Stay organized with collections
Save and categorize content based on your preferences.
This page provides an overview of how to set up Binary Authorization enforcement in your
environment for use with Google Kubernetes Engine (GKE). You can set up
Binary Authorization by using the Google Cloud console or the Google Cloud CLI.
You can also perform some setup steps by using the Binary Authorization
REST API.
Optional: If you have different Google Cloud projects that own your
policy or your Container Registry repositories, grant the IAM
roles required for cross-project access. For instructions, see
Configure cross-project access for Binary Authorization in GKE.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis guide explains how to set up Binary Authorization enforcement for Google Kubernetes Engine (GKE) using the Google Cloud console, Google Cloud CLI, or the Binary Authorization REST API.\u003c/p\u003e\n"],["\u003cp\u003eSetting up Binary Authorization involves enabling the service, creating or modifying a cluster, and configuring the Binary Authorization policy with options for default rules, cluster-specific rules, and exempt images.\u003c/p\u003e\n"],["\u003cp\u003eOptional configurations include granting cross-project access, using the \u003ccode\u003ebuilt-by-cloud-build\u003c/code\u003e attestor for Cloud Build images, and utilizing attestations.\u003c/p\u003e\n"],["\u003cp\u003eThe process includes steps for deploying container images and viewing events in Cloud Audit Logs.\u003c/p\u003e\n"],["\u003cp\u003eBinary Authorization does not enforce init containers.\u003c/p\u003e\n"]]],[],null,[]]
