CreateContainerGroup - Elastic Container Instance - Alibaba Cloud Documentation Center

Call the CreateContainerGroup operation to create an Elastic Container Instance (ECI), which is also known as a container group.

Operation description

When you call the CreateContainerGroup operation to create an ECI, the system automatically creates a service-linked role named AliyunServiceRoleForECI. This role is used to access other Alibaba Cloud services such as ECS and VPC. For more information, see Service-linked role for Elastic Container Instance.

When you create an ECI, you can configure features such as the instance, image, and storage. For information about the parameters for each feature, see the following documents:

Instance

ECI supports the following methods for creating an instance:

The following features are supported by both methods:

Image

Network

Storage

Container configuration

Logs and O&M

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

eci:CreateContainerGroup

create

*ContainerGroup

acs:eci:{#regionId}:{#accountId}:containergroup/*

eci:tag

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID.	cn-hangzhou
RegionId	string	Yes	The region ID.	cn-hangzhou
ZoneId	string	No	The zone ID of the instance. If you leave this parameter empty, the system selects a zone. This parameter is empty by default.	cn-hangzhou-b
SecurityGroupId	string	No	The ID of the security group to which the instance belongs. Instances in the same security group can access each other. If you do not specify a security group, the system uses the default security group in the region that you selected. Make sure that the inbound rules of the security group contain the protocols and ports that the container needs to expose. If you do not have a default security group in the region, the system creates a default security group and adds the protocols and ports that you declare for the container to the inbound rules of the security group.	sg-uf66jeqopgqa9hdn****
VSwitchId	string	No	The ID of the vSwitch to which the instance belongs. You can specify up to 10 vSwitch IDs. Separate multiple IDs with commas (,), for example, `vsw-*,vsw-`. If you do not specify a vSwitch, the system uses the default vSwitch in the default VPC of the selected region. If you do not have a default VPC and a default vSwitch in the region, the system creates a default VPC and a default vSwitch. Note* The number of IP addresses in the vSwitch CIDR block determines the maximum number of ECI instances that can be created in the vSwitch. Plan the CIDR block in advance.	vsw-bp1xpiowfm5vo8o3c**,vsw-bp1rkyjgr1xwoho6k**
ContainerGroupName	string	Yes	The name of the ECI instance, which is also the name of the container group. The name must meet the following requirements: The name must be 2 to 128 characters in length. It can contain lowercase letters, digits, and hyphens (-). It cannot start or end with a hyphen (-).	nginx-test
RestartPolicy	string	No	The restart policy of the instance. Valid values: Always: Always restarts the instance. Never: Never restarts the instance. OnFailure: Restarts the instance upon failure. Default value: Always.	Always
EipInstanceId	string	No	The ID of the Elastic IP Address (EIP).	eip-uf66jeqopgqa9hdn****
Cpu	number	No	The number of vCPUs for the instance. Unit: cores.	1.0
Memory	number	No	The memory size of the instance. Unit: GiB.	2.0
ResourceGroupId	string	No	The ID of the resource group.	rg-uf66jeqopgqa9hdn****
DnsPolicy	string	No	The DNS policy. Valid values: None: Use the DNS settings specified in the DnsConfig field. Default: Inherit the DNS settings from the runtime environment.	Default
ClientToken	string	No	Ensures the idempotence of the request. Generate a parameter value from your client to make sure that the value is unique among different requests. This parameter can contain only ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence.	123e4567-xxxx-12d3-xxxx-426655440000
InstanceType	string	No	The ECS instance type. You can specify multiple instance types. For more information, see Create an instance by specifying an ECS instance type.	ecs.c5.xlarge
ImageSnapshotId	string	No	The ID of the image cache. For more information, see Use an image cache to accelerate instance creation.	imc-2zebxkiifuyzzlhl****
RamRoleName	string	No	The name of the instance RAM role. ECI and ECS share instance RAM roles. For more information, see Use an instance RAM role by calling an API.	RamTestRole
TerminationGracePeriodSeconds	integer	No	The buffer time for the program to process operations before it is shut down. Unit: seconds.	60
AutoMatchImageCache	boolean	No	Specifies whether to automatically match the image cache. The default value is false.	false
Ipv6AddressCount	integer	No	The number of IPv6 addresses. The value is fixed at 1, which indicates that one IPv6 address can be bound to an ECI instance.	1
ActiveDeadlineSeconds	integer	No	The validity period of the ECI instance. The instance is forcibly terminated after this period. Unit: seconds.	1000
SpotStrategy	string	No	The preemption policy for the instance. Valid values: NoSpot: a regular pay-as-you-go instance. SpotWithPriceLimit: a preemptible instance with a user-defined maximum hourly price. SpotAsPriceGo: a preemptible instance for which the system automatically bids based on the current market price. Default value: NoSpot.	SpotWithPriceLimit
SpotPriceLimit	number	No	The maximum hourly price of the preemptible instance. The value can be accurate to three decimal places. You must set SpotPriceLimit when SpotStrategy is set to SpotWithPriceLimit.	0.025
ScheduleStrategy	string	No	The scheduling policy for the ECI instance when you configure multi-zone deployment (by specifying multiple vSwitches with the VSwitchId parameter). Valid values: VSwitchOrdered: sequential scheduling. VSwitchRandom: random scheduling. For more information, see Create an instance in multiple zones.	VSwitchOrdered
CorePattern	string	No	The directory where the core files generated by coredump are saved. For more information, see Save core files to a volume. Note The configured path cannot start with `\|`. You cannot configure an executable program using Core dump.	/xx/xx/core
ShareProcessNamespace	boolean	No	Specifies whether to use a shared namespace. The default value is false.	false
AutoCreateEip	boolean	No	Specifies whether to automatically create an EIP and bind it to the ECI instance.	true
EipBandwidth	integer	No	The bandwidth of the EIP. The default value is 5 Mbps. You can set this parameter when AutoCreateEip is set to true.	5
