This page describes how to create and update Cloud Run jobs from an existing container image. Unlike a Cloud Run service, which listens for and serves requests, a Cloud Run job only runs its tasks and exits when finished. A job does not listen for or serve requests.
After you create or update a job, you can:
- Execute the job as a one-off, on a schedule, or as part of a workflow.
- You can override parameters configured for a job when you execute a job.
- You can manage individual job executions and view the execution logs.
You can structure a job as a single task or as multiple, independent tasks (up
to 10,000 tasks) that can be executed in parallel. Each
task runs one container instance and can be configured to retry in case of
failure. Each task is aware of its index, which is stored in the
CLOUD_RUN_TASK_INDEX
environment variable. The overall count of tasks is
stored in the CLOUD_RUN_TASK_COUNT
environment variable. If you are processing
data in parallel, your code is responsible for determining which task handles
which subset of the data.
You can set timeouts on tasks and specify the number of retries in case of task failure. If any task exceeds its maximum number of retries, that task is marked as failed. If any tasks failed, the job execution is marked as failed after Cloud Run has tried all of the tasks.
By default, each task runs for a maximum of 10 minutes. You can modify the default value by changing the task timeout setting, up to a maximum of 168 hours (7 days). Support for timeouts greater than 24 hours is available in Preview.
There is no explicit timeout for a job execution: after all tasks are complete, the job execution is complete.
Jobs use the second generation execution environment.
Required roles
To get the permissions that you need to create Cloud Run jobs, ask your administrator to grant you the following IAM roles:
-
Cloud Run Developer (
roles/run.developer
) on the Cloud Run job -
Service Account User (
roles/iam.serviceAccountUser
) on the service identity
For a list of IAM roles and permissions that are associated with Cloud Run, see Cloud Run IAM roles and Cloud Run IAM permissions. If your Cloud Run job interfaces with Google Cloud APIs, such as Cloud Client Libraries, see the service identity configuration guide. For more information about granting roles, see deployment permissions and manage access.
Supported container registries and images
You can directly use container images stored in Artifact Registry, or Docker Hub. Google recommends the use of Artifact Registry.
You can use container images from other public or private registries (like JFrog Artifactory, Nexus, or GitHub Container Registry), by setting up an Artifact Registry remote repository.
You should only consider Docker Hub for deploying popular container images such as Docker Official Images or Docker Sponsored OSS images. For higher availability, Google recommends deploying these Docker Hub images via an Artifact Registry remote repository.
Cloud Run does not support container image layers larger than 9.9 GB when deploying from Docker Hub or an Artifact Registry remote repository with an external registry.
Create a new job
You can create a new job using the Google Cloud console, Google Cloud CLI, YAML, or Terraform.
Console
To create a new job:
In the Google Cloud console, go to the Cloud Run page:
Click Deploy container and select Job to display the Create job form.
- In the form, specify the container image containing the job code or select from a list of containers previously deployed.
- The job name is automatically generated from the container image. You can edit or change the job name as needed. A job name cannot be changed after the job is created.
- Select the region where you want your job located. The region selector highlights regions with the lowest carbon impact.
- Specify the number of tasks that you want to run in the job. All of the tasks must succeed for the job to succeed. By default, the tasks execute in parallel.
Click Container(s), volumes, networking, security to set additional job properties.
- Under Task capacity:
- In the Memory menu, specify the amount of memory required. The default is the minimum required, 512MiB.
- In the CPU menu, specify the amount of CPU required. The default is the minimum required, 1 CPU.
Under Task timeout, specify the maximum amount of time in seconds that the task can run, up to 168 hours (7 days). Support for timeouts greater than 24 hours is available in Preview. Each task must complete within this time. The default is 10 minutes (600 seconds).
Under Number of retries per failed task, specify the number of retries in case of task failures. The default is 3 retries.
Under Parallelism:
- In most cases you can select Run as many tasks concurrently as possible.
- If you need to set a lower limit due to scaling constraints on resources your job accesses, select Limit the maximum number of concurrent tasks and specify the number of concurrent tasks in the Custom parallelism limit field.
