ALIYUN::ECI::ContainerGroup is used to create a container group. A container group is an elastic container instance.

Syntax

{
  "Type": "ALIYUN::ECI::ContainerGroup",
  "Properties": {
    "SecurityContextSysctl": List,
    "Memory": Number,
    "InitContainer": List,
    "Cpu": "Number",
    "EipInstanceId": String,
    "ContainerGroupName": String,
    "Container": List,
    "ImageSnapshotId": String,
    "DnsConfig": Map,
    "AutoMatchImageCache": Boolean,
    "Ipv6AddressCount": Integer,
    "ImageRegistryCredential": List,
    "SpotPriceLimit": Number,
    "InstanceType": String,
    "SpotStrategy": String,
    "ActiveDeadlineSeconds": Integer,
    "HostAliase": List,
    "ZoneId": String,
    "TerminationGracePeriodSeconds": Integer,
    "VSwitchId": String,
    "SecurityGroupId": String,
    "SlsEnable": Boolean,
    "RestartPolicy": String,
    "RamRoleName": String,
    "Volume": List,
    "AcrRegistryInfo": List,
    "Tag": List,
    "ResourceGroupId": String
  }
}

Properties

PropertyTypeRequiredEditableDescriptionConstraint
EipInstanceIdStringNoNoThe ID of the elastic IP address (EIP). None.
ContainerListYesYesThe containers in the container group. For more information, see Container properties.
DnsConfigMapNoYesThe configurations of Domain Name System (DNS). For more information, see DnsConfig properties.
InitContainerListNoYesThe list of init containers. For more information, see InitContainer properties.
SecurityGroupIdStringYesNoThe ID of the security group to which the container group belongs. Instances in the same security group can access each other.
ContainerGroupNameStringYesNoThe name of the container group. None.
ZoneIdStringNoNoThe ID of the zone in which you want to create the container group. By default, this property is empty. If you do not specify this property, the system selects a zone.
VolumeListNoYesThe list of volumes. You can specify up to 20 volumes.

For more information, see Volume properties.

HostAliaseListNoNoThe mapping between the hostname and the IP addresses for a container in the pod. For more information, see HostAliase properties.
RestartPolicyStringNoYesThe policy that you want to use to restart the container group. Default value: Always. Valid values:
  • Always
  • OnFailure
  • Never
ResourceGroupIdStringNoYesThe ID of the resource group. None.
TagListNoYesThe tags of the container group. You can specify up to 20 tags for each container group. A tag is a key-value pair. The key and the value are of the String type.

For more information, see Tag properties.

VSwitchIdStringYesNoThe ID of the vSwitch. The elastic container instance that you want to create is of the virtual private cloud (VPC) type. The number of IP addresses in the vSwitch CIDR block determines the maximum number of elastic container instances that can be created in the vSwitch. Before you create an elastic container instance, plan the CIDR block of the vSwitch.
ImageRegistryCredentialListNoYesThe logon information about the container image repository. The information includes the server IP address, the username, and the password. For more information, see ImageRegistryCredential properties.
MemoryNumberNoYesThe size of the memory. None.
SlsEnableBooleanNoNoSpecifies whether to enable logging. Default value: false. Valid values:
  • true
  • false
SecurityContextSysctlListNoNoThe security context of the container group. For more information, see SecurityContext properties.
CpuNumberNoYesThe number of vCPUs. None.
ImageSnapshotIdStringNoNoThe cache ID of the image or the ID of the snapshot. None.
SpotPriceLimitNumberNoNoThe maximum hourly price of the container group. The value of this property can contain up to three decimal places.

This property takes effect only when the SpotStrategy property is set to SpotWithPriceLimit.

AutoMatchImageCacheBooleanNoNoSpecifies whether to automatically match the image cache. None.
SpotStrategyStringNoNoThe bidding policy for the pay-as-you-go container group. Default value: NoSpot. Valid values:
  • NoSpot: The container group is created as a regular pay-as-you-go instance.
  • SpotWithPriceLimit: The container group is created as a preemptible instance that has a user-defined maximum hourly price.
  • SpotAsPriceGo: The container group is created as a preemptible instance for which the market price at the time of purchase is automatically used as the bid price.
TerminationGracePeriodSecondsIntegerNoNoThe buffer time period in which the program handles operations before the program is stopped. Unit: seconds.
ActiveDeadlineSecondsIntegerNoNoThe validity period of the container group. Unit: seconds.
Ipv6AddressCountIntegerNoNoThe number of IPv6 addresses. None.
RamRoleNameStringNoNoThe name of the RAM role for the container group. You can use the RAM role to access elastic container instances and ECS instances.
AcrRegistryInfoListNoNoThe configurations of the access credential for the Container Registry Enterprise Edition instance. For more information, see AcrRegistryInfo properties.
InstanceTypeStringNoNoThe instance type. None.

