{"id":46696879,"url":"https://github.com/rapidfort/kimia","last_synced_at":"2026-03-09T05:31:51.786Z","repository":{"id":319375878,"uuid":"1071763738","full_name":"rapidfort/kimia","owner":"rapidfort","description":"Kubernetes-Native OCI Image Builder. ","archived":false,"fork":false,"pushed_at":"2026-03-04T22:38:06.000Z","size":1656,"stargazers_count":77,"open_issues_count":3,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-03-05T01:42:45.321Z","etag":null,"topics":["buildah","buildkit","daemonless","developer-tools","docker-image","dockerfile","kaniko","kubernetes","oci-compliant","privilege-free","reproducible-builds","rootless"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rapidfort.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-07T19:27:06.000Z","updated_at":"2026-03-04T19:38:01.000Z","dependencies_parsed_at":"2025-10-27T07:14:43.642Z","dependency_job_id":"ec1d6cf3-00b9-4a1c-b088-6f7fe0c33c79","html_url":"https://github.com/rapidfort/kimia","commit_stats":null,"previous_names":["rapidfort/smithy","rapidfort/kimia"],"tags_count":22,"template":false,"template_full_name":null,"purl":"pkg:github/rapidfort/kimia","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rapidfort%2Fkimia","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rapidfort%2Fkimia/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rapidfort%2Fkimia/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rapidfort%2Fkimia/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rapidfort","download_url":"https://codeload.github.com/rapidfort/kimia/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rapidfort%2Fkimia/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30283901,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T02:57:19.223Z","status":"ssl_error","status_checked_at":"2026-03-09T02:56:26.373Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["buildah","buildkit","daemonless","developer-tools","docker-image","dockerfile","kaniko","kubernetes","oci-compliant","privilege-free","reproducible-builds","rootless"],"created_at":"2026-03-09T05:31:50.641Z","updated_at":"2026-03-09T05:31:51.748Z","avatar_url":"https://github.com/rapidfort.png","language":"Go","readme":"# Kimia - Kubernetes-Native OCI Image Builder\n### Daemonless. Rootless. Privilege-free. Fully OCI-compliant.\n\u003cdiv align=\"center\"\u003e\n\u003cp\u003e\n \u003ca href=\"https://opensource.org/licenses/MIT\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-MIT-blue.svg\" alt=\"License: MIT\"\u003e\u003c/a\u003e\n \u003ca href=\"https://kubernetes.io/\"\u003e\u003cimg src=\"https://img.shields.io/badge/Kubernetes-1.21%2B-326CE5?logo=kubernetes\" alt=\"Kubernetes\"\u003e\u003c/a\u003e\n \u003ca href=\"https://golang.org/\"\u003e\u003cimg src=\"https://img.shields.io/badge/Go-1.25%2B-00ADD8?logo=go\" alt=\"Go Version\"\u003e\u003c/a\u003e\n \u003ca href=\"https://ghcr.io/rapidfort/kimia\"\u003e\u003cimg src=\"https://img.shields.io/badge/Registry-ghcr.io-blue\" alt=\"Container Registry\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n**[Quick Start](#quick-start)** ā€¢ **[Documentation](#command-line-reference)** ā€¢ **[Examples](#examples)** ā€¢ **[Contributing](#contributing)**\n\n\u003c/div\u003e\n\n---\n\n## What is Kimia?\n\nKimia is a **Kubernetes-native, OCI-compliant container image builder** designed for secure, daemonless builds in cloud environments.\n\nBuilt on proven container technologies, Kimia provides enhanced security through rootless operation and user namespace isolation.