Optionally, configure other settings in the appropriate tabs:
When you are finished configuring your job, click Create to create the job in Cloud Run.
To execute the job see execute jobs or execute jobs on a schedule.
gcloud
To use the command line, you need to have already set up the gcloud CLI.
To create a new job:
Run the command:
Alternatively, use the deploy command:gcloud run jobs create JOB_NAME --image IMAGE_URL OPTIONS
gcloud run jobs deploy JOB_NAME --image IMAGE_URL OPTIONS
- Replace
JOB_NAME
with the name of the job you want to create. If you omit this parameter, you will be prompted for the job name when you run the command. - Replace IMAGE_URL with a reference to the container image, for
example,
us-docker.pkg.dev/cloudrun/container/job:latest
. Optionally, replace
OPTIONS
with any of the following options:Option Description --tasks
Accepts integers greater or equal to 1. Defaults to 1; maximum is 10,000. Each task is provided the environment variables CLOUD_RUN_TASK_INDEX
with a value between 0 and the number of tasks minus 1, along withCLOUD_RUN_TASK_COUNT
, which is the number of tasks--max-retries
The number of times a failed task is retried. Once any task fails beyond this limit, the entire job is marked as failed. For example, if set to 1, a failed task will be retried once, for a total of two attempts. The default is 3. Accepts integers from 0 to 10. --task-timeout
Accepts a duration like "2s". Defaults to 10 minutes; maximum is 168 hours (7 days). Support for timeouts greater than 24 hours is available in Preview. --parallelism
The maximum number of tasks that can execute in parallel. By default, tasks will be started as quickly as possible in parallel. Refer to Parallelism for the range of values. --execute-now
If set, immediately after the job is created, a job execution is started. Equivalent to calling gcloud run jobs create
followed bygcloud run jobs execute
.In addition to the above options, you also specify more configuration such as environment variables or memory limits.
For a full list of available options when creating a job, refer to the gcloud run jobs create command line documentation.
- Replace
Wait for the job creation to finish. You'll see a success message upon a successful completion.
To execute the job see execute jobs or execute jobs on a schedule.
YAML
You can store your job specification in a YAML
file and then deploy it
using the gcloud CLI.
Create a new
job.yaml
file with this content:apiVersion: run.googleapis.com/v1 kind: Job metadata: name: JOB spec: template: spec: template: spec: containers: - image: IMAGE
Replace
- JOB with the name of your Cloud Run job. Job names must be 49 characters or less and must be unique per region and project.
- IMAGE with the URL of job container image.
You can also specify more configuration such as environment variables or memory limits.
Deploy the new job using the following command:
gcloud run jobs replace job.yaml
Terraform
To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.
To create a new Cloud Run job, use google_cloud_run_v2_job
resource and modify your main.tf
file as shown in the
following snippet.
Client libraries
To create a job from code:
REST API
To create a job, send a POST
HTTP request to request to
the Cloud Run Admin API jobs
endpoint.
For example, using curl
:
curl -H "Content-Type: application/json" \ -H "Authorization: Bearer ACCESS_TOKEN" \ -X POST \ -d '{template: {template: {containers: [{image: "IMAGE_URL"}]}}}' \ https://run.googleapis.com/v2/projects/PROJECT_ID/locations/REGION/jobs?jobId=JOB_NAME
Replace:
- ACCESS_TOKEN with a valid access token for an account that
has the IAM permissions to create jobs.
For example, if you are logged into gcloud, you can retrieve an
access token using
gcloud auth print-access-token
. From within a Cloud Run container instance, you can retrieve an access token using the container instance metadata server. - JOB_NAME with the name of the job you want to create.
- IMAGE_URL with the URL of job container image, for example,
us-docker.pkg.dev/cloudrun/container/job:latest
. - REGION with the Google Cloud region of the job.
- PROJECT_ID with the Google Cloud project ID.