EipISP	string	No	The line type of the EIP. Valid values: BGP (default): BGP (Multi-ISP) BGP_PRO: BGP (Multi-ISP) Pro	BGP
EipCommonBandwidthPackage	string	No	The ID of the Internet Shared Bandwidth instance.	cbwp-2zeukbj916scmj51m****
HostName	string	No	The hostname.	test
IngressBandwidth	integer	No	The inbound bandwidth limit. Unit: Bps.	1024000
EgressBandwidth	integer	No	The outbound bandwidth limit. Unit: Bps.	1024000
CpuOptionsCore	integer	No	The number of physical CPU cores. You can customize this parameter for only specific instance types.	2
CpuOptionsThreadsPerCore	integer	No	The number of threads per core. You can customize this parameter for only specific instance types. A value of 1 indicates that hyper-threading is disabled.	2
CpuOptionsNuma	string	No	This parameter is not supported.	1
EphemeralStorage	integer	No	The size of the temporary storage space to add. Unit: GiB. For more information, see Customize the size of the temporary storage space.	20
Tag	array<object>	No	The list of tags. You can bind up to 20 tags. For more information, see Use tags to manage instances.
	object	No	The list of tags. You can bind up to 20 tags. For more information, see Use tags to manage instances.
Key	string	No	The tag key. If you specify this parameter, the value cannot be an empty string and cannot be a duplicate. The tag key can be up to 64 characters in length and cannot start with `aliyun` or `acs:`. It cannot contain `http://` or `https://`.	version
Value	string	No	The tag value. If you specify this parameter, the value can be an empty string. The tag value can be up to 128 characters in length, cannot start with `acs:`, and cannot contain `http://` or `https://`.	3
ImageRegistryCredential	array<object>	No	The information about the image repository.
	object	No	The information about the image repository.
Password	string	No	The password for the image repository.	yourpassword
Server	string	No	The address of the image repository.	registry-vpc.cn-shanghai.aliyuncs.com
UserName	string	No	The username for the image repository.	yourusername
Container	array<object>	Yes	The information about the container.
	array<object>	No	The information about the container.
ReadinessProbe.TimeoutSeconds	integer	No	The timeout period for the check. Default value: 1. Minimum value: 1. Unit: seconds.	1
ReadinessProbe.SuccessThreshold	integer	No	The number of consecutive successes that are required to determine that the check is successful after the check has failed. Default value: 1. The value must be 1.	1
SecurityContext.Capability.Add	array	No	The permissions to grant to the processes in the container. Only NET_ADMIN and NET_RAW are supported. Note NET_RAW is not supported by default. To use this feature, submit a ticket.
	string	No	The permissions to grant to the processes in the container. Only NET_ADMIN and NET_RAW are supported. Note NET_RAW is not supported by default. To use this feature, submit a ticket.	NET_ADMIN
ReadinessProbe.TcpSocket.Port	integer	No	The port that is checked using a TCP socket when you perform a health check. The port is detected by the TCP socket. Note When you set the ReadinessProbe parameter, you can select only one of the following check methods: HttpGet, Exec, and TcpSocket.	8000
ReadinessProbe.HttpGet.Scheme	string	No	The protocol type of the HTTP Get request when you perform a health check using an HTTP request. Valid values: HTTP HTTPS Note When you set the ReadinessProbe parameter, you can select only one of the following check methods: HttpGet, Exec, and TcpSocket.	HTTP
LivenessProbe.PeriodSeconds	integer	No	The interval at which the check is performed. Default value: 10. Minimum value: 1. Unit: seconds.	5
SecurityContext.ReadOnlyRootFilesystem	boolean	No	Specifies whether the root file system on which the container runs is read-only. Only true is supported.	true
EnvironmentVar	array<object>	No	The environment variables of the container.
	object	No	The environment variables of the container.
Key	string	No	The name of the environment variable. The name must be 1 to 128 characters in length. The name can contain digits, letters, and underscores (_), and cannot start with a digit.	PATH
Value	string	No	The value of the environment variable. The value must be 0 to 256 characters in length.	/usr/local/bin
FieldRef.FieldPath	string	No	The reference of the environment variable. Only status.podIP is supported.	status.podIP
LivenessProbe.TcpSocket.Port	integer	No	The port that is checked using a TCP socket when you perform a health check. The port is detected by the TCP socket. Note When you set the LivenessProbe parameter, you can select only one of the following check methods: HttpGet, Exec, and TcpSocket.	8080
Tty	boolean	No	Specifies whether to enable interaction. The default value is false. If the Command is /bin/bash, set this parameter to true.	false
WorkingDir	string	No	The working directory of the container.	/usr/local/
Arg	array	No	The arguments for the container startup command. You can specify up to 10 arguments.	100
	string	No	The arguments for the container startup command. You can specify up to 10 arguments.	100
Stdin	boolean	No	Specifies whether a buffer should be allocated for the standard input of the container in the container runtime. If this parameter is not set, an EOF is returned for the standard input of the container. The default value is false.	false
LivenessProbe.InitialDelaySeconds	integer	No	The time when the check starts to be performed. The time is calculated from the moment when the container is started.	5
VolumeMount	array<object>	No	The information about the volume.
	object	No	The information about the volume.
MountPropagation	string	No	The mount propagation setting of the volume. Mount propagation lets you share volumes that are mounted on a container with other containers in the same pod, or even with other pods on the same node. Valid values: None: The volume is not affected by any subsequent mount operations that are performed on the volume or its subdirectories. HostToContainer: The volume is affected by subsequent mount operations that are performed on the volume or its subdirectories. Bidirectional: This value is similar to HostToContainer. The volume is affected by mount operations. In addition, the volume is propagated back to the host and to all containers of all pods that use the same volume. Default value: None	None
MountPath	string	No	The directory to which the volume is mounted. Note The content in the mount directory of the container is overwritten by the content of the volume. Use this parameter with caution.	/pod/data
