This chapter covers Binary Authorization for supply chain security, a critical GCP service that enforces deploy-time policies on container images. For the ACE exam, this topic appears in about 5-8% of questions under Objective 5.2 (Security Compliance). You must understand how Binary Authorization integrates with GKE, Cloud Build, and Artifact Registry to ensure only trusted images are deployed. The exam tests your ability to configure policies, interpret attestations, and troubleshoot common misconfigurations.
Jump to a section
Imagine a busy shipping port where cargo containers arrive from various suppliers. The port authority hires a dock inspector who checks each container before it is loaded onto a ship. The inspector has a list of approved suppliers and their digital signatures. When a container arrives, the inspector verifies the seal (signature) against the supplier's public key. If the seal is valid and the supplier is on the approved list, the inspector stamps the container as 'authorized' and allows it to proceed to the ship. If the seal is missing, invalid, or the supplier is not approved, the inspector rejects the container and it is quarantined for further review. The inspector also keeps a detailed log of every container checked, including the time, supplier, and result. This log is tamper-proof and can be audited later. In this analogy, the containers are container images, the suppliers are image builders (like Cloud Build or third-party CI/CD), the digital seals are attestations, the inspector is Binary Authorization, and the ship is the GKE cluster. The approved list is an Attestation Authority, and the log is Cloud Audit Logs. The inspector enforces that only images with valid attestations from approved authorities are deployed, preventing untrusted or tampered images from running.
What is Binary Authorization?
Binary Authorization (BinAuthz) is a Google Cloud service that provides deploy-time security for container-based applications on Google Kubernetes Engine (GKE). It ensures that only trusted container images are deployed by enforcing policies that require images to be signed (attested) by approved authorities. BinAuthz is part of the Google Cloud supply chain security framework, which includes Cloud Build, Artifact Registry, and Container Analysis.
Why Binary Authorization Exists
Container images can be tampered with at any point in the supply chain: during build, while stored in a registry, or during transit. Without verification, an attacker could inject malware into an image and deploy it to a production cluster. BinAuthz mitigates this by requiring that every image deployed to a GKE cluster has a valid attestation from a trusted authority. This ensures that only images that have passed through a controlled build and signing process are allowed to run.
How Binary Authorization Works Internally
Binary Authorization operates at the admission controller level in GKE. When a pod creation request is made (e.g., via kubectl apply), the GKE API server triggers an admission webhook that calls the Binary Authorization service. The service checks the image reference against the configured policy. The policy specifies which attestors (trusted authorities) must sign the image. An attestor is a resource that represents a trusted party, such as a Cloud KMS key or a PGP key. The attestor is associated with a public key. The image must have a corresponding attestation (a signed statement) that proves it was built and approved by that attestor.
The attestation is stored in Container Analysis, a metadata service that records vulnerabilities and attestations for container images. When an image is pushed to Artifact Registry, Cloud Build can automatically create an attestation using the gcloud container binauthz attestations create command. The attestation includes the image URL, the attestor name, and a cryptographic signature.
Key Components, Values, Defaults, and Timers
Policy: A set of rules that determine which images can be deployed. The policy can be project-level or cluster-level. Default policy: allow all images (no enforcement). To enable enforcement, you must create a policy that requires at least one attestation.
Attestor: A resource that represents a trusted authority. An attestor has a reference to a public key stored in Cloud KMS or a PGP key. You can create an attestor with gcloud container binauthz attestors create.
Attestation: A signed statement that an image is trusted. Created using gcloud container binauthz attestations create. The attestation is stored in Container Analysis.
Cloud KMS: Used to generate and store cryptographic keys for signing attestations. Key ring and key location are important for performance.
GKE Cluster: Must be created with Binary Authorization enabled (--enable-binauthz). You can also enable it on an existing cluster using gcloud container clusters update.
Admission Webhook: The mechanism by which GKE intercepts pod creation requests. This is transparent to the user.
