CreateImageCache - Elastic Container Instance - Alibaba Cloud Documentation Center

You can call the CreateImageCache operation to create an image cache. This accelerates image pulling and reduces the startup time for Elastic Container Instance (ECI) instances.

Operation description

Precautions

Creating an image cache incurs fees. Review the billing information before you proceed. For more information, see Image cache billing.
Before you create an image cache, evaluate the total size of the images to be cached. If the total image size exceeds the cache size, the creation fails.
When you create an image cache, the system automatically creates an ECI instance and an Enhanced SSD (ESSD) PL1 disk. Do not delete the ECI instance or the disk during the creation process. Otherwise, the image cache cannot be created.
When you create an image cache, a corresponding snapshot is generated. Do not delete the snapshot. Otherwise, the image cache becomes invalid.
If you use a software development kit (SDK), make sure that you use one of the following versions or a later version: Java 1.0.10 or Python 1.0.7.

Usage suggestions

To enable password-free access for images from an ACR Enterprise instance that uses a custom domain name, set the AcrRegistryInfo parameters. When you set the AcrRegistryInfo parameters, you must also set the AcrRegistryInfo.N.InstanceId parameter.
If the image cache is used to create more than 1,000 ECI instances in a batch, set the StandardCopyCount and FlashCopyCount parameters to create multiple snapshot replicas. Multiple snapshot replicas are billed based on the incremental data size. Because the data in the snapshot replicas is the same, no additional fees are incurred.

Note

When you call the CreateImageCache operation, the system automatically creates the service-linked role AliyunServiceRoleForECI. This role is used to access other Alibaba Cloud services such as ECS and VPC. For more information, see Service-linked role for Elastic Container Instance.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

eci:CreateImageCache

create

*ImageCache

acs:eci:{#regionId}:{#accountId}:imagecache/*

eci:tag

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The ID of the region.	cn-hangzhou
RegionId	string	Yes	The ID of the region.	cn-hangzhou
ZoneId	string	No	The zone.	cn-hangzhou-g
SecurityGroupId	string	No	The ID of the security group.	sg-uf66jeqopgqa9hdn****
VSwitchId	string	No	The ID of the vSwitch. You can specify up to 10 vSwitch IDs, separated by commas (,). For example, `vsw-*,vsw-*`.	vsw-uf6h3rbwbm90urjwa****
ImageCacheName	string	Yes	The name of the image cache.	testcache
EipInstanceId	string	No	The EIP. To pull images from the Internet, make sure that the ECI instance can access the Internet. To enable Internet access, configure an EIP or a NAT Gateway.	eip-2zedsm5mfl3uhdj2d****
ResourceGroupId	string	No	The ID of the resource group.	rg-aekzh43v*****
ClientToken	string	No	A client token to ensure the idempotence of the request. Generate a value from your client to make sure that the value is unique among different requests. The token can contain only ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence.	123e4567-xxx-xxx-xxxx-42665544xxxx
ImageCacheSize	integer	No	The size of the image cache. The default value is 20 GiB.	20
RetentionDays	integer	No	The retention period of the image cache. The image cache is cleared after the retention period expires. By default, the image cache never expires. Note An image cache that fails to be created is retained for only one day.	7
AutoMatchImageCache	boolean	No	Specifies whether to enable image cache reuse. If you enable this feature, new image caches can reuse the image layers of existing image caches. This speeds up the creation of image caches. Valid values: true false Default value: false.	true
ImageRegistryCredential	array<object>	No	The credentials of the image repository.
	object	No	The credentials of the image repository.
Password	string	No	The password for the image repository.	password
Server	string	No	The address of the image repository. Do not include the `http://` or `https://` prefix.	registry-vpc.cn-hangzhou.aliyuncs.com
UserName	string	No	The username for the image repository.	username
Image	array	Yes	The container images used to create the image cache.	registry-vpc.cn-hangzhou.aliyuncs.com/eci_open/nginx:1.15.10-perl
	string	No	The container images used to create the image cache.	registry-vpc.cn-hangzhou.aliyuncs.com/eci_open/nginx:1.15.10-perl
Tag	array<object>	No	The tags of the image cache. You can specify up to 20 tags.
	object	No	The tags of the image cache. You can specify up to 20 tags.
Key	string	No	The key of the image cache tag.	imc
Value	string	No	The value of the image cache tag.	test
Flash	boolean	No	Specifies whether to enable the instant image cache feature. If you enable this feature, the creation of the image cache is accelerated. Valid values: true false Default value: false.	true
AcrRegistryInfo	array<object>	No	The information about the ACR instance. For more information, see Use a password-free method to pull images from an ACR repository.
	object	No	The information about the ACR instance.
Domain	array	No	The domain names of the ACR Enterprise instance. By default, all domain names of the instance are specified. You can specify one or more domain names. Separate multiple domain names with commas (,).	test****-registry.cn-beijing.cr.aliyuncs.com
	string	No	The domain names of the ACR Enterprise instance. By default, all domain names of the instance are specified. You can specify one or more domain names. Separate multiple domain names with commas (,).	test****-registry.cn-beijing.cr.aliyuncs.com
InstanceName	string	No	The name of the ACR Enterprise instance.	test****
InstanceId	string	No	The ID of the ACR Enterprise instance.	cri-nwj395hgf6f3****
RegionId	string	No	The region where the ACR Enterprise instance resides.	cn-beijing
ArnService	string	No	The Alibaba Cloud Resource Name (ARN) of the RAM role that belongs to the account of the resource, such as an ECI instance.	acs:ram::1609982529******:role/role-assume
ArnUser	string	No	The ARN of the RAM role that belongs to the account of the ACR instance.	acs:ram::1298452580******:role/role-acr
Annotations	string	No	The annotations. This parameter is not for external use.	hide
PlainHttpRegistry	string	No	The address of a self-managed image repository. When you create an image cache using an image from a self-managed image repository that uses the HTTP protocol, set this parameter to allow ECI to pull the image over HTTP. This prevents image pull failures caused by protocol mismatch.	"harbor*.pre.com,192.168.XX.XX:5000,reg*.test.com:80"
InsecureRegistry	string	No	The address of a self-managed image repository. When you create an image cache using an image from a self-managed image repository that uses a self-signed certificate, set this parameter to skip certificate verification. This prevents image pull failures caused by certificate verification failures.	"harbor*.pre.com,192.168.XX.XX:5000,reg*.test.com:80"
StandardCopyCount	integer	No	The number of standard snapshot replicas. By default, one image cache corresponds to one snapshot. If the image cache is used to create multiple ECI instances in a batch, create multiple snapshot replicas. Add one snapshot replica for every 1,000 ECI instances. Note If the instant image cache feature is disabled (Flash is set to false), only standard snapshots are created during the image cache creation process.	7
FlashCopyCount	integer	No	The number of local snapshot replicas. By default, one image cache corresponds to one snapshot. If the image cache is used to create multiple ECI instances in a batch, create multiple snapshot replicas. Add one snapshot replica for every 1,000 ECI instances. Note If the instant image cache feature is enabled (Flash is set to true), local snapshots are first created during the image cache creation process. After the local snapshots are created, standard snapshots are created. After the standard snapshots are created, the local snapshots are automatically deleted.	7
EliminationStrategy	string	No	The eviction policy of the image cache. The default value is empty, which indicates that the image cache is always retained. You can set this parameter to LRU, which indicates that the image cache can be automatically deleted. When the number of image caches reaches the quota limit, the system automatically deletes the image caches that are least recently used and have EliminationStrategy set to LRU.	LRU
OsType	string	No	The operating system of the container image. Valid values: Linux (default) Windows Note Windows is in invitational preview. To use this feature, submit a ticket.	Linux

