Stay organized with collections
Save and categorize content based on your preferences.
This document explains how to enable dry-run mode.
When you enable dry-run mode, Binary Authorization allows all container images to be
deployed, even if those images violate the Binary Authorization policy. Policy
compliance status messages are logged to Cloud Audit Logs.
You can inspect the log to determine whether the images would have been
disallowed and take corrective action. When the policy configuration works as
you intend, you can disable dry-run mode to enable Binary Authorization enforcement;
images that violate the policy are disallowed from being deployed.
You can set dry-run mode in the default rule or a specific rule.
To test dry-run mode, deploy images that violate the policy and then view
dry-run mode events from Binary Authorization for GKE,
Cloud Run,
or Google Distributed Cloud.
Disable dry-run mode
To disable dry-run mode, update your policy as follows:
Console
Go to the Binary Authorization page in the Google Cloud console.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-05 UTC."],[[["Dry-run mode in Binary Authorization allows all container images to be deployed, regardless of policy violations, with policy compliance status logged in Cloud Audit Logs."],["Enabling dry-run mode can be done either through the Google Cloud console or via the `gcloud` command-line tool, by modifying the Binary Authorization policy settings."],["You can test dry-run mode by deploying images that violate the policy and then viewing the logged events for GKE, Cloud Run, or Google Distributed Cloud."],["Dry-run mode can be disabled by updating the Binary Authorization policy in the Google Cloud console or through the `gcloud` command-line tool, switching to enforced mode that blocks and logs violations."]]],[]]