Timers: No specific timers in BinAuthz itself, but the admission webhook has a default timeout of 30 seconds. If the policy evaluation takes longer, the request may fail.
Configuration and Verification Commands
Enable Binary Authorization on a GKE cluster:
gcloud container clusters update CLUSTER_NAME --region=REGION --enable-binauthzCreate an attestor:
gcloud container binauthz attestors create ATTESTOR_NAME \
--attestation-authority-note-project=PROJECT_ID \
--attestation-authority-note=NOTE_IDAdd a public key to an attestor (using Cloud KMS):
gcloud container binauthz attestors add-iam-policy-binding ATTESTOR_NAME \
--member="serviceAccount:SERVICE_ACCOUNT" \
--role=roles/binaryauthorization.attestorsVerifierCreate an attestation:
gcloud container binauthz attestations create \
--artifact-url="LOCATION-docker.pkg.dev/PROJECT_ID/REPO/IMAGE@sha256:DIGEST" \
--attestor=ATTESTOR_NAME \
--keyversion-project=PROJECT_ID \
--keyversion-location=LOCATION \
--keyversion-keyring=KEYRING \
--keyversion-key=KEY \
--keyversion=KEY_VERSIONView the policy:
gcloud container binauthz policy exportSet a policy that requires at least one attestation:
gcloud container binauthz policy import policy.yamlSample policy YAML:
globalPolicyEvaluationMode: ENABLE
defaultAdmissionRule:
evaluationMode: REQUIRE_ATTESTATION
enforcementMode: ENFORCED_BLOCK_AND_AUDIT_LOG
requireAttestationsBy:
- projects/PROJECT_ID/attestors/ATTESTOR_NAMEInteraction with Related Technologies
Cloud Build: Can automatically sign images during the build process using a builder step that calls gcloud container binauthz attestations create. This ensures that only images built by your CI/CD pipeline are trusted.
Artifact Registry: Stores container images. Binary Authorization checks the image reference against the policy. Images in Artifact Registry can have attestations stored in Container Analysis.
Container Analysis: A metadata service that stores vulnerability scans and attestations. Binary Authorization queries Container Analysis to check if an attestation exists for a given image.
GKE: The primary consumer of Binary Authorization. GKE clusters with BinAuthz enabled will reject pods that violate the policy. The cluster must have the --enable-binauthz flag.
Cloud Audit Logs: Logs all policy evaluations, including allowed and denied requests. This is crucial for compliance and debugging.
Exam-Relevant Details
Binary Authorization is a regional service. Policies and attestors are project-level but can be used across regions.
The default policy allows all images. To enforce, you must change the default rule to REQUIRE_ATTESTATION.
Attestations are stored in Container Analysis, not in Binary Authorization itself.
You can use Cloud KMS keys or PGP keys for attestors. Cloud KMS is recommended for production.
The --enforcement-mode can be ENFORCED_BLOCK_AND_AUDIT_LOG or DRYRUN_AUDIT_LOG_ONLY. Dry run mode logs violations but does not block deployment.
Binary Authorization does not scan images for vulnerabilities; it only checks attestations. Use Container Analysis for vulnerability scanning.
The policy can have cluster-specific overrides using clusterAdmissionRules.
To allow specific images (e.g., system images) without attestation, use alwaysDeny or alwaysAllow rules in the policy.
The exam may ask about the order of evaluation: global policy first, then cluster-specific rules, then per-image rules.
Common Pitfalls
Forgetting to enable Binary Authorization on the GKE cluster. Without --enable-binauthz, the policy is not enforced.
Using the wrong digest format. Attestations must reference the image by digest (sha256:...), not by tag.
Not granting the Binary Authorization service account permission to access the attestor. The GKE cluster's service account needs the binaryauthorization.attestors.verify permission.
Confusing attestors with attestations. Attestors are the trusted authorities; attestations are the signed statements.
Assuming Binary Authorization scans for vulnerabilities. It does not; it only checks attestations.
