In May 2023, we shared our plan to undock Microsoft Edge from the Server and Windows container images and the ability to add it on demand for the scenarios that take a dependency on it. Today, we are pleased to announce that we shipped June 2023 images without Microsoft Edge in them, with the instructions below to add it if needed. The new images are now available in Microsoft Artifact Registry (Server and Windows).
By undocking Microsoft Edge from the base images, we reduced the size of these images, thereby improving performance and reducing the attack surface. The size of the base layer was reduced by ~13%, whereas the delta layer was reduced by ~40% as a result of this change.
Instructions to add Edge back to Windows Container (Windows and Server) Images
While we strive to reduce the size of Windows container base images by undocking components, we know some customers rely on Microsoft Edge in their containerized workloads. Below are the instructions to add Microsoft Edge back to these images if required:
Prerequisites
1. Ensure your environment is set up for running Windows Containers, including prerequisites
2. Prepare your Windows Containers build in your working directory (with a PowerShell script) that will be used to start Microsoft Edge
$START_EDGE_SCRIPT_STRING = @"
# Start Edge
Start-Process "${env:ProgramFiles(x86)}\Microsoft\Edge\Application\msedge.exe"
# Check if Edge is running
Get-Process -Name "msedge"
"@
# Save the file in your working directory with UTF-8 (no BOM) encoding
$START_EDGE_SCRIPT_STRING | Out-File -encoding ASCII ".\start-edge.ps1"
Build Windows Server 2022 Server container image with Microsoft Edge
1. Save the following contents in your working directory as a Dockerfile for Server (e.g., save it as Dockerfile.Server.ltsc2022)
#escape=`
FROM mcr.microsoft.com/windows/server:ltsc2022
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
# Include script to start edge
COPY start-edge.ps1 start-edge.ps1
# Install Edge
RUN mkdir -p C:\temp -force; `
# Get the bootstrapper to install edge
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; `
Invoke-WebRequest -Uri 'https://go.microsoft.com/fwlink/?linkid=2108834&Channel=Stable&language=en' -OutFile 'C:\temp\MicrosoftEdgeBootstrapperX64.exe'; `
# Start Edge bootstrapper
$MSEDGE_BOOTSTRAPPER_EXE_ABSOLUTE_PATH = $(Resolve-Path 'C:\temp\MicrosoftEdgeBootstrapperX64.exe').Path; `
Start-Process $MSEDGE_BOOTSTRAPPER_EXE_ABSOLUTE_PATH -ArgumentList @( '/silent', '/install') -Wait -NoNewWindow; `
# Clean up
Remove-Item $MSEDGE_BOOTSTRAPPER_EXE_ABSOLUTE_PATH -Force; `
Remove-Item C:\temp -Force; `
# Check edge installation
if(Test-Path "${env:ProgramFiles(x86)}\Microsoft\Edge\Application\msedge.exe") `
{ `
Write-Host "Edge installed at default location!"; `
} else { `
Write-Host "Edge not installed at default location!"; `
exit 1; `
}
# Start Edge
# Review the script contents before running it
CMD powershell .\start-edge.ps1
2. Pull the latest Server image from Microsoft Artifact Registry
# pull the latest server ltsc2022 image
docker pull mcr.microsoft.com/windows/server:ltsc2022
3. Build your Server with Microsoft Edge image
# Build Windows Server container image with Edge from your saved Dockerfile
docker build -f Dockerfile.Server.ltsc2022 -t "server-with-edge:ltsc2022" .
4. Run your Server with Edge image
# Run Windows Server container image with Edge
docker run -it "server-with-edge:ltsc2022"
Build Windows Server 2019 Windows container image with Microsoft Edge
1. Save the following contents in your working directory as a Dockerfile for Windows (e.g., save it as Dockerfile.Windows.ltsc2019).
#escape=`
FROM mcr.microsoft.com/windows:ltsc2019
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
# Include script to start edge
COPY start-edge.ps1 start-edge.ps1
# Install Edge
RUN mkdir -p C:\temp -force; `
# Get the bootstrapper to install edge
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; `
Invoke-WebRequest -Uri 'https://go.microsoft.com/fwlink/?linkid=2108834&Channel=Stable&language=en' -OutFile 'C:\temp\MicrosoftEdgeBootstrapperX64.exe'; `
# Start Edge bootstrapper
$MSEDGE_BOOTSTRAPPER_EXE_ABSOLUTE_PATH = $(Resolve-Path 'C:\temp\MicrosoftEdgeBootstrapperX64.exe').Path; `
Start-Process $MSEDGE_BOOTSTRAPPER_EXE_ABSOLUTE_PATH -ArgumentList @( '/silent', '/install') -Wait -NoNewWindow; `
# Clean up
Remove-Item $MSEDGE_BOOTSTRAPPER_EXE_ABSOLUTE_PATH -Force; `
Remove-Item C:\temp -Force; `
# Check Edge installation
if(Test-Path "${env:ProgramFiles(x86)}\Microsoft\Edge\Application\msedge.exe") `
{ `
Write-Host "Edge installed at default location!"; `
} else { `
Write-Host "Edge not installed at default location!"; `
exit 1; `
}
# Start Edge
# allow script to run, see https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_Execution_Policies?view=powershell-7.3#bypass
# You should review the script contents before executing it
CMD powershell -ExecutionPolicy bypass -file .\start-edge.ps1
2. Pull the latest Windows image from Microsoft Artifact Registry
# pull the latest windows ltsc2019 image
docker pull mcr.microsoft.com/windows:ltsc2019
3. Build your Windows with Edge image
# Build Windows container image with Edge from your saved Dockerfile
docker build -f Dockerfile.Windows.ltsc2019 -t "windows-with-edge:ltsc2019" .
4. Run your Windows with Edge image
# Run the windows container image with Edge
docker run -it "windows-with-edge:ltsc2019"
Closing
We hope you find value in our pursuit of offering the smallest Windows container images by undocking components wherever possible. We appreciate the opportunity to learn from your feedback and improve the Windows container experience.
Microsoft