{"id":25828837,"url":"https://github.com/akashsinghal/ratify-containerd","last_synced_at":"2026-03-02T08:34:16.479Z","repository":{"id":98978069,"uuid":"512895447","full_name":"ratify-project/ratify-containerd","owner":"ratify-project","description":"ratify containerd PoC","archived":false,"fork":false,"pushed_at":"2025-02-17T02:51:21.000Z","size":75033,"stargazers_count":3,"open_issues_count":5,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-19T16:07:11.205Z","etag":null,"topics":["containerd","kubernetes","secure-supply-chain"],"latest_commit_sha":null,"homepage":"https://ratify.dev/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ratify-project.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-11T20:11:17.000Z","updated_at":"2025-01-30T00:43:15.000Z","dependencies_parsed_at":"2025-01-19T08:37:54.881Z","dependency_job_id":null,"html_url":"https://github.com/ratify-project/ratify-containerd","commit_stats":null,"previous_names":["akashsinghal/ratify-containerd","ratify-project/ratify-containerd"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratify-project%2Fratify-containerd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratify-project%2Fratify-containerd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratify-project%2Fratify-containerd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratify-project%2Fratify-containerd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ratify-project","download_url":"https://codeload.github.com/ratify-project/ratify-containerd/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241199340,"owners_count":19926556,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["containerd","kubernetes","secure-supply-chain"],"created_at":"2025-02-28T18:24:38.568Z","updated_at":"2026-03-02T08:34:16.429Z","avatar_url":"https://github.com/ratify-project.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"logo.svg\" width=\"200\"\u003e\n\u003c/div\u003e\n\n# Ratify Containerd Prototype\n\n\u003e [!CAUTION]\n\u003e This repository is marked EXPERIMENTAL. It demonstrates only a Proof of Concept. Contents may be altered at any time.\n\n## Getting Started\n\nPlease refer to exploration [document](docs/overview.md) for more details.\n\n### Prerequisites\n\n* kubectl\n* minikube\n\n### Walkthrough\n\n1. Create a `minikube` cluster with containerd container runtime\n\n    ```bash\n    minikube start -n 2 --container-runtime containerd\n    ```\n\n2. Configure node RBAC to get namespaced ConfigMap resources\n\n    ```bash\n    kubectl apply -f https://raw.githubusercontent.com/akashsinghal/ratify-containerd/main/k8s-templates/clusterrolebinding.yaml\n    ```\n\n3. Configure nodes. Wait for 30-40 seconds for daemonset to complete (Note: daemonset pods will not terminate. check logs for completion)\n\n    ```bash\n    kubectl apply -f https://raw.githubusercontent.com/akashsinghal/ratify-containerd/main/k8s-templates/configure-nodes.yaml\n    ```\n\n4. Apply Ratify ConfigMap\n\n    ```bash\n    kubectl apply -f https://raw.githubusercontent.com/akashsinghal/ratify-containerd/main/k8s-templates/ratify-config.yaml\n    ```\n\n5. Test with signed image\n\n    ```bash\n    kubectl run demo-signed --image=ghcr.io/ratify-project/ratify/notary-image:signed\n    kubectl describe pod demo-signed\n    ```\n\n6. Test with unsigned image. Pod should fail to pull image and start.\n\n    ```bash\n    kubectl run demo-unsigned --image=ghcr.io/ratify-project/ratify/notary-image:unsigned\n    ```\n\n7. Check Pod state and verify kublet is failing to pull due to verification plugin rejecting pull\n\n    ```bash\n    kubectl describe pod demo-unsigned\n    ```\n\n    ![alt text](docs/img/demo-unsigned.png)\n\n## Code of Conduct\n\nratify-containerd follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).\n\n## Licensing\n\nThis project is released under the [Apache-2.0 License](./LICENSE).\n\n## Trademark\n\nThis project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark \u0026 Brand Guidelines][microsoft-trademark]. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.\n\n[microsoft-trademark]: https://www.microsoft.com/legal/intellectualproperty/trademarks\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fakashsinghal%2Fratify-containerd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fakashsinghal%2Fratify-containerd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fakashsinghal%2Fratify-containerd/lists"}