Step-by-Step: Deploying a Signed Image
Create a GKE cluster with Binary Authorization enabled.
Create an attestor with a Cloud KMS key.
Build a container image with Cloud Build.
Sign the image by creating an attestation using the attestor's key.
Push the image to Artifact Registry.
Deploy the image to GKE. Binary Authorization checks the attestation. If valid, the pod starts; otherwise, it is blocked.
Troubleshooting
If a pod is stuck in ContainerCreating with an error like unauthorized, check the policy and attestation.
Use kubectl describe pod to see the admission webhook error.
Check Cloud Audit Logs for binaryauthorization.googleapis.com/EvaluatePolicy entries.
Verify the attestation exists with gcloud container binauthz attestations list.
Ensure the image digest in the attestation matches the deployed image.
Create a GKE cluster with BinAuthz
Create a GKE cluster using the gcloud command with --enable-binauthz flag. This enables the admission webhook that will intercept pod creation requests. The cluster must be in a region that supports Binary Authorization (all regions). The cluster's service account will be used to call the Binary Authorization API. Without this flag, the policy is not enforced even if it exists.
Create an attestor and key
Create an attestor resource that represents a trusted signing authority. Use Cloud KMS to create a key ring and key. The attestor references the key's version. The public key is stored in the attestor. The private key is used to sign attestations. Attestors are project-level resources and can be used by multiple clusters.
Build and sign the image
Use Cloud Build to build the container image. After the build, create an attestation using the gcloud command with the attestor and the image digest. The attestation is a signed statement that the image is trusted. It is stored in Container Analysis. The signing uses the private key from Cloud KMS. The attestation includes the image URL and the attestor name.
Push the image to Artifact Registry
Push the signed image to Artifact Registry. The image must be pushed to a repository in the same project as the attestor. Binary Authorization will check the image reference against the policy. The image digest is used to match the attestation. Tags are not used for verification.
Deploy the image to GKE
Use kubectl apply to deploy the image. The GKE API server sends an admission review request to Binary Authorization. The service checks the policy: it looks for an attestation from the required attestor. If the attestation exists and is valid, the pod is allowed. If not, the pod is rejected with an error message. The result is logged in Cloud Audit Logs.
Enterprise Scenario 1: Financial Services Compliance
A large bank uses GKE to run payment processing applications. Regulatory compliance (PCI DSS) requires that all container images be signed and verified before deployment. The bank implements Binary Authorization with Cloud KMS. They create an attestor for each line of business. Cloud Build is configured to automatically sign images after a successful build and vulnerability scan. The policy is set to require at least one attestation from the line-of-business attestor. In production, if an image is deployed without an attestation (e.g., from a developer's laptop), the deployment is blocked. The bank also uses dry-run mode in development clusters to test policies without blocking. Scaling considerations: each cluster has up to 100 nodes, and the admission webhook adds about 100ms latency per pod creation. Misconfiguration: initially, the bank forgot to grant the GKE service account the binaryauthorization.attestors.verify role, causing all deployments to fail with permission errors.
Enterprise Scenario 2: SaaS Provider with Multi-Tenant Clusters
A SaaS company runs multi-tenant GKE clusters where each customer's workloads are isolated in separate namespaces. They use Binary Authorization to ensure that only images built by their CI/CD pipeline are deployed, preventing customers from deploying arbitrary images. They create a single attestor for the entire company. The policy has a default rule requiring attestation, but they add an exception for system images (e.g., gke.gcr.io/*) using an alwaysAllow rule. They also use cluster-specific rules: for production clusters, enforcement mode is ENFORCED_BLOCK_AND_AUDIT_LOG; for staging clusters, it is DRYRUN_AUDIT_LOG_ONLY. Common issues: developers often try to deploy images by tag instead of digest, causing attestation mismatches. The team educates developers to always use digest references. Performance: with hundreds of pods being created simultaneously, the admission controller handles the load without issues.
