Documentação da autorização binária
A autorização binária é um serviço do Google Cloud que fornece segurança centralizada da cadeia de suprimentos de software para aplicativos executados no Google Kubernetes Engine (GKE), no Cloud Run e no Distributed Cloud.
Saiba mais
Comece sua prova de conceito com US $300 em crédito sem custos financeiros
-
Acessar o Gemini 2.0 Flash Thinking
-
Uso mensal gratuito de produtos conhecidos, incluindo APIs de IA e BigQuery
-
Sem cobranças automáticas, sem compromisso
Continue explorando com mais de 20 produtos sempre gratuitos
Acesse mais de 20 produtos gratuitos para casos de uso comuns, incluindo APIs de IA, VMs, data warehouses e
muito mais.
Treinamento
Treinamento e tutoriais
Proteger as implantações do GKE com autorização binária
Este laboratório descreve como proteger um cluster do GKE usando a autorização binária.
GKE
Treinamento
Treinamento e tutoriais
Proteger as implantações do GKE com autorização binária
Adicionar a aplicação da política no momento da implantação ao cluster do GKE.
GKE
Treinamento
Treinamento e tutoriais
Comece a operar rapidamente com o GKE e a autorização binária com este tutorial completo de primeiros passos.
GKE
Treinamento
Treinamento e tutoriais
Configuração de vários projetos
Use projetos diferentes para restringir o acesso a diferentes atividades, aplicando separação de deveres.
GKE
Treinamento
Treinamento e tutoriais
Ver registros de auditoria da autorização binária
Ver registros de auditoria de eventos de autorização binária.
GKE
Registros de auditoria do Cloud
Treinamento
Treinamento e tutoriais
Acessar os registros de auditoria da autorização binária para o Google Distributed Cloud (GDC)
Acessar os registros de auditoria dos eventos de autorização binária do Google Distributed Cloud.
GKE On-prem
Registros de auditoria do Cloud
Treinamento
Treinamento e tutoriais
Monitorar métricas de autorização binária para o Google Distributed Cloud
Monitorar métricas da autorização binária para o GKE On-Prem.
GKE On-Prem
Cloud Monitoring
Caso de uso
Casos de uso
Controles de segurança e análise forense para aplicativos do GKE
Detalha a instrumentação e as ferramentas usadas na análise forense de aplicativos implantados no GKE.
Segurança
Container analysis
Caso de uso
Casos de uso
Proteja as cadeias de suprimentos de software no GKE
Mostra como garantir que a cadeia de suprimentos siga um caminho conhecido e seguro antes de implantar o código em um cluster do GKE.
DevOps
Exemplo de código
Exemplos de código
Provedor do Google
Com o Provedor do Google para o Terraform, você pode configurar sua infraestrutura do Google Cloud.
Exemplo de código
Exemplos de código
Provedor de atestador
Crie atestadores de autorização binária.
Exemplo de código
Exemplos de código
Política do IAM para atestador de autorização binária
Três recursos diferentes ajudam a gerenciar sua política do IAM para o atestador de autorização binária.
Exemplo de código
Exemplos de código
Política de autorização binária
Configure uma política de autorização binária.
Exceto em caso de indicação contrária, o conteúdo desta página é licenciado de acordo com a Licença de atribuição 4.0 do Creative Commons, e as amostras de código são licenciadas de acordo com a Licença Apache 2.0. Para mais detalhes, consulte as políticas do site do Google Developers. Java é uma marca registrada da Oracle e/ou afiliadas.
