首先,請建立或選取專案。您可以在部署容器的Google Cloud 專案中啟用二進位授權。這個專案與您執行支援平台的專案相同,例如 Google Kubernetes Engine (GKE)、Cloud Run 或 Google Distributed Cloud。
如要啟用二進位授權,請按照下列步驟操作:
Sign in to your Google Cloud account. If you're new to
Google Cloud,
create an account to evaluate how our products perform in
real-world scenarios. New customers also get $300 in free credits to
run, test, and deploy workloads.
In the Google Cloud console, on the project selector page,
select or create a Google Cloud project.
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-04 (世界標準時間)。"],[[["\u003cp\u003eThis guide details how to enable Binary Authorization within your Google Cloud deployer project.\u003c/p\u003e\n"],["\u003cp\u003eBinary Authorization is enabled in the same Google Cloud project where you run supported container platforms like GKE, Cloud Run, or Google Distributed Cloud.\u003c/p\u003e\n"],["\u003cp\u003eEnabling Binary Authorization involves following a set of steps, after which it is ready to be set up with your container management platform.\u003c/p\u003e\n"],["\u003cp\u003eRemoving or altering the Binary Authorization Service Agent's roles can result in authorization failures due to permission issues.\u003c/p\u003e\n"]]],[],null,["# Enable the Binary Authorization service\n\nThis page explains how to enable Binary Authorization in your deployer project.\n\nYou first create or select a project. You enable Binary Authorization in the\nGoogle Cloud project where you deploy containers. This is the same project\nwhere you run your\n[supported platforms](/binary-authorization/docs/overview#supported_platforms),\nsuch as Google Kubernetes Engine (GKE), Cloud Run, or\nGoogle Distributed Cloud.\n\nTo enable Binary Authorization, follow these steps:\n\n- Sign in to your Google Cloud account. If you're new to Google Cloud, [create an account](https://console.cloud.google.com/freetrial) to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the Binary Authorization API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=binaryauthorization.googleapis.com&redirect=https://console.cloud.google.com)\n-\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n- If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n-\n To [initialize](/sdk/docs/initializing) the gcloud CLI, run the following command:\n\n ```bash\n gcloud init\n ```\n\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the Binary Authorization API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=binaryauthorization.googleapis.com&redirect=https://console.cloud.google.com)\n-\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n- If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n-\n To [initialize](/sdk/docs/initializing) the gcloud CLI, run the following command:\n\n ```bash\n gcloud init\n ```\n\nBinary Authorization is enabled. You can now set it up with your container\nmanagement platform.\n| **Warning:** If you remove Binary Authorization Service Agent or change its roles, Binary Authorization fails due to missing permissions.\n\nWhat's next\n-----------\n\n- [Set up Binary Authorization continuous validation with GKE](/binary-authorization/docs/quickstart-cv) ([Preview](/products#product-launch-stages))\n- [Set up Binary Authorization enforcement with GKE](/binary-authorization/docs/setting-up)\n- [Set up Binary Authorization with Cloud Run](/binary-authorization/docs/run/enabling-binauthz-cloud-run)\n- [Set up Binary Authorization with Distributed Cloud](/binary-authorization/docs/setting-up-on-prem)"]]
