ALIYUN::ECI::ContainerGroup is used to create a container group. A container group is an elastic container instance.
Syntax
{
"Type": "ALIYUN::ECI::ContainerGroup",
"Properties": {
"SecurityContextSysctl": List,
"Memory": Number,
"InitContainer": List,
"Cpu": Number,
"EipInstanceId": String,
"ContainerGroupName": String,
"Container": List,
"ImageSnapshotId": String,
"DnsConfig": Map,
"AutoMatchImageCache": Boolean,
"Ipv6AddressCount": Integer,
"ImageRegistryCredential": List,
"SpotPriceLimit": Number,
"InstanceType": String,
"SpotStrategy": String,
"ActiveDeadlineSeconds": Integer,
"HostAliase": List,
"ZoneId": String,
"TerminationGracePeriodSeconds": Integer,
"VSwitchId": String,
"SecurityGroupId": String,
"SlsEnable": Boolean,
"RestartPolicy": String,
"RamRoleName": String,
"Volume": List,
"AcrRegistryInfo": List,
"Tag": List,
"ResourceGroupId": String
}
}Properties
Property | Type | Required | Editable | Description | Constraint |
EipInstanceId | String | No | No | The ID of the elastic IP address (EIP). | None. |
Container | List | Yes | Yes | The containers in the container group. | For more information, see Container properties. |
DnsConfig | Map | No | Yes | The configurations of Domain Name System (DNS). | For more information, see DnsConfig properties. |
InitContainer | List | No | Yes | The init containers. | For more information, see InitContainer properties. |
SecurityGroupId | String | No | No | The ID of the security group to which the container group belongs. | Instances within the same security group can access each other. |
ContainerGroupName | String | Yes | No | The name of the container group. | None. |
ZoneId | String | No | No | The zone ID of the container group. | This property is empty by default. If this property is empty, the system selects a zone. |
Volume | List | No | Yes | The volumes. | You can mount up to 20 volumes. For more information, see Volume properties. |
HostAliase | List | No | No | The mappings between the hostname and the IP addresses for a container in the pod. | For more information, see HostAliase properties. |
RestartPolicy | String | No | Yes | The policy that you want to use to restart the container group. | Valid values:
|
ResourceGroupId | String | No | Yes | The ID of the resource group. | None. |
Tag | List | No | Yes | The tags of the container group. A tag is a key-value pair. | You can add up to 20 tags to each container group. The key and the value are of the String type. For more information, see Tag properties. |
VSwitchId | String | No | No | The vSwitch ID of the container group. The container group that you create is of the virtual private cloud (VPC) type. | The number of IP addresses in the vSwitch CIDR block determines the maximum number of container groups that can be created in the vSwitch. Before you create a container group, plan the vSwitch CIDR block. |
ImageRegistryCredential | List | No | Yes | The logon information about the container image repository. The information includes the server IP address, the username, and the password. | For more information, see ImageRegistryCredential properties. |
Memory | Number | No | Yes | The memory size. | None. |
SlsEnable | Boolean | No | No | Specifies whether to enable logging. | Valid values:
|
SecurityContextSysctl | List | No | No | The security context in which the container group runs. | For more information, see SecurityContext properties. |
Cpu | Number | No | Yes | The number of vCPUs. | None. |
ImageSnapshotId | String | No | No | The ID of the image cache or the snapshot. | None. |
SpotPriceLimit | Number | No | No | The maximum hourly price of the container group. | The value of this property can contain up to three decimal places. This property takes effect when SpotStrategy is set to SpotWithPriceLimit. |
AutoMatchImageCache | Boolean | No | No | Specifies whether to automatically match the image cache. | None. |
SpotStrategy | String | No | No | The preemption policy for the pay-as-you-go container group. | Valid values:
|
TerminationGracePeriodSeconds | Integer | No | No | The buffer time period during which the program handles operations before the program is stopped. | Unit: seconds. |
ActiveDeadlineSeconds | Integer | No | No | The validity period. | Unit: seconds. |
Ipv6AddressCount | Integer | No | No | The number of IPv6 addresses. | None. |
RamRoleName | String | No | No | The name of the Resource Access Management (RAM) role for the container group. | The container group and the Elastic Compute Service (ECS) instance share the same RAM role. |
