Creates an Elastic Container Instance (ECI) container group.
Syntax
{
"Type": "ALIYUN::ECI::ContainerGroup",
"Properties": {
"SecurityContextSysctl": List,
"Memory": Number,
"InitContainer": List,
"Cpu": Number,
"EipInstanceId": String,
"ContainerGroupName": String,
"Container": List,
"ImageSnapshotId": String,
"DnsConfig": Map,
"AutoMatchImageCache": Boolean,
"Ipv6AddressCount": Integer,
"ImageRegistryCredential": List,
"SpotPriceLimit": Number,
"InstanceType": String,
"SpotStrategy": String,
"ActiveDeadlineSeconds": Integer,
"HostAliase": List,
"ZoneId": String,
"TerminationGracePeriodSeconds": Integer,
"VSwitchId": String,
"SecurityGroupId": String,
"SlsEnable": Boolean,
"RestartPolicy": String,
"RamRoleName": String,
"Volume": List,
"AcrRegistryInfo": List,
"Tag": List,
"ResourceGroupId": String
}
}Properties
|
Property name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
EipInstanceId |
String |
No |
No |
The EIP instance ID. |
None |
|
Container |
List |
Yes |
Yes |
The containers in the container group. |
|
|
DnsConfig |
Map |
No |
Yes |
The DNS configuration. |
|
|
InitContainer |
List |
No |
Yes |
The list of init containers. |
|
|
SecurityGroupId |
String |
No |
No |
The security group ID. |
Instances in the same security group can access each other. |
|
ContainerGroupName |
String |
Yes |
No |
The name of the container group. |
None |
|
ZoneId |
String |
No |
No |
The ID of the zone where the instance is located. |
Default: none. The system selects a zone automatically. |
|
Volume |
List |
No |
Yes |
The list of volumes. |
Maximum: 20. |
|
HostAliase |
List |
No |
No |
The custom hostname mappings for a container in the pod. |
|
|
RestartPolicy |
String |
No |
Yes |
The restart policy for the instance. |
Valid values:
|
|
ResourceGroupId |
String |
No |
Yes |
The ID of the resource group. |
None |
|
Tag |
List |
No |
Yes |
The tags for the container group as key-value pairs. |
Maximum: 20. Both key and value are strings. |
|
VSwitchId |
String |
No |
No |
The vSwitch ID. All ECI instances are VPC instances. |
The number of available IP addresses in the vSwitch CIDR block determines the maximum number of ECI instances. Plan the CIDR block in advance. |
|
ImageRegistryCredential |
List |
No |
Yes |
The credentials for the container image registry, including server address, username, and password. |
|
|
Memory |
Number |
No |
Yes |
The memory size. |
None |
|
SlsEnable |
Boolean |
No |
No |
Specifies whether to enable user log collection. |
Valid values:
|
|
SecurityContextSysctl |
List |
No |
No |
The security context in which the instance runs. |
|
|
Cpu |
Number |
No |
Yes |
The number of vCPUs. |
None |
|
ImageSnapshotId |
String |
No |
No |
The ID of the image cache or snapshot. |
None |
|
SpotPriceLimit |
Number |
No |
No |
The maximum hourly price for the instance. |
A maximum of three decimal places are supported. This parameter takes effect only when SpotStrategy is set to SpotWithPriceLimit. |
|
AutoMatchImageCache |
Boolean |
No |
No |
Whether to automatically match an image cache. |
None |
|
SpotStrategy |
String |
No |
No |
The preemption policy for the instance. |
Valid values:
|
|
TerminationGracePeriodSeconds |
Integer |
No |
No |
The grace period before the container is stopped. |
Unit: seconds. |
|
ActiveDeadlineSeconds |
Integer |
No |
No |
The active deadline for the container group. |
Unit: seconds. |
|
Ipv6AddressCount |
Integer |
No |
No |
The number of IPv6 addresses. |
None |
|
RamRoleName |
String |
No |
No |
The name of the instance RAM role. |
ECI and ECS instances share the same instance RAM role. |
|
AcrRegistryInfo |
List |
No |
No |
The access credentials for a Container Registry Enterprise Edition instance. |
|
|
InstanceType |
String |
No |
No |
The instance type. |
None |
Container syntax
"Container": [
{
"EnvironmentVar": List,
