The preferred mechanism from Docker to persist data is to use Docker Volumes. Thus, we want to refactor our manifests by replacing all of our host mounts with (named) volumes mounts. The most beneficial point would be the independence of the host system and the corresponding pre-configuration of the directories (as already described here and here).
However, we are still hesitating to make the switch as we have seen that the edgeHub and edgeAgent do not yet support this Docker feature. Are there any reasons - in combination with the iotedge - why you do not support Docker Volumes?

Many thanks in advance for the clarification.

createOptions in the EA / EH twins takes any valid JSON object that dockerd's ContainerCreate API takes, which includes the ability to specify a mountpoint as a volume instead of a host dir. If you can't figure out how to construct the JSON, you can create a dummy container with docker create and whatever options you want, then docker inspect it to get the JSON, then translate that into the EA / EH config.

If EA / EH is started as root, it will fix up the permissions of the storage directory (EA and EH) and then change to a limited user, so permissions are not a problem either.

So I don't see anything that would prevent you from using docker volumes. I haven't tried it though. Try it?

@arsing - Thanks for your response.

The technical realization of how to configure the volume mounts is already clear to me. The question was rather aimed at asking whether this is also a supported way of Microsoft, since the documentation does not refer to it (in contrast to Blob Storage).

As I took a closer look at the scripts you linked, I saw that both containers run as root. Only the application runs as edge<agent|hub>user. When I wrote the issue, I assumed that the container also runs as a user and therefore requires corresponding permissions for the storageFolder, which are set in the Dockerfile. However, this means that the volume mounts only work because the container is running as root. It wouldn't work with user rights, right?

I've tested the volume mounts for both edgeHub and edgeAgent (running as root) in my test environment and it works as expected.

As I took a closer look at the scripts you linked, I saw that both containers run as root. Only the application runs as edge<agent|hub>user. When I wrote the issue, I assumed that the container also runs as a user and therefore requires corresponding permissions for the storageFolder, which are set in the Dockerfile. However, this means that the volume mounts only work because the container is running as root. It wouldn't work with user rights, right?

Understood - the resulting process of the image (= edgeHub or edgeAgent application) runs with user privileges and is therefore not a security risk 👍