This chapter covers GKE Binary Authorization, a critical security feature for ensuring that only trusted container images are deployed on Google Kubernetes Engine clusters. Binary Authorization is a core component of the Security Compliance domain (Objective 5.2) and appears in approximately 5-8% of ACE exam questions, typically as scenario-based questions requiring you to configure attestors and policies. You will learn the internal mechanism, step-by-step deployment, common exam traps, and how to integrate with Container Analysis and Cloud Build.
Jump to a section
Binary Authorization is like an airport security checkpoint for container images. Before a passenger (container image) can board a plane (run on a GKE cluster), they must pass through security. The security checkpoint has a list of approved airlines (attestors) that have pre-vetted passengers. Each passenger must present a boarding pass (attestation) signed by an approved airline. The airline signs the boarding pass only after verifying the passenger's identity and checking that they are not on a no-fly list (vulnerability scan). The checkpoint officer (Binary Authorization policy enforcer) checks that the boarding pass is valid and signed by an approved airline. If the passenger has no boarding pass or it's from an unapproved airline, they are denied boarding. The checkpoint also has a whitelist of VIP passengers (exempted images) who can board without a boarding pass. In this analogy, the airline represents an attestor, the boarding pass is an attestation, the checkpoint officer is the Binary Authorization admission controller, and the VIP list is the exemption policy. Just as a passenger cannot board without a valid boarding pass from an approved airline, a container image cannot run on GKE without a valid attestation from a trusted attestor.
What is Binary Authorization and Why Does It Exist?
Binary Authorization (BinAuthz) is a Google Cloud security service that enforces deployment-time policy validation for container images on GKE clusters. It ensures that only images that have been signed by trusted authorities (attestors) can be deployed. This prevents the deployment of unverified, potentially vulnerable, or malicious container images. The primary use case is to enforce a software supply chain security policy, ensuring that images have passed through required checks (e.g., vulnerability scanning, code review) before reaching production.
Binary Authorization works by integrating with GKE's admission control mechanism. When a pod creation request is made, the BinAuthz admission controller intercepts the request, checks the policy, and either allows or denies the deployment. It can be configured in two modes: Project Single Key (simpler, but less flexible) and Project Attestors (recommended for production).
How Binary Authorization Works Internally
The core mechanism involves three main components: Attestors, Attestations, and Policy. An attestor is a Google Cloud resource that represents a trusted authority. It contains a PGP public key or a PKIX public key that can verify signatures. An attestation is a cryptographically signed statement that an image is approved. The attestation is created by signing the image's digest with the attestor's private key. The policy defines which attestors are required and under what conditions images are allowed.
When a pod is created, the admission controller checks the container image reference. If the image is not in the exemption list, the controller retrieves the attestations stored in Container Analysis (a metadata service that stores image vulnerability and attestation data). It then verifies that the attestations are valid (signed by a key that matches an attestor in the policy) and that the number of required attestations is met. If verification fails, the pod creation is denied with an error message.
Key Components, Values, Defaults, and Timers
Attestor: A resource of type google_binary_authorization_attestor. It has a name and a public key (ASCII-armored PGP or PKIX PEM). Attestors are project-level resources.
Attestation: Stored in Container Analysis under projects/{project}/notes/{note}/occurrences. The note ID must match the attestor's note reference. Attestations are created using gcloud container binauthz attestations create or the Container Analysis API.
Policy: A resource that defines the default admission rule (ALWAYS_ALLOW, ALWAYS_DENY, or REQUIRE_ATTESTATION). It also includes a list of trusted attestors and optional exemption patterns (e.g., gcr.io/project-id/my-image*).
Default policy: Initially, the policy is set to ALWAYS_ALLOW unless explicitly configured. The exam expects you to know that you must change the policy to REQUIRE_ATTESTATION for enforcement.
Timers: No specific timers; admission control is synchronous and happens at pod creation time.
Cluster requirement: The cluster must have Binary Authorization enabled at creation time (--enable-binauthz). It cannot be enabled on an existing cluster without recreating it.
