This page shows how to deploy container images to a new Cloud Run worker pool or to a new revision of an existing Cloud Run worker pool.
Worker pools are a Cloud Run resource specifically designed for performing continuous background work. In contrast to Cloud Run services, worker pools do not have a load balanced endpoint/URL and do not support autoscaling.
For an example walkthrough of deploying a new worker pool, see Deploy a sample worker pool quickstart.
Required roles
To get the permissions that you need to deploy Cloud Run worker pools, ask your administrator to grant you the following IAM roles:
- 
  
  
    
      Cloud Run Developer  (roles/run.developer) on the Cloud Run worker pool
- 
  
  
    
      Service Account User  (roles/iam.serviceAccountUser) on the identity that your worker pools uses to interact with other Google Cloud services
- 
  
  
    
      Artifact Registry Reader  (roles/artifactregistry.reader) on the Artifact Registry repository of the deployed container image
For a list of IAM roles and permissions that are associated with Cloud Run, see Cloud Run IAM roles and Cloud Run IAM permissions. If your Cloud Run worker pool interfaces with Google Cloud APIs, such as Cloud Client Libraries, see the service identity configuration guide. For more information about granting roles, see deployment permissions and manage access.
Supported container registries and images
You can directly use container images stored in Artifact Registry, or Docker Hub. Google recommends the use of Artifact Registry. Docker Hub images are cached for up to one hour.
You can use container images from other public or private registries (like JFrog Artifactory, Nexus, or GitHub Container Registry), by setting up an Artifact Registry remote repository.
You should only consider Docker Hub for deploying popular container images such as Docker Official Images or Docker Sponsored OSS images. For higher availability, Google recommends deploying these Docker Hub images using an Artifact Registry remote repository.
Cloud Run does not support container image layers larger than 9.9 GB when deploying from Docker Hub or an Artifact Registry remote repository with an external registry.
Deploy worker pools
You can deploy worker pools in the following ways:
- Deploy a new worker pool
- Update an existing worker pool
- Deploy images from other Google Cloud projects
- Deploy multiple containers (sidecars) to a worker pool
Deploy a new worker pool
You can specify a container image with a tag
(for example, us-docker.pkg.dev/my-project/container/my-image:latest) or with an exact digest
(for example, us-docker.pkg.dev/my-project/container/my-image@sha256:41f34ab970ee...).
Deploying a worker pool for the first time creates its first revision. Note that revisions are immutable. If you deploy from a container image tag, it will be resolved to a digest and the revision will always serve this particular digest.
Follow the instructions, using the Google Cloud console, the Google Cloud CLI, Terraform or REST API:
Console
- In the Google Cloud console, go to Cloud Run: 
- Select Worker pools from the menu, and click Deploy container to display the Create worker pool form. - In the form, specify the container image. 
- Enter the worker pool name. Worker pool names must be 49 characters or less and must be unique per region and project. You can't share the same name as an existing service name from your project. A worker pool name cannot be changed later and is publicly visible. 
- Select the region where you want your worker located. The region selector indicates price tier and highlights regions with the lowest carbon impact. 
- Under Scaling, specify the number of instances for the worker pool. 
 
- Click Container(s), Volumes, Networking, Security to set other optional settings in the appropriate tabs: 
- When you are finished configuring your worker pool, click Create to deploy the image to Cloud Run and wait for the deployment to finish. 
gcloud
- 
  
    
    
      
    
  
  
    
  
  
  
  
    
    In the Google Cloud console, activate Cloud Shell. At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize. 
- To deploy a worker pool container image: - Run the following command: - gcloud beta run worker-pools deploy WORKER_POOL --image IMAGE_URL - Replace the following: - WORKER_POOL: the name of the worker pool you want to deploy to. If the worker pool does not exist yet, this command creates the worker pool during the deployment. You can omit this parameter entirely, but you will be prompted for the worker pool name if you omit it. Worker pool names must be 49 characters or fewer, use a unique name per region and project, and must not share the same name as an existing service name from your project.
- IMAGE_URL: a reference to the container image that
contains the worker pool, such as us-docker.pkg.dev/cloudrun/container/worker-pool:latest. Note that if you don't supply the--imageflag, the deploy command attempts to deploy from source code.
 
