This topic describes how to enable Internet access, pull images from Docker Hub, and then create an Elastic Container Instance (ECI).

Prerequisites

The ECI and Resource Access Management (RAM) services are activated. A RAM role related to ECI is assigned to your account.

Warning ECI does not support pulling images over the Internet. To pull images from Docker Hub or an external image repository, the Virtual Private Cloud (VPC) must have access to the Internet. For more information about how to enable Internet access, see Enable Internet access.

Procedure

  1. Go to the ECI purchase page.
  2. Select the region and zone where you want to deploy the ECI. For more information about the supported regions and zones, see Regions and zones.
    Note We recommend that you select the latest zone that has sufficient resources to meet your business needs.
  3. Select a VPC and a VSwitch in the selected region and zone. The information about the network, such as the Classless Inter-Domain Routing (CIDR) block, appears on the page. If no VPC or VSwitch is available in the selected region and zone, create a VPC on the VPCs page or create a VSwitch on the VSwitches page in the VPC console.
  4. Optional. Associate an Elastic IP Address (EIP) with the ECI. To pull images from Docker Hub, you must enable Internet access for the VPC. You can directly associate an EIP with the ECI. Alternatively, you can create a network address translation (NAT) gateway for the VPC and associate an EIP with the NAT gateway on the Elastic IP Addresses page in the VPC console.
    Note

    For more information about how to create a NAT gateway, see Enable Internet access. If you have created a NAT gateway for the VPC, associated an EIP with the NAT gateway, and configured source network address translation (SNAT) rules for the NAT gateway, you do not need to associate an EIP with an ECI.

  5. Select a security group. If no security group is available, create one on the Security Groups page in the Elastic Compute Service (ECS) console. A security group acts as a virtual firewall that provides the stateful packet inspection (SPI) and packet filtering features and is used to isolate security domains on the cloud. You can configure security group rules to enable or disable the access to the Internet or internal network and the access between ECIs for ECIs in the security group.

    To enable the access from the Internet to an ECI in a VPC, you must expose the corresponding ports in security group rules. For example, when you deploy the NGINX service, you must expose port 80 to the Internet in a security group rule.

    Note

    For more information about security groups, see Security group overview.

  6. After you specify the name of the container group and the name of a container, select an image from Docker Hub and select the image version.

  7. Select the CPU and memory specifications for the container group. Select appropriate CPU and memory specifications for each container. A container supports a minimum of 0.25 vCPU and 0.5 GB memory.

  8. Confirm the configuration.

    Click Preview on the purchase page. On the configuration preview page that appears, verify that the configuration is correct and click Create ECI to submit the order.