Google Kubernetes Engine Security: Binary Authorization Reviews

Loris S. · Reviewed מעל 6 שנים ago

Guru Charan K. · Reviewed מעל 6 שנים ago

Kenji S. · Reviewed מעל 6 שנים ago

I've found two critical errors in the lab, may you should upgrade with the correct fields to the API gcloud --project="${PROJECT_ID}" \ beta container binauthz attestors public-keys add \ --attestor="${ATTESTOR}" \ --public-key-file="${PGP_PUB_KEY}” gcloud beta container binauthz attestations create \ --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" \ --attestor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" \ --signature-file=${GENERATED_SIGNATURE} \ --pgp-key-fingerprint="${PGP_FINGERPRINT}"

Carlos A F. · Reviewed מעל 6 שנים ago

Some options do not work, need to be updated

Hoang Nam N. · Reviewed מעל 6 שנים ago

Great rundown, but some out of date CLI commands, ERROR: (gcloud.beta.container.binauthz.attestors.public-keys.add) unrecognized arguments: --public-key-file=generated-key.pgp (did you mean '--pgp-public-key-file'?) google5519527_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-ad2df822ec2bc042)$ gcloud beta container binauthz attestations create ERROR: (gcloud.beta.container.binauthz.attestations.create) argument --artifact-url --public-key-id --signature-file (--attestor : --attestor-project): Must be specified. Usage: gcloud beta container binauthz attestations create --artifact-url=ARTIFACT_URL --public-key-id=PUBLIC_KEY_ID --signature-file=SIGNATURE_FILE (--attestor=ATTESTOR : --attestor-project=ATTESTOR_PRO JECT) [optional flags] optional flags may be --attestor-project | --help | --payload-file For detailed information on this command and its flags, run: gcloud beta container binauthz attestations create --help google5519527_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-ad2df822ec2bc042)$ gcloud beta container binauthz attestations create --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" --attes tor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" --signature-file=${GENERATED_SIGNATURE} --public-key-id="${PGP_FINGERPRINT}"

Bryan E. · Reviewed מעל 6 שנים ago

Koh W. · Reviewed מעל 6 שנים ago

KEERTHI REDDY A. · Reviewed מעל 6 שנים ago

Khaled B. · Reviewed מעל 6 שנים ago

ALLA KEERTHI R. · Reviewed מעל 6 שנים ago

Some sections need to be updated because the variables no longer exist. google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud --project="${PROJECT_ID}" \ > beta container binauthz attestors public-keys add \ > --attestor="${ATTESTOR}" \ > --public-key-file="${PGP_PUB_KEY}" ERROR: (gcloud.beta.container.binauthz.attestors.public-keys.add) unrecognized arguments: --public-key-file=generated-key.pgp (did you mean '--pgp-public-key-file'?) To search the help text of gcloud commands, run: gcloud help -- SEARCH_TERMS google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud --project="${PROJECT_ID}" \ > beta container binauthz attestors public-keys add \ > --attestor="${ATTESTOR}" \ > --pgp-public-key-file="${PGP_PUB_KEY}" google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud beta container binauthz attestations create help ERROR: (gcloud.beta.container.binauthz.attestations.create) unrecognized arguments: help To search the help text of gcloud commands, run: gcloud help -- SEARCH_TERMS google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud help container binauthz google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud help container binauthz attestations create google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud help container binauthz attestations create google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud beta container binauthz attestations create \ > --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" \ > --attestor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" \ > --signature-file=${GENERATED_SIGNATURE} \ > --public-key-id="${PGP_FINGERPRINT}"

Allan A. · Reviewed מעל 6 שנים ago

There are two errors in the lab 1. The commandgcloud --project="${PROJECT_ID}" \ beta container binauthz attestors public-keys add \ --attestor="${ATTESTOR}" \ --public-key-file="${PGP_PUB_KEY}" is not working, but I forgot the exact correct command. 2. The command gcloud beta container binauthz attestations create is incorrect. I have to use --public-key-id instead of --pgp-key-fingerprint

Yiu Chung L. · Reviewed מעל 6 שנים ago

Mahmmoud M. · Reviewed מעל 6 שנים ago

The "creating a private GCR image" section had some commands wrong, or ones that were unrecognized. Should probably be updated.

Draconis N. · Reviewed מעל 6 שנים ago

Appu V. · Reviewed מעל 6 שנים ago

Vsevolod G. · Reviewed מעל 6 שנים ago

Thanaphoom B. · Reviewed מעל 6 שנים ago

It's a long practice, but very informative and useful. I have 2 comments though, there are 2 instructions that fail because of deprecated parameters, the commands I used to complete it are: gcloud --project="${PROJECT_ID}" \ beta container binauthz attestors public-keys add \ --attestor="${ATTESTOR}" \ --pgp-public-key-file="${PGP_PUB_KEY}" And this one: gcloud beta container binauthz attestations create \ --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" \ --attestor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" \ --signature-file=${GENERATED_SIGNATURE} \ --public-key-id="${PGP_FINGERPRINT}"

Rafael M. · Reviewed מעל 6 שנים ago

it was fine

Richard E. · Reviewed מעל 6 שנים ago

incorrect pgp instructions

Steve N. · Reviewed מעל 6 שנים ago

Brandon J. · Reviewed מעל 6 שנים ago

Kevin M. · Reviewed מעל 6 שנים ago

Mehadi H. · Reviewed מעל 6 שנים ago

Although there are a few errors: - gcloud beta container binauthz attestations create , the option is --public-key-id, not --pgp-key-fingerprint - gcloud beta container binauthz attestors public-keys add, the option is --pgp-public-key-file, not --public-key-file

Mike S. · Reviewed מעל 6 שנים ago