Annotation | Example | Description | References |
k8s.aliyun.com/eci-security-group | sg-bp1dktddjsg5nktv**** | The ID of the security group. | Assign security groups to an elastic container instance |
k8s.aliyun.com/eci-vswitch | vsw-bp1xpiowfm5vo8o3c**** | The IDs of the vSwitches. You can specify multiple vSwitches across zones. | Configure multiple zones to create an elastic container instance-based pod |
k8s.aliyun.com/eci-schedule-strategy | vSwitchOrdered | The multi-zone scheduling policy. Valid values: |
k8s.aliyun.com/eci-ram-role-name | AliyunECIContainerGroupRole | The Resource Access Management (RAM) role that Elastic Container Instance assumes to access other Alibaba Cloud services. | Configure RAM roles |
k8s.aliyun.com/eci-use-specs | 2-4Gi,4-8Gi,ecs.c6.xlarge | The specifications of elastic container instances. You can specify multiple specifications, such as the number of CPU cores and the memory size. You can also specify an ECS instance type. | Specify multiple instance specifications to create an elastic container instance |
k8s.aliyun.com/eci-spot-strategy | SpotAsPriceGo | The bidding policy of the preemptible instance. Valid values: | Create a preemptible elastic container instance |
k8s.aliyun.com/eci-spot-price-limit | 0.5 | The highest price of the preemptible instance. Note This parameter is valid only if k8s.aliyun.com/eci-spot-strategy is set to SpotWithPriceLimit. |
k8s.aliyun.com/eci-cpu-option-core | 2 | The number of physical CPU cores. | Specify CPU options |
k8s.aliyun.com/eci-cpu-option-ht | 1 | The number of threads per core. |
k8s.aliyun.com/eci-reschedule-enable | "true" | Specifies whether to enable the rescheduling feature for elastic container instances. | ECI Pod Annotation |
k8s.aliyun.com/pod-fail-on-create-err | "true" | Specifies whether to set the status of the elastic container instances to Failed if pods fail to be created on the elastic container instances. | ECI Pod Annotation |
k8s.aliyun.com/eci-image-snapshot-id | imc-2zebxkiifuyzzlhl**** | The ID of the image cache. Note To use an image cache to create an elastic container instance, you can specify the image cache that you want to use or enable automatic matching for image caches. We recommend that you enable automatic matching for image caches. | Use ImageCache to accelerate the creation of pods |
k8s.aliyun.com/eci-image-cache | "true" | Specifies whether to enable automatic matching for image caches. Note To use an image cache to create an elastic container instance, you can specify the image cache that you want to use or enable automatic matching for image caches. We recommend that you enable automatic matching for image caches. |
k8s.aliyun.com/acr-instance-id | cri-j36zhodptmyq**** | The ID of the Container Registry Enterprise Edition instance. You can specify a Container Registry Enterprise Edition instance that resides in a region different from the region of the elastic container instance. To do this, you must add the region name of the Container Registry Enterprise Edition instance before the ID of the Container Registry Enterprise Edition instance. Example: cn-beijing:cri-j36zhodptmyq****. | Pull images from a Container Registry Enterprise Edition instance without using a secret |
k8s.aliyun.com/eci-eip-instanceid | eip-bp1q5n8cq4p7f6dzu**** | The ID of the elastic IP address (EIP). | Associate an EIP with an elastic container instance |
k8s.aliyun.com/eci-with-eip | "true" | Specifies whether to automatically create an EIP and associate the EIP with the pod. |
k8s.aliyun.com/eip-bandwidth | 5 | The bandwidth value for the EIP. |
k8s.aliyun.com/eip-common-bandwidth-package-id | cbwp-2zeukbj916scmj51m**** | The ID of the EIP bandwidth plan. |
k8s.aliyun.com/eip-isp | BGP | The line type for the EIP. This annotation is applicable only to pay-as-you-go EIPs. Valid values: |
k8s.aliyun.com/eip-internet-charge-type | PayByBandwidth | The metering method of the EIP. Valid values: |
k8s.aliyun.com/eci-enable-ipv6 | "true" | Specifies whether to assign an IPv6 address to the instance. | Assign an IPv6 address to an Elastic Container Instance-based pod |
k8s.aliyun.com/eci-ipv6-bandwidth-enable | "true" | Specifies whether to enable Internet access to the pod over IPv6 addresses. |
k8s.aliyun.com/eci-ipv6-bandwidth | 100M | The maximum public bandwidth of the IPv6 address. |
kubernetes.io/ingress-bandwidth | 40M | The inbound bandwidth. | Limit the inbound and outbound bandwidth of an elastic container instance |
kubernetes.io/egress-bandwidth | 20M | The outbound bandwidth. |
k8s.aliyun.com/eci-extra-ephemeral-storage | The temporary storage capacity. | Scale up the temporary storage space |
k8s.aliyun.com/eci-eviction-enable | "true" | Specifies whether to automatically evict pods that do not have sufficient temporary storage space from elastic container instances. | Automatically evict pods whose temporary storage spaces are insufficient |
k8s.aliyun.com/eci-core-pattern | /pod/data/dump/core | The directory in which core dump files are stored. | Use coredump to analyze instance program exceptions |
k8s.aliyun.com/eci-ntp-server | 100.100.*.* | The IP address of the Network Time Protocol (NTP) server. | Configure the NTP service |
k8s.aliyun.com/plain-http-registry | "harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80" | The IP address of the self-managed image repository. When you create an elastic container instance by using an image in a self-managed image repository that uses the HTTP protocol, you must specify this parameter. This allows Elastic Container Instance to pull the image over HTTP and prevents image pull failures due to the use of different protocols. | Pull an image from a self-managed image repository |
k8s.aliyun.com/insecure-registry | "harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80" | The domain name of the self-managed image repository. When you create an elastic container instance by using an image in a self-managed image repository that uses a self-signed certificate, you must add this annotation to the instance to skip the certificate authentication. This prevents image pull failures due to certificate authentication failures. |