Configuration and Verification Commands
To configure Binary Authorization, follow these steps:
Enable Container Analysis API:
gcloud services enable containeranalysis.googleapis.comCreate an attestor:
gcloud container binauthz attestors create my-attestor \
--attestation-authority-note my-note \
--note-project-id PROJECT_IDAdd a public key to the attestor:
gcloud container binauthz attestors public-keys add \
--attestor my-attestor \
--pgp-public-key-file key.pubCreate an attestation:
gcloud container binauthz attestations create \
--artifact-url gcr.io/PROJECT_ID/my-image@sha256:DIGEST \
--attestor my-attestor \
--signature-file signature.bin \
--public-key-id KEY_IDSet the policy:
gcloud container binauthz policy set policy.yamlWhere policy.yaml contains:
defaultAdmissionRule:
evaluationMode: REQUIRE_ATTESTATION
enforcementMode: ENFORCED_BLOCK_AND_AUDIT_LOG
requireAttestationsBy:
- projects/PROJECT_ID/attestors/my-attestorCreate a GKE cluster with Binary Authorization:
gcloud container clusters create my-cluster \
--enable-binauthz \
--zone us-central1-aVerification:
Check policy: gcloud container binauthz policy get
Check attestor: gcloud container binauthz attestors list
Check attestations: gcloud container binauthz attestations list --attestor my-attestor
Interaction with Related Technologies
Container Analysis: Stores attestations and vulnerability metadata. Binary Authorization queries Container Analysis to retrieve attestations for an image.
Cloud Build: Can automatically generate attestations after successful builds. Use gcloud builds submit with --attestations flag or use Cloud Build builder for signing.
GKE Admission Controller: BinAuthz is implemented as a dynamic admission controller webhook. The webhook is automatically installed when the cluster is created with --enable-binauthz.
Cloud Audit Logs: All admission decisions are logged. Denied deployments generate audit log entries with evaluationDecision: DENY.
Exam Critical Details
Binary Authorization only applies to images that are pulled from a registry. It does not apply to images that are already cached on the node (unless you enable --binauthz-evaluation-mode=PROJECT_SINGLETON or PROJECT_ATTESTORS). The default mode is PROJECT_SINGLETON.
The policy can have a default admission rule and optional cluster-specific rules.
Exemption patterns support glob patterns (e.g., gcr.io/trusted-project/*).
Attestations are stored in Container Analysis and are tied to the image digest, not the tag. This prevents tag mutability attacks.
The attestor's note reference must be unique per attestor. If you delete and recreate an attestor, you must create a new note or reuse an existing one.
The ENFORCED_BLOCK_AND_AUDIT_LOG enforcement mode blocks the deployment and logs the decision. DRYRUN_AUDIT_LOG_ONLY logs but does not block.
Binary Authorization can be used with Cloud Run for Anthos, but the ACE exam focuses on GKE.
Common Pitfalls
Forgetting to enable Container Analysis API.
Using a tag instead of a digest in the attestation (attestations must use digest).
Not updating the policy from ALWAYS_ALLOW to REQUIRE_ATTESTATION.
Creating an attestor but not adding a public key.
Using the wrong project ID for the note reference.
Summary of Mechanism
User runs kubectl apply -f pod.yaml.
GKE API server receives the request.
BinAuthz admission controller intercepts the request.
Controller extracts the image reference from the pod spec.
If image matches an exemption pattern, allow.
Otherwise, query Container Analysis for attestations.
Verify attestations against attestor public keys.
If valid attestations meet policy requirements, allow; else deny.
Audit log entry is created.
Enable Required APIs
Enable the Binary Authorization API and Container Analysis API. Without these, the attestation storage and admission controller webhook will not function. Use `gcloud services enable binaryauthorization.googleapis.com containeranalysis.googleapis.com`. This is a prerequisite step that is often tested as the first action in a scenario.
Create an Attestor and Add Public Key
Create an attestor resource using `gcloud container binauthz attestors create`. You must also create a Container Analysis note (or use an existing one). Then add a public key (PGP or PKIX) to the attestor. The private key is used to sign attestations off-cluster. The attestor is a project-level resource that defines a trusted authority.
Sign the Container Image
Generate an attestation by signing the image digest with the private key. The signature is created using a tool like `gpg` or `openssl`. The attestation is a binary signature file. The digest is obtained from the container registry (e.g., `gcloud container images describe gcr.io/PROJECT_ID/my-image:tag --format='value(image_summary.digest)'`).
Upload the Attestation to Container Analysis
Use `gcloud container binauthz attestations create` to upload the attestation. This command associates the signature with the image digest and stores it in Container Analysis. The attestation is stored as an occurrence linked to the note. Multiple attestations can exist for the same image from different attestors.
Configure the Binary Authorization Policy
Create a policy YAML file that sets the default admission rule to REQUIRE_ATTESTATION and lists the trusted attestors. Optionally add exemption patterns. Apply the policy with `gcloud container binauthz policy set policy.yaml`. The policy is project-wide and affects all clusters in the project.
Create a GKE Cluster with Binary Authorization Enabled
When creating the cluster, specify `--enable-binauthz`. This installs the BinAuthz admission controller webhook. The cluster must be created with this flag; you cannot enable it later. The webhook intercepts pod creation requests and evaluates them against the policy.
Deploy a Pod and Verify Admission
Attempt to deploy a pod using `kubectl run`. If the image has a valid attestation, the pod is created. If not, the deployment is denied with an error message. Check Cloud Audit Logs for the decision. Use `gcloud logging read` to view logs with `protoPayload.serviceName="binaryauthorization.googleapis.com"`.
