available now in the Docker Desktop Edge 2.1.7.0 release. The Docker team is soliciting feedback on the release prior to pushing it to the stable channel.