Google Kubernetes Engine Security: Binary Authorization Reviews

Really interesting, maybe should be split into two demos. There were three typos with the demo instructions; I sorted them and got everything to work. The problems were: 1. Adding pop key to the attestor has “—public-key-file” when it should be “--pgp-key-fingerprint” 2. Creating the attestation has “—pgp-key-fingerprint” when it should be “--public-key-file” 3. When adding the attestor to the binary auth location, only the name of the attestor is required, not the whole path

Duncan H. · Reviewed over 6 years ago

近藤洋平 近. · Reviewed over 6 years ago

Jacob W. · Reviewed over 6 years ago

Tamas F. · Reviewed over 6 years ago

Tuo W. · Reviewed over 6 years ago

There are typos in 2 of the commands. Struggled with them for some time until finding the correct ones. Other than these issues, all was great.

Ahmet G. · Reviewed over 6 years ago

There is no way to even remember the steps and commands.

Jean-Charles V. · Reviewed over 6 years ago

Ganesh T. · Reviewed over 6 years ago

Nice.

Scott Q. · Reviewed over 6 years ago

Mahesh B. · Reviewed over 6 years ago

Fernanda M. · Reviewed over 6 years ago

Had to work around 2 errors in the documentation

James M. · Reviewed over 6 years ago

Matthew H. · Reviewed over 6 years ago

Yinli W. · Reviewed over 6 years ago

Svetlana Z. · Reviewed over 6 years ago

there are some commands which need to be updated like this "gcloud beta container binauthz attestations create \ --project="${ATTESTATION_PROJECT_ID}" \ --artifact-url="${IMAGE_TO_ATTEST}" \ --attestor="projects/${ATTESTOR_PROJECT_ID}/attestors/${ATTESTOR}" \ --signature-file=/tmp/generated_signature \ --public-key-id="$KEY_ID" " instructions still refer to fingerprint instead of "public-key-id"

Barkha K. · Reviewed over 6 years ago

Ajay G. · Reviewed over 6 years ago

Michael M. · Reviewed over 6 years ago

Please correct the below gcloud commands gcloud --project="${PROJECT_ID}" \ beta container binauthz attestors public-keys add \ --attestor="${ATTESTOR}" \ --pgp-public-key-file="${PGP_PUB_KEY}" gcloud beta container binauthz attestations create \ --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" \ --attestor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" \ --signature-file=${GENERATED_SIGNATURE} \ --public-key-id="${PGP_FINGERPRINT}"

rajathithan r. · Reviewed over 6 years ago

Jason C. · Reviewed over 6 years ago

This lab needs updating - commands are no longer in beta and there are some commands that are really wrong. I gave feedback over chat.

Cato F. · Reviewed over 6 years ago

Sukesh H. · Reviewed over 6 years ago

Vivek Prasanna M. · Reviewed over 6 years ago

Kameswar A. · Reviewed over 6 years ago

Loris S. · Reviewed over 6 years ago