ReadOnly	boolean	No	Specifies whether the volume is read-only. The default value is false.	false
SubPath	string	No	The subdirectory of the volume.	data2/
Name	string	No	The name of the volume. The value must be the same as the value of the Name parameter in the Volume object.	default-volume1
ImagePullPolicy	string	No	The policy for pulling the image. Valid values: Always: Always pulls the image. IfNotPresent: Pulls the image only if the image is not available locally. Never: Never pulls the image. The image is used only if the image is available locally.	Always
StdinOnce	boolean	No	Specifies whether to keep the standard input stream open in multiple attach sessions when the standard input is set to true. If StdinOnce is set to true, the standard input is opened when the container is started. The standard input is empty before the first client is attached to the standard input. Then, the standard input remains open and receives data until the client is disconnected. At this time, the standard input is closed and remains closed until the container is restarted.	false
LifecyclePreStopHandlerTcpSocketPort	integer	No	The port that is detected by the TCP socket when you set the preStop callback function using the TCPSocket method.	90
LifecyclePostStartHandlerHttpGetScheme	string	No	The protocol type of the HTTP Get request when you set the postStart callback function using an HTTP request. Valid values: HTTP HTTPS	HTTPS
ReadinessProbe.PeriodSeconds	integer	No	The interval at which the check is performed. Default value: 10. Minimum value: 1. Unit: seconds.	3
LivenessProbe.SuccessThreshold	integer	No	The number of consecutive successes that are required to determine that the check is successful after the check has failed. Default value: 1. The value must be 1.	1
Command	array	No	The startup command of the container. You can specify up to 20 commands. Each command can contain up to 256 characters.	sleep
	string	No	The startup command of the container. You can specify up to 20 commands. Each command can contain up to 256 characters.	sleep
LifecyclePostStartHandlerHttpGetHost	string	No	The host address that receives the HTTP Get request when you set the postStart callback function using an HTTP request.	10.0.XX.XX
TerminationMessagePolicy	string	No	The message notification policy. The default value is empty. Only message notifications for MSMQ are supported.	FallbackToLogsOnError
ReadinessProbe.HttpGet.Path	string	No	The path that is checked by the HTTP Get request when you perform a health check. Note When you set the ReadinessProbe parameter, you can select only one of the following check methods: HttpGet, Exec, and TcpSocket.	/healthz
LivenessProbe.Exec.Command	array	No	The command that is run in the container when you perform a health check using a command. Note When you set the LivenessProbe parameter, you can select only one of the following check methods: HttpGet, Exec, and TcpSocket.
	string	No	The command that is run in the container when you perform a health check using a command.	cat /tmp/healthy
LifecyclePostStartHandlerTcpSocketPort	integer	No	The port that is detected by the TCP socket when you set the postStart callback function using the TCPSocket method.	80
LifecyclePostStartHandlerHttpGetPath	string	No	The path that is checked by the HTTP Get request when you set the postStart callback function using an HTTP request.	/healthyz
LifecyclePostStartHandlerExec	array	No	The command that is run in the container when you set the postStart callback function using a command.	["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
	string	No	The command that is run in the container when you set the postStart callback function using a command.	["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
LifecyclePreStopHandlerHttpGetPath	string	No	The path that is checked by the HTTP Get request when you set the preStop callback function using an HTTP request.	/healthyz
Port	array<object>	No	The port number.
	object	No	The port number.
Protocol	string	No	The protocol. Valid values: TCP UDP	TCP
Port	integer	No	The port number. Valid values: 1 to 65535.	80
TerminationMessagePath	string	No	The path to which the error message of the container is written.	/tmp/termination-log
LifecyclePreStopHandlerHttpGetScheme	string	No	The protocol type of the HTTP Get request when you set the preStop callback function using an HTTP request. Valid values: HTTP HTTPS	HTTP
LivenessProbe.HttpGet.Scheme	string	No	The protocol type of the HTTP Get request when you perform a health check using an HTTP request. Valid values: HTTP HTTPS Note When you set the LivenessProbe parameter, you can select only one of the following check methods: HttpGet, Exec, and TcpSocket.	HTTP
ReadinessProbe.HttpGet.Port	integer	No	The port to which the HTTP GET request is sent for the health check. Note You can specify only one of the HttpGet, Exec, and TcpSocket check methods for a readiness probe.	8080
LifecyclePostStartHandlerTcpSocketHost	string	No	The host address for the TCP socket probe. This parameter is used when you configure the postStart handler to use a TCP socket.	10.0.XX.XX
Gpu	integer	No	The number of GPUs for the container.	1
ReadinessProbe.InitialDelaySeconds	integer	No	The number of seconds to wait after the container starts before the readiness probe is initiated.	3
LifecyclePreStopHandlerExec	array	No	The command to execute in the container for the preStop callback function when the function is set using the command line.	["/bin/sh", "-c","echo Hello from the preStop handler > /usr/share/message"]
	string	No	The command to execute in the container for the preStop callback function.	["/bin/sh", "-c","echo Hello from the preStop handler > /usr/share/message"]
Memory	number	No	The memory size of the container. The unit is GiB.	0.5
Name	string	Yes	The name of the container.	nginx
LifecyclePreStopHandlerHttpGetHost	string	No	The host that accepts the HTTP GET request for the preStop callback function.	10.0.XX.XX
LifecyclePreStopHandlerTcpSocketHost	string	No	The host address for the TCP socket check in the preStop handler.	10.0.XX.XX
Image	string	Yes	The container image.	registry-vpc.cn-hangzhou.aliyuncs.com/eci_open/nginx:latest
LifecyclePreStopHandlerHttpGetPort	integer	No	The port that the HTTP GET request probes for the preStop callback function.	88
LivenessProbe.FailureThreshold	integer	No	The number of consecutive failures before the probe is considered failed. The count resets after a successful probe. The default is 3.	3
