Add a Container as an Edge App Type

Introduction

This article describes how to add a container as an edge application type. All the types are described in the Manage an Edge Application article. This is a series of articles. You will likely follow them in this order.

  1. Edge Application Overview
  2. Manage an Edge App Image
  3. Manage an Edge Application
  4. Deploy an Application Instance

Prerequisites

Configure the identity

  1. Log in to the ZEDEDA GUI.
  2. Hover over Marketplace on the left side nav and click on Edge Apps.
  3. Click on the icon + to create a new edge app.
  4. Select Container as the Edge App Type.
  5. Fill in the Identity section. 
    • Name: This value can't be changed later.
    • Title: This value is for flexibility. You can change it at any time. 
    • Description: You can use this to help other admins understand the purpose of the app or any important details about the app.
    • Version: Provide the version of your edge application.
  6. Select a Deployment type
    • Standalone: Runs the application independently on the edge device without relying on any external cloud services.
    • Azure Runtime: Indicates that the application is designed to interact with Azure services.
    • K3S: Indicates that the application is designed for deploying the K3S runtime, for automated deployment of K3S clusters across selected nodes. 
    • VCE: Runs applications in a virtualized environment on edge devices that may be part of a larger cloud-native architecture.
    • TKG Attached: Indicates that the application is used to deploy a single-node Tanzu Kubernetes cluster, where the hosted workload runs alongside the control plane infrastructure on a single application instance.
  7. Enable VNC Connection: Available only for standard container mode. A graphical desktop sharing system to remotely control the app interface for the purposes of remote management, development, troubleshooting, and more.
  8. Select the Container Mode:
    • Standard: A secure container runtime with a lightweight virtual machine wrapper that feels and performs like a container, but provides stronger workload isolation using hardware virtualization technology as a second layer of defense. 
    • Reduced Isolation: Supported only for ARM64-based hardware devices. Does not provide the added security of a lightweight virtual machine wrapper around the workload. While it reduces isolation, it provides the containers with direct access to hardware accelerators such as GPUs, NPUs, and TPUs. This is relevant for use cases where it is not possible to virtualize or PCI passthrough the accelerator to a virtualization layer such as the Nvidia Jetson family of devices.
  9. Enable CPU Pinning: Bind specific virtual CPUs to a particular application or workload. This can enhance performance by ensuring that the app constantly runs on the same CPU cores, which reduces context switching and cache misses for latency-sensitive tasks.
  10. License: Helps users understand the terms under which they can use, modify, or distribute the application. It can also affect how the application interacts with other components in the ZEDEDA ecosystem.
  11. Continue on to configure the resources.

Configure the resources

  1. After configuring the identity, configure the resources.
    1. Resource: Select a predefined size to auto populate the amount of CPU and Memory allocated to your app. You can also select a Custom size to populate the fields yourself. 
    2. Enable VMM Overhead: If you find that the default Virtual Machine Manager overhead settings are too conservative, overriding them can help ensure that more resources are available for your application. See Edge Application Runtime Resources for override advice.
  2. Continue on to configure the drives.

Configure the drives

  1. After configuring the resources, configure the drives. 
  2. Choose an existing image or upload one as instructed in our guide to Edge App Images.
    1. Mount Path: Path for the diskimage to be mounted on. To define the rootfs, you need to enter either an empty mount path, or one that explicitly defines ‘/’ as its path.
      • If you selected a container mode of Reduced Isolation, the rootfs image you select must be an ARM64 image, otherwise the container app will fail to be created.
    2. Tag: By applying tags, you can choose a preferred volume instance for deployments, which you previously defined in Library > Volume Instance > Details > Label. It can contain alphanumeric and special characters only. Optional parameter. 
    3. Encrypted: The data stored on the drive will be encrypted to help protect sensitive information.
    4. Purge: Determine if your volume instance will be perishable or persistent. To make your volume instance persistent, leave the Purge option unchecked. 
  3. Continue on to configure the environments.

Configure the environments

By adding environments, you can customize the connectivity and traffic management of your application based on different deployment scenarios. 

