Skip to main content

Containers in the Particle Application Runtime

Particle’s Application Runtime for Linux is built around containers as the fundamental building block for application isolation, deployment, and management. This approach gives developers a modern, secure, and portable way to build and run applications — whether you're working on a Linux-powered IoT device like Tachyon, or developing on your local machine.

What Is a Container?

Containers are a lightweight, standardized method for packaging software and its dependencies so it can run reliably across different environments. Unlike virtual machines, containers do not include a full OS — they share the host system’s kernel, making them faster and more resource-efficient.

Each container includes everything needed to run an application:

  • Code
  • Runtime
  • System tools
  • Libraries
  • Configuration files

This ensures that your application behaves the same on your laptop, in the cloud, or on the edge device — a key benefit for IoT deployments.

How Containers Work on the Host

On Particle-supported Linux devices, containers are orchestrated by our runtime on top of OCI-compliant infrastructure. We utilize the Docker container descriptor format, which means our system is fully compatible with Docker and Podman, and is extensible to other container engines that support the Open Container Initiative.

Our container host supports:

  • Running multiple containers
  • Isolated networking and file systems
  • Volume mounts and data persistence
  • Secure communication between services

⚙️ Particle uses Docker Compose files as the default format for orchestrating multi-container applications. This makes it easy to define not only your app container, but also supporting services like Redis, MQTT brokers, databases, or even Particle-built services like custom AI models or telemetry processors.

Why Docker Compose?

Particle has chosen to use Docker Compose as a thin configuration layer over the base container. This allows:

  • Bundling multiple containers together
  • Defining inter-container communication
  • Configuring volumes, ports, and dependencies
  • Including advanced Particle services, such as:
    • Redis for caching and messaging
    • Proprietary models for image or audio inference
    • Secure agents for cloud sync and OTA updates

Your container sits alongside these system services, while remaining fully isolated.

Development Workflow

You can develop containers using Docker (or Podman) directly on your local workstation. Here's a typical workflow:

1. Create a Container Locally

Use a standard Dockerfile to define your app container.

FROM python:3.11-slim
COPY . /app
WORKDIR /app
CMD ["python", "main.py"]

Then define a docker-compose.yml that includes your app and any required services.

services:
  app:
    build: .
    restart: always
  redis:
    image: redis:alpine
  1. Test on Desktop

You can run and test your application using:

particle app run

🧑‍💻 Many of our applications support desktop and headless modes. On desktop, containers can access display hardware for debugging or rendering camera frames. When run headless, the container typically continues operating as normal — collecting data, running inference, and pushing to the cloud.

  1. Push to the Particle Cloud

To deploy your app, you push your container using Particle’s container registry, which is currently Docker-based.

particle app push

The CLI will authenticate using your Particle access token (retrieved automatically when you log in via the CLI). All container images are private and securely scoped to your Particle account or organization.

  1. Deploy to Devices

Once uploaded, containers are automatically synchronized to your devices over-the-air. Devices periodically poll the cloud for updates and will: • Download the latest container images • Restart services as needed • Report status and logs to the Particle platform

🔐 All containers are private and secure. They are tied to your Particle account and authenticated using access tokens. This ensures container content is isolated per user and inaccessible to others.

Headless and Desktop Support

Containers are designed to run in both headless (no GUI) and desktop (with GUI) environments. • In development, you can run containers on your workstation with GUI access for visual debugging or model visualization. • On devices, containers run in headless mode by default, designed for unattended operation in the field.

Apps are typically built with fallbacks — if no display is available, the container still functions and sends data to the cloud.

Multi-Container Example

Below is a simple visualization of how your container works alongside Particle-provided services in a shared Docker Compose file.

Each of these containers is isolated, but networked together through Docker Compose. This allows your application to make local calls (e.g., to Redis or a shared volume) while staying decoupled and secure.

Managing Containers on the Device

The Particle platform gives you full control over the container lifecycle: • View running containers and logs • Restart or update containers • Delete containers if no longer needed

Example commands:

particle app list
particle app delete <app-instance-name>

Summary

Particle’s container-based architecture provides: • Portability across dev, test, and production • Isolation of applications and services • Scalability to run multiple containers per device • Security through private container registry access • Flexibility to add advanced services alongside your app

💬 Want to run a non-Docker container or something special? Reach out — we’re happy to help support other OCI-compliant tools.