ReadinessProbe.Exec.Command	array	No	The command to execute in the container for a command-line health check. Note When you set parameters for ReadinessProbe, you can select only one of the HttpGet, Exec, and TcpSocket check methods.
	string	No	The command to run in the container for a command-line health check.	cat /tmp/healthy
LifecyclePreStopHandlerHttpGetHttpHeader	array<object>	No	The HTTP request headers.
	object	No	The HTTP request header.
Value	string	No	The value of a custom field in the HTTP GET request header for the preStop callback function.	test-preStop
Name	string	No	The name of a custom header in the HTTP GET request for the preStop callback function.	Xiao-Custom-Header
ReadinessProbe.FailureThreshold	integer	No	The minimum number of consecutive failures before a probe is marked as failed. The count resets after a success. The default is 3.	3
Cpu	number	No	The number of vCPUs for the container. Unit: cores.	0.25
LivenessProbe.HttpGet.Port	integer	No	The port for the HTTP GET health check. Note You can use only one check method for a liveness probe: HttpGet, Exec, or TcpSocket.	8888
LivenessProbe.HttpGet.Path	string	No	The path for the HTTP GET request in the health check. Note When you set parameters for a LivenessProbe, you can select only one of the following check methods: HttpGet, Exec, or TcpSocket.	/healthz
LivenessProbe.TimeoutSeconds	integer	No	The timeout period for the probe. The default value is 1 second. The minimum value is 1 second.	1
SecurityContext.RunAsUser	integer	No	Sets the user ID to run the container.	1000
LifecyclePostStartHandlerHttpGetPort	integer	No	The port number for the HTTP GET request of an HTTP-based postStart callback function.	5050
LifecyclePostStartHandlerHttpGetHttpHeader	array<object>	No	The HTTP request headers.
	object	No	The HTTP request header parameters.
Value	string	No	The value of a custom field in the HTTP GET request header for the postStart callback function.	test-postStart
Name	string	No	The name of a custom field in the HTTP GET request header of the postStart callback function.	Xiao-Custom-Header
EnvironmentVarHide	boolean	No	Specifies whether to hide environment variables when you query the details of an ECI instance. Valid values: false (default): The environment variables are returned in the query result. true: The environment variables are not returned in the query result. This improves security if the variables contain sensitive information.	false
SecurityContextRunAsGroup	integer	No	The user group that runs the container.	3000
SecurityContextRunAsNonRoot	boolean	No	Specifies whether to run the container in non-root mode. Valid values: true: Non-root mode false (default): Root mode	true
SecurityContextPrivileged	boolean	No	Specifies whether to run the container in privileged mode. Valid values: true: The container runs in privileged mode. false (Default): The container does not run in privileged mode. Note The privileged container feature is in internal beta. To request access, submit a ticket.	true
Volume	array<object>	No	The information about the volume.
	array<object>	No	The volume information.
Type	string	No	The volume type. Valid values: EmptyDirVolume: An empty directory volume. NFSVolume: A network file system (NFS) volume. ConfigFileVolume: A configuration file volume. FlexVolume: A volume that uses a FlexVolume plug-in to extend storage classes. This volume type supports mounting disks. HostPathVolume: A volume that represents a file or directory on the host node. This volume type is available only to whitelisted users. DiskVolume (Not recommended): A disk volume. Use FlexVolume to mount disks.	ConfigFileVolume
DiskVolume.DiskSize	integer	No	The size of the DiskVolume in GiB.	15
NFSVolume.Path	string	No	The path of the NFS volume.	/share
DiskVolume.FsType	string	No	The file system type of the disk volume.	xfs
FlexVolume.FsType	string	No	The type of file system to mount. The default type depends on the FlexVolume script.	ext4
HostPathVolume.Type	string	No	The type of the HostPath volume. Valid values: Directory: A folder. File: A file. Note HostPath volumes are available only to users in the whitelist.	Directory
ConfigFileVolume.DefaultMode	integer	No	The default permission for the ConfigFileVolume.	0644
NFSVolume.ReadOnly	boolean	No	Specifies whether the NFS volume is read-only. The default is false.	false
ConfigFileVolume.ConfigFileToPath	array<object>	No	The details of the volume that is created from a configuration file. If you specify multiple ConfigFileToPath items, the total size of the corresponding Content values cannot exceed 60 KB.
	object	No	The information about the ConfigFile volume.
Path	string	No	The path to the configuration file, relative to the mount directory.	test/config-test.cnf
Mode	integer	No	The permissions for the configuration file. If this parameter is not set, the value of ConfigFileVolume.DefaultMode is used. The permissions are specified as a four-digit octal number. For example, 0644 grants rw-r--r-- permissions. This means that the user has read and write permissions (rw-), the user's group has read-only permissions (r--), and other users have read-only permissions (r--). The permissions are described as follows: `---`: No permissions. The octal value is 0. `--x`: Execute permission only. The octal value is 1. `-w-`: Write permission only. The octal value is 2. `-wx`: Write and execute permissions. The octal value is 3. `r--`: Read permission only. The octal value is 4. `r-x`: Read and execute permissions. The octal value is 5. `rw-`: Read and write permissions. The octal value is 6. `rwx`: Read, write, and execute permissions. The octal value is 7.	0644
Content	string	No	The content of the configuration file. The content must be Base64-encoded. A single configuration file cannot be larger than 32 KB.	bGl1bWk=
HostPathVolume.Path	string	No	The path of the directory on the host.	/pod/data
FlexVolume.Options	string	No	A list of options for the FlexVolume object. The options are key-value pairs passed in JSON format. For example, when you attach a disk using FlexVolume, the Options parameter specifies the configuration parameters for the disk. The configurable parameters are as follows: volumeId: The ID of an existing disk. volumeSize: The size of the disk in GiB. Valid values: 20 to 32768. performanceLevel: The performance level of the disk. For more information, see Disk performance levels. deleteWithInstance: Specifies whether to release the disk when the instance is released. The default value is false. encrypted: Specifies whether to encrypt the disk. The default value is false. For more information, see Encryption overview. kmsKeyId: The ID of the KMS key used to encrypt the disk.	{"volumeId":"d-2zehdahrwoa7srg****","performanceLevel": "PL2"}