Container syntax

"Container": [
  {
    "EnvironmentVar": List,
    "Tty": Boolean,
    "SecurityContext": Map,
    "Name": String,
    "ImagePullPolicy": String,
    "Image": String,
    "Stdin": boolean,
    "WorkingDir": String,
    "LivenessProbe": Map,
    "Cpu": Number,
    "Command": List,
    "Memory": Number,
    "ReadinessProbe": Map,
    "VolumeMount": List,
    "Port": List,
    "Arg": List,
    "StdinOnce": Boolean
  }
]

Container properties

PropertyTypeRequiredEditableDescriptionConstraint
EnvironmentVarListNoNoThe environment variables for the container. Each environment variable is a key-value pair. The key and the value are of the String type. The key specifies the name of a variable, and the value specifies the value of a variable.

You can specify up to 100 environment variables.

For more information, see EnvironmentVar properties.

TtyBooleanNoNoSpecifies whether to allocate a TeleTYpe (TTY) terminal to the container. Valid values:
  • true
  • false
If you set this property to true, you must set the Stdin property to true.
SecurityContextMapNoNoThe security context of the container group. Set the value to true.
NameStringYesNoThe name of the container. None.
ImagePullPolicyStringNoNoThe policy that you want to use to pull an image. None.
ImageStringYesNoThe image of the container. None.
StdinBooleanNoNoSpecifies whether to allocate buffers to standard input streams in the container runtime. Valid values:
  • true
  • false
WorkingDirStringNoNoThe working directory of the container. None.
LivenessProbeMapNoNoThe liveness probe of the container. For more information, see LivenessProbe properties.
CpuNumberNoNoThe number of vCPUs that you want to assign to the container. None.
CommandListNoNoThe list of commands that you want to send to the container. You can specify up to one command. A command is of the String type and can be up to 256 characters in length.
MemoryNumberNoNoThe size of the memory that you want to allocate to the container. Unit: GiB.
ReadinessProbeMapNoNoThe readiness probe of the container. For more information, see ReadinessProbe properties.
VolumeMountList NoNoDetails of volumes that you want to mount on the container. You can specify up to 16 volumes.

For more information, see VolumeMount properties.

PortListNoNoThe ports and protocols that you want to use for the container. You can specify up to 100 ports. Valid values of the protocols:
  • TCP
  • UDP

For more information, see Port properties.

ArgListNoNoThe arguments that you want to pass to the command. The arguments are of the String type. You can specify up to 10 arguments.
StdinOnceBooleanNoNoSpecifies whether to close the standard input stream after the client that is connected for the first time is disconnected. Valid values:
  • true
  • false

LivenessProbe syntax

"LivenessProbe": {
  "TcpSocket.Port": Integer,
  "HttpGet.Scheme": String,
  "HttpGet.Port": Integer,
  "FailureThreshold": Integer,
  "InitialDelaySeconds": Integer,
  "TimeoutSeconds": Integer,
  "SuccessThreshold": Integer,
  "Exec.Command": List,
  "PeriodSeconds": Integer,
  "HttpGet.Path": String
}

LivenessProbe properties

PropertyTypeRequiredEditableDescriptionConstraint
TcpSocket.PortIntegerNoNoThe port to which the system sends a TCP socket request for a health check. None.
HttpGet.SchemeStringNoNoThe protocol that you want to use to connect to the host. Valid values:
  • HTTP
  • HTTPS
HttpGet.PortIntegerNoNoThe port to which the system sends an HTTP GET request for a health check. None.
FailureThresholdIntegerNoNoThe number of times that a container must consecutively fail health checks before the probe considers the container unhealthy.

Default value: 3.

InitialDelaySecondsIntegerNoNoThe time period after the container is started and before the probe is initiated. Unit: seconds.
TimeoutSecondsIntegerNoNoThe time period after which the probe times out. Unit: seconds. Minimum value: 1.

Default value: 1.

SuccessThresholdIntegerNoNoThe number of times that a container must consecutively pass health checks before the probe considers the container healthy. Set the value to 1.

