Binary Authorization also enforces the following limits:
Limit
Value
Number of attestor resources per project
200
Number of attestor references per Policy
200
Number of keys per attestor
1000
Number of Binary Authorization platform policy bindings per cluster
10
Number of attestation projects allowed per check
10
Quota increases
If you would like to increase any of the limits, we might
like to understand more about your needs. You can submit a Binary Authorization quota request for your project
in the
Google Cloud console.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eBinary Authorization imposes rate limits on various request types, such as 100 read requests, 20 update/delete requests, and 10 create requests per user-project-minute.\u003c/p\u003e\n"],["\u003cp\u003eAdmissionReview requests, which occur whenever a Pod is created or updated in GKE, are limited to 500 per user-project-minute, and each pod triggers an Admission Review.\u003c/p\u003e\n"],["\u003cp\u003eThere are resource limits, including a maximum of 200 attestor resources per project, 200 attestor references per Policy, and 1000 keys per attestor.\u003c/p\u003e\n"],["\u003cp\u003eBinary Authorization platform policy bindings per cluster are limited to 10, while the number of attestation projects allowed per check is also limited to 10.\u003c/p\u003e\n"],["\u003cp\u003eQuota increase requests for Binary Authorization can be submitted through the Google Cloud console, to have the project needs reviewed.\u003c/p\u003e\n"]]],[],null,[]]