Response elements

Element	Type	Description	Example
	object
RequestId	string	The ID of the request.	0E234675-3465-4CC3-9D0F-9A864BC391DD
ImageCacheId	string	The ID of the image cache.	imc-2zebxkiifuyzzlhl****
ContainerGroupId	string	The ID of the ECI instance that is used to create the image cache.	eci-2zebxkiifuyzzlhl****

Examples

Success response

JSON format

{
  "RequestId": "0E234675-3465-4CC3-9D0F-9A864BC391DD",
  "ImageCacheId": "imc-2zebxkiifuyzzlhl****",
  "ContainerGroupId": "eci-2zebxkiifuyzzlhl****"
}

Error codes

HTTP status code	Error code	Error message	Description
400	Account.Arrearage	Your account has an outstanding payment.	Your account has an outstanding payment.
400	DryRunOperation	Request validation has been passed with DryRun flag set.	Request validation has been passed with DryRun flag set.
400	InvalidParameter.CPU.Memory	The specified cpu and memory are not allowed
400	IncorrectStatus	%s
400	ServiceNotEnabled	%s	The service on which this request depends has not been activated. Please activate and try again.
400	DiskVolume.NotSupport	The disk volume is not supported.	Disk volume does not support your structure. If you want to enable this function, contact us.
400	RamRole.NotSupport	The RAM role is not supported.	The RAM role is not supported.
400	ImageCache.IncorrectStatus	%s
400	ImageCacheNotSupport	Image cache is not available for all users. If you want to enable this function, contact us.	Container image cache is currently not available to all users. Submit a ticket if you need to use the feature.
400	EipAddressPoolIpNotEnough	The ip address of specified PublicIpAddressPool is not enough.
400	OperationConflict	The request was denied. It conflicts with a previous request.
403	OperationDenied.VswZoneMisMatch	The specified VSwitchId is not in the specified Zone.
403	QuotaExceeded	%s quota exceeded.
403	Zone.NotOnSale	The specified zone is not available for purchase.
403	Forbidden.RiskControl	This operation has been identified as an abnormal operation and cannot be processed.
403	Forbidden.SubUser	The specified action is not available for you.
403	Forbidden.OnlyForInvitedTest	Eci create action is only open to invited users during public beta.
403	OperationDenied.SecurityGroupMisMatch	The specified VSwitchId and SecurityGroupId are not in the same VPC.
403	InvalidVSwitchId.IpNotEnough	The specified VSwitch does not have enough IP addresses.
403	Forbidden.UserBussinessStatus	This operation is not allowed, because you have overdue bills. Pay the overdue bill and try again.
403	Forbidden.UserNotRealNameAuthentication	This operation is not allowed, because you have not passed the real-name verification.
403	InvalidUser.PassRoleForbidden	The RAM user is not authorized to assume a RAM role.	The RAM user is not authorized to assume a RAM role.
403	OperationDenied.NoStock	Sales of this resource are temporarily suspended in the specified zone. We recommend that you use the multi-zone creation function to avoid the risk of insufficient resource. For more information, see https://www.alibabacloud.com/help/document_detail/157290.html
403	NoPermission	The RAM role AliyunECIContainerGroupRole does not belong to eci.aliyuncs.com. Please check and try again.
403	SecurityRisk.3DVerification	We have detected a security risk with your default credit or debit card. Please proceed with verification via the link in your email.
403	CreateServiceLinkedRole.Denied	Please make sure the account has ram:CreateServiceLinkedRole permission.	Please make sure the account has ram:CreateServiceLinkedRole permission.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.