Default value: 1.

Exec.CommandListNoNoThe commands that you want to use to run the probe for the container. None.
PeriodSecondsIntegerNoNoThe interval at which you want to run the probe. Unit: seconds.

Minimum Value: 1.

Default value: 10.

HttpGet.PathStringNoNoThe path to which the system sends an HTTP GET request for a health check. None.

DnsConfig syntax

"DnsConfig": {
  "NameServer": List,
  "Search": List,
  "Option": List
}

DnsConfig properties

PropertyTypeRequiredEditableDescriptionConstraint
NameServerListNoNoThe IP addresses of the DNS servers. None.
SearchListNoNoThe list of DNS search domains. None.
OptionListNoNoThe list of options. Each option consists of a name and a value. The value of each option is optional.

For more information, see Option properties.

InitContainer syntax

"InitContainer": [
  {
    "EnvironmentVar": List,
    "SecurityContext": Map,
    "Name": String,
    "Image": String,
    "Arg": List,
    "WorkingDir": String,
    "Port": List,
    "Command": List,
    "Memory": Number,
    "ImagePullPolicy": String,
    "VolumeMount": List,
    "Cpu": Number
  }
]

InitContainer properties

PropertyTypeRequiredEditableDescriptionConstraint
EnvironmentVarListNoNoThe environment variables for the container. Each environment variable is a key-value pair. The key and the value are of the String type. The key specifies the name of a variable, and the value specifies the value of a variable.

You can specify up to 100 environment variables.

Set the value to status.podIP.
SecurityContextMapNoNoThe security context of the container group. Set the value to true.
NameStringNoNoThe name of the container. None.
ImageStringNoNoThe image of the container. None.
ArgListNoNoThe arguments that you want to pass to the command. The arguments are of the String type. You can specify up to 10 arguments.
WorkingDirStringNoNoThe working directory of the container. None.
PortListNoNoThe ports and protocols that you want to use for the container. You can specify up to 100 ports. Valid values of the protocols:
  • TCP
  • UDP
CommandListNoNoThe list of commands that you want to send to the container. You can specify up to one command. A command is of the String type and can be up to 256 characters in length.
MemoryNumberNoNoThe size of the memory that you want to allocate to the container. Unit: GB.
ImagePullPolicyStringNoNoThe policy that you want to use to pull an image. None.
VolumeMountListNoNoDetails of volumes that you want to mount on the container. You can specify up to 16 volumes.
CpuNumberNoNoThe number of vCPUs that you want to assign to the container. None.

Volume syntax

"Volume": [
  {
    "NFSVolume.Path": String,
    "Name": String,
    "EmptyDirVolume.Medium": String,
    "NFSVolume.Server": String,
    "NFSVolume.ReadOnly": Boolean,
    "ConfigFileVolume.ConfigFileToPath": List,
    "Type": String
  }
]

Volume properties

PropertyTypeRequiredEditableDescriptionConstraint
NFSVolume.PathStringNoNoThe path of the Network File System (NFS) volume. None.
NameStringYesNoThe name of the volume. None.
EmptyDirVolume.MediumStringNoNoThe storage medium. By default, the file system on the node is used.

Set the value to Memory.

If you set this property to Memory, emptyDir volumes are stored in memory.
NFSVolume.ServerStringNoNoThe IP address of the NFS server. None.
NFSVolume.ReadOnlyBooleanNoNoSpecifies whether the NFS volume is read-only. Default value: false.
ConfigFileVolume.ConfigFileToPathListNoNoThe path of the ConfigFile volume. For more information, see ConfigFileVolume.ConfigFileToPath properties.
TypeStringYesNoThe type of the volume. Valid values:
  • EmptyDirVolume
  • NFSVolume
  • ConfigFileVolume

HostAliase syntax

"HostAliase": [
  {
    "Ip": String,
    "Hostname": List
  }
]

HostAliase properties

PropertyTypeRequiredEditableDescriptionConstraint
IpStringNoNoThe IP address. None.
HostnameListNoNoThe hostnames. None.

ImageRegistryCredential syntax

"ImageRegistryCredential": [
  {
    "UserName": String,
    "Password": String,
    "Server": String
  }
]

ImageRegistryCredential properties

PropertyTypeRequiredEditableDescriptionConstraint
UserNameStringYesNoThe username that you want to use to log on to the image repository. None.
PasswordStringYesNoThe password that you want to use log on to the image repository. None.
ServerStringYesNoThe IP address of the image repository. The IP address cannot contain a protocol prefix,

such as http:// or https://.