    1. After configuring the drives, configure the environments by clicking Add Environment
    2. Enter a Name for the environment.
    3. Enable Direct Attach if you're using the hardware resource directly, also known as passthrough.
    4. Select the Adapter Type based on the port for your device. Only available with Direct Attach.
      • Audio: Relates to audio input/output interfaces. 
      • COM: Stands for "Communication Port" (often refers to serial communication). 
      • Ethernet: A standard for networking that allows for wired communication. 
      • HDMI: High-Definition Multimedia Interface for video and audio transmission. 
      • USB: Universal Serial Bus, used for connecting various peripherals. 
      • WLAN: Wireless Local Area Network, referring to wireless communication networks. 
      • WWAN: Wireless Wide Area Network, often referring to mobile cellular networks. 
      • LTE: Long-Term Evolution, a standard for high-speed wireless communication. 
      • NVMe: Non-Volatile Memory Express, a protocol for accessing high-speed storage. 
      • SATA: Serial Advanced Technology Attachment, an interface for connecting storage devices. 
      • Other: A category for any additional adapter types not listed. 
      • CAN: Controller Area Network, used in automotive and industrial applications for real-time communication. 
      • VCAN: Virtual Controller Area Network, often used for simulating CAN networks. 
      • LCAN: Likely refers to a specific variant of CAN, often tied to a specific application. 
      • USB Device: Specific devices connected via USB. 
      • USB Controller: The controller that manages USB device communications. 
    5. Configure Outbound Rules by clicking Add Rule.
      By default, the application is not able to connect to an external network.
      • Outbound Host or IP: Enter the FQDN or the IP address in CIDR format: 0.0.0.0/0.
      • Protocol: Choose Any, TCP, or UDP.
      • Port: Choose Any to allow outbound traffic on all ports, or Custom to specify a port for outbound traffic. 
      • Action: Choose Allow to allow outbound traffic without restrictions, or Limit to control outbound traffic with defined parameters. 
      • Rate: Only available for Limit. Set a consistent average limit on outbound traffic to prevent network congestion. We use the Token Bucket algorithm, where rate is an input argument. This is a number in packets per minute, such as 512.
      • Burst: Only available for Limit. Allow temporary spikes in traffic beyond the rate limit for short durations. We use the Token Bucket algorithm, where burst is an input argument. This is a number of packets sent in a short burst, such as 64.
    6. Configure Inbound Rules by clicking Add Rule.
      By default, the application is not able to receive an incoming connection from an external network.
      • Protocol: Choose TCP or UDP.
      • Edge Node Port: Specify a port for inbound traffic.
      • Adapter Label: If you used Adapter Labels when you onboarded your edge node to ZEDEDA Cloud, you can use an adapter label when configuring inbound rules. If you leave the field empty, the inbound rule applies to every network adapter in use by the application’s Network Instance. But if you use the adapter label, the inbound rule applies only to the network adapters that you designated with the adapter label. See Network Instances: a use case for an example of using adapter labels to configure a Local Network Instance for multi-path routing with failover and port-forwarding restrictions. 
      • Action: Choose Map for port mapping, or Limit to control inbound traffic with defined parameters. 
      • Edge App Port: Only available for the Map action. Direct network traffic from a specific port on the node to a specific port on the app. SSH for example - you can set the Edge Node port of 2022 to Edge App port 22, which means you can SSH to your Edge App by using port 2022.
      • Rate: Only available for the Limit action. Set a consistent average limit on inbound traffic to prevent network congestion. We use the Token Bucket algorithm, where rate is an input argument. This is a number in packets per minute, such as 512.
      • Burst: Only available for the Limit action. Allow temporary spikes in traffic beyond the rate limit for short durations. We use the Token Bucket algorithm, where burst is an input argument. This is a number of packets sent in a short burst, such as 64.
      • Inbound IP Address: The IP address of the inbound interface. 
    7. Continue on to configure the custom template.

Configure the custom template

  1. After configuring the environments, determine if you need to add a custom configuration template. For information, see our guide on Custom Configuration Edge Application.
  2. Continue on to configure the developer info.

Configure the developer info

  1. After configuring the custom template, configure the developer info. Note the following fields.
    1. Agreement: A place to include specific agreements about services offered or standards complied with.
    2. Support Description: Add relevant support contacts or instructions.
  2. Click the Add button to add the container edge application.
  3. Verify your new addition by checking for it in the ZEDEDA Marketplace.

Next steps

  1. This is a series of articles. You will likely follow them in this order.

    1. Edge Application Overview
    2. Manage an Edge App Image
    3. Manage an Edge Application
    4. Deploy an Application Instance
Was this article helpful?
0 out of 0 found this helpful