AcrRegistryInfo | List | No | No | The access credential configurations of the Container Registry Enterprise Edition instance. | For more information, see AcrRegistryInfo properties. |
InstanceType | String | No | No | The instance type. | None. |
Container syntax
"Container": [
{
"EnvironmentVar": List,
"Tty": Boolean,
"SecurityContext": Map,
"Name": String,
"ImagePullPolicy": String,
"Image": String,
"Stdin": boolean,
"WorkingDir": String,
"LivenessProbe": Map,
"Cpu": Number,
"Command": List,
"Memory": Number,
"ReadinessProbe": Map,
"VolumeMount": List,
"Port": List,
"Arg": List,
"StdinOnce": Boolean
}
]Container properties
Property | Type | Required | Editable | Description | Constraint |
EnvironmentVar | List | No | No | The environment variables of the container. | Each environment variable is a key-value pair. The key and the value are of the String type. The key specifies the name of a variable, and the value specifies the value of a variable. You can specify up to 100 environment variables. For more information, see EnvironmentVar properties. |
Tty | Boolean | No | No | Specifies whether to allocate a TeleTYpe (TTY) terminal to the container. | Valid values:
|
SecurityContext | Map | No | No | The security context of the container group. | None. |
Name | String | Yes | No | The container name. | None. |
ImagePullPolicy | String | No | No | The policy for pulling the image. | None. |
Image | String | Yes | No | The image. | None. |
Stdin | Boolean | No | No | Specifies whether to allocate a buffer to the standard input in the container runtime. | Valid values:
|
WorkingDir | String | No | No | The working directory of the container. | None. |
LivenessProbe | Map | No | No | The liveness probe of the container. | For more information, see LivenessProbe properties. |
Cpu | Number | No | No | The number of vCPUs that you want to allocate to the container. | None. |
Command | List | No | No | The commands that you want to send to the container. | You can specify up to one command. A command is of the String type and can be up to 256 characters in length. |
Memory | Number | No | No | The memory size that you want to allocate to the container. | Unit: GiB. |
ReadinessProbe | Map | No | No | The readiness probe of the container. | For more information, see ReadinessProbe properties. |
VolumeMount | List | No | No | The volumes that you want to mount on the container. | You can mount up to 16 volumes. For more information, see VolumeMount properties. |
Port | List | No | No | The ports and protocols that you want to use for the container. | You can specify up to 100 ports. Valid values:
For more information, see Port properties. |
Arg | List | No | No | The arguments that you want to specify for the command. | The arguments are of the String type. You can specify up to 10 arguments. |
StdinOnce | Boolean | No | No | Specifies whether to close the standard input stream after the client that is connected for the first time is disconnected. | Valid values:
|
LivenessProbe syntax
"LivenessProbe": {
"TcpSocket.Port": Integer,
"HttpGet.Scheme": String,
"HttpGet.Port": Integer,
"FailureThreshold": Integer,
"InitialDelaySeconds": Integer,
"TimeoutSeconds": Integer,
"SuccessThreshold": Integer,
"Exec.Command": List,
"PeriodSeconds": Integer,
"HttpGet.Path": String
}LivenessProbe properties
Property | Type | Required | Editable | Description | Constraint |
TcpSocket.Port | Integer | No | No | The port to which the system sends a TCP socket request for health checks. | None. |
HttpGet.Scheme | String | No | No | The protocol that you want to use to connect to the host. | Valid values:
|
HttpGet.Port | Integer | No | No | The port to which the system sends an HTTP GET request for health checks. | None. |
FailureThreshold | Integer | No | No | The number of times that a healthy container must consecutively fail health checks before it is declared unhealthy. |
Default value: 3. |
InitialDelaySeconds | Integer | No | No | The time period after the container is started and before the probe is initiated. | Unit: seconds. |
TimeoutSeconds | Integer | No | No | The timeout period of the probe. Unit: seconds. | Minimum value: 1. Default value: 1. |
SuccessThreshold | Integer | No | No | The number of times that an unhealthy container must consecutively pass health checks before it is declared healthy. | Set the value to 1. Default value: 1. |
