UpdateContainerGroup - Elastic Container Instance - Alibaba Cloud Documentation Center

This operation updates an instance.

Operation description

You can update only Elastic Container Instance (ECI) instances that are in the Pending or Running state. After the update, the instance status changes to Updating.
Updating an ECI instance with a RestartPolicy of Never may cause containers to fail. Proceed with caution.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

eci:UpdateContainerGroup

update

*containergroup

acs:eci:{#regionId}:{#accountId}:containergroup/{#containergroupId}

eci:tag

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The ID of the region.	cn-hangzhou
RegionId	string	Yes	The ID of the region.	cn-hangzhou
ContainerGroupId	string	Yes	The ID of the ECI instance that you want to update. This is the container group ID.	eci-2zelg8vwnlzdhf8hv****
RestartPolicy	string	No	The restart policy of the instance. Valid values: Always: Always restarts the instance. Never: Never restarts the instance. OnFailure: Restarts the instance upon failure.	Always
ClientToken	string	No	A client token to ensure the idempotence of the request. Generate a unique parameter value from your client. The value can contain only ASCII characters and must be no more than 64 characters in length. For more information, see How to ensure idempotence.	123e4567-e89b-12d3-a456-426655440000
Cpu	number	No	The number of vCPUs for the instance (container group).	2.0
Memory	number	No	The memory size for the instance (container group). Unit: GiB.	4.0
ResourceGroupId	string	No	The ID of the resource group.	rg-2df3isufhi38****
Tag	array<object>	No	The list of tags to attach to the instance.
	object	No	The list of tags to attach to the instance.
Key	string	No	The tag key.	name
Value	string	No	The tag value.	hxh
Volume	array<object>	No	The list of volumes.
	array<object>	No	The list of volumes.
Name	string	No	The name of the volume.	test-empty
Type	string	No	The type of the volume. Valid values: EmptyDirVolume: An EmptyDir volume. This is a temporary directory. ConfigFileVolume: A ConfigFile volume. This is a configuration file. NFSVolume: An NFS volume. This is a network file system, such as a Network Attached Storage (NAS) system. FlexVolume: A FlexVolume plug-in to extend the storage type. You can use it to mount disks, NAS, and Object Storage Service (OSS). HostPathVolume: A HostPath volume. This is a file or directory on the host. This value is not yet available.	EmptyDirVolume
NFSVolume.Path	string	No	The path to mount on the NFS volume.	/
NFSVolume.Server	string	No	The address of the NFS mount target.	071e349b04-bsd39.cn-hangzhou.nas.aliyuncs.com
NFSVolume.ReadOnly	boolean	No	The read-only permission for the NFS volume. Valid values: true: The NFS volume is read-only. false: The NFS volume is read-write.	false
ConfigFileVolume.ConfigFileToPath	array<object>	No	The configuration file information for the ConfigFile volume.
	object	No	The configuration file information for the ConfigFile volume.
Path	string	No	The relative path of the configuration file.	jin/test
Content	string	No	The content of the configuration file. The content must be Base64-encoded.	bGl1bWk=
EmptyDirVolume.Medium	string	No	The storage medium of the EmptyDir volume. The default is an empty string, which means that the node's file system is used. You can set this to Memory to use memory.	Memory
EmptyDirVolume.SizeLimit	string	No	The size of the EmptyDir volume. Specify the unit for the value, such as Gi or Mi.	256Mi
FlexVolume.FsType	string	No	The file system type of the disk when you use a FlexVolume plug-in to mount the disk. Valid values include ext4, ext3, xfs, and vfat. The default value is ext4.	ext4
FlexVolume.Driver	string	No	The driver type when you use a FlexVolume plug-in to mount a volume. Valid values: alicloud/disk: Mounts a disk. alicloud/nas: Mounts a NAS file system. alicloud/oss: Mounts an OSS bucket.	alicloud/disk
FlexVolume.Options	string	No	The list of FlexVolume options. The options are key-value pairs in JSON format. For example, when you mount a disk using FlexVolume, Options specifies the configuration parameters of the disk. For more information, see Volume overview.	{"volumeId":"d-2zehdahrwoa7srg****","performanceLevel": "PL2"}
HostPathVolume.Path	string	No	The path of the HostPath volume on the host. Note This parameter is not yet available.	/tmp
HostPathVolume.Type	string	No	The type of the HostPath volume. Valid values: Directory: a directory. File: a file. Note This parameter is not yet available.	Directory
DnsConfig.Search	array	No	The list of DNS search domains.	my.dns.search.suffix
	string	No	The list of DNS search domains.	my.dns.search.suffix
DnsConfig.NameServer	array	No	The list of IP addresses of DNS servers.	1.2.3.4
	string	No	The list of IP addresses of DNS servers.	1.2.3.4
DnsConfig.Option	array<object>	No	The DNS configuration information.
	object	No	The DNS configuration information.
Value	string	No	The value of the option variable for the DNS configuration.	2
Name	string	No	The name of the option variable for the DNS configuration.	ndots
Container	array<object>	No	Specifies the new container group configuration.
	array<object>	No	Specifies the new container group configuration.
ReadinessProbe.TimeoutSeconds	integer	No	The timeout period for the check. The default is 1 second. The minimum is 1 second.	5
ReadinessProbe.SuccessThreshold	integer	No	The number of consecutive successful checks required to determine that the check is successful after a failure. The default is 1.	1
