Google Kubernetes Engine のセキュリティ: Binary Authorization のレビュー

Kakaraparthi Guru Charan · 6年以上前にレビュー済み

Soma Kenji · 6年以上前にレビュー済み

I've found two critical errors in the lab, may you should upgrade with the correct fields to the API gcloud --project="${PROJECT_ID}" \ beta container binauthz attestors public-keys add \ --attestor="${ATTESTOR}" \ --public-key-file="${PGP_PUB_KEY}” gcloud beta container binauthz attestations create \ --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" \ --attestor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" \ --signature-file=${GENERATED_SIGNATURE} \ --pgp-key-fingerprint="${PGP_FINGERPRINT}"

Farias A Carlos A · 6年以上前にレビュー済み

Some options do not work, need to be updated

Nguyen Hoang Nam · 6年以上前にレビュー済み

Great rundown, but some out of date CLI commands, ERROR: (gcloud.beta.container.binauthz.attestors.public-keys.add) unrecognized arguments: --public-key-file=generated-key.pgp (did you mean '--pgp-public-key-file'?) google5519527_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-ad2df822ec2bc042)$ gcloud beta container binauthz attestations create ERROR: (gcloud.beta.container.binauthz.attestations.create) argument --artifact-url --public-key-id --signature-file (--attestor : --attestor-project): Must be specified. Usage: gcloud beta container binauthz attestations create --artifact-url=ARTIFACT_URL --public-key-id=PUBLIC_KEY_ID --signature-file=SIGNATURE_FILE (--attestor=ATTESTOR : --attestor-project=ATTESTOR_PRO JECT) [optional flags] optional flags may be --attestor-project | --help | --payload-file For detailed information on this command and its flags, run: gcloud beta container binauthz attestations create --help google5519527_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-ad2df822ec2bc042)$ gcloud beta container binauthz attestations create --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" --attes tor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" --signature-file=${GENERATED_SIGNATURE} --public-key-id="${PGP_FINGERPRINT}"

Egan Bryan · 6年以上前にレビュー済み

Wyhow Koh · 6年以上前にレビュー済み

ALLA KEERTHI REDDY · 6年以上前にレビュー済み

Benmerabet Khaled · 6年以上前にレビュー済み

REDDY ALLA KEERTHI · 6年以上前にレビュー済み

Some sections need to be updated because the variables no longer exist. google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud --project="${PROJECT_ID}" \ > beta container binauthz attestors public-keys add \ > --attestor="${ATTESTOR}" \ > --public-key-file="${PGP_PUB_KEY}" ERROR: (gcloud.beta.container.binauthz.attestors.public-keys.add) unrecognized arguments: --public-key-file=generated-key.pgp (did you mean '--pgp-public-key-file'?) To search the help text of gcloud commands, run: gcloud help -- SEARCH_TERMS google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud --project="${PROJECT_ID}" \ > beta container binauthz attestors public-keys add \ > --attestor="${ATTESTOR}" \ > --pgp-public-key-file="${PGP_PUB_KEY}" google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud beta container binauthz attestations create help ERROR: (gcloud.beta.container.binauthz.attestations.create) unrecognized arguments: help To search the help text of gcloud commands, run: gcloud help -- SEARCH_TERMS google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud help container binauthz google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud help container binauthz attestations create google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud help container binauthz attestations create google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud beta container binauthz attestations create \ > --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" \ > --attestor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" \ > --signature-file=${GENERATED_SIGNATURE} \ > --public-key-id="${PGP_FINGERPRINT}"

Alfonso Allan · 6年以上前にレビュー済み

There are two errors in the lab 1. The commandgcloud --project="${PROJECT_ID}" \ beta container binauthz attestors public-keys add \ --attestor="${ATTESTOR}" \ --public-key-file="${PGP_PUB_KEY}" is not working, but I forgot the exact correct command. 2. The command gcloud beta container binauthz attestations create is incorrect. I have to use --public-key-id instead of --pgp-key-fingerprint

Lee Yiu Chung · 6年以上前にレビュー済み

Mahdi Mahmmoud · 6年以上前にレビュー済み

The "creating a private GCR image" section had some commands wrong, or ones that were unrecognized. Should probably be updated.

Neurocam Draconis · 6年以上前にレビュー済み

V Appu · 6年以上前にレビュー済み

Grechaniuk Vsevolod · 6年以上前にレビュー済み

Babparn Thanaphoom · 6年以上前にレビュー済み

It's a long practice, but very informative and useful. I have 2 comments though, there are 2 instructions that fail because of deprecated parameters, the commands I used to complete it are: gcloud --project="${PROJECT_ID}" \ beta container binauthz attestors public-keys add \ --attestor="${ATTESTOR}" \ --pgp-public-key-file="${PGP_PUB_KEY}" And this one: gcloud beta container binauthz attestations create \ --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" \ --attestor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" \ --signature-file=${GENERATED_SIGNATURE} \ --public-key-id="${PGP_FINGERPRINT}"

Munoz Gomez Rafael · 6年以上前にレビュー済み

it was fine

Eller Richard · 6年以上前にレビュー済み

incorrect pgp instructions

Noble Steve · 6年以上前にレビュー済み

Jiang Brandon · 6年以上前にレビュー済み

McKenzie Kevin · 6年以上前にレビュー済み

Hasan Mehadi · 6年以上前にレビュー済み

Although there are a few errors: - gcloud beta container binauthz attestations create , the option is --public-key-id, not --pgp-key-fingerprint - gcloud beta container binauthz attestors public-keys add, the option is --pgp-public-key-file, not --public-key-file

Schmidt Mike · 6年以上前にレビュー済み

Alrahmah Abdullah · 6年以上前にレビュー済み