ALIYUN::ECI::ContainerGroup is used to create a container group.

Syntax

{
  "Type": "ALIYUN::ECI::ContainerGroup",
  "Properties": {
    "EipInstanceId": String,
    "Container": List,
    "DnsConfig": Map,
    "InitContainer": List,
    "SecurityGroupId": String,
    "ContainerGroupName": String,
    "ZoneId": String,
    "Volume": List,
    "HostAliase": List,
    "RestartPolicy": String,
    "Tag": List,
    "VSwitchId": String,
    "ImageRegistryCredential": List,
    "Memory": Number,
    "SlsEnable": Boolean,
    "SecurityContextSysctl": List,
    "Cpu": Number,
    "ImageSnapshotId": String
  }
}

Properties

Name Type Required Editable Description Validity
EipInstanceId String No No The ID of the EIP. None
Container List Yes Yes The containers in the container group. None
DnsConfig Map No Yes The DNS configurations. None
InitContainer List No Yes The list of initialized containers. None
SecurityGroupId String Yes No The ID of the security group to which the instance belongs. Instances within the same security group can access one another. None
ContainerGroupName String Yes No The name of the container group. None
ZoneId String No No The ID of the zone where the instance resides. If this parameter is not specified, the system will automatically select a zone. Default value: empty.
Volume List No Yes The list of volumes. A maximum of 20 volumes can be specified.
HostAliase List No No The mapping of hostnames and IP addresses for a container in the pod. None
RestartPolicy String No Yes The policy for restarting the instance. Valid values: Always, OnFailure, and Never. Default value: Always.
Tag List No Yes The tags of the container group in the key-value pair format. A maximum of 20 tags can be specified for each container group. In a key-value pair, both the key and value are strings.
VSwitchId String Yes No The ID of the VSwitch. All ECI instances are deployed in VPCs. The number of IP addresses in the VSwitch CIDR block determines the maximum number of ECI instances that can be created in the VSwitch. Before you create an ECI instance, we recommend that you plan the CIDR block of the VSwitch.
ImageRegistryCredential List No Yes The information for logging on to the container image repository. This information includes server address, username, and password. None
Memory Number No Yes The size of memory. None
SlsEnable Boolean No No Specifies whether to enable logging. Default value: false.
SecurityContextSysctl List No No The list of kernel parameters that you want to set using the sysctl command. The sysctl command is sent to each container in ECI. You can use the sysctl command to set these kernel variables: kernel.shm_rmid_forced and kernel.msgmax.
Cpu Number No Yes The number of vCPUs. None
ImageSnapshotId String No No The cache ID of the image or the ID of the snapshot that is used to create the image. None

Container syntax

"Container": [
  {
    "EnvironmentVar": List,
    "Tty": Boolean,
    "SecurityContext": Map,
    "Name": String,
    "ImagePullPolicy": String,
    "Image": String,
    "Stdin": boolean,
    "WorkingDir": String,
    "LivenessProbe": Map,
    "Cpu": Number,
    "Command": List,
    "Memory": Number,
    "ReadinessProbe": Map,
    "VolumeMount": List,
    "Port": List,
    "Arg": List,
    "StdinOnce": Boolean
  }
]

Container properties

Name Type Required Editable Description Validity
EnvironmentVar List No No The environment variables in the container. Each environment variable is stored as a key-value pair. Both the key and value are strings. A maximum of 100 environment variables can be stored. The key specifies the name of a variable, and the value specifies the value of a variable.
Tty Boolean No No Specifies whether to assign a tty to the container. Valid values: true and false. If this parameter is set to true, the Stdin parameter must be set to true.
SecurityContext Map No No The security context of the container group. Set the value to true.
Name String Yes No The name of the container. None
ImagePullPolicy String No No The policy for pulling an image. None
Image String Yes No The image of the container. None
Stdin Boolean No No Specifies whether to assign a buffer to the standard input while the container is running. Valid values: true and false.
WorkingDir String No No The working directory for the container. None
LivenessProbe Map No No The liveness probe of the container. None
Cpu Number No No The number of vCPUs assigned to the container. None
Command List No No The list of commands to be sent to the container. Only one command can be specified. The command can be up to 256 characters in length.
Memory Number No No The memory assigned to the container. Unit: GiB.
ReadinessProbe Map No No The readiness probe of the container. None
VolumeMount List No No The number of volumes that are mounted to the container. Maximum value: 16.
Port List No No The enabled ports and protocols used by the ports. A maximum of 100 ports can be configured.
Arg List No No The arguments that are passed to the command. This parameter must be of the STRING type. A maximum of 10 arguments can be specified.
StdinOnce Boolean No No Specifies whether to close the standard input channel that is opened by a single attach operation after the connection is disconnected. Valid values: true and false.

