Organiza tus páginas con colecciones
Guarda y categoriza el contenido según tus preferencias.
La autorización binaria es un control de seguridad de tiempo de implementación que garantiza que solo se implementen imágenes de contenedor confiables en tus recursos de Cloud Run. Con la autorización binaria, puedes exigir que autoridades confiables firmen las imágenes durante el proceso de desarrollo y, luego, aplicar la validación de firma obligatoria en el momento de la implementación. Si aplicas esta validación, puedes ejercer más control sobre el entorno del contenedor, ya que te aseguras de que solo se integren las imágenes verificadas en el proceso de compilación y lanzamiento.
Para implementar funciones en Cloud Run, el administrador de la política de Autorización Binaria debe configurar una política de Autorización Binaria para eximir todas las imágenes del siguiente repositorio y sus subdirectorios:
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-03-10 (UTC)"],[],[],null,["# Use Binary Authorization\n\nBinary Authorization is a deploy-time security control that ensures only trusted\ncontainer images are deployed to your Cloud Run resources. With\nBinary Authorization, you can require images to be signed by trusted\nauthorities during the development process and then enforce signature validation\nwhen deploying. By enforcing validation, you can gain tighter control over your\ncontainer environment by ensuring only verified images are integrated into the\nbuild-and-release process.\n\nLearn how to [set up Binary Authorization for Cloud Run](/binary-authorization/docs/run/overview).\n\nExempt Cloud Run functions images from Binary Authorization policy\n------------------------------------------------------------------\n\nTo deploy functions in Cloud Run, the Binary Authorization policy\nadministrator must configure a Binary Authorization policy using [allowlist patterns](/binary-authorization/docs/key-concepts#allowlist_patterns) to exempt all\nimages from the specified repository and its subdirectories.\n\n### Functions using the Cloud Run Admin API\n\nIf you are deploying your function with the\n[`gcloud run deploy...`](/sdk/gcloud/reference/run/deploy#--binary-authorization)\ncommand, use this allowlist pattern:\n\n\n\u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e`-docker.pkg.dev/`\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e`/cloud-run-source-deploy/**`\n\n\u003cbr /\u003e\n\nWith the allowlist enabled, deploy your function with [Binary Authorization enabled\nand set to `default`](/binary-authorization/docs/run/enabling-binauthz-cloud-run#enable-on-new-job): \n\n```sh\n gcloud run deploy YOUR_FUNCTION_NAME \\\n ...\n --binary-authorization default\n```\n\n### Functions using the Cloud Functions v2 API\n\nIf you are deploying your function with the\n[`gcloud functions deploy...`](/sdk/gcloud/reference/functions/deploy#--binary-authorization)\ncommand, use this allowlist pattern:\n\n\n\u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e`-docker.pkg.dev/`\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e`/gcf-artifacts/**`\n\nWith the allowlist enabled, deploy your function with Binary Authorization enabled\nand set to `default`: \n\n```sh\n gcloud functions deploy YOUR_FUNCTION_NAME \\\n ...\n --binary-authorization default\n```\n\nWhat's next\n-----------\n\n- Learn how to [set up Binary Authorization for Cloud Run](/binary-authorization/docs/run/overview)."]]
