Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Tutorials
    • All tutorials
    • Setting up a Managed Service for PostgreSQL connection from a container in Serverless Containers
    • Creating a VM from a Container Optimized Image
    • Creating a VM from a Container Optimized Image with an additional volume for a Docker container
    • Creating an instance group from a Container Optimized Image with multiple Docker containers
    • Creating an instance group from a Container Optimized Image
    • Creating a VM from a Container Optimized Image with multiple Docker containers
    • Updating a Container Optimized Image VM
    • Configuring data output from a Docker container to a serial port
  1. Container infrastructure
  2. Creating an instance group from a Container Optimized Image

Creating an instance group from a Container Optimized Image

Written by
Yandex Cloud
Updated at May 5, 2025

To run multiple instances of the service in Docker containers, you can create an instance group from a Container Optimized Image. In such groups, you can update Docker containers with VM metadata using the COI or Docker Compose specification.

Alert

When creating instance groups, keep the limits in mind. Not to disrupt the component Instance Groups, do not update or delete manually created resources: target group Network Load Balancer, VMs, and disks. Instead of this, change or delete the entire group.

By default, all operations in Instance Groups are performed on behalf of a service account. If you don't have a service account, create one.

To be able to create, update, and delete VMs in the group, assign the compute.editor role to the service account.

To create an instance group based on a Container Optimized Image:

  1. If you do not have the Yandex Cloud CLI yet, install and initialize it.

  2. The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  3. View a description of the CLI command to create an instance group:

    CLI
    yc compute instance-group create --help
    
  4. Check whether the folder contains any networks:

    CLI
    yc vpc network list
    

    If there are not any, create one.

  5. Create a YAML file and give it a name, e.g., specification.yaml.

  6. Find out the ID of the latest version of the public Container Optimized Image.

    A Container Optimized Image in a Container Registry registry may be updated and changed with new releases. This will not automatically update the VM image to the latest version. To create an instance group with the latest Container Optimized Image version, you need to check whether it is available yourself:

    CLI
    Yandex Cloud Marketplace
    yc compute image get-latest-from-family container-optimized-image --folder-id standard-images
    

    Result:

    id: <ID_of_latest_COI_version>
    folder_id: standard-images
    ...
    
    1. Go to the Cloud Marketplace page and select the image with the configuration you need:
      • Container Optimized Image.
      • Container Optimized Image GPU.
    2. Under Product IDs, copy the value of image_id.
  7. In the specification.yaml file you created, specify the following:

    • General information about the group:

      name: container-optimized-group
      service_account_id: <service_account_ID>
      description: "This instance group was created from YAML config."
      

      Where:

      • name: Instance group name. The name must be unique within the folder. It can only contain lowercase Latin letters, numbers, and hyphens. The first character must be a letter. The last character cannot be a hyphen. The name can be up to 63 characters long.

      • service_account_id: Service account ID.

        To be able to create, update, and delete VMs in the group, assign the compute.editor role to the service account.

        You cannot delete a service account while it is linked to an instance group.

      • description: Instance group description.

    • Instance template:

      instance_template:
        platform_id: standard-v3
        resources_spec:
          memory: 2G
          cores: 2
        boot_disk_spec:
          mode: READ_WRITE
          disk_spec:
            image_id: <latest_COI_version_ID>
            type_id: network-hdd
            size: 32G
        network_interface_specs:
          - network_id: c64mknqgnd8a********
            primary_v4_address_spec: {}
            security_group_ids:
              - enps0ar5s3ti********
        placement_policy:
         placement_group_id: rmppvhrgm77g********
        metadata:
          docker-container-declaration: |-
            spec:
              containers:
                - name: nginx
                  image: cr.yandex/mirror/nginx:1.17.4-alpine
                  securityContext:
                    privileged: false
                  tty: false
                  stdin: false
      

      By default, the disk size is specified in bytes. You can specify a different unit of measurement using the applicable suffix.