SecurityContext.Capability.Add	array	No	Grants specific permissions to processes in the container. Currently, only NET_ADMIN and NET_RAW are supported. Note NET_RAW is not supported by default. To use it, submit a ticket.
	string	No	Grants specific permissions to processes in the container. Currently, only NET_ADMIN and NET_RAW are supported. Note NET_RAW is not supported by default. To use it, submit a ticket.	NET_ADMIN
ReadinessProbe.TcpSocket.Port	integer	No	The port for the TcpSocket check.	5000
ReadinessProbe.HttpGet.Scheme	string	No	The protocol type for the HTTP GET request when you use an HTTP request for a health check. Valid values: HTTP HTTPS	HTTP
LivenessProbe.PeriodSeconds	integer	No	The interval at which the check is performed. The default is 10 seconds. The minimum is 1 second.	10
SecurityContext.ReadOnlyRootFilesystem	boolean	No	Indicates whether the root file system is read-only. Currently, only `true` is supported.	true
EnvironmentVar	array<object>	No	The list of environment variables for the container.
	object	No	The list of environment variables for the container.
Key	string	No	The name of the environment variable for the container.	PATH
Value	string	No	The value of the environment variable for the container.	/usr/bin/local/
FieldRef.FieldPath	string	No	Uses a pod field as an environment variable. Currently, only `status.podIP` is supported.	status.podIP
LivenessProbe.TcpSocket.Port	integer	No	The port for the TcpSocket check.	80
Tty	boolean	No	Indicates whether to enable interaction. The default is false. If the Command is of the /bin/bash type, set this to true.	false
WorkingDir	string	No	The working directory of the container.	/usr/share/
Arg	array	No	The startup arguments for the container. You can specify up to 10 arguments.	hello
	string	No	The startup arguments for the container.	hello
Stdin	boolean	No	Indicates whether to allocate a buffer for standard input in the container runtime. If not set, reading from standard input in the container results in an End-Of-File (EOF). The default is false.	false
LivenessProbe.InitialDelaySeconds	integer	No	The time when the check starts. The time is calculated from when the container starts.	10
VolumeMount	array<object>	No	The list of volumes to mount to the container.
	object	No	The list of volumes to mount to the container.
MountPropagation	string	No	The mount propagation setting for the volume. Mount propagation allows volumes mounted by a container to be shared with other containers in the same pod, or even with other pods on the same node. Valid values: None: The volume does not receive any subsequent mounts that are performed on this volume or any of its subdirectories. HostToContainer: The volume receives subsequent mounts that are performed on this volume or any of its subdirectories. Bidirectional: Similar to HostToContainer. In addition, the volume is propagated back to the host and to all containers of all pods that use the same volume. Default value: None	None
MountPath	string	No	The directory to mount in the container. The content in the container's mount directory is overwritten by the content of the volume. Use with caution.	/usr/share/
ReadOnly	boolean	No	Indicates whether the volume is read-only. Default value: false	false
SubPath	string	No	The subdirectory of the volume. This allows a pod to mount different directories from the same volume to different directories in the container.	/usr/share/sub/
Name	string	No	The name of the volume to mount to the container. Select a volume that is mounted to the ECI instance (container group). The value must be one of the configured Volume.N.Name parameters.	test-empty
ImagePullPolicy	string	No	The image pull policy. Valid values: Always: Always pulls the image. IfNotPresent: Pulls the image only if it is not present locally. Never: Never pulls the image. Uses the local image.	Never
StdinOnce	boolean	No	When standard input is true, the standard input stream remains open across multiple attach sessions. If StdinOnce is set to true, standard input is opened when the container starts and is empty until the first client attaches to standard input. It then remains open to receive data until the client disconnects. At that point, standard input is closed and remains closed until the container restarts.	true
LifecyclePreStopHandlerTcpSocketPort	integer	No	The port for the TCP socket check when you use a TCPSocket to set the preStop callback function.	80
LifecyclePostStartHandlerHttpGetScheme	string	No	The path for the HTTP GET request check when you use an HTTP request to set the postStart callback function.	/healthyz
ReadinessProbe.PeriodSeconds	integer	No	The interval at which the check is performed. The default is 10 seconds. The minimum is 1 second.	3
LivenessProbe.SuccessThreshold	integer	No	The number of consecutive successful checks required to determine that the check is successful after a failure. The default is 1. The value must be 1.	1
Command	array	No	The startup command for the container. You can specify up to 20 commands. Each command can be up to 256 characters in length.	echo
	string	No	The startup command for the container. Each command can be up to 256 characters in length.	echo
LifecyclePostStartHandlerHttpGetHost	string	No	The host address that receives the HTTP GET request when you use an HTTP request to set the postStart callback function.	hide
ReadinessProbe.HttpGet.Path	string	No	The path for the HttpGet check.	/usr/
LivenessProbe.Exec.Command	array	No	The command to run for the check in the container.
