Documentazione di Autorizzazione binaria
Autorizzazione binaria è un servizio su Google Cloud che fornisce sicurezza centralizzata della supply chain del software per le applicazioni eseguite su Google Kubernetes Engine (GKE), Cloud Run e Distributed Cloud.
Scopri di più
Inizia la tua proof of concept con 300 $ di credito gratuito
-
Accedi a Gemini 2.0 Flash Thinking
-
Utilizzo mensile gratuito dei prodotti più apprezzati, tra cui API di AI e BigQuery
-
Nessun addebito automatico, nessun impegno
Continua a esplorare con oltre 20 prodotti sempre gratis
Accedi a oltre 20 prodotti gratuiti per casi d'uso comuni, tra cui API AI, VM, data warehouse e altro ancora.
Formazione
Formazione e tutorial
Proteggere i deployment GKE con Autorizzazione binaria
Questo lab descrive come proteggere un cluster GKE utilizzando Autorizzazione binaria.
GKE
Formazione
Formazione e tutorial
Proteggere i deployment GKE con Autorizzazione binaria
Aggiungi l'applicazione dei criteri in fase di deployment al tuo cluster GKE.
GKE
Formazione
Formazione e tutorial
Inizia subito a utilizzare GKE e Autorizzazione binaria con questa guida end-to-end.
GKE
Formazione
Formazione e tutorial
Configurazione con più progetti
Utilizza progetti diversi per limitare l'accesso per attività diverse, applicando la separazione dei compiti.
GKE
Formazione
Formazione e tutorial
Visualizzare i log di controllo per Autorizzazione binaria
Visualizza i log di controllo per gli eventi di Autorizzazione binaria.
GKE
Audit log di Cloud
Formazione
Formazione e tutorial
Visualizza gli audit log per l'autorizzazione binaria per Google Distributed Cloud (GDC)
Visualizza i log di controllo per gli eventi di Autorizzazione binaria per Google Distributed Cloud.
GKE On-Prem
Audit log di Cloud
Formazione
Formazione e tutorial
Monitora le metriche per Autorizzazione binaria per Google Distributed Cloud
Monitora le metriche di Autorizzazione binaria per GKE On-Prem.
GKE On-Prem
Cloud Monitoring
Caso d'uso
Casi d'uso
Controlli di sicurezza e analisi forense per le app GKE
Strumentazione e strumenti utilizzati nell'analisi forense per le app di cui è stato eseguito il deployment in GKE.
Sicurezza
Analisi dei container
Caso d'uso
Casi d'uso
Contribuire a proteggere le catene di fornitura del software su GKE
Mostra come assicurarti che la tua supply chain segua un percorso noto e sicuro prima di eseguire il deployment del codice in un cluster GKE.
DevOps
Esempio di codice
Esempi di codice
Provider Google
Con il provider Google per Terraform, puoi configurare la tua infrastruttura Google Cloud.
Esempio di codice
Esempi di codice
Provider attestatore
Crea attestatori di autorizzazione binaria.
Esempio di codice
Esempi di codice
Policy IAM per il firmatario di Autorizzazione binaria
Tre risorse diverse ti aiutano a gestire i criteri IAM per Binary Authorization Attestor.
Esempio di codice
Esempi di codice
Criterio di Autorizzazione binaria
Configura un criterio di Autorizzazione binaria.
Salvo quando diversamente specificato, i contenuti di questa pagina sono concessi in base alla licenza Creative Commons Attribution 4.0, mentre gli esempi di codice sono concessi in base alla licenza Apache 2.0. Per ulteriori dettagli, consulta le norme del sito di Google Developers. Java è un marchio registrato di Oracle e/o delle sue consociate.
Ultimo aggiornamento 2025-08-28 UTC.
