Explanation:
Binary Authorization is a deploy-time security service that ensures only trusted containers are deployed in your GKE cluster. It operates on a policy-driven model for configuring security policies and interacts with the Container Analysis service. An attestation, which is a statement from an Attestor confirming an image's readiness for deployment, must be properly submitted to avoid such errors. The setup process involves enabling necessary APIs, creating a Kubernetes cluster with Binary Authorization enabled, setting up a Note, generating PGP keys, and creating an Attestor. Simply contacting support or enabling Cloud Build with the right IAM permissions does not address the root cause of the attestation error.
Ultimate access to all questions.
You attempted to deploy a new application image without the signature part and encountered an error 'Denied by Attestor'. What is the most likely solution to resolve this issue?
A
Extract the signature of PGP with Putty
B
Enable Cloud Build with proper permissions in IAM
C
Create an attestation and submit to Binary Authorization
D
Contact Support since it's clearly a Google Issue
No comments yet.