All Products
Search
Document Center

Resource Orchestration Service:ALIYUN::ECI::ContainerGroup

Last Updated:Dec 07, 2023

ALIYUN::ECI::ContainerGroup is used to create a container group. A container group is an elastic container instance.

Syntax

{
  "Type": "ALIYUN::ECI::ContainerGroup",
  "Properties": {
    "SecurityContextSysctl": List,
    "Memory": Number,
    "InitContainer": List,
    "Cpu": Number,
    "EipInstanceId": String,
    "ContainerGroupName": String,
    "Container": List,
    "ImageSnapshotId": String,
    "DnsConfig": Map,
    "AutoMatchImageCache": Boolean,
    "Ipv6AddressCount": Integer,
    "ImageRegistryCredential": List,
    "SpotPriceLimit": Number,
    "InstanceType": String,
    "SpotStrategy": String,
    "ActiveDeadlineSeconds": Integer,
    "HostAliase": List,
    "ZoneId": String,
    "TerminationGracePeriodSeconds": Integer,
    "VSwitchId": String,
    "SecurityGroupId": String,
    "SlsEnable": Boolean,
    "RestartPolicy": String,
    "RamRoleName": String,
    "Volume": List,
    "AcrRegistryInfo": List,
    "Tag": List,
    "ResourceGroupId": String
  }
}

Properties

Property

Type

Required

Editable

Description

Constraint

EipInstanceId

String

No

No

The ID of the elastic IP address (EIP).

None.

Container

List

Yes

Yes

The containers in the container group.

For more information, see Container properties.

DnsConfig

Map

No

Yes

The configuration of Domain Name System (DNS).

For more information, see DnsConfig properties.

InitContainer

List

No

Yes

The list of init containers.

For more information, see InitContainer properties.

SecurityGroupId

String

No

No

The ID of the security group to which the container group belongs.

Instances in the same security group can access each other.

ContainerGroupName

String

Yes

No

The name of the container group.

None.

ZoneId

String

No

No

The zone ID of the container group.

By default, this property is empty. If you do not specify this property, the system selects a zone.

Volume

List

No

Yes

The list of volumes.

You can specify up to 20 volumes.

For more information, see Volume properties.

HostAliase

List

No

No

The mapping between the hostname and the IP addresses for a container in the pod.

For more information, see HostAliase properties.

RestartPolicy

String

No

Yes

The policy that you want to use to restart the container group.

Valid values:

  • Always (default)

  • OnFailure

  • Never

ResourceGroupId

String

No

Yes

The ID of the resource group.

None.

Tag

List

No

Yes

The tags of the container group.

You can specify up to 20 tags for each container group. A tag is a key-value pair. The key and the value are of the String type.

For more information, see Tag properties.

VSwitchId

String

No

No

The vSwitch ID of the container group. The elastic container instance that you want to create is of the virtual private cloud (VPC) type.

The number of IP addresses in the vSwitch CIDR block determines the maximum number of elastic container instances that can be created in the vSwitch. Before you create an elastic container instance, plan the CIDR block of the vSwitch.

ImageRegistryCredential

List

No

Yes

The logon information about the container image repository. The information includes the server IP address, the username, and the password.

For more information, see ImageRegistryCredential properties.

Memory

Number

No

Yes

The memory size.

None.

SlsEnable

Boolean

No

No

Specifies whether to enable logging.

Valid values:

  • true

  • false (default)

SecurityContextSysctl

List

No

No

The security context of the container group.

For more information, see SecurityContext properties.

Cpu

Number

No

Yes

The number of vCPUs.

None.

ImageSnapshotId

String

No

No

The image cache ID or the snapshot ID.

None.

SpotPriceLimit

Number

No

No

The maximum hourly price of the container group.

The value of this property can contain up to three decimal places.

This property takes effect only when the SpotStrategy property is set to SpotWithPriceLimit.

AutoMatchImageCache

Boolean

No

No

Specifies whether to automatically match the image cache.

None.

SpotStrategy

String

No

No

The bidding policy for the pay-as-you-go container group.

Valid values:

  • NoSpot (default): The container group is created as a regular pay-as-you-go instance.

  • SpotWithPriceLimit: The container group is created as a preemptible instance that has a user-defined maximum hourly price.

  • SpotAsPriceGo: The container group is created as a preemptible instance for which the market price at the time of purchase is automatically used as the bid price.

TerminationGracePeriodSeconds

Integer

No

No

The buffer time period in which the program handles operations before the program is stopped.

Unit: seconds.