EnvironmentVar syntax

"EnvironmentVar": {
  "Key": String,
  "Value": String,
  "FieldRef.FieldPath": String
}

EnvironmentVar properties

PropertyTypeRequiredEditableDescriptionConstraint
KeyStringNoNoThe name of the environment variable. The name must be 1 to 128 characters in length, and can contain digits, letters, and underscores (_). The name cannot start with a digit.
ValueStringNoNoThe value of the environment variable. The value can be up to 256 characters in length.
FieldRef.FieldPathStringNoNoThe reference of the environment variable value. Set the value to status.podIP.

SecurityContext syntax

"SecurityContext": {
  "Capability.Add": List,
  "RunAsUser": Interger,
  "ReadOnlyRootFilesystem": Boolen
}

SecurityContext properties

PropertyTypeRequiredEditableDescriptionConstraint
Capability.AddListNoNoThe capabilities that you want to add to the container. Set the value to NET_ADMIN.
RunAsUserIntegerNoNoThe ID of the user. None.
ReadOnlyRootFilesystemBooleanNoNoSpecifies whether the root file system is read-only. Set the value to true.

VolumeMount syntax

"VolumeMount": [
  {
    "Name": String,
    "ReadOnly": Boolen,
    "MountPath": String
  }
]

VolumeMount properties

PropertyTypeRequiredEditableDescriptionConstraint
NameStringNoNoThe name of the volume. The name must be the same as the value that is specified for the Name property in the "Volume properties" section of this topic.
ReadOnlyBooleanNoNoSpecifies whether the volume is read-only. Default value: false.
MountPathStringNoNoThe path to which you want to mount the volume. The data in the destination path is overwritten by the data in the mounted volume.

Port syntax

"Port": [
  {
    "Port": Interger,
    "Protocol": String
  }
]

Port properties

PropertyTypeRequiredEditableDescriptionConstraint
PortIntegerNoNoThe port number. Valid values: 1 to 65535.
ProtocolStringNoNoThe protocol that you want to use for the port. Valid values:
  • TCP
  • UDP

ConfigFileVolume.ConfigFileToPath syntax

"onfigFileVolume.ConfigFileToPath": [
  {
    "Content": String,
    "Path": String
  }
]

ConfigFileVolume.ConfigFileToPath properties

PropertyTypeRequiredEditableDescriptionConstraint
ContentStringNoNoThe content of the ConfigFile volume. The configuration file can be up to 32 KB in length.
PathStringYesNoThe relative path of the ConfigFile volume. You can specify the location of a directory relative to a different directory.

SecurityContextSysctl syntax

"SecurityContextSysctl": [
  {
    "Value": String,
    "Name": String
  }
] 

SecurityContextSysctl properties

PropertyTypeRequiredEditableDescriptionConstraint
ValueStringNoNoThe variable value of the security context in which the container group runs. None.
NameStringNoNoThe variable name of the security context in which the container group runs. Valid values:
  • kernel.msgmax
  • kernel.shm_rmid_forced

ReadinessProbe syntax

"ReadinessProbe": {
  "TimeoutSeconds": Integer,
  "InitialDelaySeconds": Integer,
  "Exec.Command": List,
  "PeriodSeconds": Integer,
  "HttpGet.Port": Integer,
  "TcpSocket.Port": Integer,
  "FailureThreshold": Integer,
  "HttpGet.Scheme": String,
  "HttpGet.Path": String,
  "SuccessThreshold": Integer
} 

ReadinessProbe properties

PropertyTypeRequiredEditableDescriptionConstraint
FailureThresholdIntegerNoNoThe number of times that a container must consecutively fail health checks before the probe considers the container unhealthy.

Default value: 3.

HttpGet.SchemeStringNoNoThe GET request protocol. Valid values:
  • HTTP
  • HTTPS
HttpGet.PathStringNoNoThe path to which the system sends an HTTP GET request for a health check. None.
Exec.CommandListNoNoThe commands that you want to use to run the probe for the container. None.
TcpSocket.PortIntegerNoNoThe port to which the system sends a TCP socket request for a health check. None.
PeriodSecondsIntegerNoNoThe interval at which you want to run the probe. Default value: 10.

Minimum value: 1.

Unit: seconds.

TimeoutSecondsIntegerNoNoThe duration after which the probe times out. Default value: 10.

Minimum value: 1.

Unit: seconds.