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-08-28 UTC."],[[["\u003cp\u003eBinary Authorization is a Google Cloud service that enhances software supply-chain security for applications on Google Kubernetes Engine (GKE) and Distributed Cloud.\u003c/p\u003e\n"],["\u003cp\u003eThis documentation provides guides on configuring Binary Authorization policies, including quickstarts and tutorials for GKE, Cloud Console, and REST API.\u003c/p\u003e\n"],["\u003cp\u003eYou can learn how to create attestations, including using Kritis Signer or Voucher for vulnerability scanning.\u003c/p\u003e\n"],["\u003cp\u003eReference materials cover policy YAML, gcloud and REST API, along with permissions, roles, and custom roles.\u003c/p\u003e\n"],["\u003cp\u003eResources include pricing information, support options, billing questions, release notes, and details on quotas and limits.\u003c/p\u003e\n"]]],[],null,["# Binary Authorization documentation\n==================================\n\n[Read product documentation](/binary-authorization/docs/overview)\nBinary Authorization is a service on Google Cloud that provides centralized\nsoftware supply-chain security for applications that run on\nGoogle Kubernetes Engine (GKE), Cloud Run, and Distributed Cloud. [Learn more](/binary-authorization/docs/overview)\n[Get started for free](https://console.cloud.google.com/freetrial) \n\n#### Start your proof of concept with $300 in free credit\n\n- Get access to Gemini 2.0 Flash Thinking\n- Free monthly usage of popular products, including AI APIs and BigQuery\n- No automatic charges, no commitment \n[View free product offers](/free/docs/free-cloud-features#free-tier) \n\n#### Keep exploring with 20+ always-free products\n\n\nAccess 20+ free products for common use cases, including AI APIs, VMs, data warehouses,\nand more.\n\nDocumentation resources\n-----------------------\n\nFind quickstarts and guides, review key references, and get help with common issues. \nformat_list_numbered\n\n### Guides\n\n-\n\n [Quickstart: Configure a Binary Authorization policy with GKE](/binary-authorization/docs/configure-policy-gke)\n\n-\n\n [End-to-end attestation tutorial (GKE)](/binary-authorization/docs/getting-started-console)\n\n-\n\n [Set up Binary Authorization on your platform](/binary-authorization/docs/set-up-platform)\n\n-\n\n [Create attestations in a Cloud Build pipeline](/binary-authorization/docs/cloud-build)\n\n-\n\n [Configure a policy using Cloud console](/binary-authorization/docs/configuring-policy-console)\n\n-\n\n [Create attestors using Cloud console](/binary-authorization/docs/creating-attestors-console)\n\n-\n\n [Create attestations](/binary-authorization/docs/making-attestations)\n\n-\n\n [Configure a policy using the REST API](/binary-authorization/docs/configuring-policy-rest)\n\nfind_in_page\n\n### Reference\n\n-\n\n [Policy YAML reference](/binary-authorization/docs/policy-yaml-reference)\n\n-\n\n [Example policies](/binary-authorization/docs/example-policies)\n\n-\n\n [gcloud reference](/sdk/gcloud/reference/container/binauthz)\n\n-\n\n [REST API](/binary-authorization/docs/reference/rest)\n\n-\n\n [Permissions and roles](/binary-authorization/docs/reference/permissions-and-roles)\n\n-\n\n [Separation of duties and IAM roles](/binary-authorization/docs/reference/organizational-and-iam-roles)\n\n-\n\n [Custom roles](/binary-authorization/docs/reference/custom-roles)\n\n-\n\n [RPC API](/binary-authorization/docs/reference/rpc)\n\ninfo\n\n### Resources\n\n-\n\n [Pricing](/binary-authorization/pricing)\n\n-\n\n [Get support](/binary-authorization/docs/getting-support)\n\n-\n\n [Billing questions](/binary-authorization/docs/billing-questions)\n\n-\n\n [Release notes](/binary-authorization/docs/release-notes)\n\n-\n\n [Quotas and limits](/binary-authorization/docs/quotas)\n\nRelated resources\n-----------------\n\nTraining and tutorials \nUse cases \nCode samples \nExplore self-paced training, use cases, reference architectures, and code samples with examples of how to use and connect Google Cloud services. Training \nTraining and tutorials\n\n### Secure your GKE Deployments with Binary Authorization\n\n\nThis lab describes how to secure a GKE cluster using Binary Authorization.