ActiveDeadlineSeconds

Integer

No

No

The validity period of the container group.

Unit: seconds.

Ipv6AddressCount

Integer

No

No

The number of IPv6 addresses.

None.

RamRoleName

String

No

No

The name of the Resource Access Management (RAM) role that the container group assumes.

You can use the RAM role to access elastic container instances and Elastic Compute Service (ECS) instances.

AcrRegistryInfo

List

No

No

The access credentials for the Container Registry Enterprise Edition instance.

For more information, see AcrRegistryInfo properties.

InstanceType

String

No

No

The instance type.

None.

Container syntax

"Container": [
  {
    "EnvironmentVar": List,
    "Tty": Boolean,
    "SecurityContext": Map,
    "Name": String,
    "ImagePullPolicy": String,
    "Image": String,
    "Stdin": boolean,
    "WorkingDir": String,
    "LivenessProbe": Map,
    "Cpu": Number,
    "Command": List,
    "Memory": Number,
    "ReadinessProbe": Map,
    "VolumeMount": List,
    "Port": List,
    "Arg": List,
    "StdinOnce": Boolean
  }
]

Container properties

Property

Type

Required

Editable

Description

Constraint

EnvironmentVar

List

No

No

The environment variables for the container.

Each environment variable is a key-value pair. The key and the value are of the String type. The key specifies the name of a variable, and the value specifies the value of a variable.

You can specify up to 100 environment variables.

For more information, see EnvironmentVar properties.

Tty

Boolean

No

No

Specifies whether to allocate a TeleTYpe (TTY) terminal to the container.

Valid values:

  • true: allocates a TTY terminal to the container.

    If you set this property to true, you must also set the stdin property to true.

  • false: does not allocate a TTY terminal to the container.

SecurityContext

Map

No

No

The security context of the container group.

None.

Name

String

Yes

No

The container name.

None.

ImagePullPolicy

String

No

No

The image pulling policy.

None.

Image

String

Yes

No

The container image.

None.

Stdin

Boolean

No

No

Specifies whether to allocate a buffer for the standard input in the container runtime.

Valid values:

  • true

  • false

WorkingDir

String

No

No

The working directory of the container.

None.

LivenessProbe

Map

No

No

The liveness probe of the container.

For more information, see LivenessProbe properties.

Cpu

Number

No

No

The number of vCPUs that you want to allocate to the container.

None.

Command

List

No

No

The commands that you want to send to the container.

You can specify only one command. A command is of the String type and can be up to 256 characters in length.

Memory

Number

No

No

The size of the memory that you want to allocate to the container.

Unit: GiB.

ReadinessProbe

Map

No

No

The readiness probe of the container.

For more information, see ReadinessProbe properties.

VolumeMount

List

No

No

The volumes that you want to mount on the container.

You can specify up to 16 volumes.

For more information, see VolumeMount properties.

Port

List

No

No

The ports and protocols that you want to use for the container.

You can specify up to 100 ports. Valid values:

  • TCP

  • UDP

For more information, see Port properties.

Arg

List

No

No

The arguments that you want to pass to the command.

The arguments are of the String type. You can specify up to 10 arguments.

StdinOnce

Boolean

No

No

Specifies whether to close the standard input stream after the client that is connected for the first time is disconnected.

Valid values:

  • true

  • false

LivenessProbe syntax

"LivenessProbe": {
  "TcpSocket.Port": Integer,
  "HttpGet.Scheme": String,
  "HttpGet.Port": Integer,
  "FailureThreshold": Integer,
  "InitialDelaySeconds": Integer,
  "TimeoutSeconds": Integer,
  "SuccessThreshold": Integer,
  "Exec.Command": List,
  "PeriodSeconds": Integer,
  "HttpGet.Path": String
}

LivenessProbe properties

Property

Type

Required

Editable

Description

Constraint

TcpSocket.Port

Integer

No

No

The port to which the system sends a TCP socket request for a liveness probe.

None.

HttpGet.Scheme

String

No

No

The protocol that you want to use to connect to the host.

Valid values:

  • HTTP

  • HTTPS

HttpGet.Port

Integer

No

No

The port to which the system sends an HTTP GET request for a liveness probe.

None.

FailureThreshold

Integer

No

No

The minimum number of consecutive failures that must occur for a successful liveness probe to be considered failed.

Default value: 3.

InitialDelaySeconds

Integer

No

No

The time period after the container is started and before a liveness probe is initiated.

Unit: seconds.

TimeoutSeconds

Integer

No

No

The timeout period for a liveness probe. Unit: seconds.