\n\n### Key Features\n\nšŸ”’ **Security First**\n- **Rootless by Design** - Runs as non-root user (UID 1000)\n- **User Namespace Isolation** - Complete separation from host system\n- **Minimal Capabilities** - Only SETUID \u0026 SETGID required\n- **No Privileged Mode** - Works without elevated permissions\n- **Image Signing \u0026 Attestations** - Built-in Cosign integration with SBOM \u0026 Provenance\n\nā˜ļø **Cloud Native**\n- **Kubernetes Native** - Designed for K8s from the ground up\n- **GitOps Ready** - Works with ArgoCD, Flux, Tekton, Jenkins\n- **Multi-Platform** - Supports AWS EKS, GCP GKE, Azure AKS, OpenShift\n- **OCI Compliant** - Standards-based image building\n\nšŸš€ **Developer Friendly**\n- **Kaniko Argument Compatible** - Familiar command-line interface\n- **Git Integration** - Build directly from repositories\n- **Layer Caching** - Fast, efficient rebuilds\n- **Standard Dockerfiles** - No special syntax required\n\n### Table Comparison Between Kimia and Kaniko\n\nBelow is a table comparing Kimia and Kaniko for Kubernetes-native container image building. For a deeper comparison, review the dedicated [comparison](docs/comparison.md) page.\n\n| Feature | Kimia | Kaniko | Advantage |\n|---------|--------|--------|-----------|\n| **User Context** | Non-root (UID 1000) | Root (UID 0) | āœ… Kimia: Reduced privilege escalation risk |\n| **Capabilities Required** | SETUID, SETGID only | None | āš–ļø Kimia: Explicit minimal caps for user namespaces |\n| **Docker Daemon** | Not required | Not required | āœ… Equal: No daemon dependencies |\n| **Privileged Mode** | Not required | Not required | āœ… Equal: No privileged containers |\n| **User Namespaces** | Required \u0026 utilized | Not used | āœ… Kimia: Additional isolation layer |\n| **Complex Dockerfiles** | Full support | Limited (chown issues) | āœ… Kimia: Better compatibility with ownership changes |\n| **Storage Driver** | VFS/Overlay (configurable) | Various | āœ… Kimia: Configurable, consistent |\n| **Build Cache** | Layer + registry/inline/local/S3 caching | Layer caching only | āœ… Kimia: Advanced distributed caching |\n| **Registry Authentication** | Multiple methods | Multiple methods | āœ… Equal: Flexible auth options |\n| **Multi-stage Builds** | Full support | Full support | āœ… Equal: Modern Dockerfile features |\n| **Git Integration** | Built-in (via args) | Built-in (via executor) | āœ… Equal: Both support Git directly |\n| **Attack Surface** | Minimal (rootless) | Larger (root) | āœ… Kimia: Significantly reduced |\n| **Pod Security Standards** | Restricted-compliant* | Baseline only | āœ… Kimia: Higher security standard |\n| **Build Performance** | Fast (native) | Fast (native) | āœ… Equal: Both performant |\n| **Cross-platform Builds** | āœ… Supported | āœ… Supported | āœ… Equal: Multi-arch capable |\n| **Secrets Handling** | Buildah secrets | Kaniko secrets | āœ… Equal: Secure secret management |\n| **Resource Efficiency** | Lightweight | Lightweight | āœ… Equal: Minimal overhead |\n| **Reproducible Builds** | āœ… Built-in | Manual setup | āœ… Kimia: Native support |\n\n*With `allowPrivilegeEscalation: true` for user namespace operations\n\n---\n\n## Documentation\n\n### Core Documentation\n- [Build Isolation \u0026 Security Guide](docs/security.md) - Comprehensive security practices\n- [CLI Reference](docs/cli-reference.md) - Complete command-line documentation\n- [Attestation \u0026 Signing](docs/attestation-signing.md) - SBOM, Provenance, and Cosign integration\n- [Installation](docs/installation.md) - Platform-specific