If your container images are protected by VPC Service Controls,
update your service perimeter
to include containerfilesystem.googleapis.com.
Limitations
Batch Image streaming has the following limitations:
Batch only supports Image streaming for container images that
are stored in Artifact Registry. If you currently use Container Registry to manage
your container images, you can
transition to Artifact Registry.
You must run your Batch job's VMs in the same
location as where you
store your container image in Artifact Registry.
Containers that use the Docker image manifest version 2, schema 1 aren't supported.
When you use Image streaming,
containers runnables
only support the following fields:
imageUri
commands
entrypoint
volumes
enableImageStreaming
Container images with empty layers or duplicate layers aren't supported.
Create a job that uses Image streaming
Create a Batch container job that uses Image streaming by doing
the following:
Use the Google Cloud CLI or REST API to
create a container job.
To enable Image streaming for a container runnable, set
enableImageStreaming field to true and set the imageUri field to an image
that is stored in an
Artifact Registry location
that contains the location of the job's VM.
"container":{..."enableImageStreaming":true}
For example, a job that uses Image streaming would have a JSON
configuration file similar to the following:
LOCATION: the regional or multi-regional
location of the
repository where the image is stored, for example us-east1 or us. The
location of the container must be the same as the location of the
Batch job's VMs.
PROJECT-ID: the project that contains the container
image. If your project ID contains a colon (:), see
Domain-scoped projects.
REPOSITORY: the name of the repository where the image
is stored.
IMAGE: the name of the container image.
TAG: the tag applied to the image.
What's next
If you have issues creating or running a job, see Troubleshooting.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eImage streaming reduces latency and speeds up job execution by allowing Batch jobs to start without waiting for full container image downloads.\u003c/p\u003e\n"],["\u003cp\u003eImage streaming is only supported for container images stored in Artifact Registry, and the job's VMs must be in the same location as the image.\u003c/p\u003e\n"],["\u003cp\u003eTo enable image streaming, set the \u003ccode\u003eenableImageStreaming\u003c/code\u003e field to \u003ccode\u003etrue\u003c/code\u003e in the container runnable configuration and specify the Artifact Registry image URI.\u003c/p\u003e\n"],["\u003cp\u003eWhen using Image streaming, container runnables support only specific fields: \u003ccode\u003eimageUri\u003c/code\u003e, \u003ccode\u003ecommands\u003c/code\u003e, \u003ccode\u003eentrypoint\u003c/code\u003e, \u003ccode\u003evolumes\u003c/code\u003e, and \u003ccode\u003eenableImageStreaming\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe container image used for image streaming must not have any empty or duplicate layers and must be of docker manifest version 2, schema 2.\u003c/p\u003e\n"]]],[],null,["# Use Image streaming to reduce container startup time\n\nThis document describes how to use Image streaming to pull container images\ninto Batch container jobs.\n\nImage streaming enables Batch jobs to initialize without waiting\nfor a container image to finish downloading, which provides the following\nbenefits:\n\n- Reduced latency when pulling large images\n- Faster time to begin job execution\n\nBefore you begin\n----------------\n\n1. If you haven't used Batch before, review [Get started with Batch](/batch/docs/get-started) and enable Batch by completing the [prerequisites for projects and users](/batch/docs/get-started#prerequisites).\n2.\n\n To get the permissions that\n you need to create a job,\n\n ask your administrator to grant you the\n following IAM roles:\n\n - [Batch Job Editor](/iam/docs/roles-permissions/batch#batch.jobsEditor) (`roles/batch.jobsEditor`) on the project\n - [Service Account User](/iam/docs/roles-permissions/iam#iam.serviceAccountUser) (`roles/iam.serviceAccountUser`) on the [job's service account](/batch/docs/create-run-job-custom-service-account#create-job-service-account), which by default is the [default Compute Engine service account](/compute/docs/access/service-accounts#default_service_account)\n\n\n For more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\n You might also be able to get\n the required permissions through [custom\n roles](/iam/docs/creating-custom-roles) or other [predefined\n roles](/iam/docs/roles-overview#predefined).