\n\nGKE\n\n\u003cbr /\u003e\n\n[Learn more](https://www.cloudskillsboost.google/focuses/1791?parent=catalog) \nTraining \nTraining and tutorials\n\n### Secure your GKE Deployments with Binary Authorization\n\n\nAdd deploy-time policy enforcement to your GKE cluster.\n\nGKE\n\n\u003cbr /\u003e\n\n[Learn more](https://codelabs.developers.google.com/codelabs/cloud-binauthz-intro) \nTraining \nTraining and tutorials\n\n### Get started using the command-line tool\n\n\nGet up and running quickly with GKE and Binary Authorization with this end-to-end getting started tutorial.\n\nGKE\n\n\u003cbr /\u003e\n\n[Learn more](/binary-authorization/docs/getting-started-cli) \nTraining \nTraining and tutorials\n\n### Multi-project setup\n\n\nUse different projects to restrict access for different activities, enforcing separation of duties.\n\nGKE\n\n\u003cbr /\u003e\n\n[Learn more](/binary-authorization/docs/multi-project-setup-cli) \nTraining \nTraining and tutorials\n\n### View audit logs for Binary Authorization\n\n\nView audit logs for Binary Authorization events.\n\nGKE Cloud Audit Logs\n\n\u003cbr /\u003e\n\n[Learn more](/binary-authorization/docs/viewing-audit-logs) \nTraining \nTraining and tutorials\n\n### View audit logs for Binary Authorization for Google Distributed Cloud (GDC)\n\n\nView audit logs for Binary Authorization events for Google Distributed Cloud.\n\nGKE on-prem Cloud Audit Logs\n\n\u003cbr /\u003e\n\n[Learn more](/binary-authorization/docs/viewing-on-prem-logs) \nTraining \nTraining and tutorials\n\n### Monitor metrics for Binary Authorization for Google Distributed Cloud\n\n\nMonitor metrics from Binary Authorization for GKE on-prem.\n\nGKE on-prem Cloud Monitoring\n\n\u003cbr /\u003e\n\n[Learn more](/binary-authorization/docs/on-prem-cloud-monitoring) \nUse case \nUse cases\n\n### Security controls and forensic analysis for GKE apps\n\n\nDetails instrumentation and tools used in forensic analysis for apps deployed to GKE.\n\nSecurity Container analysis\n\n\u003cbr /\u003e\n\n[Learn more](/solutions/security-controls-and-forensic-analysis-for-GKE-apps) \nUse case \nUse cases\n\n### Help secure software supply chains on GKE\n\n\nShows you how to ensure that your supply chain follows a known and secure path before you deploy your code in a GKE cluster.\n\nDevOps\n\n\u003cbr /\u003e\n\n[Learn more](/solutions/secure-software-supply-chains-on-google-kubernetes-engine) \nCode sample \nCode Samples\n\n### Google Provider\n\n\nWith Google Provider for Terraform, you can configure your Google Cloud infrastructure.\n\n\n[Learn more\narrow_forward](https://www.terraform.io/docs/providers/google/index.html) \nCode sample \nCode Samples\n\n### Attestor Provider\n\n\nCreate Binary Authorization attestors.\n\n\n[Learn more\narrow_forward](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/binary_authorization_attestor) \nCode sample \nCode Samples\n\n### IAM policy for Binary Authorization Attestor\n\n\nThree different resources help you manage your IAM policy for Binary Authorization Attestor.\n\n\n[Learn more\narrow_forward](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/binary_authorization_attestor_iam) \nCode sample \nCode Samples\n\n### Binary Authorization Policy\n\n\nConfigure a Binary Authorization policy.\n\n\n[Learn more\narrow_forward](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/binary_authorization_policy)\n\nRelated videos\n--------------"]]