FlexVolume.Driver	string	No	The driver type for the FlexVolume plugin to mount a volume. Valid values: alicloud/disk: Mounts a disk. alicloud/nas: Mounts NAS. alicloud/oss: Mounts OSS.	alicloud/disk
NFSVolume.Server	string	No	The address of the NFS server.	3f9cd4a596-naw76.cn-shanghai.nas.aliyuncs.com
DiskVolume.DiskId	string	No	The ID of the DiskVolume.	d-xx
Name	string	No	The name of the volume.	default-volume1
EmptyDirVolume.Medium	string	No	The storage medium for the EmptyDirVolume. The default value is empty, which uses the node's file system. The value memory is also supported, which uses memory.	memory
EmptyDirVolume.SizeLimit	string	No	The size of the EmptyDirVolume in GiB.	2
InitContainer	array<object>	No	The list of init containers.
	array<object>	No	The list of init containers.
SecurityContext.Capability.Add	array	No	Grants specific permissions to processes in the container. Only NET_ADMIN and NET_RAW are supported. Note NET_RAW is not supported by default. Submit a ticket to request this permission.
	string	No	Grants specific permissions to processes in the container. Only NET_ADMIN and NET_RAW are supported. Note NET_RAW is not supported by default. Submit a ticket to request this permission.	NET_ADMIN
Image	string	No	The image that the container uses.	nginx
VolumeMount	array<object>	No	The list of volume mounts.
	object	No	The list of volumes to mount.
MountPropagation	string	No	The mount propagation setting for the volume. Mount propagation lets you share a volume mounted by a container with other containers in the same pod, or even with other pods on the same node. Valid values: None: This volume mount does not receive any subsequent mounts that are mounted to this volume or any of its subdirectories. HostToContainer: This volume mount receives all subsequent mounts that are mounted to this volume or any of its subdirectories. Bidirectional: This volume mount behaves the same as a HostToContainer mount. In addition, all volume mounts created by the container are propagated back to the host and to all containers of all pods that use the same volume. Default value: None	None
MountPath	string	No	The mount path in the container. The content of the volume overwrites the content in this path. Use this parameter with caution.	/usr/share/
ReadOnly	boolean	No	Specifies whether the mount path is read-only. The default is false.	false
SubPath	string	No	The path to a subdirectory within the volume. This lets a pod mount different directories from the same volume into different directories in a container.	/usr/sub/
Name	string	No	The name of the volume to mount.	test-empty
Port	array<object>	No	The port of the init container.
	object	No	The port number of the init container.
Protocol	string	No	The protocol type. Valid values: TCP UDP	TCP
Port	integer	No	The port number. The value range is 1 to 65535.	8888
SecurityContext.ReadOnlyRootFilesystem	boolean	No	Controls whether the root file system of the container is read-only. This parameter must be set to true.	true
TerminationMessagePath	string	No	The source of the container's termination message. When the container stops, its termination message is retrieved from the specified file.	/tmp/termination-log
EnvironmentVar	array<object>	No	The list of environment variables for the container.
	object	No	The list of environment variables for the container.
Key	string	No	The name of the environment variable. The name must be 1 to 128 characters in length. It can contain letters, digits, and underscores (_). The name cannot start with a digit.	Path
Value	string	No	The value of the environment variable. The value is 0 to 256 characters long.	/usr/bin/
FieldRef.FieldPath	string	No	The reference to the value of the environment variable. Currently, only status.podIP is supported.	status.podIP
ImagePullPolicy	string	No	The image pull policy. Valid values: Always: Always pulls the image. IfNotPresent: Pulls the image only if it is not present locally. Never: Never pulls the image. Only the local image is used.	Always
WorkingDir	string	No	The working directory.	/usr/local
Cpu	number	No	The number of vCPU cores for the container.	0.5
Arg	array	No	The startup arguments for the container.	10
	string	No	A startup argument for the container.	10
Command	array	No	The startup command for the container.	sleep
	string	No	The startup command for the container.	sleep
Gpu	integer	No	The number of GPUs that the container uses.	1
SecurityContext.RunAsUser	integer	No	The user ID that the container runs as.	587
Memory	number	No	The memory size of the container. Unit: GiB.	1.0
TerminationMessagePolicy	string	No	The policy for the termination message. This is empty by default.	*****
Name	string	No	The name of the container.	test-init
DnsConfig.NameServer	array	No	The IP addresses of the DNS servers.	172.10..*
	string	No	A DNS server IP address.	172.10..*
DnsConfig.Search	array	No	A list of DNS search domains.	svc.local.kubenetes
	string	No	A list of DNS search domains.	svc.local.kubernetes
DnsConfig.Option	array<object>	No	A list of options for the object.
	object	No	The options for the object.
Value	string	No	The value of the object.	value
Name	string	No	The name of the object.	name
HostAliase	array<object>	No	The host aliases for the ECI instance.
	object	No	An alias for the ECI.
Ip	string	No	The IP address.	1.1.1.1
Hostname	array	No	The hostnames to add.	hehe.com
	string	No	The hostname.	hehe.com
SecurityContext.Sysctl	array<object>	No	The security sysctl parameters to set in the security context. For more information, see Security context configuration.
	object	No	The secure sysctl parameters to modify in the security context. For more information, see Configure a security context.
Value	string	No	The value of the safe sysctl parameter to configure in the security context.	65536
Name	string	No	The name of the safe sysctl parameter to modify using the security context. Valid values: net.ipv4.ping_group_range net.ipv4.ip_unprivileged_port_start	net.ipv4.ping_group_range
HostSecurityContext.Sysctl	array<object>	No	A list of unsafe sysctl parameters to modify using the security context. For more information, see Configure a security context.
	object	No	An unsafe sysctl parameter to modify using the security context. For more information, see Security context configuration.
Value	string	No	The value of an unsafe sysctl parameter that is modified in the security context.	65536
