Release notes

This page documents production updates to Binary Authorization. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

To get the latest product updates delivered to you, add the URL of this page to your feed reader.

April 3, 2019

Binary Authorization now supports asymmetric PKIX key pairs to verify the identity of attestors. The asymmetric key pairs generated and stored in Cloud Key Management Service are compliant with the PKIX format. You set up PKIX keys when you create an attestor using the Google Cloud Platform Console or the CLI.

Binary Authorization now supports global policy evaluation mode.

Binary Authorization now supports dryrun mode.

Dryrun mode is a policy setting that allows non-conformant images to be deployed, but writes details about the policy violation and deployment to the audit log. Dryrun mode allows you to test a policy in your production environment before it goes into effect.

You can enable dryrun mode when you configure your policy using the Google Cloud Platform Console or the CLI.

July 25, 2018

Default whitelisting of exempt images may be incomplete, depending on the version of Kubernetes you are deploying to. You may need to add gcr.io/google-containers/ and k8s.io/ to the default whitelist.

Error messaging sometimes lacks detail when policies are updated. If you encounter an error when you update a policy, check the names of any attestor resources defined to make sure they are correct.

When editing a policy in the UI, you cannot remove/edit existing cluster specific deployment rules. This is possible using gcloud commands and the REST API.

In the UI, you cannot manage the IAM Policy on an Attestor or Binary Authorization Policy. Project level IAM permissions work as expected.

In the UI, detailed error messages are not shown for invalid whitelist patterns on a Policy or invalid PGP keys on an Attestor.

هل كانت هذه الصفحة مفيدة؟ يرجى تقييم أدائنا:

إرسال تعليقات حول...

Binary Authorization Documentation