Cloud Run locations
Cloud Run is regional, which means the infrastructure that
runs your Cloud Run services is located in a specific region and is
managed by Google to be redundantly available across
all the zones within that region.
Meeting your latency, availability, or durability requirements are primary
factors for selecting the region where your Cloud Run services are run.
You can generally select the region nearest to your users but you should consider
the location of the other Google Cloud
products that are used by your Cloud Run service.
Using Google Cloud products together across multiple locations can affect
your service's latency as well as cost.
Cloud Run is available in the following regions:
Subject to Tier 1 pricing
asia-east1
(Taiwan)asia-northeast1
(Tokyo)asia-northeast2
(Osaka)asia-south1
(Mumbai, India)europe-north1
(Finland) Low CO2europe-southwest1
(Madrid) Low CO2europe-west1
(Belgium) Low CO2europe-west4
(Netherlands) Low CO2europe-west8
(Milan)europe-west9
(Paris) Low CO2me-west1
(Tel Aviv)us-central1
(Iowa) Low CO2us-east1
(South Carolina)us-east4
(Northern Virginia)us-east5
(Columbus)us-south1
(Dallas) Low CO2us-west1
(Oregon) Low CO2
Subject to Tier 2 pricing
africa-south1
(Johannesburg)asia-east2
(Hong Kong)asia-northeast3
(Seoul, South Korea)asia-southeast1
(Singapore)asia-southeast2
(Jakarta)asia-south2
(Delhi, India)australia-southeast1
(Sydney)australia-southeast2
(Melbourne)europe-central2
(Warsaw, Poland)europe-west10
(Berlin) Low CO2europe-west12
(Turin)europe-west2
(London, UK) Low CO2europe-west3
(Frankfurt, Germany) Low CO2europe-west6
(Zurich, Switzerland) Low CO2me-central1
(Doha)me-central2
(Dammam)northamerica-northeast1
(Montreal) Low CO2northamerica-northeast2
(Toronto) Low CO2southamerica-east1
(Sao Paulo, Brazil) Low CO2southamerica-west1
(Santiago, Chile) Low CO2us-west2
(Los Angeles)us-west3
(Salt Lake City)us-west4
(Las Vegas)
If you already created a Cloud Run service, you can view the region in the Cloud Run dashboard in the Google Cloud console.
When you create a new job, the Cloud Run service agent needs to be able to access the container, which is the case by default.
Update an existing job
Changing any configuration settings requires you to update the job, even if there is no change to the container image. Note that for any unchanged settings, the previous settings continue to be used.
You can update an existing job using the Google Cloud console, Google Cloud CLI, YAML, or Terraform.
Console
To update an existing job:
In the Google Cloud console, go to the Cloud Run page:
Click the Jobs tab to display the list of jobs.
Click the job to display the Job details page.
Click Edit.
If you made changes to your job code, specify the new container image digest.
Optionally, change the number of tasks that are in the job if needed.
Optionally, click Container(s), volumes, networking, security to update any additional job properties:
- Under Task capacity:
- In the Memory menu, specify the amount of memory required. The default is the minimum required, 512MiB.
- In the CPU menu, specify the amount of CPU required. The default is the minimum required, 1 CPU.
- Under Task timeout, specify the maximum amount of time in seconds that the task can run, up to 168 hours (7 days). Support for timeouts greater than 24 hours is available in Preview. Each task must complete within this time. The default is 10 minutes (600 seconds).
- Under Number of retries per failed task, specify the number of retries in case of task failures. The default is 3 retries.
Under Parallelism:
- In most cases you can select Run as many tasks concurrently as possible.
- If you need to set a lower limit due to scaling constraints on resources your job accesses, select Limit the number of concurrent tasks and specify the maximum number of concurrent tasks in the Custom parallelism limit field.
Optionally, configure other settings in the appropriate tabs:
When you are finished configuring your job, click Save to create the job in Cloud Run and wait for the job creation to finish.
To execute the job see execute jobs or execute jobs on a schedule.
gcloud
-
In the Google Cloud console, activate Cloud Shell.
At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.