Name	string	No	The name of an unsafe sysctl parameter to modify using a security context. Valid values: kernel.shm* (except kernel.shm_rmid_forced) kernel.msg* kernel.sem fs.mqueue.* net.* (except net.ipv4.tcp_syncookies, net.ipv4.ping_group_range, and net.ipv4.ip_unprivileged_port_start)	kernel.msgmax
NtpServer	array	No	The NTP servers.	ntp.cloud.aliyuncs.com
	string	No	The NTP server.	ntp.cloud.aliyuncs.com
AcrRegistryInfo	array<object>	No	A list of ACR Enterprise instances. For more information, see Pull ACR images without a password.
	object	No	A list of ACR Enterprise instances.
Domain	array	No	The domain names of the ACR Enterprise instance. By default, all domain names of the instance are used. You can specify one or more domain names. Separate multiple domain names with a comma.	***-**-registry.cn-beijing.cr.aliyuncs.com
	string	No	The domain name of the ACR Enterprise instance. By default, all domain names for the instance are used. You can specify one or more domain names. Separate multiple domain names with commas.	***-**-registry.cn-beijing.cr.aliyuncs.com
InstanceName	string	No	The name of the ACR Enterprise instance.	acr-test
InstanceId	string	No	The ID of the ACR Enterprise instance.	cri-nwj395hgf6f3****
RegionId	string	No	The region of the ACR Enterprise instance.	cn-beijing
ArnService	string	No	The ARN of the RAM role that belongs to the account that owns resources, such as ECI instances.	acs:ram::1609982529******:role/role-assume
ArnUser	string	No	The ARN of the RAM role for the account that owns the ACR instance.	acs:ram::1298452580******:role/role-acr
SpotDuration	integer	No	The protection period for the spot instance, in hours. The default is 1. A value of 0 means the instance has no protection period.	1
StrictSpot	boolean	No	Specifies whether to run the task on a recurring schedule. true: Run the task on a recurring schedule. false: Run the task only once.	true
PlainHttpRegistry	string	No	The address of a self-hosted image repository. When creating an ECI instance using an image from a self-hosted repository that uses the HTTP protocol, set this parameter. This ensures that ECI uses the HTTP protocol to pull the image and prevents pull failures caused by a protocol mismatch.	"harbor*.pre.com,192.168.XX.XX:5000,reg*.test.com:80"
InsecureRegistry	string	No	The address of the self-managed image repository. When you create an ECI instance using an image from a self-managed repository that uses a self-signed certificate, set this parameter to skip certificate authentication. This prevents image pull failures that are caused by failed certificate authentication.	"harbor*.pre.com,192.168.XX.XX:5000,reg*.test.com:80"
ImageAccelerateMode	string	No	The image acceleration mode. Valid values: nydus: Uses Nydus for acceleration. The image must support Nydus. dadi: Uses DADI for acceleration. The image must support DADI. p2p: Uses P2P for acceleration. The image must support P2P. imc: Uses an image cache for acceleration.	imc
Ipv6GatewayBandwidthEnable	boolean	No	Specifies whether to enable communication with the internet over IPv6 for the ECI.	true
Ipv6GatewayBandwidth	string	No	The peak Internet bandwidth for the IPv6 address. This parameter is valid only when Ipv6GatewayBandwidthEnable is set to true. The value range is as follows: If the billing method for the IPv6 Gateway is pay-by-bandwidth, the value ranges from 1 to 2000 Mbps. If the billing method for the IPv6 Gateway is pay-by-traffic, the value range is constrained by the gateway specification. Free Edition: The value ranges from 1 to 200 Mbps. Enterprise Edition: The value ranges from 1 to 500 Mbps. Enhanced Enterprise Edition: The value ranges from 1 to 1000 Mbps. The default value is the maximum value in the bandwidth range for the gateway edition.	100
ContainerResourceView	boolean	No	Enable this configuration if the ECI specification is larger than the requested specification. This ensures that the resources visible in the container match the requested resources.	false
FixedIp	string	No	Set to true to enable a fixed IP address for the instance. For more information, see Configure an ECI instance to use a fixed IP address.	true
FixedIpRetainHour	integer	No	The length of time, in hours, that a fixed IP address is kept after its instance is released. The default value is 48.	24
DataCacheBucket	string	No	The data cache bucket.	default
DataCachePL	string	No	The performance level of the disk for the data cache. ESSDs are prioritized, with a default performance level of PL1.	PL1
DataCacheProvisionedIops	integer	No	The pre-configured read and write input/output operations per second (IOPS) for an ESSD AutoPL disk that is used as a data cache. Valid values: 0 to min{50000, 1000 × Capacity - Baseline performance}. Baseline performance = min{1800 + 50 × Capacity, 50000}. For more information, see ESSD AutoPL disks.	40000
DataCacheBurstingEnabled	boolean	No	Specifies whether to enable performance burst when the data cache uses an ESSD AutoPL disk. For more information, see ESSD AutoPL disks.	false
DryRun	boolean	No	Specifies whether to perform only a dry run for the request. Valid values: true: Sends a check request without creating an ECI instance. The system checks for required parameters and the request format. It also checks business limits and inventory. If the check fails, an error is returned. If the check passes, the DryRun.Success error code is returned. false (default): Sends a normal request. An ECI instance is created after the request passes the check.	false
PrivateIpAddress	string	No	The private IPv4 address to assign to the ECI instance. Make sure that the IP address is not already in use.	172.16.0.1
OsType	string	No	The operating system of the ECI instance. Valid values: Linux (default) Windows Note Windows instances are in invitational preview. Submit a ticket to request access.	Windows
CpuArchitecture	string	No	Specify the CPU architecture for the ECI instance. Valid values: AMD64 (default) ARM64	ARM64
ComputeCategory	array	No	Specify the computing power category. For more information, see Create an instance by specifying a computing power category.
	string	No	Specifies the computing power class. Valid values: economy: Economy general: General-purpose You can specify multiple computing power classes. The system creates the container group using the classes in the specified order.	economy
GpuDriverVersion	string	No	The version of the GPU driver. Note You can switch GPU driver versions for only some instance types. For more information, see Create an instance with a specified GPU type.	tesla=535
MaxPendingMinute	integer	No

