Set up overview for Cloud Service Mesh

This page provides an overview of how to set up Binary Authorization for use with Cloud Service Mesh.

Before you begin

Before you use Binary Authorization for Cloud Service Mesh, you must first install Cloud Service Mesh on Google Kubernetes Engine (GKE). For more information, see the quickstart or the GKE installation guides.

Setup Steps

To set up Binary Authorization for Cloud Service Mesh, perform the following steps:

  1. Enable Binary Authorization.

  2. Configure your Binary Authorization policy.

    You can configure the following features in your policy:

  3. Optional: Use the built-by-cloud-build attestor to deploy only images built by Cloud Build.

  4. Optional: Use attestations.

  5. View audit logs by following instructions in View audit logs for GKE.

Disable Binary Authorization for GKE with Cloud Service Mesh

To disable Binary Authorization for GKE with Cloud Service Mesh enabled, follow the instructions in Disable Binary Authorization for GKE.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年10月24日 UTC.