Scenario 3: Open Source Software Supply Chain
A tech company uses many open-source images from Docker Hub. They want to ensure these images are not tampered with. They use Binary Authorization with a third-party attestor service (e.g., from a vendor that signs verified images). They configure the policy to require attestation from the vendor's attestor. However, not all open-source images have attestations. They use a combination of allowlisting specific image repositories and requiring attestation for others. This hybrid approach reduces friction while maintaining security. Misconfiguration: they initially set the policy to require attestation for all images, breaking deployments of images without attestations. They learned to use alwaysAllow rules for trusted registries.
ACE Objective 5.2: Binary Authorization
The ACE exam tests your understanding of Binary Authorization under Objective 5.2 (Security Compliance). Expect 2-3 questions on this topic. The exam focuses on:
Policy configuration: Know the difference between globalPolicyEvaluationMode, defaultAdmissionRule, and clusterAdmissionRules. Understand that the default policy allows all images unless changed.
Attestors vs. Attestations: Attestors are trusted authorities; attestations are signed statements. The exam will test if you know which is which.
Enforcement modes: ENFORCED_BLOCK_AND_AUDIT_LOG (blocks and logs) vs. DRYRUN_AUDIT_LOG_ONLY (logs only). The exam may ask which mode to use for testing.
Image references: Attestations must use digests, not tags. The exam may present a scenario where a tag is used and ask why it fails.
Integration with Cloud Build and Artifact Registry: Know that Cloud Build can create attestations automatically. Artifact Registry stores images and metadata.
Common Wrong Answers and Why
Wrong answer: 'Binary Authorization scans images for vulnerabilities.' Reality: It does not; Container Analysis does that. BinAuthz only checks attestations.
Wrong answer: 'Binary Authorization requires an attestation for every image by default.' Reality: The default policy allows all images. You must explicitly set the policy to require attestation.
Wrong answer: 'Attestations are stored in Binary Authorization.' Reality: They are stored in Container Analysis.
Wrong answer: 'You can use tags in attestations.' Reality: Attestations require the image digest (sha256). Tags can change, so they are not secure.
Specific Numbers and Terms
gcloud container binauthz attestations create command.
--enable-binauthz flag on gcloud container clusters create.
REQUIRE_ATTESTATION evaluation mode.
ENFORCED_BLOCK_AND_AUDIT_LOG enforcement mode.
alwaysDeny and alwaysAllow rules.
globalPolicyEvaluationMode can be ENABLE or DISABLE.
Edge Cases
Cluster without BinAuthz enabled: If you create a policy but the cluster does not have --enable-binauthz, the policy is not enforced. The exam may ask why a deployment succeeds despite a restrictive policy.
Multiple attestors: The policy can require attestations from multiple attestors. The exam may test that all required attestors must sign.
Project-level vs. cluster-level policy: Cluster-level rules override global rules for that cluster.
Dry run mode: In dry run, the deployment succeeds but a log entry is created. The exam may ask which mode to use for testing without blocking.
How to Eliminate Wrong Answers
If an answer mentions vulnerability scanning, it is wrong for BinAuthz.
If an answer says 'tag' instead of 'digest', it is wrong.
If an answer says 'attestations are stored in Binary Authorization', it is wrong.
If an answer says 'default policy blocks all images', it is wrong.
If an answer suggests using Cloud KMS to store attestations (it stores keys, not attestations), it is wrong.
Binary Authorization enforces deploy-time policies on GKE by requiring attestations from trusted attestors.
The default policy allows all images; you must change the defaultAdmissionRule to REQUIRE_ATTESTATION to enforce.
Attestations must reference images by digest (sha256), not by tag.
Attestations are stored in Container Analysis, not in Binary Authorization.
GKE clusters must be created with --enable-binauthz to enforce Binary Authorization policies.
Cloud Build can automatically create attestations during the build process.
Enforcement modes: ENFORCED_BLOCK_AND_AUDIT_LOG (blocks) and DRYRUN_AUDIT_LOG_ONLY (logs only).
