Set up for GKE

This page provides an overview of how to set up Binary Authorization in your environment for use with Google Kubernetes Engine (GKE). You can set up Binary Authorization by using the Google Cloud Console or the gcloud command-line tool. You can also perform some setup steps by using the Binary Authorization REST API.

For an end-to-end tutorial that includes the following setup steps, see Get started using the gcloud command-line tool or Get started using the Cloud Console.

To set up Binary Authorization, perform the following steps:

1. Enable Binary Authorization.

2. Create a cluster with Binary Authorization enabled.

3. Configure your Binary Authorization policy.

   You can configure the following features in your policy:

   • Default rule.
   • Cluster-specific rules.
   • Specific rules for your Kubernetes service identity or namespace.
   • Exempt images. Learn more about exempt images.

4. Optional: Use attestations.

5. Deploy container images.

6. View events in Cloud Audit Logs.