Add a Container as an Edge App Type

Introduction

This article describes how to add a container as an edge application type. All the types are described in the Manage an Edge Application article. This is a series of articles. You will likely follow them in this order.

1. Edge Application Overview
2. Manage an Edge App Image
3. Manage an Edge Application
   • Add a Module as an Edge App Type
   • Add a Container as an Edge App Type - You are here!
   • Add a Virtual Machine as an Edge App Type
   • Add a Docker Compose as an Edge App Type
4. Deploy an Application Instance

Prerequisites

• You have the SysManager role in your enterprise.
• Ensure the application details are stored in a place the edge node can access. Check Data Stores for details.
• An Edge App Image is required.

Configure the Identity

1. Log in to the ZEDEDA GUI.
2. Hover over Marketplace on the left panel.
3. Select Edge Apps from the options.
4. Click on the + icon to create a new edge app.
5. Select Container as the Edge App Type.
6. Continue on to the identity details.
   
   

Identity details

1. Fill in the following:
   • Edge App Logo: Upload a logo.
   • Name: This value can't be changed later.
   • Title: This value is for flexibility. You can change it at any time.
   • Description: You can use this to help other admins understand the purpose of the app or any important details about the app.
   • Category: Select the category that best describes the app. If no category describes the app, you can type one of your own and that category is created.
   • Version: Provide the version of your edge application.
2. Select a deployment type. Not for use with the Module edge app type.
   • Standalone: Runs the application independently on the edge device without relying on any external cloud services.
   • Azure Runtime: Indicates that the application is designed to interact with Azure services.
   • K3S: Indicates that the application is designed for deploying the K3S runtime, for automated deployment of K3S clusters across selected nodes.
   • VCE: Runs applications in a virtualized environment on edge devices that may be part of a larger cloud-native architecture.
   • TKG Attach: Indicates that the application is used to deploy a single-node Tanzu Kubernetes cluster, where the hosted workload runs alongside the control plane infrastructure on a single application instance.
   • Docker Runtime: For use with the Docker Runtime Virtual Machine.
     • Runtime Version: Defines the specific version of the underlying runtime (for example, Docker Engine) required by the Docker Compose application.
     • Runtime Protocol Version: Specifies the version of the Docker Compose file format the application uses.
3. Enable VNC Connection: A graphical desktop sharing system to remotely control the app interface for the purposes of remote management, development, troubleshooting, and more.
4. Add a License: Helps users understand the terms under which they can use, modify, or distribute the application. It can also affect how the application interacts with other components in the ZEDEDA ecosystem.
5. Click Next.

Configure the Resources & Drives

After configuring the identity, configure the resources and drives.

Configure the resources

1. Select a predefined Resource size to auto populate the amount of CPU and Memory allocated to your app. You can also select a Custom size to populate the fields yourself. 
2. Select a Container Mode: 
   • Standard: A secure container runtime with a lightweight virtual machine wrapper that feels and performs like a container, but provides stronger workload isolation using hardware virtualization technology as a second layer of defense. 
   • Reduced Isolation: Supported only for ARM64-based hardware devices. Does not provide the added security of a lightweight virtual machine wrapper around the workload. While it reduces isolation, it provides the containers with direct access to hardware accelerators such as GPUs, NPUs, and TPUs. This is relevant for use cases where it is not possible to virtualize or PCI passthrough the accelerator to a virtualization layer such as the Nvidia Jetson family of devices.
3. Enable CPU Pinning: Bind specific virtual CPUs to a particular application or workload. This can enhance performance by ensuring that the app constantly runs on the same CPU cores, which reduces context switching and cache misses for latency-sensitive tasks.
4. Enable VMM Overhead. If you find that the default Virtual Machine Manager overhead settings are too conservative, overriding them can help ensure that more resources are available for your application. See Edge Application Runtime Resources for override advice. 
5. Continue on to configure the drives.

Configure the drives

After configuring the resources, configure the drives. 

1. 1. Enter a Volume Label to choose a preferred volume instance, which you previously defined when you created when you created a volume instance.
   2. Choose an existing image or upload one as instructed in our guide to Edge App Images.
   3. Mount Path: Path for the diskimage to be mounted on. To define the rootfs, you need to enter either an empty mount path, or one that explicitly defines ‘/’ as its path.
      • If you selected a container mode of Reduced Isolation, the rootfs image you select must be an ARM64 image, otherwise the container app will fail to be created.
   4. Encrypted: The data stored on the drive will be encrypted to help protect sensitive information.
   5. Purge: Determine if your volume instance will be perishable or persistent. To make your volume instance persistent, leave the Purge option unchecked. 
   6. Select one or more Projects to associate with the edge app.
   7. Click Next.

Configure the Interfaces

After configuring the drives, configure the interfaces.

1. Click Configure interfaces for the edge app.
2. Enter a Name for the interface.
3. Select an interface Type:
   • Enable Direct Attach if you're using the hardware resource directly, also known as passthrough. 
   • Enable Virtual Network Interface if you’re not using the hardware directly.