	string	No	The command to run for the check in the container.	echo
LifecyclePostStartHandlerTcpSocketPort	integer	No	The port for the TCP socket check when you use a TCPSocket to set the postStart callback function.	1
LifecyclePostStartHandlerHttpGetPath	string	No	The path for the HTTP GET request check when you use an HTTP request to set the postStart callback function.	/healthyz
LifecyclePostStartHandlerExec	array	No	The command to run in the container when you use the command line to set the postStart callback function.	hide
	string	No	The command to run in the container when you use the command line to set the postStart callback function.	["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
LifecyclePreStopHandlerHttpGetPath	string	No	The path for the HTTP GET request check when you use an HTTP request to set the preStop callback function.	/healthyz
Port	array<object>	No	The container port. Valid values: 1 to 65535.
	object	No	The container port. Valid values: 1 to 65535.
Protocol	string	No	TCP/UDP.	TCP
Port	integer	No	The port number. Valid values: 1 to 65535.	8080
LifecyclePreStopHandlerHttpGetScheme	string	No	The protocol type for the HTTP GET request when you use an HTTP request to set the preStop callback function. Valid values: HTTP HTTPS	HTTP
LivenessProbe.HttpGet.Scheme	string	No	The protocol type for the HTTP GET request when you use an HTTP request for a health check. Valid values: HTTP HTTPS	HTTP
LifecyclePostStartHandlerHttpGetHttpHeaders	array<object>	No	The collection of valid HTTP request headers in the generated HTTP request.
	object	No	The collection of valid HTTP request headers in the generated HTTP request.
Value	string	No	The value of the request parameter for the HTTP GET request when you use an HTTP request to set the postStart callback function.	test
Name	string	No	The request parameter for the HTTP GET request when you use an HTTP request to set the postStart callback function.	testValue
ReadinessProbe.HttpGet.Port	integer	No	The port for the HttpGet check.	8080
LifecyclePostStartHandlerTcpSocketHost	string	No	The host address for the TCP socket check when you use a TCP Socket to set the postStart callback function.	10.0.XX.XX
Gpu	integer	No	The number of GPUs for the container.	1
ReadinessProbe.InitialDelaySeconds	integer	No	The time when the check starts. The time is calculated from when the container starts.	10
LifecyclePreStopHandlerExec	array	No	The command to run in the container when you use the command line to set the preStop callback function.	hide
	string	No	The command to run in the container when you use the command line to set the preStop callback function.	["/bin/sh", "-c","echo Hello from the preStop handler > /usr/share/message"]
Memory	number	No	The memory size of the container.	2.0
Name	string	No	The name of the container.	jenkins
LifecyclePreStopHandlerHttpGetHost	string	No	The host address that receives the HTTP GET request when you use an HTTP request to set the preStop callback function.	10.0.XX.XX
LifecyclePreStopHandlerTcpSocketHost	string	No	The host address for the TCP socket check when you use a TCP Socket to set the preStop callback function.	10.0.XX.XX
Image	string	No	The container image.	jenkins
LifecyclePreStopHandlerHttpGetPort	integer	No	The port for the HTTP GET request check when you use an HTTP request to set the preStop callback function.	1
LivenessProbe.FailureThreshold	integer	No	The number of consecutive failed checks required to determine that the check has failed after a success. The default is 3.	3
ReadinessProbe.Exec.Command	array	No	The command to run for the check in the container.
	string	No	The command to run for the check in the container.	echo
LifecyclePreStopHandlerHttpGetHttpHeader	array<object>	No	The generated HTTP request header information.
	object	No	The generated HTTP request header information.
Value	string	No	The value of the request parameter for the HTTP GET request when you use an HTTP request to set the preStop callback function.	testValue
Name	string	No	The request parameter for the HTTP GET request when you use an HTTP request to set the preStop callback function.	test
ReadinessProbe.FailureThreshold	integer	No	The number of consecutive failed checks required to determine that the check has failed after a success. The default is 3.	3
Cpu	number	No	The vCPU size of the container.	1.0
LivenessProbe.HttpGet.Port	integer	No	The port for the HttpGet check.	8080
LivenessProbe.HttpGet.Path	string	No	The path for the HttpGet check.	/usr/local/bin
LivenessProbe.TimeoutSeconds	integer	No	The timeout period for the check. The default is 1 second. The minimum is 1 second.	1
SecurityContext.RunAsUser	integer	No	The UID used to run the entry point of the container process.	1377
LifecyclePostStartHandlerHttpGetPort	integer	No	The port for the HTTP GET request check when you use an HTTP request to set the postStart callback function.	1
InitContainer	array<object>	No	Specifies the new Init container information.
	array<object>	No	Specifies the new Init container information.
SecurityContext.Capability.Add	array	No	Grants specific permissions to processes in the container. Only NET_ADMIN and NET_RAW are supported. Note NET_RAW is not supported by default. Submit a ticket to request this permission.
	string	No	Grants specific permissions to processes in the container. Only NET_ADMIN and NET_RAW are supported. Note NET_RAW is not supported by default. To use this permission, submit a ticket.	NET_ADMIN
Image	string	No	The container image for the init container.	nginx