"Tty": Boolean,
"SecurityContext": Map,
"Name": String,
"ImagePullPolicy": String,
"Image": String,
"Stdin": boolean,
"WorkingDir": String,
"LivenessProbe": Map,
"Cpu": Number,
"Command": List,
"Memory": Number,
"ReadinessProbe": Map,
"VolumeMount": List,
"Port": List,
"Arg": List,
"StdinOnce": Boolean
}
]Container properties
|
Property name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
EnvironmentVar |
List |
No |
No |
The environment variables in the container. |
Each variable is a key-value pair of strings. Maximum: 100. |
|
Tty |
Boolean |
No |
No |
Specifies whether to allocate a TTY for this container. |
Valid values:
|
|
SecurityContext |
Map |
No |
No |
The security context of the container group. |
None |
|
Name |
String |
Yes |
No |
The container name. |
None |
|
ImagePullPolicy |
String |
No |
No |
The image pull policy. |
None |
|
Image |
String |
Yes |
No |
The image. |
None |
|
Stdin |
Boolean |
No |
No |
Whether to allocate a buffer for standard input. |
Valid values:
|
|
WorkingDir |
String |
No |
No |
The working directory of the container. |
None |
|
LivenessProbe |
Map |
No |
No |
The liveness probe for the container. |
|
|
Cpu |
Number |
No |
No |
The number of CPUs allocated to the container. |
None |
|
Command |
List |
No |
No |
The commands to run in the container. |
Maximum: 1 command. Maximum string length: 256 characters. |
|
Memory |
Number |
No |
No |
The memory allocated to the container. |
Unit: GiB. |
|
ReadinessProbe |
Map |
No |
No |
The readiness probe for the container. |
|
|
VolumeMount |
List |
No |
No |
The volume mounts for the container. |
Maximum: 16. |
|
Port |
List |
No |
No |
The open ports and protocols. |
Maximum: 100 ports. Valid protocols:
|
|
Arg |
List |
No |
No |
The arguments passed to the command. |
String type. Maximum: 10. |
|
StdinOnce |
Boolean |
No |
No |
Whether to close standard input after the client disconnects. |
Valid values:
|
LivenessProbe syntax
"LivenessProbe": {
"TcpSocket.Port": Integer,
"HttpGet.Scheme": String,
"HttpGet.Port": Integer,
"FailureThreshold": Integer,
"InitialDelaySeconds": Integer,
"TimeoutSeconds": Integer,
"SuccessThreshold": Integer,
"Exec.Command": List,
"PeriodSeconds": Integer,
"HttpGet.Path": String
}LivenessProbe properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
TcpSocket.Port |
Integer |
No |
No |
The port for the TCP socket check. |
None |
|
HttpGet.Scheme |
String |
No |
No |
The protocol used to connect to the host. |
Valid values:
|
|
HttpGet.Port |
Integer |
No |
No |
The port for the HTTP GET check. |
None |
|
FailureThreshold |
Integer |
No |
No |
The minimum consecutive failures for the probe to be considered failed. |
The failures must be consecutive. Default value: 3. |
|
InitialDelaySeconds |
Integer |
No |
No |
The time in seconds after the container starts before the probe is initiated. |
Unit: seconds. |
|
TimeoutSeconds |
Integer |
No |
No |
The number of seconds after which the probe times out. |
Minimum value: 1. Default value: 1. |
|
SuccessThreshold |
Integer |
No |
No |
The number of consecutive successful checks required for the probe to be considered successful after it has failed. |
Value: 1. Default value: 1. |
|
Exec.Command |
List |
No |
No |
The probe command. |
None |
|
PeriodSeconds |
Integer |
No |
No |
The probe period. |
Unit: seconds. Minimum value: 1. Default value: 10. |
|
HttpGet.Path |
String |
No |
No |
The path for the HTTP GET check. |
None |
DnsConfig syntax
"DnsConfig": {
"NameServer": List,
"Search": List,
"Option": List
}DnsConfig properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
NameServer |
List |
No |
No |
The IP addresses of DNS servers. |
None |
|
Search |
List |
No |
No |
The list of DNS search domains. |
None |
|
Option |
List |
No |
No |
The DNS resolver options. |
Each option has a name and an optional value. |