Exec.Command | List | No | No | The commands that you want to run in the container to perform health checks. | None. |
PeriodSeconds | Integer | No | No | The interval between two consecutive health checks. | Unit: seconds. Minimum value: 1. Default value: 10. |
HttpGet.Path | String | No | No | The path to which the system sends an HTTP GET request for health checks. | None. |
DnsConfig syntax
"DnsConfig": {
"NameServer": List,
"Search": List,
"Option": List
}DnsConfig properties
Property | Type | Required | Editable | Description | Constraint |
NameServer | List | No | No | The IP addresses of the DNS servers. | None. |
Search | List | No | No | The DNS search domains. | None. |
Option | List | No | No | The options. | Each option consists of a name and a value. The option value is optional. For more information, see Option properties. |
InitContainer syntax
"InitContainer": [
{
"EnvironmentVar": List,
"SecurityContext": Map,
"Name": String,
"Image": String,
"Arg": List,
"WorkingDir": String,
"Port": List,
"Command": List,
"Memory": Number,
"ImagePullPolicy": String,
"VolumeMount": List,
"Cpu": Number
}
]InitContainer properties
Property | Type | Required | Editable | Description | Constraint |
EnvironmentVar | List | No | No | The environment variables of the container. | Each environment variable is a key-value pair. The key and the value are of the String type. The key specifies the name of a variable, and the value specifies the value of a variable. You can specify up to 100 environment variables. Set the value to status.podIP. |
SecurityContext | Map | No | No | The security context of the container group. | None. |
Name | String | No | No | The container name. | None. |
Image | String | No | No | The container image. | None. |
Arg | List | No | No | The arguments that you want to specify for the command. | The arguments are of the String type. You can specify up to 10 arguments. |
WorkingDir | String | No | No | The working directory of the container. | None. |
Port | List | No | No | The ports and protocols that you want to use for the container. | You can specify up to 100 ports. Valid values:
|
Command | List | No | No | The commands that you want to send to the container. | You can specify up to one command. A command is of the String type and can be up to 256 characters in length. |
Memory | Number | No | No | The memory size that you want to allocate to the container. | Unit: GB. |
ImagePullPolicy | String | No | No | The policy for pulling the image. | None. |
VolumeMount | List | No | No | The volumes that you want to mount on the container. | You can mount up to 16 volumes. |
Cpu | Number | No | No | The number of vCPUs that you want to allocate to the container. | None. |
Volume syntax
"Volume": [
{
"NFSVolume.Path": String,
"Name": String,
"EmptyDirVolume.Medium": String,
"NFSVolume.Server": String,
"NFSVolume.ReadOnly": Boolean,
"ConfigFileVolume.ConfigFileToPath": List,
"Type": String,
"FlexVolume.Options": Map,
"FlexVolume.Driver": String,
"FlexVolume.FsType": String
}
]Volume properties
Property | Type | Required | Editable | Description | Constraint |
NFSVolume.Path | String | No | No | The path of the Network File System (NFS) volume. | None. |
Name | String | Yes | No | The volume name. | None. |
EmptyDirVolume.Medium | String | No | No | The storage medium. | By default, the file system on the node is used. Set the value to Memory. If you set this property to Memory, emptyDir volumes are stored in memory. |
NFSVolume.Server | String | No | No | The IP address of the NFS server. | None. |
NFSVolume.ReadOnly | Boolean | No | No | Specifies whether the NFS volume is read-only. | Default value: false. |
ConfigFileVolume.ConfigFileToPath | List | No | No | The path of the ConfigFile volume. | For more information, see ConfigFileVolume.ConfigFileToPath properties. |
Type | String | Yes | No | The volume type. | Valid values:
|
FlexVolume.Options | Map | No | No | The FlexVolume options. | Each option is a key-value pair in the JSON format. For example, if you use FlexVolume to mount a cloud disk, set FlexVolume.Options to |
FlexVolume.Driver | String | No | No | The driver name when you use FlexVolume to mount a volume. | None. |
FlexVolume.FsType | String | No | No | The type of the file system to be mounted. | None. |
HostAliase syntax
"HostAliase": [
{
"Ip": String,
"Hostname": List
}
]HostAliase properties
Property | Type | Required | Editable | Description | Constraint |
Ip | String | No | No | The IP address. | None. |