- Wait for the deployment to finish. Upon successful completion, Cloud Run displays a success message along with the revision information about the deployed worker pool. - To deploy to a different location from the one you set using the - run/region- gcloudproperties, use:- gcloud beta run worker-pools deploy WORKER_POOL --region REGION
 
Terraform
To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.
resource "google_cloud_run_v2_worker_pool" "default" {
  name     = "WORKER_POOL"
  location = "REGION"
  launch_stage = "BETA"
  template {
    containers {
      image = "IMAGE_URL"
    }
  }
}
Replace the following:
- WORKER_POOL: the name of the worker pool.
- REGION: the Google Cloud regionโfor example,
europe-west1.
- IMAGE_URL: a reference to the container image that
contains the worker pool, such as us-docker.pkg.dev/cloudrun/container/worker-pool:latest.
REST API
To deploy a new worker pool, send a POST HTTP request to
the Cloud Run Admin API worker pools create endpoint.
For example, using curl:
curl -H "Content-Type: application/json" \ -H "Authorization: Bearer ACCESS_TOKEN" \ -X POST \ -d '{"launchStage":"BETA",template: {containers: [{image: "IMAGE_URL"}]}}' \ https://run.googleapis.com/v2/projects/PROJECT_ID/locations/REGION/workerPools?workerPoolId=WORKER_POOL
Replace the following:
- ACCESS_TOKEN: a valid access token for an account that
has the IAM permissions to deploy services.
For example, if you are logged into gcloud, you can retrieve an
access token using gcloud auth print-access-token. From within a Cloud Run container instance, you can retrieve an access token using the container instance metadata server.
- IMAGE_URL: a reference to the container image that
contains the worker pool, such as us-docker.pkg.dev/cloudrun/container/worker-pool:latest.
- REGION: the Google Cloud regionโfor example,
europe-west1.
- PROJECT_ID: the Google Cloud project ID.
- WORKER_POOL: the name of the worker pool.
 
Cloud Run locations
Cloud Run is regional, which means the infrastructure that
runs your Cloud Run services is located in a specific region and is
managed by Google to be redundantly available across
all the zones within that region.
Meeting your latency, availability, or durability requirements are primary
factors for selecting the region where your Cloud Run services are run.
You can generally select the region nearest to your users but you should consider
the location of the other Google Cloud
products that are used by your Cloud Run service.
Using Google Cloud products together across multiple locations can affect
your service's latency as well as cost.
Cloud Run is available in the following regions:
Subject to Tier 1 pricing
- asia-east1(Taiwan)
- asia-northeast1(Tokyo)
- asia-northeast2(Osaka)
- asia-south1(Mumbai, India)
- europe-north1(Finland)- Low CO2 
- europe-north2(Stockholm)- Low CO2 
- europe-southwest1(Madrid)- Low CO2 
- europe-west1(Belgium)- Low CO2 
- europe-west4(Netherlands)- Low CO2 
- europe-west8(Milan)
- europe-west9(Paris)- Low CO2 
- me-west1(Tel Aviv)
- northamerica-south1(Mexico)
- us-central1(Iowa)- Low CO2 
- us-east1(South Carolina)
- us-east4(Northern Virginia)
- us-east5(Columbus)
- us-south1(Dallas)- Low CO2 
- us-west1(Oregon)- Low CO2 
Subject to Tier 2 pricing
- africa-south1(Johannesburg)
- asia-east2(Hong Kong)
- asia-northeast3(Seoul, South Korea)
- asia-southeast1(Singapore)
- asia-southeast2(Jakarta)
- asia-south2(Delhi, India)
- australia-southeast1(Sydney)
- australia-southeast2(Melbourne)
- europe-central2(Warsaw, Poland)
- europe-west10(Berlin)
- europe-west12(Turin)
- europe-west2(London, UK)- Low CO2 
- europe-west3(Frankfurt, Germany)
- europe-west6(Zurich, Switzerland)- Low CO2 
- me-central1(Doha)
- me-central2(Dammam)
- northamerica-northeast1(Montreal)- Low CO2 
- northamerica-northeast2(Toronto)- Low CO2 
- southamerica-east1(Sao Paulo, Brazil)- Low CO2 
- southamerica-west1(Santiago, Chile)- Low CO2 
- us-west2(Los Angeles)
- us-west3(Salt Lake City)
- us-west4(Las Vegas)
If you already created a Cloud Run service, you can view the region in the Cloud Run dashboard in the Google Cloud console.
Deploy a new revision of an existing worker pool
Note that changing configuration settings for a worker pool results in the creation of a new revision, even if there is no change to the container image. Each revision created is immutable.
The container image is imported by Cloud Run when deployed. Cloud Run keeps this copy of the container image as long as it is used by a revision.
Follow these instructions, using Google Cloud console, the Google Cloud CLI, Terraform, or REST API:
Console
- In the Google Cloud console, go to Cloud Run: 
- Select Worker pools from the menu, select the worker pool to update, then click Edit and deploy new revision to display the Deploy worker pool revision form. - If needed, specify the URL to the new container image to be deployed. 
- Configure the container as needed. 
- If needed, update the number of instances for the worker pool. 
 
