GKE offers binary authorization - so that only signed containers can be executed
I was wondering could this be used to construct something similar to remote attestation (as used in Intel SGX context) aka to prove to a 3rd party (such as an user) that indeed the running container is what we claim it is?
Binary Authorization ensures only trusted container images are deployed on Google Kubernetes Engine (GKE). With Binary Authorization, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying.
This will only limit your developers on the images they can use, from the perspective of your App user it will not be visible