VolumeMount	array<object>	No	The list of volume mounts.
	object	No	A list of volumes to mount.
MountPropagation	string	No	The mount propagation setting for the volume. Mount propagation allows a volume mounted by one container to be shared with other containers in the same pod, or even with other pods on the same node. Valid values: None: The volume mount does not receive any subsequent mounts that are mounted to this volume or any of its subdirectories. HostToContainer: The volume mount receives all subsequent mounts that are mounted from the host to this volume or any of its subdirectories. Bidirectional: This setting is similar to HostToContainer. In addition, the volume mount is propagated back to the host and to all containers of all pods that use the same volume. Default: None	None
MountPath	string	No	The mount path for the init container. The volume's content overwrites any existing content in this path. Use with caution.	/pod/data
ReadOnly	boolean	No	Specifies whether the volume is read-only. The default value is false.	false
SubPath	string	No	The subdirectory within the volume. This lets a pod mount different subdirectories from the same volume to different directories in a container.	data2/
Name	string	No	The name of the volume to mount to the init container. The value must be the name of a volume that is defined in the Volume.N.Name parameter for the container group.	default-volume1
Port	array<object>	No	The port number. The valid range is 1 to 65535.
	object	No	The port number. The value must be from 1 to 65535.
Protocol	string	No	TCP or UDP.	TCP
Port	integer	No	The port of the init container. Valid values: 1 to 65535.	9000
SecurityContext.ReadOnlyRootFilesystem	boolean	No	Specifies whether the root file system of the container is read-only. The only valid value is `true`.	true
EnvironmentVar	array<object>	No	The environment variables of the container.
	object	No	The list of environment variables for the container.
Key	string	No	The name of the environment variable for the init container.	PATH
Value	string	No	The value of the environment variable for the init container.	/usr/local/bin
FieldRef.FieldPath	string	No	The reference to the value of an environment variable. The only supported value is status.podIP.	status.podIP
ImagePullPolicy	string	No	The image pull policy. Valid values: Always: The image is always pulled. IfNotPresent: The local image is used first. If the image is not available locally, it is pulled. Never: The image is never pulled. Only the local image is used.	IfNotPresent
StdinOnce	boolean	No	When standard input is enabled, the standard input stream remains open across multiple attach sessions. If you set StdinOnce to true, the standard input is opened when the container starts. The stream is empty until the first client attaches. It then accepts data until the client disconnects. After the client disconnects, the stream is closed and remains closed until the container is restarted.	true
Cpu	number	No	The number of vCPUs for the init container.	2.0
Tty	boolean	No	Specifies whether to enable interaction. The default value is false. If Command is set to /bin/bash, set this parameter to true.	true
WorkingDir	string	No	The working directory of the init container.	/bin/local/
Command	array	No	The command for the init container.	/bin/sh sleep
	string	No	The command for the init container.	/bin/sh sleep
Arg	array	No	The startup arguments for the init container.	10
	string	No	The startup parameters for the init container.	10
SecurityContext.RunAsUser	integer	No	The user ID to run the container.	1000
Gpu	integer	No	The number of GPUs for the init container.	1
Memory	number	No	The memory size of the init container.	4.0
Stdin	boolean	No	Specifies whether to allocate a buffer for the container's standard input. If not set, reading from standard input returns an End-of-File (EOF). The default is false.	false
Name	string	No	The name of the init container.	init-nginx
ImageRegistryCredential	array<object>	No	A list of image repository credentials.
	object	No	A list of credentials for the image repository.
Password	string	No	The password for the image repository.	yourpassword
Server	string	No	The address of the image repository without the `http://` or `https://` prefix.	registry.cn-shanghai.aliyuncs.com/ecitest/nginx:alpine
UserName	string	No	The username for the image repository.	yourname
AcrRegistryInfo	array<object>	No	Information about the ACR Enterprise instance.
	object	No	Information about the ACR Enterprise instance.
InstanceId	string	No	The ID of the ACR Enterprise instance.	cri-nwj395hgf6f3****
InstanceName	string	No	The name of the ACR Enterprise instance.	acr-test
RegionId	string	No	The region of the ACR Enterprise instance.	cn-beijing
Domain	array	No	The domain names of the ACR Enterprise instance. By default, this includes all domain names for the instance. You can specify one or more domain names, separated by commas.
	string	No	The domain name of the ACR Enterprise instance. By default, all domain names of the instance are used. You can specify one or more domain names. Separate multiple domain names with commas.	cn-beijing
UpdateType	string	No	The update type. Valid values: RenewUpdate: A full update. You must specify all related parameters. You cannot update individual items in a list or individual members in a struct. IncrementalUpdate: An incremental update. You can specify only the parameters that you want to update. Unspecified parameters remain unchanged. The default is RenewUpdate.	RenewUpdate

