Introduction

Downloadable Application Containers (DAC) is a pan-RDK initiative to develop a container solution that allows binary applications to be downloaded and run on STBs without modification.

DAC is initially targeting RDK-V set-top boxes but the aim is to extend DAC to suitable RDK-B devices in due course. DAC is a co-operation effort between Comcast, Sky, Liberty Global, Metrological and Consult Red. The work for this is co-ordinated by RDK DAC Special interest Group (RDKDACSIG)

Background and Terminology

What are Containers?

Used heavily in modern cloud software, containers are a standardised way to run the software in a self-contained, isolated and secure environment. Containers contain everything an application needs to run, including code, libraries and other dependencies. This means that there is no need to install specific libraries and dependencies on the host for each application. Unlike more traditional virtual machines, containers are lightweight and fast to create and destroy and don't have the overhead of virtualising an entire operating system. By sharing the OS kernel between containers, running applications inside containers adds very little performance or footprint overhead.

The most popular containerisation solution currently in use is Docker, although there are a number of other solutions such as LXC, Singularity and Podman. LXC containers have been available within RDK for a number of years, using a container generation tool at build time to define and create the container configurations.

Image source: https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/

Why use containers in RDK?

There are a number of advantages of using containers to run applications in RDK deployments, including:

• Allow developers to easily write applications to run on any RDK devices
• Consistent behaviour across all RDK operators and devices
• Write once, deploy on many devices
• Increase security without impacting performance

As part of the DAC initiative, containers are used to reduce the difficulty of developing native applications that can be run on many different RDK-V devices from different operators by creating an isolated environment for each application. This means the app becomes platform agnostic and can be run on devices the develop may not have physical access to.

Open Container Initiative (OCI)

From the Open Container Initiative (OCI) website (https://opencontainers.org/):

The Open Container Initiative is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes.

Formed in 2015 by Docker and other companies in the container industry and now part of the Linux Foundation, OCI define a number of specifications that allow developers to define containers. These specifications are followed by almost all major containerisation platforms.

OCI define both a runtime specification and an image specification. The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk. The OCI image is used for packaging containers in a platform-agnostic way that can be easily distributed. At a high-level, an OCI implementation would download an OCI Image then unpack that image into an OCI Runtime filesystem bundle. At this point the OCI Runtime Bundle would be run by an OCI Runtime.

OCI Runtimes

An OCI runtime is a CLI tool that allows for spawning and running containers according to the OCI specification. There are two main OCI runtimes in production use:

Crun

• Repo: https://github.com/containers/crun
• Crun is an alternative implementation of an OCI runtime, this time written in C and optimised for performance and a low memory footprint. It is developed and supported by RedHat and is currently in use by Podman in Fedora, and will be available in RHEL 8.3.
• This is the runtime supported by Dobby and will be used as the default runtime across RDK.

Runc

• Repo: https://github.com/opencontainers/runc/
• Runc is the reference implementation of an OCI runtime and is developed directly by the OCI group. This is the runtime used by Docker, Kubernetes and others. However, being written in Go, it is less suitable for embedded STB environments due to a relatively large footprint.
• Not officially supported in RDK

SDK

To allow the development of DAC apps, an application SDK has been developed.

NOTES:

• High-level overview of what/why the SDK is needed

STB

Information on the tools used to run containers on a STB

NOTES:

• Dobby
• OCIContainers Thunder Plugin
• ProcessContainers integration
• RDKShell/Packager

Cloud/Backend Infrastructure

NOTES:

• High level overview of
  • ASMS and submission portal
  • BundleGen
• Link to subpages...

Getting Started for App Developers

Reference Image

NOTES:

• RPi image with Dobby, crun etc can be found here: RDK reference image
• Contains everything needed to run DAC applications

Installing and Running DAC Applications

NOTES:

• Simple instructions on how to download/install/run apps with Packager/RDKShell in the reference image

App Development and Publishing

NOTES:

• Examples included with SDK
• SDK produces OCI image that can be converted to platform with BundleGen
• Metadata submitted to ASMS

Proposed organisation:

• Overview (Picture and text description - then point to subpages for more info) 
  • Backgound: Containers, OCI, runtime
  • SDK → stefan's page
  • Backend/cloud → Piotr's ASMS page, bundle gen
  • Client STB → dobby, plugins,
• For developers
  • How get started - reference image on RPi
    
  • Using SDK
  • Using ASMS/bundle gen, OCI tools?
  • Build image, OCI_container, RDKShell, Packer, Plugins
  • Running a container

Overview

DAC builds upon open-source specifications, components and tools from the Open Container Initiative (OCI). In particular, it uses crun, a fast, small, OCI-runtime compliant engine that can configure and launch applications containers. As part of the DAC project, a number of new open-source components have been contributed to RDK including:

• Dobby - an embedded-focused OCI container manager https://github.com/rdkcentral/Dobby
• OCIContainer - a Thunder plugin for interacting with Dobby to start/stop and inspect containers https://github.com/rdkcentral/rdkservices/tree/sprint/2009/OCIContainer
• BundleGen - a command-line tool that runs in the cloud to prepare containers for use on specific platforms https://github.com/rdkcentral/BundleGen

These are the first components of an end-to-end system that operators can use to adapt, manage and control containers to be suitable for their platform.

Other components within the end-to-end system that are currently in development include RDK-V SDK extensions that allow DAC Apps to be: built, published, and then adapted before loading and running on RDK-V STBs.