\n3. If you haven't already done so, enable the Container File System API by\n running the following command:\n\n ```\n gcloud services enable containerfilesystem.googleapis.com\n ```\n4. If your container images are protected by VPC Service Controls, [update your service perimeter](/vpc-service-controls/docs/manage-service-perimeters#update) to include `containerfilesystem.googleapis.com`.\n\n\u003cbr /\u003e\n\nLimitations\n-----------\n\nBatch Image streaming has the following limitations:\n\n- Batch only supports Image streaming for container images that are stored in Artifact Registry. If you currently use Container Registry to manage your container images, you can [transition to Artifact Registry](/artifact-registry/docs/transition/transition-from-gcr).\n- You must run your Batch job's VMs in the same [location](/artifact-registry/docs/repositories/repo-locations) as where you store your container image in Artifact Registry.\n- Containers that use the Docker image manifest version 2, schema 1 aren't supported.\n- When you use Image streaming, [containers runnables](/batch/docs/reference/rest/v1/projects.locations.jobs#container) only support the following fields:\n - `imageUri`\n - `commands`\n - `entrypoint`\n - `volumes`\n - `enableImageStreaming`\n- Container images with empty layers or duplicate layers aren't supported.\n\nCreate a job that uses Image streaming\n--------------------------------------\n\nCreate a Batch container job that uses Image streaming by doing\nthe following:\n\nUse the Google Cloud CLI or REST API to\n[create a container job](/batch/docs/create-run-basic-job#create-basic-container-job).\nTo enable Image streaming for a container runnable, set\n`enableImageStreaming` field to `true` and set the `imageUri` field to an image\nthat is stored in an\n[Artifact Registry location](/artifact-registry/docs/repositories/repo-locations)\nthat contains the location of the job's VM. \n\n \"container\": {\n ...\n \"enableImageStreaming\": true\n }\n\n| **Note:** When you use Image streaming, [containers runnables](/batch/docs/reference/rest/v1/projects.locations.jobs#container) only support the `imageUri`, `commands`, `entrypoint`, `volumes`, and `enableImageStreaming` fields.\n\nFor example, a job that uses Image streaming would have a JSON\nconfiguration file similar to the following: \n\n {\n \"taskGroups\": [\n {\n \"taskCount\": \"1\",\n \"taskCountPerNode\": \"1\",\n \"taskSpec\": {\n \"runnables\": [\n {\n \"container\": {\n \"imageUri\": \"\u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e-docker.pkg.dev/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/\u003cvar translate=\"no\"\u003eREPOSITORY\u003c/var\u003e/\u003cvar translate=\"no\"\u003eIMAGE\u003c/var\u003e:\u003cvar translate=\"no\"\u003eTAG\u003c/var\u003e\",\n \"enableImageStreaming\": true\n }\n }\n ]\n }\n }\n ],\n \"allocationPolicy\": {\n \"instances\": [\n {\n \"policy\": {\n \"machineType\": \"e2-standard-4\"\n }\n }\n ]\n },\n \"logsPolicy\": {\n \"destination\": \"CLOUD_LOGGING\"\n }\n }\n\nReplace the following values:\n\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the regional or multi-regional [location](/artifact-registry/docs/repositories/repo-locations) of the repository where the image is stored, for example `us-east1` or `us`. The location of the container must be the same as the location of the Batch job's VMs.\n- \u003cvar translate=\"no\"\u003ePROJECT-ID\u003c/var\u003e: the project that contains the container image. If your project ID contains a colon (`:`), see [Domain-scoped projects](/artifact-registry/docs/docker/names#domain).\n- \u003cvar translate=\"no\"\u003eREPOSITORY\u003c/var\u003e: the name of the repository where the image is stored.\n- \u003cvar translate=\"no\"\u003eIMAGE\u003c/var\u003e: the name of the container image.\n- \u003cvar translate=\"no\"\u003eTAG\u003c/var\u003e: the tag applied to the image.\n\nWhat's next\n-----------\n\n- If you have issues creating or running a job, see [Troubleshooting](/batch/docs/troubleshooting).\n- [View jobs and tasks](/batch/docs/view-jobs-tasks).\n- Learn about more [job creation options](/batch/docs/create-run-job#job-creation-options)."]]
