Does Azure IoT Edge runtime and modules support host network mode?

Question

Does Azure IoT Edge runtime and modules support host network mode?

zhitian deng 1

Hello everyone! could you help to figure out whether Azure IoT Edge runtime and modules support host network mode?
I tried the following methods, but it didn't work.

https://learn.microsoft.com/en-us/answers/questions/75596/iot-edge-module-add-hostconfig-for-networkmodehost.html

My deployment.json is as below:

{  
    "modulesContent": {  
        "$edgeAgent": {  
            "properties.desired": {  
                "modules": {  
                    "temp": {  
                        "settings": {  
                            "image": "mcr.microsoft.com/azureiotedge-simulated-temperature-sensor:1.1.3-linux-arm32v7",  
                            "createOptions": "{\"createOptions\":{\"NetworkingConfig\":{\"EndpointsConfig\":{\"host\":{}}},\"HostConfig\":{\"NetworkMode\":\"host\",\"Memory\":67108864,\"CpuPeriod\":50000}}}"  
                        },  
                        "type": "docker",  
                        "version": "1.0",  
                        "env": {  
                            "MessageCount": {  
                                "value": "-1"  
                            }  
                        },  
                        "status": "running",  
                        "restartPolicy": "always"  
                    }  
                },  
                "runtime": {  
                    "settings": {  
                        "minDockerVersion": "v1.25"  
                    },  
                    "type": "docker"  
                },  
                "schemaVersion": "1.0",  
                "systemModules": {  
                    "edgeAgent": {  
                        "settings": {  
                            "image": "mcr.microsoft.com/azureiotedge-agent:1.1.3-linux-arm32v7",  
                            "createOptions": "{\"createOptions\":{\"HostConfig\":{\"Memory\":67108864,\"CpuPeriod\":50000}}}"  
                        },  
                        "type": "docker"  
                    },  
                    "edgeHub": {  
                        "settings": {  
                            "image": "mcr.microsoft.com/azureiotedge-hub:1.1.3-linux-arm32v7",  
                            "createOptions": "{\"createOptions\":{\"HostConfig\":{\"Memory\":134217728,\"CpuPeriod\":50000,\"PortBindings\":{\"443/tcp\":[{\"HostPort\":\"8443\"}],\"5671/tcp\":[{\"HostPort\":\"5671\"}],\"8883/tcp\":[{\"HostPort\":\"8883\"}]}}}}"  
                        },  
                        "type": "docker",  
                        "status": "running",  
                        "restartPolicy": "always"  
                    }  
                }  
            }  
        },  
        "$edgeHub": {  
            "properties.desired": {  
                "routes": {  
                    "route": "FROM /messages/* INTO $upstream"  
                },  
                "schemaVersion": "1.0",  
                "storeAndForwardConfiguration": {  
                    "timeToLiveSecs": 7200  
                }  
            }  
        },  
        "temp": {  
            "properties.desired": {}  
        }  
    }  
}

1 answer

Your answer

Answer 1

Sander van de Velde | MVP 36,766 MVP Volunteer Moderator

Hello @zhitian deng ,

normally, Azure IoT edge modules communicate in 'bridge mode' because this is a secure way to exchange data.

Host network mode seems to be working too, although this is not officially documented.

Your question is picked up by the Azure IoT Edge team in this thread https://github.com/Azure/iotedge/issues/5935

If you follow the links in these underlying threads, you see reports of users who claim it works for them.

Host network mode takes away part of the 'sandbox' experience where docker containers only have access to host resources when officially granted. Personally, I have experienced that granting access in individual cases gives me more control over the containers without limiting the usability.

Think twice if this is really what you want. What is your use case?

zhitian deng 1 Reputation point

2021-12-19T11:08:51.857+00:00

Thanks for your reply! I want to access CAN and Bluetooth network device from docker container inside. So I have to set network mode of container to host? Do you have any advice about host mode of Azure Iot Edge modules or access CAN and Bluetooth network device from docker container inside?
Sander van de Velde | MVP 36,766 Reputation points MVP Volunteer Moderator

2021-12-19T12:31:47.397+00:00

Hello @zhitian deng ,

there are different ways to work with elevated privileges.

In Windows, you need can mark what access you need, as seen in this blog post where a serial port is accessed.

It seems you are working with ARM32. Look at this post which shows you how to manipulate a single module to run with accelerated rights (here, GPIO on a Raspberry PI is accessed).

Share via

Does Azure IoT Edge runtime and modules support host network mode?

1 answer

Your answer