setup\n- [Examples](docs/examples.md) - Common use cases and patterns\n\n### Advanced Topics\n- [Reproducible Builds](docs/reproducible-builds.md) - Supply chain security\n- [Performance Optimization](docs/performance.md) - Caching and tuning\n- [Troubleshooting](docs/troubleshooting.md) - Common issues and solutions\n- [Comparison with Kaniko](docs/comparison.md) - Feature comparison\n\n### Integration Guides\n- [GitOps Integration](docs/gitops.md) - ArgoCD, Flux, Tekton, Jenkins\n- [FAQ](docs/faq.md) - Frequently asked questions\n\n---\n\n## Architecture\n\nKimia uses Linux user namespaces to provide true rootless operation:\n\n```\nHost System (Real) User Namespace (Mapped)\nā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€\nUID 1000 (kimia) ā”€ā”€ā”€ā–ŗ UID 0 (appears as root)\nUID 100000 ā”€ā”€ā”€ā–ŗ UID 1\nUID 100001 ā”€ā”€ā”€ā–ŗ UID 2\n ... ...\nUID 165535 ā”€ā”€ā”€ā–ŗ UID 65535\n```\n![Kimia Architecture](./docs/assets/kimia-architecture.svg)\n\n**Even if a container escapes, it only has unprivileged user access on the host.**\n\n### Two Variants\n\nKimia is available in two variants, both providing the same security guarantees:\n\n| Variant | Base Technology | Image Name | Best For |\n|---------|----------------|------------|----------|\n| **Kimia** | BuildKit | `ghcr.io/rapidfort/kimia` | Maximum compatibility, Moby ecosystems |\n| **Kimia-Bud** | Buildah | `ghcr.io/rapidfort/kimia-bud` | Light, Buildah ecosystem |\n\nBoth variants:\n- Support the same Kimia command-line arguments\n- Provide identical security properties\n- Are fully OCI-compliant\n- Support multi-architecture builds\n- Reproducible builds\n\n---\n\n## Quick Start\n\n### Prerequisites\n\n- Kubernetes 1.21+\n- User namespaces enabled on nodes\n- Container registry credentials\n\n**Enable user namespaces on your nodes:**\n\n```bash\n# Check if enabled\ncat /proc/sys/user/max_user_namespaces\n\n# Enable if needed (value should be \u003e 0)\nsudo sysctl -w user.max_user_namespaces=15000\n\n# Make persistent\necho \"user.max_user_namespaces=15000\" | sudo tee -a /etc/sysctl.conf\n```\n\n### Basic Build Example\n\nCreate a Kubernetes Job to build and push an image:\n\n```yaml\napiVersion: batch/v1\nkind: Job\nmetadata:\n name: kimia-build\nspec:\n ttlSecondsAfterFinished: 3600\n template:\n spec:\n restartPolicy: Never\n securityContext:\n runAsNonRoot: true\n runAsUser: 1000\n fsGroup: 1000\n containers:\n - name: kimia\n image: ghcr.io/rapidfort/kimia\n args:\n - --context=https://github.com/nginx/docker-nginx.git\n - --dockerfile=mainline/alpine/Dockerfile\n - --destination=myregistry.io/nginx:latest\n - --no-push\n securityContext:\n allowPrivilegeEscalation: true\n capabilities:\n drop: [ALL]\n add: [SETUID, SETGID]\n appArmorProfile:\n type: Unconfined\n seccompProfile:\n type: Unconfined\n```\n\n### Create Registry Credentials\n\n```bash\n# From existing Docker config\nkubectl create secret generic registry-credentials \\\n --from-file=.dockerconfigjson=$HOME/.docker/config.json \\\n --type=kubernetes.io/dockerconfigjson\n\n# Or create manually\nkubectl create secret docker-registry registry-credentials \\\n --docker-server=myregistry.io \\\n --docker-username=myuser \\\n --docker-password=mypassword\n```\n\n### Deploy and Monitor\n\n```bash\n# Deploy the build job\nkubectl apply -f kimia-build.yaml\n\n# Watch job status\nkubectl get jobs -w\n\n# View build logs\nkubectl logs job/kimia-build -f\n```\n\n---\n\n## Command Line Arguments\n\nKimia supports a comprehensive set of command-line arguments. Key options include:\n\n### Core Arguments\n\n| Argument | Description | Example |\n|----------|-------------|---------|\n| `-c, --context` | Build context (directory or Git URL) | `--context=.