Organiza tus páginas con colecciones
Guarda y categoriza el contenido según tus preferencias.
En esta página, se muestra cómo usar la anulación de emergencia para implementar o entregar una imagen en Cloud Run cuando la imagen infringe la política de autorización binaria.
Para usar los flujos de trabajo de emergencia, sigue estos pasos.
Console
Cuando se intenta implementar o entregar una imagen que infringe la política de autorización binaria, Cloud Run muestra un error junto con un botón de flujo de trabajo.
Para omitir la aplicación de la autorización binaria y, además, implementar o entregar un contenedor que infrinja la política, haz lo siguiente:
Ve a la página Servicios de Cloud Run en la Google Cloud consola.
Haz clic en el nombre del servicio para el que deseas usar la anulación de emergencia.
Haz clic en el botón anulación de emergencia. En el cuadro de diálogo que aparece, haz lo siguiente:
Ingresa una Justificación de anulación de emergencia.
Para omitir la política y, luego, implementar la imagen, haz clic en el botón anulación de emergencia.
gcloud
Para omitir la aplicación de la autorización binaria y, luego, implementar o entregar un contenedor que infrinja la política, ingresa el siguiente comando:
gcloud run services update SERVICE_NAME --breakglass=JUSTIFICATION
Reemplaza JUSTIFICATION por una justificación para usar flujos de trabajo de emergencia.
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-04 (UTC)"],[[["\u003cp\u003eThis page details how to use the breakglass feature to deploy or serve an image on Cloud Run that doesn't comply with the Binary Authorization policy.\u003c/p\u003e\n"],["\u003cp\u003eUsing breakglass automatically logs a breakglass event to Cloud Audit Logs, regardless of policy compliance, which can be used to trigger other actions.\u003c/p\u003e\n"],["\u003cp\u003eTo use breakglass, you can navigate to the Cloud Run Services page and click the Breakglass button on an error indicating a policy violation, and provide a justification for the bypass.\u003c/p\u003e\n"],["\u003cp\u003eAlternatively, you can use the \u003ccode\u003egcloud\u003c/code\u003e command-line tool to update a service and bypass Binary Authorization enforcement by including a justification.\u003c/p\u003e\n"],["\u003cp\u003eA log entry containing the breakglass justification is created when breakglass is utilized to bypass policy, for auditing purposes.\u003c/p\u003e\n"]]],[],null,["# Use breakglass (Cloud Run)\n\nThis page shows you how to use breakglass to deploy or serve\nan image on Cloud Run when the image violates the Binary Authorization\npolicy.\n| **Note:** When you use breakglass to deploy an image, a breakglass event is automatically logged to Cloud Audit Logs, regardless of whether the deployment satisfies or violates the policy. You can use Cloud Audit Logs to [view breakglass events](/binary-authorization/docs/run/viewing-audit-logs-cloud-run#breakglass) and trigger other actions.\n\nBefore you begin,\n[set up Binary Authorization for Cloud Run](/binary-authorization/docs/run/enabling-binauthz-cloud-run)\nand deploy or serve an image.\n\nTo use breakglass, follow these steps. \n\n### Console\n\nWhen an attempt is made to deploy or serve an image that violates the\nBinary Authorization policy, Cloud Run displays an error\nalong with a **Breakglass** button.\n\nTo bypass Binary Authorization enforcement and deploy or serve a\ncontainer that violates the policy, do the following:\n\n1. Go to the Cloud Run Services page in the Google Cloud console.\n\n [Go to Cloud Run Services](https://console.cloud.google.com/run)\n2. Click the name of the service for which you want to use breakglass.\n\n3. Click the **Breakglass** button. In the dialog that appears, do the\n following:\n\n 1. Enter a *breakglass justification*.\n\n | **Note:** Using breakglass creates a log entry containing the breakglass justification.\n 2. To bypass the policy and deploy the image, click the **Breakglass**\n button.\n\n### gcloud\n\nTo bypass Binary Authorization enforcement and deploy or serve a\ncontainer that violates the policy, enter the following command:\n\n\u003cbr /\u003e\n\n```\n gcloud run services update SERVICE_NAME --breakglass=JUSTIFICATION\n \n```\n\n\u003cbr /\u003e\n\nReplace \u003cvar translate=\"no\"\u003eJUSTIFICATION\u003c/var\u003e with a justification for using\nbreakglass.\n\nYou can now [view breakglass events in Cloud Audit Logs](/binary-authorization/docs/run/viewing-audit-logs-cloud-run#breakglass).\n| **Warning:** If you edit the Cloud Run Service's [YAML config](/run/docs/reference/yaml/v1#service) directly to add the `run.googleapis.com/binary-authorization-breakglass: 'JUSTIFICATION'` annotation, it can cause all subsequent deployments to bypass Binary Authorization enforcement and use breakglass with the provided justification.\n\nWhat's next\n-----------\n\n- [View Binary Authorization events in Cloud Audit Logs](/binary-authorization/docs/run/viewing-audit-logs-cloud-run).\n- Configure the Binary Authorization policy using the [Google Cloud console](/binary-authorization/docs/configuring-policy-console) or the [command-line tool](/binary-authorization/docs/configuring-policy-cli)\n- [Use attestations](/binary-authorization/docs/attestations) to deploy only signed container images."]]