Answer-first summary for fast verification
Answer: Create an attestation and submit it to binary authorization
The correct answer is to **Create an attestation and submit it to binary authorization**. Binary Authorization is a Google service that ensures only trusted containers are deployed in your GKE cluster by enforcing security policies. An attestation is a verification from an Attestor that an image is safe for deployment. Without this, the 'Denied by Attestor' error occurs. The solution involves enabling necessary APIs, setting up a Kubernetes cluster with Binary Authorization, creating a Note, generating PGP keys, and establishing an Attestor. Other options like extracting PGP signatures or adjusting IAM permissions for Cloud Build are irrelevant to this specific error. Contacting Google Support is also unnecessary as the issue can be resolved by properly submitting an attestation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You've created a new application image without an image signature and encounter an error 'Denied by Attestor' upon deployment. What is the most effective solution to this issue?
A
Enable cloud build to use the proper permissions in IAM
B
Create an attestation and submit it to binary authorization
C
Extract the signature of PGP with PUTTY
D
Contact Support since this is a Google issue
No comments yet.