Minimum value: 1.

Default value: 1.

SuccessThreshold

Integer

No

No

The minimum number of consecutive successes that must occur for a failed liveness probe to be considered successful.

Set the value to 1.

Default value: 1.

Exec.Command

List

No

No

The commands that you want to use to perform a liveness probe for the container.

None.

PeriodSeconds

Integer

No

No

The interval at which you want to perform liveness probes.

Unit: seconds.

Minimum value: 1.

Default value: 10.

HttpGet.Path

String

No

No

The path to which the system sends an HTTP GET request for a liveness probe.

None.

DnsConfig syntax

"DnsConfig": {
  "NameServer": List,
  "Search": List,
  "Option": List
}

DnsConfig properties

Property

Type

Required

Editable

Description

Constraint

NameServer

List

No

No

The IP addresses of DNS servers.

None.

Search

List

No

No

The DNS search domains.

None.

Option

List

No

No

The options.

Each option consists of a name and a value. The value of each option is optional.

For more information, see Option properties.

InitContainer syntax

"InitContainer": [
  {
    "EnvironmentVar": List,
    "SecurityContext": Map,
    "Name": String,
    "Image": String,
    "Arg": List,
    "WorkingDir": String,
    "Port": List,
    "Command": List,
    "Memory": Number,
    "ImagePullPolicy": String,
    "VolumeMount": List,
    "Cpu": Number
  }
]

InitContainer properties

Property

Type

Required

Editable

Description

Constraint

EnvironmentVar

List

No

No

The environment variables for the container.

Each environment variable is a key-value pair. The key and the value are of the String type. The key specifies the name of a variable, and the value specifies the value of a variable.

You can specify up to 100 environment variables.

Set the value to status.podIP.

SecurityContext

Map

No

No

The security context of the container group.

None.

Name

String

No

No

The container name.

None.

Image

String

No

No

The container image.

None.

Arg

List

No

No

The arguments that you want to pass to the command.

The arguments are of the String type. You can specify up to 10 arguments.

WorkingDir

String

No

No

The working directory of the container.

None.

Port

List

No

No

The ports and protocols that you want to use for the container.

You can specify up to 100 ports. Valid values:

  • TCP

  • UDP

Command

List

No

No

The commands that you want to send to the container.

You can specify only one command. A command is of the String type and can be up to 256 characters in length.

Memory

Number

No

No

The size of the memory that you want to allocate to the container.

Unit: GB.

ImagePullPolicy

String

No

No

The image pulling policy.

None.

VolumeMount

List

No

No

The volumes that you want to mount on the container.

You can specify up to 16 volumes.

Cpu

Number

No

No

The number of vCPUs that you want to allocate to the container.

None.

Volume syntax

"Volume": [
  {
    "NFSVolume.Path": String,
    "Name": String,
    "EmptyDirVolume.Medium": String,
    "NFSVolume.Server": String,
    "NFSVolume.ReadOnly": Boolean,
    "ConfigFileVolume.ConfigFileToPath": List,
    "Type": String
  }
]

Volume properties

Property

Type

Required

Editable

Description

Constraint

NFSVolume.Path

String

No

No

The path of the Network File System (NFS) volume.

None.

Name

String

Yes

No

The volume name.

None.

EmptyDirVolume.Medium

String

No

No

The storage medium.

By default, the file system on the node is used.

Set the value to Memory.

If you set this property to Memory, emptyDir volumes are stored in memory.

NFSVolume.Server

String

No

No

The IP address of the NFS server.

None.

NFSVolume.ReadOnly

Boolean

No

No

Specifies whether the NFS volume is read-only.

Default value: false.

ConfigFileVolume.ConfigFileToPath

List

No

No

The path of the ConfigFile volume.

For more information, see ConfigFileVolume.ConfigFileToPath properties.

Type

String

Yes

No

The volume type.

Valid values:

  • EmptyDirVolume

  • NFSVolume

  • ConfigFileVolume

HostAliase syntax

"HostAliase": [
  {
    "Ip": String,
    "Hostname": List
  }
]

HostAliase properties

Property

Type

Required

Editable

Description

Constraint

Ip

String

No

No

The IP address.

None.

Hostname

List

No

No

The hostname.

None.

ImageRegistryCredential syntax

"ImageRegistryCredential": [
  {
    "UserName": String,
    "Password": String,
    "Server": String
  }
]

ImageRegistryCredential properties

Property

Type

Required

Editable

Description

Constraint

UserName

String

Yes

No

The logon username of the image repository.

