本文档适用于 2021 年 11 月发布的当前版本的 GKE on AWS。如需了解详情,请参阅
版本说明。
如何启用 Binary Authorization
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
如需启用 Binary Authorization for GKE on AWS,请执行以下步骤:
在您的项目中启用 Binary Authorization API:
gcloud services enable binaryauthorization.googleapis.com \
--project=PROJECT_ID
将 PROJECT_ID
替换为您的 Google Cloud 项目的 ID。
将 binaryauthorization.policyEvaluator
角色授予与 Binary Authorization 代理关联的 Kubernetes 服务账号:
gcloud projects add-iam-policy-binding PROJECT_ID \
--member=serviceAccount:PROJECT_ID.svc.id.goog[gke-system/binauthz-agent] \
--role="roles/binaryauthorization.policyEvaluator"
在创建或更新集群时启用 Binary Authorization。请务必添加 --binauthz-evaluation-mode=PROJECT_SINGLETON_POLICY_ENFORCE
标志,因为此标志会启用 Binary Authorization:
创建集群
gcloud container aws clusters create CLUSTER_NAME \
--binauthz-evaluation-mode=PROJECT_SINGLETON_POLICY_ENFORCE
将 CLUSTER_NAME
替换为您的集群名称。
更新集群
gcloud container aws clusters update CLUSTER_NAME \
--binauthz-evaluation-mode=PROJECT_SINGLETON_POLICY_ENFORCE
将 CLUSTER_NAME
替换为您的集群名称。
按照以下步骤操作,可确保仅使用可信和经过验证的映像在 GKE 集群中创建 Kubernetes 容器。这有助于为您的应用维护安全的环境。
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2024-06-28。
[{
"type": "thumb-down",
"id": "hardToUnderstand",
"label":"Hard to understand"
},{
"type": "thumb-down",
"id": "incorrectInformationOrSampleCode",
"label":"Incorrect information or sample code"
},{
"type": "thumb-down",
"id": "missingTheInformationSamplesINeed",
"label":"Missing the information/samples I need"
},{
"type": "thumb-down",
"id": "translationIssue",
"label":"翻译问题"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"其他"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"易于理解"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"解决了我的问题"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"其他"
}]
{"lastModified": "\u6700\u540e\u66f4\u65b0\u65f6\u95f4 (UTC)\uff1a2024-06-28\u3002"}
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2024-06-28。"]]