Direct attach

1. Select the Adapter Type based on the port for your device. Only available with Direct Attach.
   • Audio: Relates to audio input/output interfaces. 
   • COM: Stands for "Communication Port" (often refers to serial communication). 
   • Ethernet: A standard for networking that allows for wired communication. 
   • HDMI: High-Definition Multimedia Interface for video and audio transmission. 
   • USB: Universal Serial Bus, used for connecting various peripherals. 
   • WLAN: Wireless Local Area Network, referring to wireless communication networks. 
   • WWAN: Wireless Wide Area Network, often referring to mobile cellular networks. 
   • LTE: Long-Term Evolution, a standard for high-speed wireless communication. 
   • NVME: Non-Volatile Memory Express, a protocol for accessing high-speed storage. 
   • SATA: Serial Advanced Technology Attachment, an interface for connecting storage devices. 
   • Other: A category for any additional adapter types not listed. 
   • CAN: Controller Area Network, used in automotive and industrial applications for real-time communication. 
   • VCAN: Virtual Controller Area Network, often used for simulating CAN networks. 
   • LCAN: Likely refers to a specific variant of CAN, often tied to a specific application. 
   • USB Device: Specific devices connected via USB. 
   • USB Controller: The controller that manages USB device communications.
2. Add multiple interfaces by clicking Add Interface.
3. Click Next.

Virtual network interface

By default, the application is not able to connect to an external network or to receive an incoming connection from an external network. 

1. Configure outbound firewall rules for network traffic.
   • Outbound Host or IP: Enter the FQDN or the IP address in CIDR format: 0.0.0.0/0.
   • Protocol: Choose Any, TCP, or UDP.
   • Port: Choose Any to allow outbound traffic on all ports, or Custom to specify a port for outbound traffic. 
   • Action: Choose Allow to allow outbound traffic without restrictions, or Limit to control outbound traffic with defined parameters. 
   • Rate: Only available for Limit. Set a consistent average limit on outbound traffic to prevent network congestion. We use the Token Bucket algorithm, where rate is an input argument. This is a number in packets per minute, such as 512.
   • Burst: Only available for Limit. Allow temporary spikes in traffic beyond the rate limit for short durations. We use the Token Bucket algorithm, where burst is an input argument. This is a number of packets sent in a short burst, such as 64.
2. Configure multiple Outbound Rules by clicking Add Rule.
3. Configure inbound firewall rules for network traffic.
   • Protocol: Choose TCP or UDP.
   • Edge Node Port: Specify a port for inbound traffic.
   • Adapter Label: If you used Adapter Labels when you onboarded your edge node to ZEDEDA Cloud, you can use an adapter label when configuring inbound rules. If you leave the field empty, the inbound rule applies to every network adapter in use by the application’s Network Instance. But if you use the adapter label, the inbound rule applies only to the network adapters that you designated with the adapter label. See Network Instances: a use case for an example of using adapter labels to configure a Local Network Instance for multi-path routing with failover and port-forwarding restrictions. 
   • Action: Choose Map for port mapping, or Limit to control inbound traffic with defined parameters. 
   • Edge App Port: Only available for the Map action. Direct network traffic from a specific port on the node to a specific port on the app. SSH for example - you can set the Edge Node port of 2022 to Edge App port 22, which means you can SSH to your Edge App by using port 2022.
   • Rate: Only available for the Limit action. Set a consistent average limit on inbound traffic to prevent network congestion. We use the Token Bucket algorithm, where rate is an input argument. This is a number in packets per minute, such as 512.
   • Burst: Only available for the Limit action. Allow temporary spikes in traffic beyond the rate limit for short durations. We use the Token Bucket algorithm, where burst is an input argument. This is a number of packets sent in a short burst, such as 64.
   • Inbound IP Address: The IP address of the inbound interface. 
4. Configure multiple Outbound Rules by clicking Add Rule.
5. Add multiple interfaces by clicking Add Interface.
6. Click Next.

Configure the Custom Config Template

After configuring the interfaces, determine if you need to add a custom configuration template.

For information, see Custom Configuration Edge Application.

1. Click Add Custom Config Template.
2. Customize the config template.
3. Click Next.

Configure the Developer Info

After configuring the custom template, configure the developer info.

Note the following fields.

1. Agreement: A place to include specific agreements about services offered or standards complied with.
   • Custom Upload - Upload a file (typically a PDF or a text document) containing an end-user license agreement or terms of service or similar to display in the GUI.
   • Custom URL - Provide a web address where an agreement (such as an open-source license or data privacy policy or similar) is hosted online.
2. Support Description: Add relevant support contacts or instructions.
3. Click the Add button to add the edge application.
4. Click Next.

Review & Add

After configuring the developer info, review and add your app.

1. Review the information.
2. Click Add. 
3. Verify your new addition by checking for it in the ZEDEDA Marketplace.

Next steps

This is a series of articles. You will likely follow them in this order.

1. 1. Edge Application Overview
   2. Manage an Edge App Image
   3. Manage an Edge Application
      • Add a Module as an Edge App Type
      • Add a Container as an Edge App Type - You are here!
      • Add a Virtual Machine as an Edge App Type
   4. Deploy an Application Instance

Also potentially of interest: Deploy Edge AI Applications to a Fleet of Devices: A Use Case