Última atualização 2025-08-28 UTC.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-08-28 UTC."],[[["\u003cp\u003eBinary Authorization is a Google Cloud service that enhances software supply-chain security for applications on Google Kubernetes Engine (GKE) and Distributed Cloud.\u003c/p\u003e\n"],["\u003cp\u003eThis documentation provides guides on configuring Binary Authorization policies, including quickstarts and tutorials for GKE, Cloud Console, and REST API.\u003c/p\u003e\n"],["\u003cp\u003eYou can learn how to create attestations, including using Kritis Signer or Voucher for vulnerability scanning.\u003c/p\u003e\n"],["\u003cp\u003eReference materials cover policy YAML, gcloud and REST API, along with permissions, roles, and custom roles.\u003c/p\u003e\n"],["\u003cp\u003eResources include pricing information, support options, billing questions, release notes, and details on quotas and limits.\u003c/p\u003e\n"]]],[],null,["# Binary Authorization documentation\n==================================\n\n[Read product documentation](/binary-authorization/docs/overview)\nBinary Authorization is a service on Google Cloud that provides centralized\nsoftware supply-chain security for applications that run on\nGoogle Kubernetes Engine (GKE), Cloud Run, and Distributed Cloud. [Learn more](/binary-authorization/docs/overview)\n[Get started for free](https://console.cloud.google.com/freetrial) \n\n#### Start your proof of concept with $300 in free credit\n\n- Get access to Gemini 2.0 Flash Thinking\n- Free monthly usage of popular products, including AI APIs and BigQuery\n- No automatic charges, no commitment \n[View free product offers](/free/docs/free-cloud-features#free-tier) \n\n#### Keep exploring with 20+ always-free products\n\n\nAccess 20+ free products for common use cases, including AI APIs, VMs, data warehouses,\nand more.\n\nDocumentation resources\n-----------------------\n\nFind quickstarts and guides, review key references, and get help with common issues. \nformat_list_numbered\n\n### Guides\n\n-\n\n [Quickstart: Configure a Binary Authorization policy with GKE](/binary-authorization/docs/configure-policy-gke)\n\n-\n\n [End-to-end attestation tutorial (GKE)](/binary-authorization/docs/getting-started-console)\n\n-\n\n [Set up Binary Authorization on your platform](/binary-authorization/docs/set-up-platform)\n\n-\n\n [Create attestations in a Cloud Build pipeline](/binary-authorization/docs/cloud-build)\n\n-\n\n [Configure a policy using Cloud console](/binary-authorization/docs/configuring-policy-console)\n\n-\n\n [Create attestors using Cloud console](/binary-authorization/docs/creating-attestors-console)\n\n-\n\n [Create attestations](/binary-authorization/docs/making-attestations)\n\n-\n\n [Configure a policy using the REST API](/binary-authorization/docs/configuring-policy-rest)\n\nfind_in_page\n\n### Reference\n\n-\n\n [Policy YAML reference](/binary-authorization/docs/policy-yaml-reference)\n\n-\n\n [Example policies](/binary-authorization/docs/example-policies)\n\n-\n\n [gcloud reference](/sdk/gcloud/reference/container/binauthz)\n\n-\n\n [REST API](/binary-authorization/docs/reference/rest)\n\n-\n\n [Permissions and roles](/binary-authorization/docs/reference/permissions-and-roles)\n\n-\n\n [Separation of duties and IAM roles](/binary-authorization/docs/reference/organizational-and-iam-roles)\n\n-\n\n [Custom roles](/binary-authorization/docs/reference/custom-roles)\n\n-\n\n [RPC API](/binary-authorization/docs/reference/rpc)\n\ninfo\n\n### Resources\n\n-\n\n [Pricing](/binary-authorization/pricing)\n\n-\n\n [Get support](/binary-authorization/docs/getting-support)\n\n-\n\n [Billing questions](/binary-authorization/docs/billing-questions)\n\n-\n\n [Release notes](/binary-authorization/docs/release-notes)\n\n-\n\n [Quotas and limits](/binary-authorization/docs/quotas)\n\nRelated resources\n-----------------\n\nTraining and tutorials \nUse cases \nCode samples \nExplore self-paced training, use cases, reference architectures, and code samples with examples of how to use and connect Google Cloud services. Training \nTraining and tutorials\n\n### Secure your GKE Deployments with Binary Authorization\n\n\nThis lab describes how to secure a GKE cluster using Binary Authorization.