InitContainer syntax
"InitContainer": [
{
"EnvironmentVar": List,
"SecurityContext": Map,
"Name": String,
"Image": String,
"Arg": List,
"WorkingDir": String,
"Port": List,
"Command": List,
"Memory": Number,
"ImagePullPolicy": String,
"VolumeMount": List,
"Cpu": Number
}
]InitContainer properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
EnvironmentVar |
List |
No |
No |
The environment variables in the container. |
Each variable is a key-value pair of strings. Maximum: 100. Valid value: status.podIP. |
|
SecurityContext |
Map |
No |
No |
The security context of the container group. |
None |
|
Name |
String |
No |
No |
The container name. |
None |
|
Image |
String |
No |
No |
The container image. |
None |
|
Arg |
List |
No |
No |
The parameters passed to the command. |
String type. Maximum: 10. |
|
WorkingDir |
String |
No |
No |
The working directory of the container. |
None |
|
Port |
List |
No |
No |
The open ports and protocols. |
Maximum: 100 ports. Valid protocols:
|
|
Command |
List |
No |
No |
The commands to run in the container. |
Maximum: 1 command. Maximum string length: 256 characters. |
|
Memory |
Number |
No |
No |
The memory allocated to the container. |
Unit: GB. |
|
ImagePullPolicy |
String |
No |
No |
The image pull policy. |
None |
|
VolumeMount |
List |
No |
No |
The volume mounts for the container. |
A maximum of 16 volumes are supported. |
|
Cpu |
Number |
No |
No |
The number of CPUs allocated to the container. |
None |
Volume syntax
"Volume": [
{
"NFSVolume.Path": String,
"Name": String,
"EmptyDirVolume.Medium": String,
"NFSVolume.Server": String,
"NFSVolume.ReadOnly": Boolean,
"ConfigFileVolume.ConfigFileToPath": List,
"Type": String,
"FlexVolume.Options": Map,
"FlexVolume.Driver": String,
"FlexVolume.FsType": String
}
]Volume properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
NFSVolume.Path |
String |
No |
No |
The path of the NFS volume. |
None |
|
Name |
String |
Yes |
No |
The volume name. |
None |
|
EmptyDirVolume.Medium |
String |
No |
No |
The storage medium. |
By default, the file system on the node is used. Valid value: Memory. If you set the value to Memory, the EmptyDirVolume is stored in memory. |
|
NFSVolume.Server |
String |
No |
No |
The IP address of the NFS server. |
None |
|
NFSVolume.ReadOnly |
Boolean |
No |
No |
The read-only property of the NFS volume. |
Default value: false. |
|
ConfigFileVolume.ConfigFileToPath |
List |
No |
No |
The path of the configuration file. |
|
|
Type |
String |
Yes |
No |
The type of the volume. |
Valid values:
|
|
FlexVolume.Options |
Map |
No |
No |
The list of options for the FlexVolume object. |
The options are key-value pairs passed in JSON format. For example, when you mount a cloud disk using FlexVolume, the format of Options is |
|
FlexVolume.Driver |
String |
No |
No |
The name of the driver used for FlexVolume. |
None |
|
FlexVolume.FsType |
String |
No |
No |
The type of the file system to mount. |
None |
HostAliase syntax
"HostAliase": [
{
"Ip": String,
"Hostname": List
}
]HostAliase properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
Ip |
String |
No |
No |
The IP address. |
None |
|
Hostname |
List |
No |
No |
The hostname. |
None |
ImageRegistryCredential syntax
"ImageRegistryCredential": [
{
"UserName": String,
"Password": String,
"Server": String
}
]ImageRegistryCredential properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
UserName |
String |
Yes |
No |
The username for the image registry. |
None |
|
Password |
String |
Yes |
No |
The password for the image registry. |
None |
|
Server |
String |
Yes |
No |
The address of the image registry. |
Specified without a protocol prefix. For example, |
EnvironmentVar syntax
"EnvironmentVar": {
"Key": String,
"Value": String,
"FieldRef.FieldPath": String
}EnvironmentVar properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