- If needed, click Container(s), Volumes, Networking, Security to set other optional settings in the appropriate tabs: 
- When you are finished updating your worker pool, click Deploy. 
gcloud
- 
  
    
    
  
  
  
  
  
    
    In the Google Cloud console, activate Cloud Shell. At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize. 
- To deploy a container image: - Run the command: - gcloud beta run worker-pools deploy WORKER_POOL --image IMAGE_URL - Replace the following: - WORKER_POOL: the name of the worker pool you want to deploy to. If the worker pool does not exist yet, this command creates the worker pool during the deployment. You can omit this parameter entirely, but you will be prompted for the worker pool name if you omit it. Worker pool names must be 49 characters or fewer, use a unique name per region and project, and must not share the same name as an existing service name from your project.
- IMAGE_URL: a reference to the container image that
contains the worker pool, such as us-docker.pkg.dev/cloudrun/container/worker-pool:latest. Note that if you don't supply the--imageflag, the deploy command attempts to deploy from source code.
 - The revision suffix is assigned automatically for new revisions. If you want to supply your own revision suffix, use the gcloud CLI parameter - --revision-suffix.
- Wait for the deployment to finish. Upon successful completion, Cloud Run displays a success message along with the revision information about the deployed worker pool. 
 
YAML
- Download the worker pool YAML configuration: - gcloud beta run worker-pools describe WORKER_POOL --format export > workerpool.yaml 
- Make a change to the configuration file. 
- Update the worker pool using the following command: - gcloud beta run worker-pools replace workerpool.yaml 
Terraform
Make sure you have set up Terraform as described in the Deploying a new worker pool example.
- Make a change to the configuration file. 
- Apply the Terraform configuration: - terraform apply- Confirm you want to apply the actions described by entering - yes.
REST API
To deploy a new worker pool, send a PATCH HTTP request to
the Cloud Run Admin API worker pools endpoint.
To create a new revision from the template even if the system doesn't
detect any changes from the previously deployed revision, set the query
parameter forceNewRevision to true.
For example, using curl:
curl -H "Content-Type: application/json" \ -H "Authorization: Bearer ACCESS_TOKEN" \ -X PATCH \ -d '{"launchStage":"BETA",template: {containers: [{image: "IMAGE_URL"}]}}' \ https://run.googleapis.com/v2/projects/PROJECT_ID/locations/REGION/workerPools/WORKER_POOL>?forceNewRevision=true
Replace the following:
- ACCESS_TOKEN: a valid access token for an account that
has the IAM permissions to deploy services.
For example, if you are logged into gcloud, you can retrieve an
access token using gcloud auth print-access-token. From within a Cloud Run container instance, you can retrieve an access token using the container instance metadata server.
- IMAGE_URL: a reference to the container image that
contains the worker pool, such as us-docker.pkg.dev/cloudrun/container/worker-pool:latest.
- REGION: the Google Cloud regionโfor example,
europe-west1.
- PROJECT_ID: the Google Cloud project ID.
- WORKER_POOL: the name of the worker pool you are deploying to.
Deploy images from other Google Cloud projects
To deploy images from other Google Cloud projects, you or your administrator must grant the required IAM roles to the deployer account and the Cloud Run service agent.
For the required roles for the deployer account, see required roles.
To grant the Cloud Run service agent the required roles, see the following instructions:
- In the Google Cloud console, open the project for your Cloud Run worker pool. 
- Select Include Google-provided role grants. 
- Copy the email of the Cloud Run service agent. It has the suffix @serverless-robot-prod.iam.gserviceaccount.com 
- Open the project that owns the container registry you want to use. 
- Click Add to add a new principal. 
- In the New principals field, paste in the email of the service account that you copied earlier. 
- In the Select a role drop-down menu, if you are using Container Registry, select the role Storage -> Storage Object Viewer. If you are using Artifact Registry, select the role Artifact Registry -> Artifact Registry Reader. 
- Deploy the container image to the project that contains your Cloud Run worker pool. 
Deploying images from other registries
To deploy public or private container images that are not stored in Artifact Registry or Docker Hub, set up an Artifact Registry remote repository.
Artifact Registry remote repositories allow you to:
- Deploy any public container image, for example, GitHub Container Registry (ghcr.io).
- Deploy container images from private repositories that require authentication, for example, JFrog Artifactory or Nexus.
If using an Artifact Registry remote repository is not an option, you can temporarily pull and push container images to Artifact Registry by deploying them to Cloud Run using docker push. Cloud Run imports the container image during deployment, and afterwards, you can delete the image from Artifact Registry.
Deploy multiple containers (sidecars) to a worker pool
In a Cloud Run deployment with sidecars, there is one main worker pool container and one or more sidecar containers. The sidecars can communicate with each other and with the worker pool container using a localhost port. The localhost port varies depending on the containers you are using.
You can deploy up to 10 containers per instance including the worker pool container. All containers within an instance share the same network namespace and can also share files using an in-memory shared volume.
You can require all deployments to use a specific sidecar by creating custom organization policies.
Deploy a service with sidecar containers
Follow these instructions, using the Google Cloud CLI, YAML, or Terraform to deploy multiple containers to a Cloud Run worker pool:
gcloud
- 
  