` |\n| `-f, --dockerfile` | Path to Dockerfile | `--dockerfile=Dockerfile` |\n| `-d, --destination` | Target image (repeatable) | `--destination=myapp:latest` |\n| `-t, --target` | Multi-stage build target | `--target=builder` |\n| `--context-sub-path` | Subdirectory within context | `--context-sub-path=app` |\n\n### Build Options\n\n| Argument | Description | Default |\n|----------|-------------|---------|\n| `--build-arg` | Build-time variables (repeatable) | - |\n| `--cache` | Enable layer caching | `false` |\n| `--cache-dir` | Custom cache directory | - |\n| `--export-cache` | Export build cache (BuildKit, repeatable) | `type=registry,ref=...` |\n| `--import-cache` | Import build cache (BuildKit, repeatable) | `type=registry,ref=...` |\n| `--storage-driver` | Storage backend (native\\|overlay) | `native` |\n| `--label` | Image labels (repeatable) | - |\n\n### Output Options\n\n| Argument | Description |\n|----------|-------------|\n| `--no-push` | Build without pushing to registry |\n| `--tar-path` | Export image to TAR file |\n| `--digest-file` | Write image digest to file |\n| `--image-name-with-digest-file` | Write full image reference |\n\n### Attestation \u0026 Signing\n\n| Argument | Description | Example |\n|----------|-------------|---------|\n| `--attestation` | Simple mode (off\\|min\\|max) | `--attestation=min` |\n| `--attest` | Docker-style attestations | `--attest type=sbom` |\n| `--sign` | Sign image with Cosign | `--sign` |\n| `--cosign-key` | Cosign private key path | `--cosign-key=/keys/key` |\n\n### Git Options\n\n| Argument | Description |\n|----------|-------------|\n| `--git-branch` | Git branch to checkout |\n| `--git-revision` | Git commit SHA |\n| `--git-token-file` | Git token for private repos |\n| `--git-token-user` | Git token username |\n\n### Registry Options\n\n| Argument | Description |\n|----------|-------------|\n| `--insecure` | Allow insecure connections |\n| `--insecure-pull` | Allow insecure base image pulls |\n| `--insecure-registry` | Skip TLS for specific registry |\n| `--push-retry` | Number of push retry attempts |\n| `--image-download-retry` | Number of image download retries |\n| `--registry-certificate` | Custom registry certificate |\n\n### Reproducible Builds\n\n| Argument | Description | Example |\n|----------|-------------|---------|\n| `--reproducible` | Enable reproducible builds | `--reproducible` |\n| `--timestamp` | Set build timestamp (Unix epoch) | `--timestamp=1609459200` |\n\n\u003e **Note:** `--timestamp` automatically enables `--reproducible`. Supports `SOURCE_DATE_EPOCH` env var.\n\n### Logging \u0026 Debug\n\n| Argument | Description | Default |\n|----------|-------------|---------|\n| `-v, --verbosity` | Log level (debug\\|info\\|warn\\|error) | `info` |\n| `--log-timestamp` | Add timestamps to logs | `false` |\n\n### Advanced Options\n\n| Argument | Description |\n|----------|-------------|\n| `--buildkit-opt` | Pass options directly to BuildKit |\n\n**Full reference:** See [CLI Reference](docs/cli-reference.md) for complete documentation.\n\n## Kaniko users: Kimia supports most Kaniko arguments - see [Comparison Guide](docs/comparison.md) for details.