Contact usConsole
© 2023 Nebius Israel Ltd
Container Solution

Creating an instance group from a Container Optimized Image with multiple Docker containers

You can create an instance group based on a Container Optimized Image image with multiple Docker containers inside.

Docker containers are created based on the Docker Compose specification.

Alert

When creating instance groups, keep the limits in mind. Not to disrupt the component Instance Groups, do not update or delete manually created resources: target group Network Load Balancer, VMs, and disks. Instead of this, change or delete the entire group.

Getting started

If you don't have the Nebius Israel command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

Prepare the environment

  1. Create a service account with the name group-coi and assign it the editor role:

    1. In the management console, select a folder where you wish to create a service account.
    2. At the top of the screen, go to the Service accounts tab.
    3. Click Create service account.
    4. Enter the name: group-coi.
    5. To assign the service account a role for the current folder, click Add role and select the role editor.
    6. Click Create.

    1. Create a service account:

      yc iam service-account create --name group-coi

      Result:

      id: ajeabccde01d23efl1v5
folder_id: b0g12ga82bcv0cdeferg
created_at: "2023-03-13T14:32:18.900092Z"
name: group-coi

    2. Assign the role to the service account:

      yc resource-manager folder add-access-binding b0g12ga82bcv0cdeferg \
  --role editor \
  --subject serviceAccount:ajeabccde01d23efl1v5

    Use the Create method for the ServiceAccount resource.

  2. Create a network named yc-auto-network and subnet in availability zone:

    1. In the management console, select the folder where you want to create a network.
    2. Select Virtual Private Cloud.
    3. Click Create network.
    4. Enter the network name yc-auto-network.
    5. Select the additional option Create subnets.
    6. Click Create network.

    1. Create a network:

      yc vpc network create --name yc-auto-network

      Result:

      id: enpabce123hde4ft1r3t
folder_id: b0g12ga82bcv0cdeferg
created_at: "2023-03-13T14:57:15Z"
name: yc-auto-network

    2. Create a subnet in the il1-a availability zone:

      yc vpc subnet create --network-id enpabce123hde4ft1r3t --range 192.168.1.0/24 --zone il1-a

      Result:

      id: e1lnabc23r1c9d0efoje
folder_id: b0g12ga82bcv0cdeferg
created_at: "2023-03-13T16:23:12Z"
network_id: enpabce123hde4ft1r3t
zone_id: il1-a
v4_cidr_blocks:
- 192.168.1.0/24
    1. Create a network using the Create method for the Networks resource.
    2. Create a subnet in the il1-a availability zone using the Create method for the Subnets resource.

Create an instance group from a Container Optimized Image with multiple Docker containers

  1. Find out the ID of the latest version of the public Container Optimized Image.

    The Container Optimized Image in the Container Registry can be updated and changed according to releases. This will not automatically update the VM image to the latest version. To create an instance group with the latest Container Optimized Image version, you need to check whether it's available yourself:

    yc compute image get-latest-from-family container-optimized-image --folder-id standard-images

    Result:

    id: <ID of latest COI version>
folder_id: standard-images
...
    1. Go to the page Cloud Marketplace and select the image with the desired configuration:
    2. Under Product IDs, copy the value of image_id.

  2. Save the specification of the instance group with the Container Optimized Image and multiple Docker containers to a file named specification.yaml:

