Containerized applications¶

An alternative to packaging your software with RPM is to install your application or service in a Linux container. Deploying applications as containers can be advantageous because the container isolates the application from the OS, as well as from other containers. This means that you can build the application against a different base OS that is not necessarily compatible with AutoSD, with the exception of the kernel application binary interface (ABI). With this framework, you can have multiple applications that use different environments running on a single system.

In addition, containers have other advantages, such as the ability for each container to use different versions of dependencies and the improved robustness, security, and flexibility that comes from the kernel-level application isolation. This isolation forms the mixed-criticality architecture of the AutoSD application environment.

The container isolation architecture diagram illustrates how an entire software stack runs on a single OS while isolating containers, applications, and guest OS instances from each other and the system. The isolation aspects of containers support separated services and align with the requirement for well-defined interfaces between containers. The architecture is based on high-performance compute and systemd, which can house critical applications like a rear-view camera. Podman lets you run critical containers for applications like a blind spot monitor, or a QM container that can hold isolated instances of systemd and Podman; a VM, like Android Auto; a QM application, like a media player; and a nested container for another QM application, like Cluster. — Figure 1. Container isolation in root and QM partitions