All Products
Document Center


Last Updated: Dec 31, 2020

This topic provides answers to some commonly asked questions about Elastic Container Instance (ECI), such as questions about billing, instances, containers, images, network, and storage.

How does the system charge an ECI that runs a job?

After Job and CronJob containers are running to completion, the ECIs enter the Succeeded or Failed state. At this point, you are not charged for the ECIs regardless of whether the ECIs are deleted.

The billing duration of ECIs starts when container images are downloaded by using the docker pull command and ends when ECIs stop running and enter the Succeeded or Failed state. For more information, see Billing methods.

How do I view the quota and usage of vCPUs and virtual nodes?

The maximum number of ECIs that you can create and the maximum number of pods supported on virtual nodes are based on your vCPU quota and usage in the specific region. The ECI quota is shared with the ECS instances. If the current quota cannot meet your business requirements, you can to apply for a quota increase.

You can perform the following steps to view quotas in the ECI console:

  1. Log on to the ECI console.

  2. In the top navigation bar, select a specific region.

  3. In the left-side navigation pane, click Privileges and Quotas.

The Privileges and Quotas page displays the usage amount and quota information, as shown in the following figure.

Image 2

How do I handle the ValueExceeded error?

If a ValueExceeded error occurs when you create an ECI, this is because the ECI quota is insufficient. You can to apply for a quota increase.

How can I accelerate ECI creation?


A pod can be created within two to three seconds on a standard node. However, it takes more than ten seconds to start a pod on the ECI that uses the image cache.


This situation is normal. When you create a pod on a standard node, you do not need to apply for resources. Instead, you can directly create containers on the node. When you create an ECI, the system requests resources. When you specify multiple zones, the system checks one zone at a time for resources availability if the resources in a zone are insufficient.

If you specify multiple zones to create an ECI, we recommend that you place the ID of the zone with more resources first to avoid delays caused by retries.

Why is the instance type displayed in the ECI console different from that in the monitoring data?


You have created an ECI whose instance type is 0.5C1G. However, the instance type of the ECI displayed in the monitoring data is 2C2G.


This situation is normal. 2C2G is the instance type of a virtual machine, not the instance type of the ECI. However, if the instance type of your ECI is 0.5C1G, the ECI can use only the available resources of the instance type.

How can I avoid the OperationDenied.NoStock error?

If an OperationDenied.NoStock error occurs when you create an ECI, this indicates that ECIs in the current region and zone are sold out. We recommend that you specify multiple zones and instance types when you create ECIs. For more information, see Specify multiple zones for creating an ECI and Specify multiple instance types for creating an ECI.

What can I do if the following event keeps appearing: Back-off restarting failed container?

If a container that is created from a specified image does not have a daemon process, the container exits immediately after it is started. As a result, the container is continuously restarted and the Back-off restarting failed container warning keeps appearing.

You must define commands to start containers that are created from base images, such as CentOS and BusyBox images. For more information, see Create an ECI by using CentOS images.

Why does an ECI that has been scheduled to the virtual-kubelet node fail to start?


In a Kubernetes cluster with the virtual-kubelet node or a serverless Kubernetes cluster, the following issue may occur: An ECI has been scheduled to the virtual-kubelet node, but no new events are generated. In this case, you must query the logs of the ECI and troubleshoot the issue based on the logs.


If a new event is generated, you can troubleshoot the issue based on the event.


  1. On the Clusters page of the Container Service for Kubernetes (ACK) console, choose More>Open Cloud Shell in the Actions column.

  2. Run the following command to obtain the name of the virtual-kubelet pod:

    kubectl -n kube-system get pods

  3. Run the following command to obtain logs of the specific pod: Replace ack-virtual-node-controller-xxxxxxxxxx with the pod name obtained in Step 2.

    kubectl -n kube-system logs ack-virtual-node-controller-xxxxxxxxxx

  4. Troubleshoot the issue based on the latest error messages in the logs. Alternatively, submit a ticket and provide the ID of the request and error messages to Alibaba Cloud technical support team.


