menu

Google Kubernetes Engine Security: Binary Authorization

Go to Lab

189 Reviews

Please correct the below gcloud commands gcloud --project="${PROJECT_ID}" \ beta container binauthz attestors public-keys add \ --attestor="${ATTESTOR}" \ --pgp-public-key-file="${PGP_PUB_KEY}" gcloud beta container binauthz attestations create \ --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" \ --attestor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" \ --signature-file=${GENERATED_SIGNATURE} \ --public-key-id="${PGP_FINGERPRINT}"

rajathithan r. · Reviewed about 19 hours ago

Jason C. · Reviewed 2 days ago

This lab needs updating - commands are no longer in beta and there are some commands that are really wrong. I gave feedback over chat.

Cato F. · Reviewed 3 days ago

Sukesh H. · Reviewed 3 days ago

Vivek Prasanna M. · Reviewed 4 days ago

Kameswar A. · Reviewed 5 days ago

Loris S. · Reviewed 6 days ago

KAKARAPARTHI G. · Reviewed 11 days ago

Kenji S. · Reviewed 11 days ago

I've found two critical errors in the lab, may you should upgrade with the correct fields to the API gcloud --project="${PROJECT_ID}" \ beta container binauthz attestors public-keys add \ --attestor="${ATTESTOR}" \ --public-key-file="${PGP_PUB_KEY}” gcloud beta container binauthz attestations create \ --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" \ --attestor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" \ --signature-file=${GENERATED_SIGNATURE} \ --pgp-key-fingerprint="${PGP_FINGERPRINT}"

Carlos A F. · Reviewed 12 days ago

good

Alekya K. · Reviewed 12 days ago

Some options do not work, need to be updated

Hoang Nam N. · Reviewed 12 days ago

Great rundown, but some out of date CLI commands, ERROR: (gcloud.beta.container.binauthz.attestors.public-keys.add) unrecognized arguments: --public-key-file=generated-key.pgp (did you mean '--pgp-public-key-file'?) google5519527_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-ad2df822ec2bc042)$ gcloud beta container binauthz attestations create ERROR: (gcloud.beta.container.binauthz.attestations.create) argument --artifact-url --public-key-id --signature-file (--attestor : --attestor-project): Must be specified. Usage: gcloud beta container binauthz attestations create --artifact-url=ARTIFACT_URL --public-key-id=PUBLIC_KEY_ID --signature-file=SIGNATURE_FILE (--attestor=ATTESTOR : --attestor-project=ATTESTOR_PRO JECT) [optional flags] optional flags may be --attestor-project | --help | --payload-file For detailed information on this command and its flags, run: gcloud beta container binauthz attestations create --help google5519527_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-ad2df822ec2bc042)$ gcloud beta container binauthz attestations create --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" --attes tor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" --signature-file=${GENERATED_SIGNATURE} --public-key-id="${PGP_FINGERPRINT}"

Bryan E. · Reviewed 15 days ago

Koh W. · Reviewed 17 days ago

KEERTHI REDDY A. · Reviewed 17 days ago

Khaled B. · Reviewed 20 days ago

ALLA KEERTHI R. · Reviewed 21 days ago

Some sections need to be updated because the variables no longer exist. google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud --project="${PROJECT_ID}" \ > beta container binauthz attestors public-keys add \ > --attestor="${ATTESTOR}" \ > --public-key-file="${PGP_PUB_KEY}" ERROR: (gcloud.beta.container.binauthz.attestors.public-keys.add) unrecognized arguments: --public-key-file=generated-key.pgp (did you mean '--pgp-public-key-file'?) To search the help text of gcloud commands, run: gcloud help -- SEARCH_TERMS google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud --project="${PROJECT_ID}" \ > beta container binauthz attestors public-keys add \ > --attestor="${ATTESTOR}" \ > --pgp-public-key-file="${PGP_PUB_KEY}" google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud beta container binauthz attestations create help ERROR: (gcloud.beta.container.binauthz.attestations.create) unrecognized arguments: help To search the help text of gcloud commands, run: gcloud help -- SEARCH_TERMS google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud help container binauthz google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud help container binauthz attestations create google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud help container binauthz attestations create google5401848_student@cloudshell:~/gke-binary-auth-demo (qwiklabs-gcp-6c721b74533690dc)$ gcloud beta container binauthz attestations create \ > --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" \ > --attestor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" \ > --signature-file=${GENERATED_SIGNATURE} \ > --public-key-id="${PGP_FINGERPRINT}"

Allan A. · Reviewed 23 days ago

There are two errors in the lab 1. The commandgcloud --project="${PROJECT_ID}" \ beta container binauthz attestors public-keys add \ --attestor="${ATTESTOR}" \ --public-key-file="${PGP_PUB_KEY}" is not working, but I forgot the exact correct command. 2. The command gcloud beta container binauthz attestations create is incorrect. I have to use --public-key-id instead of --pgp-key-fingerprint

Yiu Chung L. · Reviewed 23 days ago

Mahmmoud M. · Reviewed 24 days ago

The "creating a private GCR image" section had some commands wrong, or ones that were unrecognized. Should probably be updated.

Draconis N. · Reviewed 25 days ago

Appu V. · Reviewed 27 days ago

Vsevolod H. · Reviewed about 1 month ago

Thanaphoom B. · Reviewed about 1 month ago

It's a long practice, but very informative and useful. I have 2 comments though, there are 2 instructions that fail because of deprecated parameters, the commands I used to complete it are: gcloud --project="${PROJECT_ID}" \ beta container binauthz attestors public-keys add \ --attestor="${ATTESTOR}" \ --pgp-public-key-file="${PGP_PUB_KEY}" And this one: gcloud beta container binauthz attestations create \ --artifact-url="${IMAGE_PATH}@${IMAGE_DIGEST}" \ --attestor="projects/${PROJECT_ID}/attestors/${ATTESTOR}" \ --signature-file=${GENERATED_SIGNATURE} \ --public-key-id="${PGP_FINGERPRINT}"

Rafael M. · Reviewed about 1 month ago