Key |
String |
No |
No |
The name of the variable. |
1 to 128 characters. Cannot start with a digit. Can contain digits, letters, and underscores (_). |
|
Value |
String |
No |
No |
The value of the variable. |
0 to 256 characters. |
|
FieldRef.FieldPath |
String |
No |
No |
A reference to another variable. |
Currently, only status.podIP is supported. |
SecurityContext syntax
"SecurityContext": {
"Capability.Add": List,
"RunAsUser": Integer,
"ReadOnlyRootFilesystem": Boolen
}SecurityContext properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
Capability.Add |
List |
No |
No |
The capabilities that can be added to the container. |
Valid value: ["NET_ADMIN"]. |
|
RunAsUser |
Integer |
No |
No |
The user ID. |
None |
|
ReadOnlyRootFilesystem |
Boolean |
No |
No |
Whether the root file system is read-only. |
Default value: true. |
VolumeMount syntax
"VolumeMount": [
{
"Name": String,
"ReadOnly": Boolean,
"MountPath": String,
"MountPropagation": String,
"SubPath": String
}
]VolumeMount properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
Name |
String |
No |
No |
The name of the volume. |
The name is the same as the value specified for the name parameter in the Volume section. |
|
ReadOnly |
Boolean |
No |
No |
The read-only property. |
Default value: false. |
|
MountPath |
String |
No |
No |
The mount path. |
Data in the destination directory is overwritten by the mounted volume. |
|
MountPropagation |
String |
No |
No |
The mount propagation setting for the volume. |
Mount propagation allows a volume mounted by a container to be shared with other containers in the same pod, or even with other pods on the same node. Valid values:
|
|
SubPath |
String |
No |
No |
The subdirectory under the volume. |
This allows a pod to mount different directories under the same volume to different directories in a container. |
Port syntax
"Port": [
{
"Port": Interger,
"Protocol": String
}
]Port properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
Port |
Integer |
No |
No |
The port number. |
The value must be in the range of 1 to 65,535. |
|
Protocol |
String |
No |
No |
The protocol used by the port. |
Valid values:
|
ConfigFileVolume.ConfigFileToPath syntax
"ConfigFileVolume.ConfigFileToPath": [
{
"Content": String,
"Path": String
}
]ConfigFileVolume.ConfigFileToPath properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
Content |
String |
No |
No |
The content of the configuration file. |
The maximum size is 32 KB. |
|
Path |
String |
Yes |
No |
The relative path in the configuration file. |
Specify a directory path relative to another directory. |
SecurityContextSysctl syntax
"SecurityContextSysctl": [
{
"Value": String,
"Name": String
}
] SecurityContextSysctl properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
Value |
String |
No |
No |
The value of the variable for the security context in which the instance runs. |
None |
|
Name |
String |
No |
No |
The system name of the security context in which the instance runs. |
Valid values:
|
ReadinessProbe syntax
"ReadinessProbe": {
"TimeoutSeconds": Integer,
"InitialDelaySeconds": Integer,
"Exec.Command": List,
"PeriodSeconds": Integer,
"HttpGet.Port": Integer,
"TcpSocket.Port": Integer,
"FailureThreshold": Integer,
"HttpGet.Scheme": String,
"HttpGet.Path": String,
"SuccessThreshold": Integer
} ReadinessProbe properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
FailureThreshold |
Integer |
No |
No |
The number of consecutive failed checks required for the probe to be considered failed after it was last successful. |
The failures must be consecutive. Default value: 3. |
|
HttpGet.Scheme |
String |
No |
No |
The protocol for the GET request. |
Valid values:
|
|
HttpGet.Path |
String |
No |
No |
The path for the HttpGet check. |
None |
|
Exec.Command |
List |
No |
No |
The command for the check inside the container. |
