This page explains how to create a cluster in Google Kubernetes Engine
(GKE) with Binary Authorization enabled. You perform this
step at the command line using gcloud
commands or in Google Cloud Console. This
step is part of setting up Binary Authorization.
Create the cluster
To create a cluster with Binary Authorization enabled:
gcloud
Set your default Google Cloud project if you have not already done so:
gcloud config set project PROJECT_ID
where PROJECT_ID is the ID of the project where you want to create the cluster.
Create the cluster:
gcloud container clusters create \ --enable-binauthz \ --zone ZONE \ CLUSTER_NAME
where:
- ZONE is the GKE zone (for example,
us-central1-a
) - CLUSTER_NAME is the name of the cluster you want to
create (for example,
test-cluster
)
- ZONE is the GKE zone (for example,
console
Open the GKE page in Cloud Console.
Click Create Cluster. Enter values for the default fields as described in Creating a Cluster.
In the left navigation, click Security.
In the Security page, select Enable Binary Authorization.
Click Create.
It can take a few minutes for your cluster to be created.
Verify that the cluster is running
To verify that the cluster is running:
gcloud
List running clusters in your project:
gcloud container clusters list \ --zone ZONE
console
Open the GKE page in Cloud Console.
View running clusters in your project:
What's next
- Configure a policy using the Google Cloud Console, CLI or REST API