LivenessProbe syntax

"LivenessProbe": {
  "TcpSocket.Port": Integer,
  "HttpGet.Scheme": String,
  "HttpGet.Port": Integer,
  "FailureThreshold": Integer,
  "InitialDelaySeconds": Integer,
  "TimeoutSeconds": Integer,
  "SuccessThreshold": Integer,
  "Exec.Command": List,
  "PeriodSeconds": Integer,
  "HttpGet.Path": String
}

LivenessProbe properties

Name Type Required Editable Description Validity
TcpSocket.Port Integer No No The port to which the system sends a TCP socket request for health check. None
HttpGet.Scheme String No No The protocol that is used to connect a server. Valid values: HTTP and HTTPS.
HttpGet.Port Integer No No The port to which the system sends an HTTP GET request for health check. None
FailureThreshold Integer No No The minimum number of consecutive failures that must occur for the probe to be considered failed after having succeeded. Default value: 3.
InitialDelaySeconds Integer No No The time to wait before performing the first probe after the container is started. Unit: seconds.
TimeoutSeconds Integer No No The time after which the probe times out. Unit: seconds. Minimum value: 1. Default value: 1.
SuccessThreshold Integer No No The minimum number of consecutive successes that must occur for the probe to be considered successful after having failed. Set the value to 1. Default value: 1.
Exec.Command List No No The commands that are used to run the probe. None
PeriodSeconds Integer No No The probe cycle. Unit: seconds. Minimum value: 1. Default value: 10.
HttpGet.Path String No No The path of an HTTP GET request to perform heath check. None

DnsConfig syntax

"DnsConfig": {
  "NameServer": List,
  "Search": List,
  "Option": List
}

DnsConfig properties

Name Type Required Editable Description Validity
NameServer List No No The list of IP addresses of DNS servers. None
Search List No No The list of DNS search domains. None
Option List No No The list of options. Each option consists of a name and a value. The value of each option is optional.

InitContainer syntax

"InitContainer": [
  {
    "EnvironmentVar": List,
    "SecurityContext": Map,
    "Name": String,
    "Image": String,
    "Arg": List,
    "WorkingDir": String,
    "Port": List,
    "Command": List,
    "Memory": Number,
    "ImagePullPolicy": String,
    "VolumeMount": List,
    "Cpu": Number
  }
]

InitContainer properties

Name Type Required Editable Description Validity
EnvironmentVar List No No The environment variables in the container. Each container variable is stored as a key-value pair. Both the key and value are strings. The key specifies the name of a variable, and the value specifies the value of a variable. A maximum of 100 environment variables can be stored. Set the value to status.podIP.
SecurityContext Map No No The security context of the container group. Set the value to true.
Name String No No The name of the container. None
Image String No No The image of the container. None
Arg List No No The arguments that are passed to the command. This parameter must be of the STRING type. A maximum of 10 arguments can be specified.
WorkingDir String No No The working directory for the container. None
Port List No No The enabled ports and protocols used by the ports. A maximum of 100 ports can be configured.
Command List No No The list of commands to be sent to the container. Only one command can be specified. The command can be up to 256 characters in length.
Memory Number No No The memory assigned to the container. Unit: GiB.
ImagePullPolicy String No No The policy for pulling an image. You can use the policy to pull images from an image repository. None
VolumeMount List No No The number of volumes that are mounted to the container. Maximum value: 16.
Cpu Number No No The number of vCPUs assigned to the container. None

Volume syntax

"Volume": [
  {
    "NFSVolume.Path": String,
    "Name": String,
    "EmptyDirVolume.Medium": String,
    "NFSVolume.Server": String,
    "NFSVolume.ReadOnly": Boolean,
    "ConfigFileVolume.ConfigFileToPath": List,
    "Type": String
  }
]

Volume properties

Name Type Required Editable Description Validity
NFSVolume.Path String No No The path of the Network File System (NFS) volume. None
Name String Yes No The name of the volume. None
EmptyDirVolume.Medium String No No The storage medium for the emptyDir volume. By default, the file system on the node is used. Set the value to Memory. If you set this parameter to Memory, emptyDir volumes are stored in memory.
NFSVolume.Server String No No The IP address of the NFS server. None
NFSVolume.ReadOnly Boolean No No Specifies whether the NFS volume is read only. Default value: false.
ConfigFileVolume.ConfigFileToPath List No No The paths to configuration files. None
Type String Yes No The type of the volume. Valid values: EmptyDirVolume, NFSVolume, and ConfigFileVolume.

HostAliase syntax

"HostAliase": [
  {
    "Ip": String,
    "Hostname": List
  }
]

HostAliase properties

Name Type Required Editable Description Validity
Ip String No No The IP addresses. None
Hostname List No No The hostnames. None

ImageRegistryCredential syntax

"ImageRegistryCredential": [
  {
    "UserName": String,
    "Password": String,
    "Server": String
  }
]

ImageRegistryCredential properties

Name Type Required Editable Description Validity
UserName String Yes No The username that is used to log on to the container image repository. None
Password String Yes No The password that is used to log on to the container image repository. None
Server String Yes No The IP address of the container image repository. This IP address does not contain the protocol prefix, such as http:// or https://.

EnvironmentVar syntax

"EnvironmentVar": {
  "Key": String,
  "Value": String,
  "FieldRef.FieldPath": String
}

EnvironmentVar properties

Name Type Required Editable Description Validity
Key String No No The name of the variable. The name must be 1 to 128 characters in length and can contain digits, letters, and underscores (_). It cannot start with a digit.
Value String No No The value of the variable. The value can be up to 256 characters in length.
FieldRef.FieldPath String No No The reference to another variable. Only status.podIP is supported.

SecurityContext syntax

"SecurityContext": {
  "Capability.Add": List,
  "RunAsUser": Interger,
  "ReadOnlyRootFilesystem": Boolen
}

SecurityContext properties

Name Type Required Editable Description Validity
Capability.Add List No No The capabilities that can be added to containers. Set the value to NET_ADMIN.
RunAsUser Integer No No The ID of the user account. None
ReadOnlyRootFilesystem Boolean No No Specifies whether to mount the root file system in the read-only mode. Set the value to true.

VolumeMount syntax

"VolumeMount": [
  {
    "Name": String,
    "ReadOnly": Boolen,
    "MountPath": String
  }
]

VolumeMount properties

Name Type Required Editable Description Validity
Name String No No The name of the volume. The name is the same as the value specified for the Name parameter in the Volume section. None
ReadOnly Boolean No No Specifies whether to mount the volume in the read-only mode. Default value: false.
MountPath String No No The mount path of the volume. The data in the target directory is overwritten by the data in the mounted volume. None

Port syntax

"Port": [
  {
    "Port": Interger,
    "Protocol": String
  }
]

Port properties

Name Type Required Editable Description Validity
Port Integer No No The port number. Valid values: 1 to 65535.
Protocol String No No The protocol that the port uses. Valid values: TCP and UDP.

ConfigFileVolume.ConfigFileToPath syntax

"onfigFileVolume.ConfigFileToPath": [
  {
    "Content": String,
    "Path": String
  }
]

ConfigFileVolume.ConfigFileToPath properties

Name Type Required Editable Description Validity
Content String No No The content of the configuration file. The size of the content can be up to 32 KB.
Path String No No The relative path in the configuration file. You can specify the location of a directory relative to another directory. None

Response parameters

Fn::GetAtt

  • ContainerGroupId: the ID of the container group.
  • ContainerGroupName: the name of the container group.

Examples

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Resources": {
    "ContainerGroup": {
      "Type": "ALIYUN::ECI::ContainerGroup",
      "Properties": {
        "EipInstanceId": {
          "Ref": "EipInstanceId"
        },
        "Container": {
          "Ref": "Container"
        },
        "DnsConfig": {
          "Ref": "DnsConfig"
        },
        "InitContainer": {
          "Ref": "InitContainer"
        },
        "SecurityGroupId": {
          "Ref": "SecurityGroupId"
        },
        "ContainerGroupName": {
          "Ref": "ContainerGroupName"
        },
        "ZoneId": {
          "Ref": "ZoneId"
        },
        "Volume": {
          "Ref": "Volume"
        },
        "HostAliase": {
          "Ref": "HostAliase"
        },
        "RestartPolicy": {
          "Ref": "RestartPolicy"
        },
        "Tag": {
          "Ref": "Tag"
        },
        "VSwitchId": {
          "Ref": "VSwitchId"
        },
        "ImageRegistryCredential": {
          "Ref": "ImageRegistryCredential"
        },
        "Memory": {
          "Ref": "Memory"
        },
        "SlsEnable": {
          "Ref": "SlsEnable"
        },
        "SecurityContextSysctl": {
          "Ref": "SecurityContextSysctl"
        },
        "Cpu": {
          "Ref": "Cpu"
        }
      }
    }
  },
  "Parameters": {
    "EipInstanceId": {
      "Type": "String",
      "Description": "Elastic IP ID"
    },
    "Container": {
      "Type": "Json",
      "Description": "The containers that constitute the container group."
    },
    "DnsConfig": {
      "Type": "Json",
      "Description": "The information about DNS configurations."
    },
    "InitContainer": {
      "Type": "Json",
      "Description": "The containers that constitute the container group for initializing."
    },
    "SecurityGroupId": {
      "Type": "String",
      "Description": "The ID of the security group to which the instance belongs. Instances in the same security group can access one another."
    },
    "ContainerGroupName": {
      "Type": "String",
      "Description": "The name of the container group."
    },
    "ZoneId": {
      "Type": "String",
      "Description": "The ID of the zone in which the instance resides. If you leave the parameter blank, the system assigns a zone for you. The default value is blank."
    },
    "Volume": {
      "Type": "Json",
      "Description": "The data volume. You can specify a maximum of 20 data volumes.",
      "MaxLength": 20
    },
    "HostAliase": {
      "Type": "Json",
      "Description": "Customize the hostname mapping of a container inside the pod"
    },
    "RestartPolicy": {
      "Type": "String",
      "Description": "The policy for restarting the instance. Default value: Always.",
      "AllowedValues": [
        "Always",
        "OnFailure",
        "Never"
      ]
    },
    "Tag": {
      "Type": "Json",
      "Description": "The list of container group tags in the form of key/value pairs. You can define a maximum of 20 tags for each container group.",
      "MaxLength": 20
    },
    "VSwitchId": {
      "Type": "String",
      "Description": "The ID of the specified VSwitch. Currently, ECI instances can only be deployed in VPCs."
    },
    "ImageRegistryCredential": {
      "Type": "Json",
      "Description": "The information that you need to log on to the container image repository, including the server address, username, and password.",
      "MaxLength": 10
    },
    "Memory": {
      "Type": "Number",
      "Description": "memory size"
    },
    "SlsEnable": {
      "Type": "Boolean",
      "Description": "Enable user log collection. The default is False.",
      "AllowedValues": [
        "True",
        "true",
        "False",
        "false"
      ]
    },
    "SecurityContextSysctl": {
      "Type": "Json",
      "Description": "ECI Sysctl is valid for every container in ECI.\nCurrently only two Sysctl keyNames are supported:\nKernel.shm_rmid_forced\nKernel.msgmax"
    },
    "Cpu": {
      "Type": "Number",
      "Description": "CPU size"
    }
  },
  "Outputs": {
    "ContainerGroupId": {
      "Description": "The ID of the container group.",
      "Value": {
        "Fn::GetAtt": [
          "ContainerGroup",
          "ContainerGroupId"
        ]
      }
    },
    "ContainerGroupName": {
      "Description": "The name of the container group.",
      "Value": {
        "Fn::GetAtt": [
          "ContainerGroup",
          "ContainerGroupName"
        ]
      }
    }
  }
}