Enterprise Scenario 1: Software Supply Chain Security for Financial Services
A large bank wants to ensure that only images that have passed vulnerability scanning and been signed by the security team can run on production GKE clusters. They set up a CI/CD pipeline with Cloud Build. After each successful build, Cloud Build triggers a vulnerability scan via Container Analysis. If no critical vulnerabilities are found, a signing step runs that creates an attestation using a private key stored in Cloud KMS. The attestation is uploaded to Container Analysis. The production cluster has Binary Authorization enforced with a policy that requires attestation from the security team's attestor. Developers can deploy to dev clusters without enforcement. This prevents deployment of unverified images to production. Common issues include forgetting to rotate keys and mismatched note references. The bank runs 50 clusters with over 1,000 deployments per day; Binary Authorization adds negligible latency (under 100ms).
Enterprise Scenario 2: Multi-team Governance with Multiple Attestors
A large e-commerce company has multiple development teams. Each team must have their images signed by both a team lead and a security auditor. They create two attestors: one for team leads and one for security. The policy requires attestations from both attestors. Developers create attestations using their own keys (team lead attestor) and then submit a request to security for the second attestation. This ensures two-person rule for production deployments. The company uses exemption patterns for base images from an internal trusted registry. Misconfiguration often occurs when the policy requires attestations from attestors that do not exist or when the note IDs conflict. They monitor audit logs for denied deployments to detect unauthorized attempts.
Enterprise Scenario 3: Gradual Rollout with Dry Run Mode
A healthcare startup wants to adopt Binary Authorization but is concerned about breaking existing deployments. They first enable Binary Authorization in dry-run mode (evaluationMode: REQUIRE_ATTESTATION with enforcementMode: DRYRUN_AUDIT_LOG_ONLY). This logs whether a deployment would be denied but does not block it. They analyze logs over a week to identify images that lack attestations. Once they have signed all necessary images, they switch to ENFORCED_BLOCK_AND_AUDIT_LOG. This gradual approach is common in production migrations. The startup also uses Cloud Scheduler to periodically check for unsigned images and alert the security team.
What ACE Tests on Binary Authorization (Objective 5.2)
The ACE exam tests your ability to configure and troubleshoot Binary Authorization. Questions are scenario-based, requiring you to select the correct sequence of steps or identify why a deployment is failing. Specific areas:
Enabling the APIs and creating attestors.
Understanding the difference between evaluation modes (REQUIRE_ATTESTATION vs ALWAYS_ALLOW).
Knowing that attestations are tied to image digests, not tags.
Recognizing that the cluster must be created with --enable-binauthz.
Interpreting error messages from denied deployments.
Common Wrong Answers and Why Candidates Choose Them
"Enable Binary Authorization on an existing cluster using `gcloud container clusters update`" – This is wrong because Binary Authorization cannot be enabled on an existing cluster. Candidates confuse it with other GKE features that can be updated. The correct action is to create a new cluster with --enable-binauthz.
"Use `gcloud container binauthz attestations create` with a tag instead of a digest" – Candidates often use a tag (e.g., :latest) because it's simpler. However, attestations must use the image digest to prevent tag mutability attacks. The exam expects you to know this.
"Set the policy to ALWAYS_ALLOW to enforce attestations" – This is the opposite of correct. ALWAYS_ALLOW permits all images without attestation. Candidates may confuse evaluation modes. The correct mode is REQUIRE_ATTESTATION.
"Create an attestor without a public key" – An attestor without a public key cannot verify attestations. Candidates might think the attestor itself is enough. The exam tests that you must add a public key.
Specific Numbers, Values, and Terms That Appear on the Exam
--enable-binauthz flag for cluster creation.
REQUIRE_ATTESTATION, ALWAYS_ALLOW, ALWAYS_DENY.
ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY.
gcloud container binauthz attestors create.
gcloud container binauthz attestations create.
projects/{project}/attestors/{attestor} format.
Container Analysis note reference.
Edge Cases and Exceptions
If the policy is set to REQUIRE_ATTESTATION but no attestor is listed, all images are denied.
Exemption patterns can use * and ? globs, but not regex.
Binary Authorization does not apply to pods that use imagePullPolicy: Always if the image is cached? Actually, it applies to all pod creations regardless of cache. The image is checked on every creation.
Attestations are per-image per-attestor. You cannot have one attestation cover multiple images.
The note used for an attestor must have a unique ID across the project. Reusing a note from a deleted attestor can cause conflicts.
How to Eliminate Wrong Answers
If a question asks about enabling Binary Authorization on an existing cluster, eliminate any answer that doesn't mention creating a new cluster.