Response elements

Element	Type	Description	Example
	object
RequestId	string	The unique ID of the request.	89945DD3-9072-47D0-A318-353284CFC7B3
ContainerGroupId	string	The ID of the container group.	eci-uf6fonnghi50u374****

Examples

Success response

JSON format

{
  "RequestId": "89945DD3-9072-47D0-A318-353284CFC7B3",
  "ContainerGroupId": "eci-uf6fonnghi50u374****"
}

Error codes

HTTP status code	Error code	Error message	Description
400	Account.Arrearage	Your account has an outstanding payment.	Your account has an outstanding payment.
400	DryRunOperation	Request validation has been passed with DryRun flag set.	Request validation has been passed with DryRun flag set.
400	InvalidParameter.CPU.Memory	The specified cpu and memory are not allowed
400	InvalidParameter.DuplicatedName	The container group include containers with duplicate names.
400	InvalidParameter.DuplicatedVolumeName	The container group includes volumes with duplicate names.	The container group includes volumes with duplicate names.
400	IncorrectStatus	%s
400	ServiceNotEnabled	%s	The service on which this request depends has not been activated. Please activate and try again.
400	ImageSnapshot.IncorrectStatus	%s	The status of the specified snapshot is invalid.
400	ImageSnapshot.NotSupport	%s	Image caching based on data disk snapshots is not available for all users. If you want to enable this function, contact us.
400	DiskVolume.NotSupport	The disk volume is not supported.	Disk volume does not support your structure. If you want to enable this function, contact us.
400	RamRole.NotSupport	The RAM role is not supported.	The RAM role is not supported.
400	DiskNumber.LimitExceed	The maximum number of disks in an instance is exceeded.	The maximum number of disks in an instance is exceeded.
400	InvalidPaymentMethod.InsufficientBalance	No payment method is specified for your account. We recommend that you add a payment method or add funds to the prepayment balance.	No payment method is specified for your account. We recommend that you add a payment method or add funds to the prepayment balance.
400	DiskVolume.NotInSameZone	The instance to be created and the disk are not in the same zone.	The instance to be created and the disk are not in the same zone.
400	NoPermission	You are not authorized to use the "Product on ECI" feature.
400	HighCpuMemConfigRequired	You need to apply to be added to the whitelist of the specified CPU and memory.	You need to apply to be added to the whitelist of the specified CPU and memory.
400	RecommendEmpty.InstanceTypeFamilyNotMatched	The recommended instance type is unavailable in the current zone. Try again later.
400	LocalDiskAmountNotMatch	The number of local volumes does not match the instance type.
400	Payfor.CreditPayInsufficientBalance	Your payment credit line is insufficient.	Your payment credit line is insufficient.
400	InvalidOperation.KMS.InstanceTypeNotSupport	The specified instance is invalid. Only I/O optimized instances support KMS key.	The specified instance is invalid. Only I/O optimized instances support KMS key.
400	InvalidParameter.Encrypted.KmsNotEnabled	KMS must be enabled for encrypted disks.
400	InvalidParameter.KMS.EncryptedIllegal	After configuring the parameter KmsKeyId, you must enable encryption.	After configuring the parameter KmsKeyId, you must enable encryption.
400	InvalidSpotCpuMemorySpec	The specified CPU and memory are not allowed. You must create spot ECI using standard ECS specifications for CPU and memory.
400	Ipv6AddressNotSupportVsw	IPv6 is not supported in the specified vSwitch.
400	Ipv6AddressNotSupport	Ipv6 is not supported in specified region.
400	Ipv6AddressNotSupportInstanceType	IPv6 is not supported for the specified instance type.
400	EipPayInsufficientBalance	Your account does not have enough balance to purchase eip.
400	EipPurchaseFlowControl	Request was denied due to eip frequent purchase.
400	Throttling	You have made too many requests within a short time; your request is denied due to request throttling
400	JobInstanceBatchCreateNotSupport	ECI job instance not support batch create
400	JobInstanceDiskNotSupport	ECI job instance not support disk volume
400	JobInstanceEipNotSupport	ECI job instance not support eip
400	JobInstanceFeatureNotMatch	ECI job instance feature not match
400	JobInstanceImageCacheNotSupport	ECI job instance not support image cache
400	JobInstanceIPv6NotSupport	ECI job instance not support IPv6
400	JobInstanceRamRoleNotSupport	ECI job instance not support ram role
400	JobInstanceRegionNotSupport	ECI job instance not support in this region