\n\nGKE\n\n\u003cbr /\u003e\n\n[Learn more](https://www.cloudskillsboost.google/focuses/1791?parent=catalog) \nTraining \nTraining and tutorials\n\n### Secure your GKE Deployments with Binary Authorization\n\n\nAdd deploy-time policy enforcement to your GKE cluster.\n\nGKE\n\n\u003cbr /\u003e\n\n[Learn more](https://codelabs.developers.google.com/codelabs/cloud-binauthz-intro) \nTraining \nTraining and tutorials\n\n### Get started using the command-line tool\n\n\nGet up and running quickly with GKE and Binary Authorization with this end-to-end getting started tutorial.\n\nGKE\n\n\u003cbr /\u003e\n\n[Learn more](/binary-authorization/docs/getting-started-cli) \nTraining \nTraining and tutorials\n\n### Multi-project setup\n\n\nUse different projects to restrict access for different activities, enforcing separation of duties.\n\nGKE\n\n\u003cbr /\u003e\n\n[Learn more](/binary-authorization/docs/multi-project-setup-cli) \nTraining \nTraining and tutorials\n\n### View audit logs for Binary Authorization\n\n\nView audit logs for Binary Authorization events.\n\nGKE Cloud Audit Logs\n\n\u003cbr /\u003e\n\n[Learn more](/binary-authorization/docs/viewing-audit-logs) \nTraining \nTraining and tutorials\n\n### View audit logs for Binary Authorization for Google Distributed Cloud (GDC)\n\n\nView audit logs for Binary Authorization events for Google Distributed Cloud.\n\nGKE on-prem Cloud Audit Logs\n\n\u003cbr /\u003e\n\n[Learn more](/binary-authorization/docs/viewing-on-prem-logs) \nTraining \nTraining and tutorials\n\n### Monitor metrics for Binary Authorization for Google Distributed Cloud\n\n\nMonitor metrics from Binary Authorization for GKE on-prem.\n\nGKE on-prem Cloud Monitoring\n\n\u003cbr /\u003e\n\n[Learn more](/binary-authorization/docs/on-prem-cloud-monitoring) \nUse case \nUse cases\n\n### Security controls and forensic analysis for GKE apps\n\n\nDetails instrumentation and tools used in forensic analysis for apps deployed to GKE.\n\nSecurity Container analysis\n\n\u003cbr /\u003e\n\n[Learn more](/solutions/security-controls-and-forensic-analysis-for-GKE-apps) \nUse case \nUse cases\n\n### Help secure software supply chains on GKE\n\n\nShows you how to ensure that your supply chain follows a known and secure path before you deploy your code in a GKE cluster.\n\nDevOps\n\n\u003cbr /\u003e\n\n[Learn more](/solutions/secure-software-supply-chains-on-google-kubernetes-engine) \nCode sample \nCode Samples\n\n### Google Provider\n\n\nWith Google Provider for Terraform, you can configure your Google Cloud infrastructure.\n\n\n[Learn more\narrow_forward](https://www.terraform.io/docs/providers/google/index.html) \nCode sample \nCode Samples\n\n### Attestor Provider\n\n\nCreate Binary Authorization attestors.\n\n\n[Learn more\narrow_forward](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/binary_authorization_attestor) \nCode sample \nCode Samples\n\n### IAM policy for Binary Authorization Attestor\n\n\nThree different resources help you manage your IAM policy for Binary Authorization Attestor.\n\n\n[Learn more\narrow_forward](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/binary_authorization_attestor_iam) \nCode sample \nCode Samples\n\n### Binary Authorization Policy\n\n\nConfigure a Binary Authorization policy.\n\n\n[Learn more\narrow_forward](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/binary_authorization_policy)\n\nRelated videos\n--------------"]]
