Descripción general de la configuración de Cloud Service Mesh
Organiza tus páginas con colecciones
Guarda y categoriza el contenido según tus preferencias.
En esta página, se proporciona una descripción general de cómo configurar Autorización Binaria para usarla con Cloud Service Mesh.
Antes de comenzar
Antes de usar Autorización Binaria para Cloud Service Mesh, primero debes instalar Cloud Service Mesh en Google Kubernetes Engine (GKE). Para obtener más información, consulta la guía de inicio rápido o las guías de instalación de GKE.
Pasos para la configuración
Si deseas configurar la autorización binaria para Cloud Service Mesh, sigue estos pasos:
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-02 (UTC)"],[[["\u003cp\u003eThis guide details how to set up Binary Authorization for Cloud Service Mesh, which is only available on Google Kubernetes Engine (GKE).\u003c/p\u003e\n"],["\u003cp\u003eBefore setting up Binary Authorization, Cloud Service Mesh must be installed on GKE, referencing the quickstart or GKE installation guides for this process.\u003c/p\u003e\n"],["\u003cp\u003eThe setup involves enabling Binary Authorization, configuring its policy, and optionally using the \u003ccode\u003ebuilt-by-cloud-build\u003c/code\u003e attestor or attestations.\u003c/p\u003e\n"],["\u003cp\u003eThe policy can be configured with default rules, specific rules for the Cloud Service Mesh service identity, and exempt images.\u003c/p\u003e\n"],["\u003cp\u003eBinary Authorization for GKE with Cloud Service Mesh can be disabled by following the provided instructions, and audit logs can be viewed for GKE as well.\u003c/p\u003e\n"]]],[],null,["This page provides an overview of how to set up Binary Authorization for use with\nCloud Service Mesh.\n\nBefore you begin\n\nBefore you use Binary Authorization for Cloud Service Mesh, you must first\ninstall Cloud Service Mesh on Google Kubernetes Engine (GKE). For more information,\nsee the [quickstart](/service-mesh/docs/quickstart-asm) or the [GKE installation guides](/service-mesh/docs/all-gke-install-guides).\n\nSetup Steps\n\nTo set up Binary Authorization for Cloud Service Mesh, perform the following steps:\n\n1. [Enable Binary Authorization](/binary-authorization/docs/enabling).\n2. Configure your Binary Authorization policy.\n\n | **Note:** Skip this step if you want to use attestations.\n\n You can configure the following features in your policy:\n - [Default rule](/binary-authorization/docs/configuring-policy-console#default-rule).\n - [Specific rules for your Cloud Service Mesh service identity](/binary-authorization/docs/configuring-policy-console#add-specific-rules-asm).\n - [Exempt images](/binary-authorization/docs/configuring-policy-console#exempt_images). [Learn more about exempt images](/binary-authorization/docs/key-concepts#exempt_images).\n3. Optional: Use the `built-by-cloud-build` attestor to [deploy only images built by Cloud Build](/binary-authorization/docs/deploy-cloud-build).\n\n4. Optional: [Use attestations](/binary-authorization/docs/attestations).\n\n5. View audit logs by following instructions in [View audit logs for GKE](/binary-authorization/docs/viewing-audit-logs).\n\nDisable Binary Authorization for GKE with Cloud Service Mesh\n\nTo disable Binary Authorization for GKE with Cloud Service Mesh enabled,\nfollow the instructions in [Disable Binary Authorization for\nGKE](/binary-authorization/docs/disabling)."]]
