diff --git a/modules/k8s/main.tf b/modules/k8s/main.tf
index 73be394..16530b2 100644
--- a/modules/k8s/main.tf
+++ b/modules/k8s/main.tf
@@ -67,6 +67,9 @@ resource "google_container_cluster" "pwncorp_cluster" {
     master_ipv4_cidr_block  = var.master_ipv4_cidr_block
   }
 
+  binary_authorization {
+    evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+  }
 }
 
 # Node pool for Cluster
diff --git a/modules/projects/main.tf b/modules/projects/main.tf
index c600d79..ed9ad64 100644
--- a/modules/projects/main.tf
+++ b/modules/projects/main.tf
@@ -14,14 +14,26 @@ resource "google_organization_policy" "default_network_policy" {
   }
 }
 
-# resource "google_binary_authorization_policy" "binary_auth_policy" {
-#   admission_whitelist_patterns {
-#     name_pattern = "gcr.io/google_containers/*"
-#   }
-
-#   default_admission_rule {
-#     evaluation_mode  = "ALWAYS_ALLOW"
-#     enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
-#   }
-# }
+resource "google_binary_authorization_policy" "binary_auth_policy" {
+  admission_whitelist_patterns {
+    name_pattern = "docker.io/bitnami/*"
+  }
+
+  admission_whitelist_patterns {
+    name_pattern = "docker.io/istio/*"
+  }
+
+  admission_whitelist_patterns {
+    name_pattern = "quay.io/pwncorp/*"
+  }
+
+  default_admission_rule {
+    evaluation_mode  = "ALWAYS_DENY"
+    enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
+  }
+
+  global_policy_evaluation_mode = "ENABLE"
+  project                       = var.project_id
+}
+