1. Introduction

With the i-PRO Camera SDK that supports Container AdamApp, you can run containers with various configurations in the i-PRO camera by describing the app configuration in a Docker compose configuration file. This allows you to develop camera application as docker application, and if you have already developed a Docker container running on PC or another device, you can easily port it to camera. This document explains how to create a Container AdamApp with multiple containers using the docker_multi_images sample app included in the SDK as an example.

2. Overview

2.1 Design docker container architecture

...

Following diagram shows the difference between the conventional AdamApp(not the docker) and the example of Container AdamApp.

The above is the example of multiple containers within one camera application (one binary).

...

2.2 Configuration for

...

multiple containers

The dockersample application “docker_multi_images included in the SDK is a sample app that can be used as a reference if you choose use case 3 or 4 images” is the reference, especially for use case No.3 in Chapter 2.1. The docker_multi_images This sample app consists of two Docker images.

• docker_multi_images image
  It exists to start and stop This is for starting/stopping the application from the by camera body and to respond to firmware and for internal keep-alive messagesbetween application and firmware. In this document, it is called the "main image." Also, the container generated from this image is called the "main container." The sample application only runs an event loop and waits. It should be is built with using i-PRO CAMERA SDK.

• web image
  This image is based on the lightweight version of nginx published on DockerHub, with only the default configuration file (default.conf) replaced. This document calls it a "subimage." Also, a container generated from this image is called a "subcontainer." It exposes nginx's TCP 80 port is associated to the outside as TCP 8081 port and accepts for http requests access from external devices. When creating Container AdamApp, it must be built as a Docker image in advancedevice. It is necessary to build as docker image before creating Container AdamApp using i-PRO CAMERA SDK.

If you want to run an existing container on an i-PRO camera, you can add the docker_multi_images image for management from the camera, and the existing container can be run on the camera with minimal changes.

2.3 Porting Considerations

When running an existing container on an i-PRO camera, you need to consider the following three points:

• Are there enough Camera resources RAM/ROM/CPU resources?Does it comply with the

• Data storage

• i-PRO camera security policy?

• Is there only one container that uses the enough for using ADAM API?

...

2.3.1 RAM / ROM / CPU resources

Please see here for resources on how the new X-Series cameras can be used to extend the functionality of your applicationsfor CV52 cameras that support docker capabiility.

Please make sure the app you are porting can work within these limits.
RAM/CPU limits are enforced by cgroups. If RAM usage exceeds the limit, the app will be killed by the OOM Killer.

2.3.2 About our security policy

Followings are important points when porting. For more information on Container AdamApp's security policy, please see here.

Special porting considerations are discussed.

• Containers cannot be run with root privileges. The app runs in the camera with user privileges of uid 1000, gid 1000.

• The container is mounted read only.
  You cannot write to the container. If an existing app is writing to the container, it will need to write to a tmpfs(RAM) for temporary data, or to a separate mounted volume for persistent data.

• Options that relax security, such as --previledged, cannot be used.

• Images Docker images cannot be pulled from an external container registry directly from within the camera. The required docker images must be pulled and built on the development PC and included in the Container AdamApp(ext file).

2.3.3 Restrictions on using ADAM API

If Container AdamApp contains multiple containers, the ADAM API can only be used from the main container, not from subcontainers.If you want to use camera functions, we recommend implementing them in the main image, and if you want to run general-purpose functions that are not camera-dependent directly on the camera, we recommend implementing them in the sub-image. Data sharing between the main image and sub-image will be explained in Chapter 3.4sub containers.

It is better that main image has feature related to camera functions and sub images have features not related to camera functions. Chapter 3.4 shows how to share the data between main and sub images.

3. Development Procedure

3.1 Create a project

Preparing the project directory

Copy iPRO_CAMERA_SDK/src/adamapp/docker_multi_images included in the SDK sample app and rename it to any name. It is recommended to use lowercase for all directory names to make it easier to understand if the directory name matches the image name of the main image.

...

There is no need to change the main image binary (multiImages). If you want to change it, you will also need to edit Configuration.txt and Makefile.