None |
|
TcpSocket.Port |
Integer |
No |
No |
The port for the TcpSocket check. |
None |
|
PeriodSeconds |
Integer |
No |
No |
The period at which the check is performed. |
Default value: 10. Minimum value: 1. Unit: seconds. |
|
TimeoutSeconds |
Integer |
No |
No |
The timeout period for the check. |
Default value: 10. Minimum value: 1. Unit: seconds. |
|
InitialDelaySeconds |
Integer |
No |
No |
The time to wait after the container starts before the check is performed. |
None |
|
SuccessThreshold |
Integer |
No |
No |
The number of consecutive successful checks required for the probe to be considered successful after it has failed. |
The successes must be consecutive. Default value: 1. |
|
HttpGet.Port |
Integer |
No |
No |
The port number for the HttpGet check. |
None |
Option syntax
"Option": [
{
"Name": String,
"Value": String
}
] Option properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
Name |
String |
No |
No |
The object name. |
None |
|
Value |
String |
No |
No |
The object value. |
None |
Tag syntax
"Tag": [
{
"Key": String,
"Value": String
}
]Tag properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
Key |
String |
Yes |
No |
The tag key. |
None |
|
Value |
String |
No |
No |
The tag value. |
None |
AcrRegistryInfo syntax
"AcrRegistryInfo": [
{
"RegionId": String,
"InstanceName": String,
"Domain": List,
"InstanceId": String
}
]AcrRegistryInfo properties
|
Property Name |
Type |
Required |
Update allowed |
Description |
Constraints |
|
RegionId |
String |
No |
No |
The ID of the region. |
The default value is the local region. |
|
InstanceName |
String |
No |
No |
The instance name. |
None |
|
Domain |
List |
No |
No |
The domain name. |
The default value is all domain names of the instance. |
|
InstanceId |
String |
Yes |
No |
The instance ID. |
None |
Return value
Fn::GetAtt
-
ContainerGroupId: The ID of the container group.
-
ContainerGroupName: The name of the container group.
-
SecurityGroupId: The ID of the security group.
-
Ipv6Address: The IPv6 address.
-
InternetIp: The public IP address.
-
RegionId: The region where the instance is located.
-
IntranetIp: The internal IP address.
-
ZoneId: The ID of the zone.
-
VSwitchId: The vSwitch ID.
-
EniInstanceId: The ENI ID.
Examples
YAML format
ROSTemplateFormatVersion: '2015-09-01'
Description: Test ECI ContainerGroup
Parameters:
VSwitch:
AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
Type: String
Label:
zh-cn: VSwitch ID
en: VSwitch ID
SecurityGroup:
Type: String
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
Label:
zh-cn: Security Group ID
en: Security Group ID
Resources:
ContainerGroup:
Type: ALIYUN::ECI::ContainerGroup
Properties:
Container:
- Name: mytest
Image: busybox
Cpu: 2
Memory: 4
Port:
- Port: 8080
Protocol: TCP
- Port: 8888
Protocol: TCP
SecurityGroupId:
Ref: SecurityGroup
ContainerGroupName: mytest
VSwitchId:
Ref: VSwitch
RestartPolicy: Always
SlsEnable: false
Cpu: 2
Memory: 4
Outputs: {}JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": "Test ECI ContainerGroup",
"Parameters": {
"VSwitch": {
"AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
"Type": "String",
"Label": {
"zh-cn": "VSwitch ID",
"en": "VSwitch ID"
}
},
"SecurityGroup": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::SecurityGroup::SecurityGroupId",
"Label": {
"zh-cn": "Security Group ID",
"en": "Security Group ID"
}
}
},
"Resources": {
"ContainerGroup": {
"Type": "ALIYUN::ECI::ContainerGroup",
"Properties": {
"Container": [
{
"Name": "mytest",
"Image": "busybox",
"Cpu": 2,
"Memory": 4,
"Port": [
{
"Port": 8080,
"Protocol": "TCP"
},
{
"Port": 8888,
"Protocol": "TCP"
}
]
}
],
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ContainerGroupName": "mytest",
"VSwitchId": {
"Ref": "VSwitch"
},
"RestartPolicy": "Always",
"SlsEnable": false,
"Cpu": 2,
"Memory": 4
}
}
},
"Outputs": {
}
}