All Products
Document Center

Pull an image from Docker Hub to create an elastic container instance

Last Updated: May 21, 2021

This topic describes how to pull an image from Docker Hub to create an elastic container instance. Docker Hub is a hosted repository service provided by Docker.


The following requirements are met:

  • Elastic Container Instance and Resource Access Management (RAM) are activated. The required RAM roles are authorized.

  • A virtual private cloud (VPC) and vSwitches are created in the region where you want to create an elastic container instance.

  • The VPC is associated with a Network Address Translation (NAT) gateway for which a Source Network Address Translation (SNAT) entry is configured, or an elastic IP address (EIP) is created.


    By default, Elastic Container Instance does not provide external links to pull images over the Internet. To pull images from external image repositories such as Docker Hub, you must enable Internet access. To enable Internet access, you can associate the VPC with a NAT gateway for which an SNAT entry is configured, or associate an EIP with the elastic container instance. For more information, see Enable Internet access.


This section describes the key configurations and steps of pulling an image from Docker Hub to create an elastic container instance. For some parameters, only the minimum required or default configurations are used.

  1. Go to the elastic container instance buy page.

  2. Select a billing method.

  3. Select a region.

  4. Select a VPC and a vSwitch.

    To ensure that resources are sufficient to create the elastic container instance, we recommend that you specify multiple zones by selecting multiple vSwitches. The system preferentially creates the elastic container instance in a zone where resources are sufficient.

  5. Select a security group. Security groups function as virtual firewalls that provide Stateful Packet Inspection (SPI) and packet filtering capabilities to isolate security domains on the cloud. For elastic container instances, you can configure security group rules to allow or deny access to the Internet or internal network and access to or from specific IP addresses. For more information, see Overview.


    If you want to access elastic container instances in VPCs over the Internet, you must enable the required ports in the security groups to which the elastic container instances belong. For example, you must enable port 80 when you deploy the NGINX service. For more information, see Add security group rules.

  6. Configure the container group (elastic container instance) and specify the number of container groups that you want to purchase.

    1. Specify the number of vCPUs and memory size for the container group.

    2. Enter a name for the container group.

    3. Set Quantity to specify the number of container groups that you want to purchase.

      When you purchase multiple container groups, an incremental suffix is automatically added to the name based on the number of container groups that you purchase. For example, if you set Name to test and Quantity to 3, the names of your purchased container groups are test001, test002, and test003.


    By default, the instance restart policy (RestartPolicy) is Always, which indicates that a container automatically restarts if the container fails.

  7. Configure containers.

    1. Enter a name for the container.

    2. Select an image and an image version.

      Click Select Image. On the Docker Images tab, find busybox and click Use on the left. Click Select Image Version and then select latest in the Image Version dialog box.


      • By default, the image pulling policy (imagePullPolicy) is IfNotPresent. IfNotPresent indicates that local images are preferentially used and images are pulled only if no local images are available.

      • Images whose source is DOCKER_HUB are stored in Docker Hub and can be pulled over the Internet.

  8. If the selected VPC is not associated with NAT gateways, click Next: Other Settings and associate an EIP with the elastic container instance.

  9. Click Confirm Configuration.

  10. Confirm the configurations, read and select Elastic Container Instance (ECI) Service Agreement, and then click Create Order.

    After the elastic container instance is created, you can view it on the Elastic Container Instance page and click the instance ID to go to the instance details page.