Solved: Re: Binary Authorization not allowing attested ima...

rorynickolls · 02-12-2025 02:47 AM

I have Binary Authorization set up on a GKE cluster in dry-run mode, requiring a single attestor.

I have manually signed and created an attestation for a Docker image using the gcloud CLI.

It works as expected when I deploy this image using a digest, and no audit log is made to show the image was rejected:

kubectl run --image=europe-west2-docker.pkg.dev/******/*****/python@sha256:c11d57ecde4369331fb32f20195864bbad06b308a6d24968db6485c4c2140d6c python

But when I deploy the exact same image with a tag instead of digest:

kubectl run --image=europe-west2-docker.pkg.dev/******/*****/python:1.0 python

I get this error message in an audit log showing the image was denied:

'europe-west2-docker.pkg.dev/******/*****/python:1.0' : Image europe-west2-docker.pkg.dev/******/*****/python:1.0 denied by attestor projects/******/attestors/manual-test: Expected digest with sha256 scheme, but got tag or malformed digest

My expecation was that Binary Authorization should be able to resolve the tag to a digest internally; in its current state it appears that to use Binary Authorization, all images on the cluster will need to be specified using a digest directly.

Is this correct and intended or have I got something wrong here?

francislouie

Hi rorynickolls,

Yes, this is the intended behaviour of Binary Authorization - Dry run mode on GKE. According to this documentation, When you enable dry-run mode, Binary Authorization allows all container images to be deployed, even if those images violate the Binary Authorization policy. Policy compliance status messages are logged to Cloud Audit Logs.

To resolve the tag-related error, deploy your image using its digest instead of a tag (like 1.0 or latest). Binary Authorization requires the image digest for attestation validation.

For further reference, please see below documentations:

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

View solution in original post

francislouie

Hi rorynickolls,

Yes, this is the intended behaviour of Binary Authorization - Dry run mode on GKE. According to this documentation, When you enable dry-run mode, Binary Authorization allows all container images to be deployed, even if those images violate the Binary Authorization policy. Policy compliance status messages are logged to Cloud Audit Logs.

To resolve the tag-related error, deploy your image using its digest instead of a tag (like 1.0 or latest). Binary Authorization requires the image digest for attestation validation.

For further reference, please see below documentations:

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

sonnytu01

Hi,

I am also running to a similar issue where using digest allows me to deploy and using tag does not work.

In 3rd link mentioned (https://medium.com/google-cloud/security-best-practices-in-gke-part-3-47ec3126c516) this tutorial uses a tag to deploy.

kubectl run hello-server — image gcr.io/google-samples/hello-app:1.0 — port 8080

I followed the same steps but was not able to get this to work. Was there a recent change to binary authorization to prevent using tags?

Binary Authorization not allowing attested image with tag