Creates an image cache. The image cache can accelerate image pulling and reduce the instance startup time when you create an elastic container instance later.
Operation description
-
Precautions
- You are charged for creation of image caches. We recommend that you learn the relevant billing information in advance. For more information about billing of image caches, see Image caches.
- Before you create an image cache, you must estimate the total size of the images that you want to cache. If the total size of the images exceeds the specified cache size, the image cache cannot be created.
- When an image cache is being created, the system creates an intermediate elastic container instance and an intermediate enhanced SSD (ESSD) at performance level 1 (PL1). Do not delete the intermediate instance and the ESSD while the image cache is being created. If you delete the intermediate instance or the ESSD, the image cache cannot be created.
- A temporary local snapshot and a specific number of regular snapshots are generated during the creation of the image cache. Do not delete these snapshots. If you delete these snapshots, the image cache becomes invalid.
- If you use SDKs, SDK for Java 1.0.10 or later and SDK for Python 1.0.7 or later are supported.
-
Usage notes
- For images that are created based on Container Registry Enterprise Edition instances and use custom domain names, if you want to configure password-free access to the image caches, you must use AcrRegistryInfo-related parameters to specify Container Registry instances. When you configure AcrRegistryInfo-related parameters, you must set the AcrRegistryInfo.N.InstanceId parameter.
- If the image cache that you created will be used to create more than 1,000 elastic container instances at a time, we recommend that you use the StandardCopyCount and FlashCopyCount parameters to create multiple temporary local snapshots and regular snapshots of the image. The multiple snapshots are billed based on incremental data. If no incremental data exists on the multiple snapshots, you are not charged for the multiple snapshots.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resourcesis used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
| Operation | Access level | Resource type | Condition key | Associated operation |
|---|---|---|---|---|
| eci:CreateImageCache | Write |
|
| none |
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| RegionId | string | Yes | The region ID of the image cache. | cn-hangzhou |
| ZoneId | string | No | The zone ID of the image cache. | cn-hangzhou-g |
| SecurityGroupId | string | Yes | The ID of the security group. | sg-uf66jeqopgqa9hdn**** |
| VSwitchId | string | Yes | The ID of the vSwitch. You can specify up to 10 vSwitch IDs. Separate multiple vSwitch IDs with commas (,). Example: | vsw-uf6h3rbwbm90urjwa**** |
| ImageCacheName | string | Yes | The name of the image cache. | testcache |
| EipInstanceId | string | No | The ID of the elastic IP address (EIP). If you want to pull images over the Internet, make sure that the elastic container instance can access the Internet. You can configure an EIP or a NAT gateway for the elastic container instance to access the Internet. | eip-2zedsm5mfl3uhdj2d**** |
| ResourceGroupId | string | No | The ID of the resource group. | rg-aekzh43v***** |
| ClientToken | string | No | The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that the value is unique among different requests. The token can only contain ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure the idempotence of a request. | 123e4567-xxx-xxx-xxxx-42665544xxxx |
| ImageCacheSize | integer | No | The size of the image cache. Unit: GiB. Default value: 20. | 20 |
| RetentionDays | integer | No | The retention period of the image cache. Unit: days. When the retention period ends, the image cache expires and is deleted. By default, image caches never expire. Note
The image caches that fail to be created are only retained for one day.