Parameter descriptions

Container and InitContainer: Both InitContainer and Container support only full updates. An instance restart is required to update an InitContainer. The following update scenarios are supported:

An ECI instance has both an InitContainer and a Container, and only the InitContainer is updated.
An ECI instance has both an InitContainer and a Container, and only the Container is updated.
An ECI instance has both an InitContainer and a Container, and both are updated.
An ECI instance has only a Container, and the Container is updated.
An ECI instance has only a Container, and an InitContainer is added.
An ECI instance has only a Container, an InitContainer is added, and the Container is updated.

ImageRegistryCredentials

Only full updates are supported.
A restart of the ECI instance is not required if you only update the ImageRegistryCredentials without increasing the number of credentials. In all other cases, a restart is required.

Note

Full update: If a parameter is a list, you cannot update its individual items. If a parameter is a struct, you cannot update its individual members.

Response elements

Element	Type	Description	Example
	object
RequestId	string	The unique ID of the request.	CB8D2B22-D636-4182-****-1FC9DBDAD66F

Examples

Success response

JSON format

{
  "RequestId": "CB8D2B22-D636-4182-****-1FC9DBDAD66F"
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidParameter.CPU.Memory	The specified cpu and memory are not allowed
400	InvalidParameter.DuplicatedName	The container group include containers with duplicate names.
400	InvalidParameter.DuplicatedVolumeName	The container group includes volumes with duplicate names.	The container group includes volumes with duplicate names.
400	InvalidParameter.LengthExceeded	%s
400	InvalidParameter.ValueExceeded	%s
400	IncorrectStatus	%s
400	InvalidParam.CpuOrMemorySpec	The specified specification is invalid.	The specified specification is invalid.
400	InvalidParameter	%s
400	MissingParameter	%s
400	NoNeedUpdate	There are no changes to be updated for current resource.	There are no changes to be updated for current resource.
403	InvalidAction	The specified action is invalid	Invalid operation.
404	InvalidParameter.NotFound	%s

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.