Hostname | List | No | No | The hostnames. | None. |
ImageRegistryCredential syntax
"ImageRegistryCredential": [
{
"UserName": String,
"Password": String,
"Server": String
}
]ImageRegistryCredential properties
Property | Type | Required | Editable | Description | Constraint |
UserName | String | Yes | No | The logon username of the image repository. | None. |
Password | String | Yes | No | The logon password of the image repository. | None. |
Server | String | Yes | No | The IP address of the image repository. | The IP address cannot contain a protocol prefix, such as |
EnvironmentVar syntax
"EnvironmentVar": {
"Key": String,
"Value": String,
"FieldRef.FieldPath": String
}EnvironmentVar properties
Property | Type | Required | Editable | Description | Constraint |
Key | String | No | No | The variable name. | The name must be 1 to 128 characters in length, and can contain digits, letters, and underscores (_). It cannot start with a digit. |
Value | String | No | No | The variable value. | The value can be up to 256 characters in length. |
FieldRef.FieldPath | String | No | No | The reference to another variable. | Set the value to status.podIP. |
SecurityContext syntax
"SecurityContext": {
"Capability.Add": List,
"RunAsUser": Integer,
"ReadOnlyRootFilesystem": Boolen
}SecurityContext properties
Property | Type | Required | Editable | Description | Constraint |
Capability.Add | List | No | No | The permissions that you want to grant to the processes in the container. | Set the value to NET_ADMIN. |
RunAsUser | Integer | No | No | The user ID. | None. |
ReadOnlyRootFilesystem | Boolean | No | No | Specifies whether the root file system is read-only. | Default value: true. |
VolumeMount syntax
"VolumeMount": [
{
"Name": String,
"ReadOnly": Boolean,
"MountPath": String,
"MountPropagation": String,
"SubPath": String
}
]VolumeMount properties
Property | Type | Required | Editable | Description | Constraint |
Name | String | No | No | The volume name. | The name must be the same as the value that you specify for the Name property in the "Volume properties" section of this topic. |
ReadOnly | Boolean | No | No | Specifies whether the volume is read-only. | Default value: false. |
MountPath | String | No | No | The mount path of the volume. | The data stored in this path is overwritten by the data in the mounted volume. |
MountPropagation | String | No | No | The mount propagation settings of the volume. | Mount propagation allows volumes that are mounted on one container to be shared with other containers in the same pod, or even with other pods on the same node. Valid values:
|
SubPath | String | No | No | The subdirectory of the volume. | You can use this property to mount different directories of the same volume to different subdirectories of the container. |
Port syntax
"Port": [
{
"Port": Interger,
"Protocol": String
}
]Port properties
Property | Type | Required | Editable | Description | Constraint |
Port | Integer | No | No | The port number. | Valid values: 1 to 65535. |
Protocol | String | No | No | The protocol of the port. | Valid values:
|
ConfigFileVolume.ConfigFileToPath syntax
"onfigFileVolume.ConfigFileToPath": [
{
"Content": String,
"Path": String
}
]ConfigFileVolume.ConfigFileToPath properties
Property | Type | Required | Editable | Description | Constraint |
Content | String | No | No | The content of the ConfigFile volume. | The content can be up to 32 KB in size. |
Path | String | Yes | No | The relative path of the ConfigFile volume. | You can specify the location of a directory relative to another directory. |
SecurityContextSysctl syntax
"SecurityContextSysctl": [
{
"Value": String,
"Name": String
}
] SecurityContextSysctl properties
Property | Type | Required | Editable | Description | Constraint |
Value | String | No | No | The variable value of the security context in which the container group runs. | None. |
Name | String | No | No | The variable name of the security context in which the container group runs. | Valid values:
|
ReadinessProbe syntax
"ReadinessProbe": {
"TimeoutSeconds": Integer,
"InitialDelaySeconds": Integer,
"Exec.Command": List,
"PeriodSeconds": Integer,
"HttpGet.Port": Integer,
"TcpSocket.Port": Integer,
"FailureThreshold": Integer,
"HttpGet.Scheme": String,
"HttpGet.Path": String,
"SuccessThreshold": Integer
} ReadinessProbe properties
Property | Type | Required | Editable | Description | Constraint |