What can I do if a pod remains in the Pending state after I create it?


The pod has been in the Pending state for several hours after it was created. Check the pod event list or instance event list provided by Alibaba Cloud. The error is caused by the connection timeout on the API Server when you mount a volume.


This issue is caused by a poor connection between the instance and the API Server. You can perform the following steps to troubleshoot the issue:

  • Check whether the pod and the API Server of the cluster are deployed in the same virtual private cloud (VPC).

  • If you have configured access control for the server load balancer (SLB) instance of the cluster, make sure that the CIDR block of the pod has been added to the access control list (ACL).

What can I do if kube-proxy and CoreDNS that are scheduled to virtual nodes in a Kubernetes cluster fail to start?

When Kubernetes schedules kube-proxy and CoreDNS, Kubernetes ignores their taints. Therefore, they may be scheduled to the virtual node. In this case, you can add the following content to the YAML files of kube-proxy and CoreDNS:

            - matchExpressions:
              - key: type
                operator: NotIn
                - virtual-kubelet

Why does authentication that is configured in ASK Ingress not take effect?


The annotation is set in nginx-ingress, but it does not take effect.


The Ingress Controller based on an SLB instance in Serverless Kubernetes (ASK) does not support URL authentication.

ACK supports URL authentication.

Does ECI support private images?

Yes, ECI supports private images.

You can create your own image in Alibaba Cloud Container Registry. You can also build your own image repository.

Can I update the image cache?

No, you cannot modify or update an image cache. We recommend that you create an image cache before you delete the existing one.

Can I change the security group of an ECI?

No, you cannot change the security group of an ECI. To use an ECI in another security group, create one in the security group.

How can I access a container group from the Internet?

If you want to enable your ECI to communicate with the Internet, you must configure an elastic IP address (EIP) or a NAT gateway for the ECI. For more information, see Enable Internet access.

Does ECI support port mapping?

No, ECI does not allow you to map ECI ports to container ports.

In the same VPC, you can directly access a container by using the IP address of the ECI and a container port. The container port number is opened by default.

If you want to enable access from the Internet, you can configure an EIP or a NAT gateway for the ECI. For more information, see Enable Internet access.

What can I do if the service IP address is not pingable after the cluster is upgraded?

You can ping the service IP address before October 2020. Each service IP address is assigned to a virtual network interface controller. However, starting October 2020, to optimize high concurrency, service IP addresses are only included in the rules of IP Virtual Server (IPVS). You cannot ping the service IP addresses. IPVS forwards requests based on IP address and port, and ping packets cannot be forwarded.

Can an ECI share an Apsara File Storage NAS file system with an ECS instance?

Yes, you can share an Apsara File Storage NAS file system between an ECI and an ECS instance. You can configure mount targets for the file system and mount them to different services. For more information, see NAS (FlexVolume).

Is persistent data storage supported?

Yes, persistent data storage is supported. The ECI allows you to create stateful applications. You can mount volumes to an ECI when you create the ECI. Then, you can persist data by writing the data to the volumes. For more information, see Volume.

How can I mount volumes?

If an ECI requires high I/O performance of the storage and stores a large number of temporary files, such as log files that do not need to be retained after the ECI is deleted, we recommend that you mount a persistent volume to the ECI.

You can select a storage device for the volume based on your business requirements. The volume type is FlexVolume.

Why are ECI logs not collected?

If you have set the environment variable aliyun_logs_{logstore name} of Log Service in a pod, but have not found any logs of an ECI in Log Service, the following causes can be considered:

  • The ECI has a short run time.

If the job container is running to completion within 20 seconds after the ECI is started, Log Service may have exited the container and the log-related volume is unmounted before logs are collected. As a result, Log Service fails to collect logs.

  • Collection path error

If you specify the environment variable for a pod to collect logs for the first time, ECI automatically creates a logstore and a path in Log Service. Only this path can be used when you create a pod later. If another path is used, Log Service does not collect logs. If you want to change the path, you can change it together with the logstore. Then, ECI automatically creates a new logstore in Log Service.