    name: group-coi-containers # Instance group name that must be unique within the folder.
service_account_id: ajeabccde01d23efl1v5 # Service account ID.
instance_template:
  service_account_id: ajeabccde01d23efl1v5 # ID of the service account to access private Docker images.
  platform_id: standard-v3 # Platform ID.
  resources_spec:
    memory: 2G # Amount of memory (RAM).
    cores: 2 # Number of processor cores (vCPUs).
  boot_disk_spec:
    mode: READ_WRITE # Disk access mode (read and write).
    disk_spec:
      image_id: <ID of latest COI version>
      type_id: network-hdd # Disk type.
      size: 32G # Disk size. It must be at least 30 GB.
  network_interface_specs:
   - network_id: enpabce123hde4ft1r3t # Network ID.
     subnet_ids:
       - e1lnabc23r1c9d0efoje # Subnet ID.
     primary_v4_address_spec: {
       one_to_one_nat_spec: {
         ip_version: IPV4 # IPv4 specification for public access to the VM.
       }
     }
           metadata: # Values to pass to the VM metadata.
   docker-compose: |- # Key in the VM metadata that is used with the Docker Compose specification.
     version: '3.7'
     services:
       app1:
         container_name: nginx
         image: "nginx"
         ports:
           - "80:80"
         restart: always
       app2:
         container_name: redis
         image: "redis"
         restart: always
   ssh-keys: | # Parameter for sending an SSH key to the VM.
     yc-user:ssh-ed25519 ABC...d01 user@desktop.ru # Username for the VM connection.
deploy_policy: # Deployment policy for instances in the group.
  max_unavailable: 1
  max_expansion: 0
scale_policy: # Scaling policy for instances in the group.
  fixed_scale:
    size: 2
allocation_policy: # Allocation policy of the instances by zones and regions.
  zones:
    - zone_id: il1-a

    Note

    You can send an SSH key to the VM metadata using the ssh-keys parameter or in the user-data string with the user metadata. This tutorial uses the first option.

  3. Create an instance group named group-coi-containers using the specification.yaml specification:

    Run this command:

    yc compute instance-group create --file=specification.yaml

    Result:

    done (48s)
id: cl0q12abcd4ef8m966de
folder_id: b0g12ga82bcv0cdeferg
...
  target_size: "2"
service_account_id: ajeabccde01d23efl1v5
status: ACTIVE

    Use the CreateFromYaml method for the InstanceGroup resource.

  4. Make sure the instance group from the Container Optimized Image and with multiple Docker containers was created:

    1. In the management console, select the folder where you created the instance group.
    2. Select Compute Cloud.
    3. Go to Instance groups.
    4. Click the group-coi-containers instance group name.
    yc compute instance-group list-instances group-coi-containers

    Result:

    +----------------------+---------------------------+----------------------------------+-------------+------------------------+----------------+
|     INSTANCE ID      |           NAME            |            EXTERNAL IP           | INTERNAL IP |         STATUS         | STATUS MESSAGE |
+----------------------+---------------------------+----------------------------------+-------------+------------------------+----------------+
| fhmabcv0de123fo50d0b | cl0q12abcs4gq8m966de-fmar | 89.169.103.117 | 10.130.0.14 | RUNNING_ACTUAL [2h35m] |                |
| fhmab0cdqj12tcv18jou | cl0q12abcs4gq8m966de-fqeg | 89.169.125.221 | 10.130.0.47 | RUNNING_ACTUAL [2h35m] |                |
+----------------------+---------------------------+----------------------------------+-------------+------------------------+----------------+

    See the list of the instance you created using the List method for the InstanceGroup resource.

Test the instance group based on the Container Optimized Image with multiple Docker containers

  1. Connect to one of the instances via SSH:

    ssh yc-user@89.169.103.117

    Result:

    Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-54-generic x86_64)

 * Documentation: https://help.ubuntu.com
 * Management:    https://landscape.canonical.com
 * Support:       https://ubuntu.com/advantage
Last login: Mon Mar 13 15:23:28 2023 from 123.456.789.101

  2. View a list of Docker containers running on the VM:

    sudo docker ps -a

    Result:

    CONTAINER ID  IMAGE  COMMAND                 CREATED             STATUS             PORTS               NAMES
c0a125a1765a  redis  "docker-entrypoint.s…"  About a minute ago  Up About a minute  6379/tcp            redis
01288d7e382f  nginx  "/docker-entrypoint.…"  About a minute ago  Up About a minute  0.0.0.0:80->80/tcp  nginx
© 2023 Nebius Israel Ltd
In this article: