This page provides an overview of how to set up Binary Authorization in your
environment. You can set up Binary Authorization using Google Cloud Console
or gcloud
commands. You can also perform some setup steps using the
Binary Authorization REST API.
For an end-to-end tutorial that includes setup steps below, see: Getting started using the CLI or Getting started using the Console.
Setup Steps
To set up Binary Authorization:
- Enable Binary Authorization on Google Kubernetes Engine. Alternatively, if you use Anthos Config Management, you can enable Binary Authorization using the Config Management Operator.
- Create a cluster with Binary Authorization enabled
- Configure a policy using the CLI or Google Cloud Console that describes the constraints under which a container can be deployed
- Create attestors using the CLI or Google Cloud Console who can attest that a required process has completed before a container image is deployed