InitialDelaySecondsIntegerNoNoThe time period after the container is started and before the probe is initiated. None.
SuccessThresholdIntegerNoNoThe number of times that a container must consecutively pass health checks before the probe considers the container healthy.

Default value: 1.

HttpGet.PortIntegerNoNoThe port to which the system sends an HTTP GET request for a health check. None.

Option syntax

"Option": [
  {
    "Name": String,
    "Value": String
  }
] 

Option properties

PropertyTypeRequiredEditableDescriptionConstraint
NameStringNoNoThe name of the option. None.
ValueStringNoNoThe value of the option. None.

Tag syntax

"Tag": [
  {
    "Key": String,
    "Value": String
  }
]

Tag properties

PropertyTypeRequiredEditableDescriptionConstraint
KeyStringYesNoThe key of the tag. None.
ValueStringNoNoThe value of the tag. None.

AcrRegistryInfo syntax

"AcrRegistryInfo": [
  {
    "RegionId": String,
    "InstanceName": String,
    "Domain": List,
    "InstanceId": String
  }
]

AcrRegistryInfo properties

PropertyTypeRequiredEditableDescriptionConstraint
RegionIdStringNoNoThe region ID of the Container Registry Enterprise Edition instance. By default, the Container Registry instance is deployed in the same region as the container group. None.
InstanceNameStringNoNoThe name of the Container Registry Enterprise Edition instance. None.
DomainListNoNoThe domain names of the Container Registry Enterprise Edition instance. By default, the Container Registry instance uses the same domain names as the container group.
InstanceIdStringYesNoThe ID of the Container Registry Enterprise Edition instance. None.

Return values

Fn::GetAtt

  • ContainerGroupId: the ID of the container group.
  • ContainerGroupName: the name of the container group.
  • SecurityGroupId: the ID of the security group.
  • Ipv6Address: the IPv6 address.
  • InternetIp: the public IP address.
  • RegionId: the ID of the region.
  • IntranetIp: the private IP address.
  • ZoneId: the ID of the zone.
  • VSwitchId: the ID of the vSwitch.
  • EniInstanceId: the ID of the elastic network interface (ENI).

Examples

  • YAML format

    ROSTemplateFormatVersion: '2015-09-01'
    Description: Test ECI ContainerGroup
    Parameters:
      VSwitch:
        AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
        Type: String
        Label:
           
          en: VSwitch ID
      SecurityGroup:
        Type: String
        AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
        Label:
           
          en: Security Group ID
    Resources:
      ContainerGroup:
        Type: ALIYUN::ECI::ContainerGroup
        Properties:
          Container:
            - Name: mytest
              Image: busybox
              Cpu: 2
              Memory: 4
              Port:
                - Port: 8080
                  Protocol: TCP
                - Port: 8888
                  Protocol: TCP
          SecurityGroupId:
            Ref: SecurityGroup
          ContainerGroupName: mytest
          VSwitchId:
            Ref: VSwitch
          RestartPolicy: Always
          SlsEnable: false
          Cpu: 2
          Memory: 4
    Outputs: {}
  • JSON format

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Description": "Test ECI ContainerGroup",
      "Parameters": {
        "VSwitch": {
          "AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
          "Type": "String",
          "Label": {
             
            "en": "VSwitch ID"
          }
        },
        "SecurityGroup": {
          "Type": "String",
          "AssociationProperty": "ALIYUN::ECS::SecurityGroup::SecurityGroupId",
          "Label": {
             
            "en": "Security Group ID"
          }
        }
      },
      "Resources": {
        "ContainerGroup": {
          "Type": "ALIYUN::ECI::ContainerGroup",
          "Properties": {
            "Container": [
              {
                "Name": "mytest",
                "Image": "busybox",
                "Cpu": 2,
                "Memory": 4,
                "Port": [
                  {
                    "Port": 8080,
                    "Protocol": "TCP"
                  },
                  {
                    "Port": 8888,
                    "Protocol": "TCP"
                  }
                ]
              }
            ],
            "SecurityGroupId": {
              "Ref": "SecurityGroup"
            },
            "ContainerGroupName": "mytest",
            "VSwitchId": {
              "Ref": "VSwitch"
            },
            "RestartPolicy": "Always",
            "SlsEnable": false,
            "Cpu": 2,
            "Memory": 4
          }
        }
      },
      "Outputs": {
      }
    }        

For more examples, visit ContainerGroup.json and ContainerGroup.yml.