FailureThreshold | Integer | No | No | The number of times that a healthy container must consecutively fail health checks before it is declared unhealthy. |
Default value: 3. |
HttpGet.Scheme | String | No | No | The GET request protocol. | Valid values:
|
HttpGet.Path | String | No | No | The path to which the system sends an HTTP GET request for health checks. | None. |
Exec.Command | List | No | No | The commands that you want to run in the container to perform health checks. | None. |
TcpSocket.Port | Integer | No | No | The port to which the system sends a TCP socket request for health checks. | None. |
PeriodSeconds | Integer | No | No | The interval between two consecutive health checks. | Default value: 10. Minimum value: 1. Unit: seconds. |
TimeoutSeconds | Integer | No | No | The timeout period of a health check. | Default value: 10. Minimum value: 1. Unit: seconds. |
InitialDelaySeconds | Integer | No | No | The time period after the container is started and before the probe is initiated. | None. |
SuccessThreshold | Integer | No | No | The number of times that an unhealthy container must consecutively pass health checks before it is declared healthy. |
Default value: 1. |
HttpGet.Port | Integer | No | No | The port to which the system sends an HTTP GET request for health checks. | None. |
Option syntax
"Option": [
{
"Name": String,
"Value": String
}
] Option properties
Property | Type | Required | Editable | Description | Constraint |
Name | String | No | No | The option name. | None. |
Value | String | No | No | The option value. | None. |
Tag syntax
"Tag": [
{
"Key": String,
"Value": String
}
]Tag properties
Property | Type | Required | Editable | Description | Constraint |
Key | String | Yes | No | The tag key. | None. |
Value | String | No | No | The tag value. | None. |
AcrRegistryInfo syntax
"AcrRegistryInfo": [
{
"RegionId": String,
"InstanceName": String,
"Domain": List,
"InstanceId": String
}
]AcrRegistryInfo properties
Property | Type | Required | Editable | Description | Constraint |
RegionId | String | No | No | The region ID of the Container Registry Enterprise Edition instance. | By default, the Container Registry Enterprise Edition instance resides in the same region as the container group. |
InstanceName | String | No | No | The name of the Container Registry Enterprise Edition instance. | None. |
Domain | List | No | No | The domain names of the Container Registry Enterprise Edition instance. | By default, the Container Registry instance uses the same domain names as the container group. |
InstanceId | String | Yes | No | The ID of the Container Registry Enterprise Edition instance. | None. |
Return values
Fn::GetAtt
ContainerGroupId: the ID of the container group.
ContainerGroupName: the name of the container group.
SecurityGroupId: the ID of the security group.
Ipv6Address: the IPv6 address.
InternetIp: the public IP address.
RegionId: the region.
IntranetIp: the private IP address.
ZoneId: the zone.
VSwitchId: the vSwitch ID.
EniInstanceId: the ID of the elastic network interface (ENI).
Examples
YAML format
ROSTemplateFormatVersion: '2015-09-01'
Description: Test ECI ContainerGroup
Parameters:
VSwitch:
AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
Type: String
Label:
en: VSwitch ID
SecurityGroup:
Type: String
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
Label:
en: Security Group ID
Resources:
ContainerGroup:
Type: ALIYUN::ECI::ContainerGroup
Properties:
Container:
- Name: mytest
Image: busybox
Cpu: 2
Memory: 4
Port:
- Port: 8080
Protocol: TCP
- Port: 8888
Protocol: TCP
SecurityGroupId:
Ref: SecurityGroup
ContainerGroupName: mytest
VSwitchId:
Ref: VSwitch
RestartPolicy: Always
SlsEnable: false
Cpu: 2
Memory: 4
Outputs: {}JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": "Test ECI ContainerGroup",
"Parameters": {
"VSwitch": {
"AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
"Type": "String",
"Label": {
"en": "VSwitch ID"
}
},
"SecurityGroup": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::SecurityGroup::SecurityGroupId",
"Label": {
"en": "Security Group ID"
}
}
},
"Resources": {
"ContainerGroup": {
"Type": "ALIYUN::ECI::ContainerGroup",
"Properties": {
"Container": [
{
"Name": "mytest",
"Image": "busybox",
"Cpu": 2,
"Memory": 4,
"Port": [
{
"Port": 8080,
"Protocol": "TCP"
},
{
"Port": 8888,
"Protocol": "TCP"
}
]
}
],
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ContainerGroupName": "mytest",
"VSwitchId": {
"Ref": "VSwitch"
},
"RestartPolicy": "Always",
"SlsEnable": false,
"Cpu": 2,
"Memory": 4
}
}
},
"Outputs": {
}
}