If a question involves attestations, look for the use of digest (sha256) instead of tag.
If a question mentions "deployment denied" despite having an attestation, check if the attestor's public key matches the signing key, or if the policy lists the correct attestor.
If a question asks about the first step, it's usually enabling the APIs.
Binary Authorization enforces deployment-time policy for container images on GKE.
Must enable Binary Authorization API and Container Analysis API before use.
Attestors are created with `gcloud container binauthz attestors create` and must have a public key.
Attestations are created with `gcloud container binauthz attestations create` and must use image digests (SHA256), not tags.
The policy is set with `gcloud container binauthz policy set` and can have modes: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION.
GKE clusters must be created with `--enable-binauthz` flag; cannot be added later.
Binary Authorization integrates with Container Analysis for attestation storage.
Exemption patterns can bypass attestation for specific image paths using globs.
Enforcement modes: ENFORCED_BLOCK_AND_AUDIT_LOG (blocks and logs) and DRYRUN_AUDIT_LOG_ONLY (logs only).
Attestations are stored as Container Analysis occurrences linked to a note.
Common exam trap: enabling Binary Authorization on an existing cluster is not possible.
Common exam trap: using a tag instead of a digest in attestations will cause denial.
These come up on the exam all the time. Here's how to tell them apart.
Project Single Key (PSK) Mode
Uses a single project-level key pair for all images.
Simpler to set up; only one key to manage.
Less granular; cannot have multiple trusted authorities.
Attestations are verified against the project's public key.
Recommended for small teams or non-production environments.
Project Attestors (PA) Mode
Uses multiple attestors, each with its own key pair.
More flexible; supports multiple independent signing authorities.
Allows per-attestor policies and multi-party approval.
Attestations are verified against the attestor's public key.
Recommended for production environments with multiple teams.
Mistake
Binary Authorization can be enabled on an existing GKE cluster using `gcloud container clusters update`
Correct
Binary Authorization must be enabled at cluster creation time using `--enable-binauthz`. It cannot be added later without recreating the cluster.
Mistake
Attestations can be created using container image tags (e.g., `:latest`)
Correct
Attestations must reference the image digest (SHA256 hash), not a tag. Tags are mutable and can be changed to point to a different image, which would bypass the attestation.
Mistake
Setting the policy to ALWAYS_ALLOW enforces attestation requirements
Correct
ALWAYS_ALLOW permits all images without any attestation. To enforce attestation, you must set the evaluation mode to REQUIRE_ATTESTATION.
Mistake
An attestor alone is sufficient to verify images; no public key is needed
Correct
An attestor must have at least one public key added. The public key is used to verify the cryptographic signature of an attestation. Without a public key, the attestor cannot validate any attestation.
Mistake
Binary Authorization applies only to images from Google Container Registry (GCR)
Correct
Binary Authorization works with any container registry that supports Container Analysis, including Artifact Registry, Docker Hub, and third-party registries, as long as attestations are stored in Container Analysis.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
You cannot enable Binary Authorization on an existing GKE cluster. You must create a new cluster with the `--enable-binauthz` flag. If you need to migrate, you can create a new cluster, migrate workloads, and delete the old cluster. The exam tests this limitation frequently.
ALWAYS_ALLOW permits all container images to be deployed without any attestation. REQUIRE_ATTESTATION requires that the image has valid attestations from the specified attestors before it can be deployed. The default policy is ALWAYS_ALLOW. You must explicitly set it to REQUIRE_ATTESTATION to enforce Binary Authorization.
Yes, Binary Authorization works with any container registry that supports Container Analysis. You can store attestations in Container Analysis for images from Docker Hub, Artifact Registry, or any other registry. The image reference must include the digest for attestation verification.
If you delete an attestor, the attestations associated with that attestor become orphaned and are no longer considered valid by the policy. Any image that relied on that attestor will be denied deployment unless another attestor's attestation satisfies the policy. You should avoid deleting attestors that are still in use.
Binary Authorization admission decisions are logged in Cloud Audit Logs. You can view them using `gcloud logging read` with a filter like `protoPayload.serviceName="binaryauthorization.googleapis.com"`. The logs include the evaluation decision (ALLOW or DENY), the image, and the policy rule that was applied.
Binary Authorization policy is project-wide, not per-cluster. However, you can create cluster-specific rules within the policy using the `clusterRules` field. These rules allow you to override the default admission rule for specific clusters based on their name or location.
The Container Analysis note acts as a namespace for attestations. Each attestor is associated with a note. Attestations are stored as occurrences of that note. The note provides a way to group and manage attestations for a specific attestor. The note ID must be unique within the project.
You've just covered GKE Binary Authorization — now see how well it sticks with free ACE practice questions. Full explanations included, no account needed.
Done with this chapter?