App information description

Open configuration.txt and edit the following items.

• App Version Name
  This is the version information displayed on the camera browser management screen. It is easy to understand if you match it with the tag name of the main image.

• App Name
  This will be the app name displayed on the camera browser management screen. It can be written in any language.

• Resource Related Information
  Describes the ROM/RAM/CPU usage (declared value) used by the app. This is used to check whether the total of the values ​​declared by other apps at the time of installation exceeds the limit. If the total of the declared values ​​of all apps exceeds the limit, the app will fail to install.

• License related information
  Please specify the FUNC ID assigned by Default value is OK for starting development. When you completed, please request FUNC ID to i-PRO and relace this value.

3.2 Preparing the sub-image (the image to be ported)

If you want to port an existing container image, create it as a subimage.

...

• The docker_multi_images/web directory contains the files required for the nginx image.

• Navigate to the web directory.

  Code Block
  cd [iPRO_CAMERA_SDK directory]/src/Aadamapp/[app directory]/web

• Build the docker image.

  Code Block
  docker build -t web:0.0.1-arm64v8 .

• Verify that the Docker image is built and exists in your development environment.

  Code Block
  docker images

  Example output

  Code Block
  $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE web 0.0.1-arm64v8 78a72756f85e 16 hours ago 16.6MB

3.3 Editing docker-compose.yaml

Write information about the sub-image in docker-compose.yaml.
For information on how to write docker-compose.yaml, please see here etc.

...

• Add the sub-image information to the child level of the services key. This is already written in the sample app, so we will explain the contents here.

• The complete description of the web service is as follows:

  

• images:
  Here you specify the image name and tag created in 3.2. If the image specified here does not exist, the app build script will fail.

• networks:
  If you want containers to communicate with each other, they must specify the same network.

• restart:
  Specifies how to recover when the container is terminated. In the case of ext format Docker, the main container is monitored by the camera firmware without using Docker mechanisms, so specifying "no" will restart it appropriately. On the other hand, subcontainers are not monitored by the camera firmware, so set it according to the actual operation.

• ports:
  If the sub-image exposes a port that can be connected from outside, describe it in the format of [camera side]:[container side].

• volumes:
  Describes volumes and bind mounts.
  Only volumes defined in this docker-compose.yaml can be specified for volume. In addition, volume names defined here must also be separately listed in the volumes: section at the top of the yaml file.
  There are restrictions on directory paths that can be bind mounted.

• tmpfs:
  Security policies prevent writing to containers, so if there are directories under /var where apps temporarily store data, specify them here.
  In the case of nginx, it writes to /var/cache/nginx and /var/run, so these are specified as tmpfs.

• Required parameters
  The following parameters must be added to satisfy the security policy of the i-RPO camera. Please copy and paste as is.

  Code Block
  read_only: true user: 1000:1000 cap_drop: - "net_raw" security_opt: - "label=type:ipro-container.process" - "no-new-privileges" labels: com.i-pro.app-type: "ext" com.i-pro.device-category: "CV5x-A" com.i-pro.device-vendor: "i-PRO"

• Listing root-level volumes
  Enter the volume name in the volumes: section under the root of the yaml file.

  

3.4 Implementing your own functionality

3.4.1 Communication and data sharing between containers

There are the following methods to exchange data between the main image and sub-image, or between a container and a camera.

...

3.4.2 Example implementation of sample app

The docker_multi_images sample app uses the DNS function of the inter-container network to implement sample code that sends an HTTP request from the main container to a sub-container by container name.
The response_by_html function in ${SDK_DIR}/adamapp/docker_multi_images/main.cpp calls the system function that makes a request with curl as follows. Here, “web” is the service name written in docker-compose.yaml.

...

By pressing the "Go to Settings Screen" button for the "Docker Multi-Image" app displayed on the "Software Management Screen" of the camera browser, this code will be called and the contents of index.html of the web container will be displayed directly in the browser.

3.5 Building the app

Please refer to the following for information on building a development environment.

...