None.

Password

String

Yes

No

The logon password of the image repository.

None.

Server

String

Yes

No

The IP address of the image repository.

The IP address cannot contain a protocol prefix

such as http:// or https://.

EnvironmentVar syntax

"EnvironmentVar": {
  "Key": String,
  "Value": String,
  "FieldRef.FieldPath": String
}

EnvironmentVar properties

Property

Type

Required

Editable

Description

Constraint

Key

String

No

No

The variable name.

The name must be 1 to 128 characters in length, and can contain digits, letters, and underscores (_). The name cannot start with a digit.

Value

String

No

No

The variable value.

The value can be up to 256 characters in length.

FieldRef.FieldPath

String

No

No

The reference to another variable.

Set the value to status.podIP.

SecurityContext syntax

"SecurityContext": {
  "Capability.Add": List,
  "RunAsUser": Integer,
  "ReadOnlyRootFilesystem": Boolen
}

SecurityContext properties

Property

Type

Required

Editable

Description

Constraint

Capability.Add

List

No

No

The capabilities that you want to add to the container.

Set the value to NET_ADMIN.

RunAsUser

Integer

No

No

The user ID.

None.

ReadOnlyRootFilesystem

Boolean

No

No

Specifies whether the root file system is read-only.

Default value: true.

VolumeMount syntax

"VolumeMount": [
  {
    "Name": String,
    "ReadOnly": Boolean,
    "MountPath": String
  }
]

VolumeMount properties

Property

Type

Required

Editable

Description

Constraint

Name

String

No

No

The volume name.

The name must be the same as the value that is specified for the Name property in the "Volume properties" section of this topic.

ReadOnly

Boolean

No

No

Specifies whether the volume is read-only.

Default value: false.

MountPath

String

No

No

The mount path of the volume.

The data in the destination directory is overwritten by the data in the mounted volume.

Port syntax

"Port": [
  {
    "Port": Interger,
    "Protocol": String
  }
]

Port properties

Property

Type

Required

Editable

Description

Constraint

Port

Integer

No

No

The port number.

Valid values: 1 to 65535.

Protocol

String

No

No

The protocol that is used by the port.

Valid values:

  • TCP

  • UDP

ConfigFileVolume.ConfigFileToPath syntax

"onfigFileVolume.ConfigFileToPath": [
  {
    "Content": String,
    "Path": String
  }
]

ConfigFileVolume.ConfigFileToPath properties

Property

Type

Required

Editable

Description

Constraint

Content

String

No

No

The content of the ConfigFile volume.

The maximum volume size is 32 KB.

Path

String

Yes

No

The relative path of the ConfigFile volume.

You can specify the location of a directory relative to another directory.

SecurityContextSysctl syntax

"SecurityContextSysctl": [
  {
    "Value": String,
    "Name": String
  }
] 

SecurityContextSysctl properties

Property

Type

Required

Editable

Description

Constraint

Value

String

No

No

The variable value of the security context in which the container group runs.

None.

Name

String

No

No

The variable name of the security context in which the container group runs.

Valid values:

  • kernel.msgmax

  • kernel.shm_rmid_forced

ReadinessProbe syntax

"ReadinessProbe": {
  "TimeoutSeconds": Integer,
  "InitialDelaySeconds": Integer,
  "Exec.Command": List,
  "PeriodSeconds": Integer,
  "HttpGet.Port": Integer,
  "TcpSocket.Port": Integer,
  "FailureThreshold": Integer,
  "HttpGet.Scheme": String,
  "HttpGet.Path": String,
  "SuccessThreshold": Integer
} 

ReadinessProbe properties

Property

Type

Required

Editable

Description

Constraint

FailureThreshold

Integer

No

No

The minimum number of consecutive failures that must occur for a successful readiness probe to be considered failed.

Default value: 3.

HttpGet.Scheme

String

No

No

The GET request protocol.

Valid values:

  • HTTP

  • HTTPS

HttpGet.Path

String

No

No

The path to which the system sends an HTTP GET request for a readiness probe.

None.

Exec.Command

List

No

No

The commands that you want to run to perform a readiness probe.

None.

TcpSocket.Port

Integer

No

No

The port to which the system sends a TCP socket request for a readiness probe.

None.

PeriodSeconds

Integer

No

No

The interval at which you want to perform readiness probes.

Default value: 10.

Minimum value: 1.

Unit: seconds.

TimeoutSeconds

Integer

No

No

The timeout period for a readiness probe.

Default value: 10.