      Suffix Prefix and multiplier Example
      k kilo- (210) 640k = 640 × 210 = 655360
      m mega- (220) 48m = 48 × 220 = 50331648
      g giga- (230) 10g = 10 × 230 = 10737418240
      t tera- (240) 4t = 4 × 240 = 4398046511104
      p peta- (250) 2p = 2 × 250 = 2251799813685248

      Where:

      • platform_id: Platform ID.
      • memory: Amount of RAM.
      • cores: Number of vCPUs.
      • mode: Disk access mode:
        • READ_ONLY: Read-only access.
        • READ_WRITE: Read/write access.
      • image_id: Container Optimized Image public image ID.
      • type_id: Disk type.
      • size: Disk size. It must be at least 30 GB.
      • network_id: default-net network ID.
      • primary_v4_address_spec: IPv4 specification. Only IPv4 is currently available. You can allow public access to the group instances by specifying the IP version for the public IP address.
      • security_group_ids: List of security group IDs.
      • metadata: Values to write to the VM metadata.
      • docker-container-declaration: Key in the VM metadata that is used with the COI specification of the Docker container. In the metadata, you can use the Docker Compose specification. To do this, specify the docker-compose key instead of the docker-container-declaration key.
      • placement_policy: (Optional) Instance placement group parameters:
        • placement_group_id: Placement group ID.
    • Policies:

      deploy_policy:
        max_unavailable: 1
        max_expansion: 0
      scale_policy:
        fixed_scale:
          size: 3
      allocation_policy:
        zones:
          - zone_id: ru-central1-a
            instance_tags_pool:
            - first
            - second
            - third
      

      Where:

      • deploy_policy: Instance deployment policy for the group.
      • scale_policy: Instance scaling policy for the group.
      • allocation_policy: Policy for allocating VM instances across availability zones.

      Full code for the specification.yaml file:

      name: container-optimized-group
      service_account_id: <service_account_ID>
      description: "This instance group was created from YAML config."
      instance_template:
        service_account_id: <service_account_ID> # ID of the service account to access private Docker images.
        platform_id: standard-v3
        resources_spec:
          memory: 2G
          cores: 2
        boot_disk_spec:
          mode: READ_WRITE
          disk_spec:
            image_id: <latest_COI_version_ID>
            type_id: network-hdd
            size: 32G
        network_interface_specs:
          - network_id: c64mknqgnd8a********
            primary_v4_address_spec: {}
            security_group_ids:
              - enps0ar5s3ti********
        placement_policy:
          placement_group_id: rmppvhrgm77g********
        metadata:
          docker-container-declaration: |-
            spec:
              containers:
                - name: nginx
                  image: cr.yandex/mirror/nginx:1.17.4-alpine
                  securityContext:
                    privileged: false
                  tty: false
                  stdin: false
      deploy_policy:
        max_unavailable: 1
        max_expansion: 0
      scale_policy:
        fixed_scale:
          size: 3
      allocation_policy:
        zones:
           - zone_id: ru-central1-a
             instance_tags_pool:
             - first
             - second
             - third
      

      Note

      To use the Docker Compose specification in specification.yaml, specify the docker-compose key instead of the docker-container-declaration key.

  8. Create an instance group in the default folder:

    CLI
    yc compute instance-group create --file specification.yaml
    

    This command creates a group of three similar instances with the following characteristics:

    • Name: container-optimized-group.
    • Based on the latest version of the public Container Optimized Image.
    • With a running Docker container based on cr.yandex/mirror/nginx:1.17.4-alpine.
    • Network: default-net.
    • Availability zone: ru-central1-a.
    • vCPUs: 2; RAM: 2 GB.
    • Network HDD: 32 GB.

Was the article helpful?

Previous
Creating an instance group from a Container Optimized Image with multiple Docker containers
Next
Creating a VM from a Container Optimized Image with multiple Docker containers
© 2025 Direct Cursus Technology L.L.C.