| 7 |
| AutoMatchImageCache | boolean | No | Specifies whether to enable reuse of image cache layers. If you enable this feature, and the image cache that you want to create and an existing image cache contain duplicate image layers, the system reuses the duplicate image layers to create the new image cache. This accelerates the creation of the image cache. Valid values:
Default value: false. | true |
| ImageRegistryCredential | object [] | No | The image repository. | |
| Password | string | No | The password that is used to log on to image repository N. | password |
| Server | string | No | The address of the image repository without the | registry-vpc.cn-hangzhou.aliyuncs.com |
| UserName | string | No | The username that is used to log on to image repository N. | username |
| Image | array | Yes | Container image N that is used to create the image cache. | |
| string | Yes | Container image N that is used to create the image cache. | registry-vpc.cn-hangzhou.aliyuncs.com/eci_open/nginx:1.15.10-perl | |
| Tag | object [] | No | The tag of the image cache. | |
| Key | string | No | The key of tag N of the image cache. Valid values of N: 1 to 20. | imc |
| Value | string | No | The value of tag N of the image cache. Valid values of N: 1 to 20. | test |
| Flash | boolean | No | Specifies whether to enable the instant image cache feature. The feature can accelerate the creation of image caches. Valid values:
Default value: false. | true |
| AcrRegistryInfo | object [] | No | Information about the Container Registry Enterprise Edition instance. For more information, see Pull images from a Container Registry Enterprise Edition instance without using secrets. | |
| Domain | array | No | The domain names of the Container Registry Enterprise Edition instance. By default, all domain names of the instance are displayed. You can specify multiple domain names. Separate multiple domain names with commas (,). | |
| string | No | The domain name N of Container Registry Enterprise Edition instance N. All domain names of instance N are displayed by default. You can specify one or more domain names. Separate multiple domain names with commas (,). | test****-registry.cn-beijing.cr.aliyuncs.com | |
| InstanceName | string | No | The name of Container Registry Enterprise Edition instance N. | test**** |
| InstanceId | string | No | The ID of Container Registry Enterprise Edition instance N. | cri-nwj395hgf6f3**** |
| RegionId | string | No | The region ID of Container Registry Enterprise Edition instance N. | cn-beijing |
| ArnService | string | No | The Alibaba Cloud Resource Name (ARN) of the RAM roles in the Alibaba Cloud account to which the elastic container instance belongs. | acs:ram::1609982529******:role/role-assume |
| ArnUser | string | No | The ARN of the RAM roles in the Alibaba Cloud account to which the Container Registry Enterprise Edition instance belongs. | acs:ram::1298452580******:role/role-acr |
| Annotations | string | No | Comments. | hide |
| PlainHttpRegistry | string | No | The address of the self-managed image repository. When you create an image cache by using an image in a self-managed image repository that uses the HTTP protocol, you must specify this parameter. This way, Elastic Container Instance uses the HTTP protocol instead of the default HTTPS protocol to pull the image. This can prevent the image from failing to pull due to different protocols. | "harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80" |
| InsecureRegistry | string | No | The address of the self-managed image repository. When you create an image cache by using an image in a self-managed image repository that uses a self-signed certificate, you must specify this parameter to skip the certificate authentication. This can prevent the image from failing to pull due to certificate authentication failures. | "harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80" |
| StandardCopyCount | integer | No | The number of regular snapshots. By default, the system creates one snapshot for each image cache. If an image cache is used to create multiple elastic container instances at a time, we recommend that you set this parameter to create multiple snapshots for the image cache. We recommend that you create one snapshot for creation of every 1,000 elastic container instances. Note
If you set the Flash parameter to false, instant image cache is disabled. In this case, only regular snapshots are generated during the creation of the image cache.
| 7 |
| FlashCopyCount | integer | No | The number of temporary local snapshots. By default, the system creates one snapshot for each image cache. If an image cache is used to create multiple elastic container instances at a time, we recommend that you set this parameter to create multiple snapshots for the image cache. We recommend that you create one snapshot for creation of every 1,000 elastic container instances. Note
If you set the Flash parameter to true, instant image cache is enabled. During the creation of the image cache, the system first creates a temporary local snapshot for you to instantly use the snapshot. After the temporary local snapshot is created, the system begins to create a regular snapshot. After the regular snapshot is created, the temporary local snapshot is automatically deleted.