Minimum value: 1.

Unit: seconds.

InitialDelaySeconds

Integer

No

No

The time period after the container is started and before a readiness probe is initiated.

None.

SuccessThreshold

Integer

No

No

The minimum number of consecutive successes that must occur for a failed readiness probe to be considered successful.

Default value: 1.

HttpGet.Port

Integer

No

No

The port to which the system sends an HTTP GET request for a readiness probe.

None.

Option syntax

"Option": [
  {
    "Name": String,
    "Value": String
  }
] 

Option properties

Property

Type

Required

Editable

Description

Constraint

Name

String

No

No

The option name.

None.

Value

String

No

No

The option value.

None.

Tag syntax

"Tag": [
  {
    "Key": String,
    "Value": String
  }
]

Tag properties

Property

Type

Required

Editable

Description

Constraint

Key

String

Yes

No

The tag key.

None.

Value

String

No

No

The tag value.

None.

AcrRegistryInfo syntax

"AcrRegistryInfo": [
  {
    "RegionId": String,
    "InstanceName": String,
    "Domain": List,
    "InstanceId": String
  }
]

AcrRegistryInfo properties

Property

Type

Required

Editable

Description

Constraint

RegionId

String

No

No

The region ID of the Container Registry Enterprise Edition instance.

By default, the Container Registry Enterprise Edition instance is deployed in the same region as the container group.

InstanceName

String

No

No

The name of the Container Registry Enterprise Edition instance.

None.

Domain

List

No

No

The domain names of the Container Registry Enterprise Edition instance.

By default, the Container Registry instance uses the same domain names as the container group.

InstanceId

String

Yes

No

The ID of the Container Registry Enterprise Edition instance.

None.

Return values

Fn::GetAtt

  • ContainerGroupId: the ID of the container group.

  • ContainerGroupName: the name of the container group.

  • SecurityGroupId: the ID of the security group.

  • Ipv6Address: the IPv6 address.

  • InternetIp: the public IP address.

  • RegionId: the region ID of the instance.

  • IntranetIp: the private IP address.

  • ZoneId: the zone ID.

  • VSwitchId: the vSwitch ID.

  • EniInstanceId: the ID of the elastic network interface (ENI).

Examples

  • YAML format

    ROSTemplateFormatVersion: '2015-09-01'
    Description: Test ECI ContainerGroup
    Parameters:
      VSwitch:
        AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
        Type: String
        Label:
           
          en: VSwitch ID
      SecurityGroup:
        Type: String
        AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
        Label:
           
          en: Security Group ID
    Resources:
      ContainerGroup:
        Type: ALIYUN::ECI::ContainerGroup
        Properties:
          Container:
            - Name: mytest
              Image: busybox
              Cpu: 2
              Memory: 4
              Port:
                - Port: 8080
                  Protocol: TCP
                - Port: 8888
                  Protocol: TCP
          SecurityGroupId:
            Ref: SecurityGroup
          ContainerGroupName: mytest
          VSwitchId:
            Ref: VSwitch
          RestartPolicy: Always
          SlsEnable: false
          Cpu: 2
          Memory: 4
    Outputs: {}
  • JSON format

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Description": "Test ECI ContainerGroup",
      "Parameters": {
        "VSwitch": {
          "AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
          "Type": "String",
          "Label": {
             
            "en": "VSwitch ID"
          }
        },
        "SecurityGroup": {
          "Type": "String",
          "AssociationProperty": "ALIYUN::ECS::SecurityGroup::SecurityGroupId",
          "Label": {
             
            "en": "Security Group ID"
          }
        }
      },
      "Resources": {
        "ContainerGroup": {
          "Type": "ALIYUN::ECI::ContainerGroup",
          "Properties": {
            "Container": [
              {
                "Name": "mytest",
                "Image": "busybox",
                "Cpu": 2,
                "Memory": 4,
                "Port": [
                  {
                    "Port": 8080,
                    "Protocol": "TCP"
                  },
                  {
                    "Port": 8888,
                    "Protocol": "TCP"
                  }
                ]
              }
            ],
            "SecurityGroupId": {
              "Ref": "SecurityGroup"
            },
            "ContainerGroupName": "mytest",
            "VSwitchId": {
              "Ref": "VSwitch"
            },
            "RestartPolicy": "Always",
            "SlsEnable": false,
            "Cpu": 2,
            "Memory": 4
          }
        }
      },
      "Outputs": {
      }
    }        

For more examples, visit ContainerGroup.json and ContainerGroup.yml.