Run the command:
gcloud run jobs update JOB_NAME
Replace:
JOB_NAME
with the name of the job you want to update.Optionally, replace
OPTIONS
with the following options:Option Description --tasks
Accepts integers equal or greater than 1. Defaults to 1; maximum is 10,000. Each task is provided the environment variables CLOUD_RUN_TASK_INDEX
with a value between 0 and the number of tasks minus 1, along withCLOUD_RUN_TASK_COUNT
, which is the number of tasks--max-retries
The number of times a failed task is retried. Once any task fails beyond this limit, the entire job is marked as failed. For example, if set to 1, a failed task will be retried once, for a total of two attempts. The default is 3
. Accepts integers from 0 to 10.--task-timeout
Accepts a duration like "2s". Defaults to 10 minutes; maximum is 168 hours (7 days). Support for timeouts greater than 24 hours is available in Preview. --parallelism
The maximum number of tasks that can execute in parallel. By default, tasks will be started as quickly as possible, in parallel. Refer to Parallelism for the range of values.
In addition to the previous options, you can set other optional configuration settings:
- Container configuration
- CPU limits
- Memory limits
- Secrets
- Environment variables
- Labels
- Service accounts
- Cloud SQL connections
- VPC connection
For a full list of available options when creating a job, refer to the gcloud run jobs create command line documentation.
Wait for the job update to finish. Upon successful completion, a success message is displayed, similar to the following:
Job [JOB_NAME] has been successfully updated. View details about this job by running `gcloud run jobs describe JOB_NAME`. See logs for this execution at: https://console.cloud.google.com/logs/viewer?project=PROJECT_ID&resource=cloud_run_revision/service_name/JOB_NAME
To execute the job see execute jobs or execute jobs on a schedule.
YAML
If you need to download or view the configuration of an existing job, use the following command to save results to a YAML file:
gcloud run jobs describe JOB --format export > job.yaml
From a job configuration YAML file, modify any spec.template
child attributes
as needed to update configuration settings, then redeploy:
Update the existing job configuration:
gcloud run jobs replace job.yaml
To execute the job see execute jobs or execute jobs on a schedule.
Terraform
Make changes to your job configuration in your main.tf
file using the
terraform apply
command. Detailed Terraform instructions are available for:
For more information, refer to the terraform apply
command line options.
Client libraries
To update an existing job from code:
REST API
To update a job, send a PATCH
HTTP request to request to
the Cloud Run Admin API jobs
endpoint.
For example, using curl
:
curl -H "Content-Type: application/json" \ -H "Authorization: Bearer ACCESS_TOKEN" \ -X PATCH \ -d '{template: {template: {containers: [{image: "IMAGE_URL"}]}}}' \ https://run.googleapis.com/v2/projects/PROJECT_ID/locations/REGION/jobs/JOB_NAME
Replace:
- ACCESS_TOKEN with a valid access token for an account that
has the IAM permissions to update jobs.
For example, if you are logged into gcloud, you can retrieve an
access token using
gcloud auth print-access-token
. From within a Cloud Run container instance, you can retrieve an access token using the container instance metadata server. - JOB_NAME with the name of your job you want to update.
- IMAGE_URL with the URL of job container image, for example,
us-docker.pkg.dev/cloudrun/container/job:latest
. - REGION with the Google Cloud region of the job.
- PROJECT_ID with the Google Cloud project ID.
Sample code
For code samples showing jobs, see the language-specific quickstarts.
Deploy multiple containers to a job (sidecars)
In a Cloud Run job deployment with multiple containers (sidecars), there is one main job container that encapsulates the job configuration and one or more sidecar containers.
You can deploy up to 10 containers per instance including the main job container. All containers within an instance share the same network namespace and can share files using an in-memory shared volume.
Use cases
Sidecars are commonly used for the following use cases:
- Fetching custom metrics from Cloud Run jobs and sending them to a specified backend of your choice using collector agents, such as Prometheus or Opentelemetry.
- Letting applications without Hashicorp Vault logic built in to use static and dynamic secrets sourced from Vault using Vault sidecar.
