There is one question that doesn't show up in the forums, what which has a reason to be discussed, IMHO: Why isn't it possible to pull or build windows docker images (i.e. nanoserver 2019) on an older host system? On the official site, it is documented, that it is not compatible to run, yes: Version compatibility
But, as I said, "to run". I don't need to run that newer windows container image on the older host system, I just want to pull and build it, to distribute it to a compatible system later on.
Thus, is there a way to handle this issue that shouldn't be one?
You missed one important thing:
Even just do docker build, it will use container, it use container to build not directly on your host machine. Next is the process when docker build:
Docker will create a temporary build container from the base image which you mentioned in Dockerfile with FROM.
Run all instructions of Dockerfile in above temporary build container.
Save the temporary build container as image.
So, as you said you have seen Version compatibility for container from microsoft, so now I think you could also see why build also need this, just because it will also create a container(Just this temporary container will be removed after build).
UPDATE:
The whole story is:
YES, in linux, no problem for a old host os to build/run a new os image/container, because host & container just share the same kernel, the rootfs is provided by container itself.
BUT, you are talking about windows, from windows official, we could see next:
Windows Server 2016 and Windows 10 Anniversary Update (both version 14393) were the first Windows releases that could build and run Windows Server containers. Containers built using these versions can run on newer releases such as Windows Server version 1709, but there are a few things you need to know before you start.
As we've been improving the Windows container features, we've had to make some changes that can affect compatibility. Older containers will run the same on newer hosts with Hyper-V isolation, and will use the same (older) kernel version. However, if you want to run a container based on a newer Windows build, it can only run on the newer host build.
Above is the reason why old windows os could not run a new windows container.
Further more, what I want to say is docker build is just same reason with docker run:
docker run $theImageName need to start a container base on the image theImageName, and as microsoft said, the new os container had to use the new features of kernel, so the new container cannot use the old windows host. Remember, container & host will share the same kernel.
And, docker build -t xxx . will find the Dockerfile with FROM $baseImageName in it, then start a container base on the image $baseImageName, this container is a temp container. All instructions in Dockerfile will executed in this temp container, not in docker host. And finally, this temp build container will be deleted, so you did not see this temp container.
So, as you see, both docker run & docker build will start the container which need to utilize the new windows host's feature, could not use old windows' kernel. This is the limit of microsoft, if you have already understand the limit for docker run on windows, the reason is same of docker build on windows.