| 7 |
| EliminationStrategy | string | No | The elimination policy of the image cache. This parameter is empty by default, which indicates that the image cache is always retained. You can set this parameter to LRU, which indicates that the image cache can be automatically deleted. When the number of image caches reaches the quota, the system automatically deletes the image caches whose EliminationStrategy parameter is set to LRU and that are least commonly used. | LRU |
Response parameters
Examples
Sample success responses
JSONformat
{
"RequestId": "0E234675-3465-4CC3-9D0F-9A864BC391DD",
"ImageCacheId": "imc-2zebxkiifuyzzlhl****",
"ContainerGroupId": "eci-2zebxkiifuyzzlhl****"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | Account.Arrearage | Your account has an outstanding payment. | Your account has an outstanding payment. |
| 400 | DryRunOperation | Request validation has been passed with DryRun flag set. | Request validation has been passed with DryRun flag set. |
| 400 | InvalidParameter.CPU.Memory | The specified cpu and memory are not allowed | - |
| 400 | IncorrectStatus | %s | - |
| 400 | ServiceNotEnabled | %s | You have not activated the service that is required for processing this request. |
| 400 | DiskVolume.NotSupport | The disk volume is not supported. | Disk volume does not support your structure. If you want to enable this function, contact us. |
| 400 | RamRole.NotSupport | The RAM role is not supported. | The RAM role is not supported. |
| 400 | ImageCache.IncorrectStatus | %s | - |
| 400 | ImageCacheNotSupport | Image cache is not available for all users. If you want to enable this function, contact us. | Container image cache is currently not available to all users. Submit a ticket if you need to use the feature. |
| 400 | EipAddressPoolIpNotEnough | The ip address of specified PublicIpAddressPool is not enough. | - |
| 400 | OperationConflict | The request was denied. It conflicts with a previous request. | - |
| 403 | OperationDenied.VswZoneMisMatch | The specified VSwitchId is not in the specified Zone. | - |
| 403 | QuotaExceeded | %s quota exceeded. | - |
| 403 | Zone.NotOnSale | The specified zone is not available for purchase. | - |
| 403 | Forbidden.RiskControl | This operation has been identified as an abnormal operation and cannot be processed. | - |
| 403 | Forbidden.SubUser | The specified action is not available for you. | The specified action is not available for you. |
| 403 | Forbidden.OnlyForInvitedTest | Eci create action is only open to invited users during public beta. | Eci create action is only open to invited users during public beta. |
| 403 | OperationDenied.SecurityGroupMisMatch | The specified VSwitchId and SecurityGroupId are not in the same VPC. | The specified VSwitchId and SecurityGroupId are not in the same VPC. |
| 403 | InvalidVSwitchId.IpNotEnough | The specified VSwitch does not have enough IP addresses. | - |
| 403 | Forbidden.UserBussinessStatus | This operation is not allowed, because you have overdue bills. Pay the overdue bill and try again. | - |
| 403 | Forbidden.UserNotRealNameAuthentication | This operation is not allowed, because you have not passed the real-name verification. | - |
| 403 | InvalidUser.PassRoleForbidden | The RAM user is not authorized to assume a RAM role. | The RAM user is not authorized to assume a RAM role. |
| 403 | OperationDenied.NoStock | Sales of this resource are temporarily suspended in the specified zone. We recommend that you use the multi-zone creation function to avoid the risk of insufficient resource. For more information, see https://help.aliyun.com/document_detail/157290.html | - |
| 403 | NoPermission | The RAM role AliyunECIContainerGroupRole does not belong to eci.aliyuncs.com. Please check and try again. | - |
| 403 | SecurityRisk.3DVerification | We have detected a security risk with your default credit or debit card. Please proceed with verification via the link in your email. | - |
| 403 | CreateServiceLinkedRole.Denied | Please make sure the account has ram:CreateServiceLinkedRole permission. | Please make sure the account has ram:CreateServiceLinkedRole permission. |
For a list of error codes, visit the Service error codes.
Change history
| Change time | Summary of changes | Operation | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-08-02 | The Error code has changed | see changesets | ||||||||||||
| ||||||||||||||
| 2023-06-27 | The Error code has changed | see changesets | ||||||||||||
| ||||||||||||||
| 2022-03-01 | The Error code has changed. The request parameters of the API has changed | see changesets | ||||||||||||
| ||||||||||||||
| 2022-03-01 | The Error code has changed. The request parameters of the API has changed | see changesets | ||||||||||||
| ||||||||||||||
| 2021-09-10 | The Error code has changed. The request parameters of the API has changed | see changesets | ||||||||||||
| ||||||||||||||
| 2021-08-12 | The Error code has changed. The request parameters of the API has changed | see changesets | ||||||||||||
|