Deploy a job with sidecar containers
You can deploy multiple sidecars to a Cloud Run job using the Google Cloud console, the Google Cloud CLI, or YAML.
Click the tab for instructions using the tool of your choice.
Console
In the Google Cloud console, go to the Cloud Run page:
To deploy to an existing job, Click Jobs, locate the job in the jobs list, and click to open, then click View and edit configuration to display the edit job form.
For a new job, click Deploy container, then click Job. Supply the job name and the URL to the main job container image you want to deploy.
Click Container(s), volumes, networking, security
In the Edit container card, configure the main job container as needed.
Click Add container and configure a sidecar container you want to add alongside the main job container. If the sidecar depends on another container in the service, indicate this in the Container start-up order drop-down menu. Repeat this step for each sidecar container you are deploying.
Click Create for a new service or Update for an existing job, then wait for the deployment to finish.
gcloud
The container
parameters in Google Cloud CLI are in Preview.
-
In the Google Cloud console, activate Cloud Shell.
At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.
To deploy multiple containers to a job, run the following command:
gcloud beta run jobs create JOB \ --container JOB_CONTAINER_NAME \ --image='JOB_IMAGE' \ --container SIDECAR_CONTAINER_NAME \ --image='SIDECAR_IMAGE'
Replace:
- JOB with the name of the job you are deploying to. You can omit this parameter entirely, but you will be prompted for the job name if you omit it.
- JOB_CONTAINER_NAME with a name for the main job container.
- JOB_IMAGE with a reference to the main job container image, for example,
us-docker.pkg.dev/cloudrun/container/job:latest
. - SIDECAR_CONTAINER_NAME with a name for the sidecar
container, for example
sidecar
. - SIDECAR_IMAGE with a reference to the sidecar container image.
If you want to configure each container in the deploy command, supply each container's configuration after the
container
parameters, for example:gcloud beta run jobs create JOB \ --container CONTAINER_1_NAME \ --image='JOB_IMAGE' \ --set-env-vars=KEY=VALUE \ --container SIDECAR_CONTAINER_NAME \ --image='SIDECAR_IMAGE' \ --set-env-vars=KEY_N=VALUE_N
Wait for the jobs deployment to finish. Upon successful completion, a success message is displayed.
YAML
These instructions show a basic YAML file for your Cloud Run job with sidecars.
Create a file named job.yaml
containing the following:
apiVersion: run.googleapis.com/v1 kind: Job metadata: annotations: run.googleapis.com/launch-stage: BETA name: JOB spec: template: spec: containers: - image: JOB_IMAGE - image: SIDECAR_IMAGE
Replace:
- JOB with the name of your Cloud Run main job container. Job names must be 49 characters or less.
- JOB_IMAGE with a reference to the main job container image, for example,
us-docker.pkg.dev/cloudrun/container/job:latest
. Optionally, supply any needed container configuration entries after this entry. - SIDECAR_IMAGE with a reference to the sidecar container image. Optionally supply any needed container configuration entries after this entry.You can specify multiple sidecars by adding more elements to the
containers
array in the YAML.
After you update the YAML to include the ingress and sidecar containers, deploy to Cloud Run using the command:
gcloud run jobs replace job.yaml
Features available to deployments with sidecars
You can specify the container start up order within a deployment with multiple containers, if you have dependencies that require some containers to start up before other containers in the deployment.
If you have containers that depend on other containers, you must use startup healthchecks in your deployment. If you use healthchecks, Cloud Run follows the container startup order and inspects the health of each container, making sure each passes successfully before Cloud Run starts up the next container in the order. If you don't use healthchecks, healthy containers will start up even if the containers they depend on are not running.
Multiple containers within a single instance can access a shared in-memory volume, which is accessible to each container using mount points that you create.
What's next
After you create or update a job, you can do the following:
- Execute a job
- Execute a job on a schedule
- Manage jobs
- Manage job executions
- View job logs
- Monitor job performances
- Set memory limits
- Set environment variables