\n\n\n## Storage Drivers\n\nKimia supports two storage drivers:\n\n| Driver | Description | Best For | Requirements |\n|--------|-------------|----------|--------------|\n| **native** (default) | VFS-based storage | Maximum compatibility, TAR exports | None |\n| **overlay** | OverlayFS-based | Performance, production builds | Kernel support |\n\n```bash\n# Use overlay driver for better performance\nkimia --context=. --destination=myapp:latest --storage-driver=overlay\n\n# Use native for TAR exports\nkimia --context=. --tar-path=/output/image.tar --storage-driver=native --no-push\n```\n\n---\n\n## Security\n\nKimia provides defense-in-depth security through multiple layers:\n\n### Security Features\n\nāœ… **Rootless Operation**\n- Runs as non-root user (UID 1000)\n- No root privileges required on host\n\nāœ… **User Namespace Isolation**\n- Container UID 0 ā†’ Host UID 1000 (unprivileged)\n- Additional security boundary\n\nāœ… **Minimal Capabilities**\n- Only SETUID \u0026 SETGID capabilities required\n- All other capabilities dropped\n\nāœ… **No Privileged Mode**\n- Works without `privileged: true`\n- Compliant with Pod Security Standards (Restricted*)\n\nāœ… **Daemonless**\n- No Docker/Podman daemon required\n- Reduced attack surface\n\n*Requires `allowPrivilegeEscalation: true` for user namespace operations\n\n### Security Best Practices\n\n```yaml\nsecurityContext:\n # Pod-level security\n runAsNonRoot: true\n runAsUser: 1000\n fsGroup: 1000\n seccompProfile:\n type: RuntimeDefault\n\ncontainers:\n- name: kimia\n securityContext:\n # Container-level security\n runAsUser: 1000\n allowPrivilegeEscalation: true # Required for user namespaces\n capabilities:\n drop: [ALL]\n add: [SETUID, SETGID] # Minimal capabilities\n seccompProfile:\n type: RuntimeDefault\n```\n\n**Detailed security documentation:** [Security Guide](docs/security.md)\n\n---\n\n## Reproducible Builds\n\nKimia supports reproducible builds for supply chain security and compliance.\n\n### Shared Responsibility Model\n\nReproducible builds require collaboration between your build configuration and Kimia:\n\n**Your Responsibility:**\n- šŸ“Œ Pin base image digests (e.g., `FROM alpine@sha256:...`)\n- šŸ“Œ Pin package versions in Dockerfile\n- šŸ“Œ Use fixed versions for external dependencies\n\n**Kimia's Responsibility:**\n- šŸ”§ Normalize file timestamps\n- šŸ”§ Sort build arguments and labels\n- šŸ”§ Use deterministic metadata\n- šŸ”§ Disable caching (optional but recommended)\n\n### Usage\n\n```bash\n# Reproducible build with epoch 0 (default)\nkimia --context=. --destination=myapp:v1 --reproducible\n\n# Reproducible build with custom timestamp\nkimia --context=. --destination=myapp:v1 --timestamp=1609459200\n\n# Use git commit timestamp for versioning\nexport SOURCE_DATE_EPOCH=$(git log -1 --format=%ct)\nkimia --context=. --destination=myapp:v1 --reproducible\n```\n\n**Complete guide:** [Reproducible Builds Documentation](docs/reproducible-builds.md)\n\n---\n\n## Build Cache\n\nKimia supports advanced BuildKit caching strategies to significantly speed up builds by reusing previously built layers.\n\n### Cache Backends\n\n| Backend | Description | Best For |\n|---------|-------------|----------|\n| **registry** | Store cache in an OCI registry | CI/CD pipelines, distributed teams |\n| **inline** | Embed cache metadata in the built image | Simple setups, no extra storage |\n| **local** | Cache to a local/mounted directory | CI runners with shared volumes |\n| **s3** | Cache to an S3-compatible bucket | Cloud-native workflows |\n| **gha** | GitHub Actions cache | GitHub CI |\n\n### Usage\n\n```bash\n# Registry cache (recommended