400	JobInstanceSpotNotSupport	ECI job instance not support spot
400	InvalidInstanceTypeForEciSpotDurationBuy	Current instance type does not support spot duration instance.
400	InvalidInstanceTypeForEciBuy	Sales of this current instance type is not supported in eci.
400	InstanceTypeNotMatchCpuArch	%s.
400	JobInstanceEcsInstanceTypeNotSupport	Job-optimized elastic container instances cannot be created by specifying ECS instance types.
400	PrivatePoolInstanceSpotNotSupport	Spot is not supported for PrivatePool.
400	DryRun.Success	This request is a dryrun request with successful result.
400	PrivateIpAddress.Already.InUse	The specific PrivateIpAddress already in use.
400	IncorrectOperation	%s	You cannot perform this operation on the specified resource.
400	FeatureBasedConstraintConflict	A conflict occurs in specified feature constraints: [%s].	A conflict occurs in specified feature constraints
400	OperationFailed.RiskControl	%s.	We have detected that your account has security risks. Please contact customer service personnel for details.
400	RISK.RISK_CONTROL_REJECTION	To protect the security of your account, your request has been denied by the risk control system. Please contact Alibaba Cloud Customer Service for details.	In order to protect the security of your account, your request was rejected by the wind control system. Please contact customer service for details.
400	InvalidInstanceTypeForRaid	%s.	The current specification does not support Raid.
400	RegionDissolved	%s.
403	OperationDenied.VswZoneMisMatch	The specified VSwitchId is not in the specified Zone.
403	QuotaExceeded	%s quota exceeded.
403	Zone.NotOnSale	The specified zone is not available for purchase.
403	Forbidden.RiskControl	This operation has been identified as an abnormal operation and cannot be processed.
403	Forbidden.SubUser	The specified action is not available for you.
403	Forbidden.OnlyForInvitedTest	Eci create action is only open to invited users during public beta.
403	OperationDenied.SecurityGroupMisMatch	The specified VSwitchId and SecurityGroupId are not in the same VPC.
403	InvalidVSwitchId.IpNotEnough	The specified VSwitch does not have enough IP addresses.
403	Forbidden.UserBussinessStatus	This operation is not allowed, because you have overdue bills. Pay the overdue bill and try again.
403	Forbidden.UserNotRealNameAuthentication	This operation is not allowed, because you have not passed the real-name verification.
403	InvalidUser.PassRoleForbidden	The RAM user is not authorized to assume a RAM role.	The RAM user is not authorized to assume a RAM role.
403	NoPermission	The RAM role does not belong to ECS.
403	OperationDenied.NoStock	Sales of this resource are temporarily suspended in the specified zone. We recommend that you use the multi-zone creation function to avoid the risk of insufficient resource. For more information, see https://www.alibabacloud.com/help/document_detail/157290.html
403	InvalidParameter.KMS.KeyId.Forbidden	You are not authorized to access the specified KMSKeyId.	You are not authorized to access the specified KMSKeyId.
403	Forbidden.AccountClosed	The operation is forbidden. Your account has been closed.
403	InvalidOperation.ResourceManagedByCloudProduct	The operation is forbidden. The security group has been managed by another cloud product.
403	Spot.NotMatched	%s. We recommend that you use the create multi-zone function to avoid insufficient inventory. For more information, see https://www.alibabacloud.com/help/document_detail/157290.html
403	SecurityRisk.3DVerification	We have detected a security risk with your default credit or debit card. Please proceed with verification via the link in your email.
403	CreateServiceLinkedRole.Denied	Please make sure the account has ram:CreateServiceLinkedRole permission.	Please make sure the account has ram:CreateServiceLinkedRole permission.
403	Throttling.Vcpu.PerDay	The maximum number of request for the day has been exceeded.	The maximum number of request for the day has been exceeded.
403	FeatureAccessRestricted	Access to this feature:[%s] is restricted. Please contact Alibaba Cloud ECI support to request access.	Access to this feature is restricted. Please contact Alibaba Cloud ECI support to request access.
404	ImageSnapshot.NotFound	The specified snapshot does not exist.
404	InvalidDiskId.NotFound	The specified disk does not exist.
404	InvalidParameter.KMS.KeyId.NotFound	The specified KMSKeyId does not exist.	The specified KMSKeyId does not exist.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.