Binary Authorization does not scan for vulnerabilities; use Container Analysis for that.
These come up on the exam all the time. Here's how to tell them apart.
Binary Authorization
Enforces deploy-time policies for container images on GKE.
Requires attestations (signed statements) from trusted authorities.
Works at the admission controller level, blocking or allowing pod creation.
Does not scan images for vulnerabilities.
Integrates with Cloud KMS for key management.
Container Analysis
Scans container images for vulnerabilities (CVEs).
Stores metadata such as attestations and vulnerability reports.
Does not enforce policies; it only provides information.
Can trigger notifications based on vulnerability findings.
Integrates with Binary Authorization to store attestations.
Binary Authorization with Cloud KMS
Keys are managed by Google Cloud KMS.
Automatic key rotation and auditing.
No need to manage raw key files.
Recommended for production use.
Easier to integrate with Cloud Build.
Binary Authorization with PGP Keys
Keys are generated and stored locally as PGP key files.
Manual key management and rotation.
Requires secure storage of private keys.
Suitable for testing or small-scale deployments.
More complex to automate signing.
Mistake
Binary Authorization scans container images for vulnerabilities.
Correct
Binary Authorization does not scan images. It only verifies attestations. Vulnerability scanning is done by Container Analysis (formerly Container Registry vulnerability scanning).
Mistake
The default Binary Authorization policy blocks all untrusted images.
Correct
The default policy allows all images. You must explicitly create a policy that requires attestations to enforce restrictions.
Mistake
Attestations are stored in Binary Authorization itself.
Correct
Attestations are stored in Container Analysis, a separate service. Binary Authorization queries Container Analysis to check for attestations.
Mistake
You can use image tags in attestations.
Correct
Attestations must reference the image by its digest (sha256 hash). Tags can change, making them insecure for attestation verification.
Mistake
Binary Authorization requires Cloud KMS for attestation keys.
Correct
Cloud KMS is recommended but not required. You can also use PGP keys. However, Cloud KMS is the only option for automatic key management in the gcloud command.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Use the command `gcloud container clusters update CLUSTER_NAME --region=REGION --enable-binauthz`. This enables the admission webhook on the cluster. If the cluster was created without Binary Authorization, you must update it. Note that the cluster may need to be recreated if the update fails due to version incompatibility.
Yes, Binary Authorization is supported on both standard and Autopilot GKE clusters. For Autopilot, you enable it when creating the cluster using the --enable-binauthz flag. The configuration is the same as for standard clusters.
If the policy requires attestation, the deployment is blocked. The pod will remain in 'ContainerCreating' state and eventually fail with an error like 'unauthorized'. You can check the pod description with `kubectl describe pod` and see the admission webhook error. The event is also logged in Cloud Audit Logs.
First, create a key ring and key in Cloud KMS. Then create the attestor with `gcloud container binauthz attestors create ATTESTOR_NAME --attestation-authority-note-project=PROJECT_ID --attestation-authority-note=NOTE_ID`. Then add the public key from Cloud KMS to the attestor using `gcloud container binauthz attestors add-iam-policy-binding ...`. Finally, create attestations using the Cloud KMS key.
Yes, you can use cluster-specific admission rules in the policy. The policy YAML can include a `clusterAdmissionRules` section where you define rules per cluster name. These rules override the default rule for that cluster. This allows you to have different enforcement levels (e.g., dry run for dev, block for prod).
Yes, attestors and policies are project-level resources, but they can be referenced across projects. For example, you can have a policy in project A that references an attestor in project B. However, the image must be in a project that is accessible. The exam may test cross-project attestation scenarios.
An attestor is a trusted authority that can sign images. It is a resource that contains a public key. An attestation is a signed statement that a specific image is trusted. The attestation is created using the attestor's private key. Multiple attestations can be created for the same image by different attestors.
You've just covered Binary Authorization for Supply Chain Security — now see how well it sticks with free ACE practice questions. Full explanations included, no account needed.
Done with this chapter?