Create a cluster

This page explains how to create a cluster in Google Kubernetes Engine (GKE) with Binary Authorization enabled. You perform this step at the command line using gcloud commands or in the Google Cloud Console. This step is part of setting up Binary Authorization for GKE.

Before you begin

If you haven't already, do the following:

Create a cluster with Binary Authorization enabled

To create a cluster with Binary Authorization enabled, do the following:

Console

  1. In the Cloud Console, go to the GKE page.

    Go to GKE

  2. Click Create Cluster. Enter values for the default fields as described in Creating a zonal cluster.

  3. In the left navigation, click Security.

  4. Select Enable Binary Authorization.

  5. Click Create.

gcloud

  1. Set your default Google Cloud project, by executing the following command:

    gcloud config set project PROJECT_ID
    

    Replace PROJECT_ID with the ID of the project where you want to create the cluster.

  2. Create the cluster.

    Enter the following command:

    gcloud container clusters create \
        --enable-binauthz \
        --zone ZONE \
        CLUSTER_NAME
    

    Replace the following:

    • ZONE: the GKE zone—for example, us-central1-a.
    • CLUSTER_NAME: the name of the cluster you want to create—for example, test-cluster.

It can take a few minutes for your cluster to be created.

Enable Binary Authorization on an existing cluster

To enable Binary Authorization on an existing cluster, do the following:

Console

  1. In the Cloud Console, go to the GKE page.

    Go to GKE

  2. Under Kubernetes clusters, find for your cluster.

  3. Click the cluster name.

  4. In Clusters, under Security, find Binary Authorization and click .

  5. Select Enable Binary Authorization.

  6. Click Save Changes.

gcloud

  1. Set your default Google Cloud project, by executing the following command:

    gcloud config set project PROJECT_ID
    

    Replace PROJECT_ID with the ID of the project where you want to create the cluster.

  2. Create the cluster.

    Enter the following command:

    gcloud container clusters update CLUSTER_NAME \
        --enable-binauthz
    

    Replace CLUSTER_NAME with the name of the cluster for which you want to enable Binary Authorization.

Verify that Binary Authorization is enabled

To verify that Binary Authorization is enabled for the cluster, do the following:

Console

  1. Open the GKE page in the Cloud Console.

    Go to GKE

  2. Under Kubernetes clusters, find your cluster.

  3. Under Security, verify that Binary Authorization is set to Enabled.

gcloud

To list running clusters in your project, execute the following command:

gcloud container clusters list

Optionally, you can restrict the listing to a specific compute zone by adding --zone ZONE to the command.

Replace ZONE with a zone—for example, us-central1-a.

What's next