This page shows you how to use breakglass to deploy or serve an image on Cloud Run when the image violates the Binary Authorization policy.
Before you begin, set up Binary Authorization for Cloud Run and deploy or serve an image.
To use breakglass, follow these steps.
Console
When an attempt is made to deploy or serve an image that violates the Binary Authorization policy, Cloud Run displays an error along with a Breakglass button.
To bypass Binary Authorization enforcement and deploy or serve a container that violates the policy, do the following:
Go to the Cloud Run Services page in the Google Cloud console.
Click the name of the service for which you want to use breakglass.
Click the Breakglass button. In the dialog that appears, do the following:
Enter a breakglass justification.
To bypass the policy and deploy the image, click the Breakglass button.
gcloud
To bypass Binary Authorization enforcement and deploy or serve a container that violates the policy, enter the following command:
gcloud run services update SERVICE_NAME --breakglass=JUSTIFICATION
Replace JUSTIFICATION with a justification for using breakglass.
You can now view breakglass events in Cloud Audit Logs.
What's next
- View Binary Authorization events in Cloud Audit Logs.
- Configure the Binary Authorization policy using the Google Cloud console or the command-line tool
- Use attestations to deploy only signed container images.