    
    
  
  
  
  
  
    
    In the Google Cloud console, activate Cloud Shell. At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize. 
- To deploy multiple containers to a worker pool, run the following command: - gcloud beta run worker-pools deploy WORKER_POOL \ --container WORKER_POOL_CONTAINER_NAME \ --image='WORKER_POOL_IMAGE' \ --container SIDECAR_CONTAINER_NAME \ --image='SIDECAR_IMAGE' - Replace the following: - WORKER_POOL: the name of the worker pool you are deploying to. If you omit this parameter, you will be prompted for the worker pool name.
- WORKER_POOL_CONTAINER_NAME: a name for the worker pool container.
- IMAGE_URL: a reference to the container image that
contains the worker pool, such as us-docker.pkg.dev/cloudrun/container/worker-pool:latest.
- SIDECAR_CONTAINER_NAME: a name for the sidecar
containerโfor example sidecar.
- SIDECAR_IMAGE: a reference to the sidecar container image.
 - To configure each container in the deploy command, supply each container's configuration after the - containerparameters, for example:- gcloud beta run worker-pools deploy WORKER_POOL \ --container CONTAINER_1_NAME \ --image='WORKER_POOL_IMAGE' \ --set-env-vars=KEY=VALUE \ --container SIDECAR_CONTAINER_NAME \ --image='SIDECAR_IMAGE' \ --set-env-vars=KEY_N=VALUE_N 
- Wait for the deployment to finish. Upon successful completion, Cloud Run displays a success message. 
YAML
- If you are creating a new worker pool, skip this step. If you are updating an existing worker pool, download its YAML configuration: - gcloud beta run worker-pools describe WORKER_POOL --format export > workerpool.yaml 
- The following example contains the YAML configuration: - apiVersion: run.googleapis.com/v1 kind: WorkerPool metadata: name: WORKER_POOL annotations: run.googleapis.com/launch-stage: BETA spec: template: spec: containers: - name: CONTAINER_NAME image: IMAGE_URL containers: - name: SIDECAR_CONTAINER_NAME image: SIDECAR_IMAGE_URL - Replace the following: - WORKER_POOL: the name of your Cloud Run worker pool.
- CONTAINER_NAME: a name for the worker pool container.
- IMAGE_URL: a reference to the container image that
contains the worker pool, such as us-docker.pkg.dev/cloudrun/container/worker-pool:latest
- SIDECAR_CONTAINER_NAME: a name for the sidecar containerโfor
example, sidecar.
- SIDECAR_CONTAINER_IMAGE: a reference to the sidecar container image.
 
- Create or update the worker pool using the following command: - gcloud beta run worker-pools replace workerpool.yaml 
Terraform
To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.
resource "google_cloud_run_v2_worker_pool" "default" {
  name     = "WORKER_POOL"
  location = "REGION"
  launch_stage = "BETA"
  template {
    containers {
      name = "CONTAINER_NAME"
      image = "IMAGE_URL"
    }
    containers {
      name = "SIDECAR_CONTAINER_NAME"
      image = "SIDECAR_IMAGE_URL"
    }
  }
}
Replace the following:
- WORKER_POOL: the name of the worker pool.
- REGION: the Google Cloud regionโfor example,
europe-west1.
- CONTAINER_NAME: the name of the container.
- IMAGE_URL: a reference to the container image that
contains the worker pool, such as us-docker.pkg.dev/cloudrun/container/worker-pool:latest.
- SIDECAR_CONTAINER_NAME: the name of the sidecar container.
- SIDECAR_IMAGE_URL: a reference to the sidecar container image.
Notable features available to deployments with sidecars
You can specify the container start up order within a deployment with multiple containers, if you have dependencies that require some containers to start up before other containers in the deployment.
If you have containers that depend on other containers, you must use healthchecks in your deployment. When you use healthchecks, Cloud Run follows the container startup order, verifying the health of each container before starting the next container. Without healthchecks, Cloud Run tries to start all containers, even if the containers they depend on are not running yet or failed to start.
Multiple containers within a single instance can access a shared in-memory volume, which is accessible to each container using mount points that you create.
What's next
After you deploy a new worker pool, you can do the following:
- View worker pool logs
- Monitor worker pool performance
- Set memory limits
- Set environment variables
- Manage the worker pool
- Manage worker pool revisions