[Avg. reading time: 5 minutes]
Containers in IoT Architecture
Where Containers Exist
Runtime Layers
-
Microcontrollers (ESP32, STM32)
- Bare metal / RTOS / MicroPython
- No Docker
-
Edge Gateway (Raspberry Pi, Industrial PC)
- Linux-based
- Docker runs here
- Hosts broker + processing services
-
Cloud Infrastructure
- Scalable ingestion, storage, APIs
Containers live above firmware.
What Runs in Containers at the Edge
Typical IoT gateway stack:
Edge Gateway
├── MQTT Broker (mosquitto)
├── Data Processor (Python service)
├── Local Buffer (SQLite / lightweight DB)
└── Forwarder to Cloud
Each service:
- Built as an image
- Run as an isolated container
- Independently restartable
Why Containers Matter at Edge
- Service isolation
- Independent restart
- Controlled upgrades
- Version pinning
- Reduced “works on my machine” problems
IoT systems must be deterministic.
Never use
mosquitto:latest
Always Pin versions
mosquitto:2.0.18
Resource Constraints at Edge
IoT is not cloud.
Resource Limits
Edge gateways have:
- Limited RAM
- Limited CPU
- Limited storage
docker run \
--memory=256m \
--cpus=1 \
--restart=always \
eclipse-mosquitto:2.0
Containers consume real hardware resources.
Persistence Matters
Edge devices lose power. Without volumes, state is lost.
- Use volumes to preserve:
- Logs
- Broker sessions
- Buffered sensor data
docker run \
-v mosq_data:/mosquitto/data \
eclipse-mosquitto:2.0
Networking and Security
- Use internal Docker networks
- Expose only required ports
- Avoid running containers as root
- Use minimal base images
- Scan for vulnerabilities
- Compromised gateway equals compromised fleet.
Deployment Flow in IoT
- Build image
- Push to private registry
- Gateway pulls image
- Run container with restart policy
- Monitor and update safely
Containers are how software moves from developer laptop to physical infrastructure.
Summary
- Firmware generates signals.
- Containers turn signals into systems.
Containers are the operational layer of the IoT upper stack.