for CI/CD)\nkimia --context=. --destination=registry.io/myapp:v1 \\\n --cache \\\n --import-cache type=registry,ref=registry.io/cache/myapp:latest \\\n --export-cache type=registry,ref=registry.io/cache/myapp:latest,mode=max\n\n# Inline cache (simplest ā€” no extra storage needed)\nkimia --context=. --destination=registry.io/myapp:v1 \\\n --cache \\\n --export-cache type=inline\n\n# Local cache (for CI runners with persistent volumes)\nkimia --context=. --destination=registry.io/myapp:v1 \\\n --cache \\\n --import-cache type=local,src=/mnt/cache \\\n --export-cache type=local,dest=/mnt/cache,mode=max\n```\n\n### Kubernetes Example\n\n```yaml\napiVersion: batch/v1\nkind: Job\nmetadata:\n name: kimia-build-cached\nspec:\n template:\n spec:\n restartPolicy: Never\n containers:\n - name: kimia\n image: ghcr.io/rapidfort/kimia:latest\n args:\n - --context=https://github.com/myorg/myapp.git\n - --destination=registry.io/myapp:v1\n - --cache\n - --import-cache\n - type=registry,ref=registry.io/cache/myapp:latest\n - --export-cache\n - type=registry,ref=registry.io/cache/myapp:latest,mode=max\n securityContext:\n allowPrivilegeEscalation: true\n capabilities:\n drop: [ALL]\n add: [SETUID, SETGID]\n```\n\n\u003e **Note:** `--export-cache` and `--import-cache` are repeatable and BuildKit-only. Cache flags are automatically ignored when `--reproducible` is set.\n\n---\n\n## Attestation \u0026 Signing\n\nKimia provides built-in support for generating attestations and signing container images with Cosign, enabling supply chain security and compliance.\n\n### Features\n\nāœ… **SBOM (Software Bill of Materials)**\n- Complete inventory of packages and dependencies\n- SPDX 2.3 format\n- Vulnerability scanning support\n\nāœ… **Provenance (Build Information)**\n- SLSA compliance\n- Verifiable build metadata\n- Complete audit trail\n\nāœ… **Image Signing**\n- Sigstore Cosign integration\n- Cryptographic verification\n- Manifest list signing\n\n### Quick Example\n\n```yaml\napiVersion: batch/v1\nkind: Job\nmetadata:\n name: kimia-build-signed\nspec:\n template:\n spec:\n restartPolicy: Never\n containers:\n - name: kimia\n image: ghcr.io/rapidfort/kimia:latest\n args:\n - --context=https://github.com/myorg/myapp.git\n - --destination=registry.io/myapp:v1\n - --attestation=max # Generate SBOM + Provenance\n - --sign # Sign with Cosign\n - --cosign-key=/secrets/cosign.key\n - --cosign-password-env=COSIGN_PASSWORD\n env:\n - name: COSIGN_PASSWORD\n valueFrom:\n secretKeyRef:\n name: cosign-keys\n key: password\n volumeMounts:\n - name: cosign-key\n mountPath: /secrets\n readOnly: true\n volumes:\n - name: cosign-key\n secret:\n secretName: cosign-keys\n```\n\n### Verification\n\n```bash\n# Verify image signature\ncosign verify --key cosign.pub registry.io/myapp:v1\n\n# Inspect attestations\ncrane manifest registry.io/myapp:v1 | jq .\n```\n\n**Complete guide:** [Attestation \u0026 Signing Documentation](docs/attestation-signing.md)\n\n\n## Installation\n\n### Platform-Specific Setup\n\n- **[AWS EKS](docs/installation.md#aws-eks)** - Works out of the box on standard EKS\n- **[Google GKE](docs/installation.md#google-gke)** - User namespaces enabled by default\n- **[Azure AKS](docs/installation.md#azure-aks)** - Enable via nodepool configuration\n- **[Red Hat OpenShift](docs/installation.md#red-hat-openshift)** - Available on OpenShift 4.7+\n\n**Full installation guide:** [Installation Documentation](docs/installation.md)\n\n---\n\n## Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.\n\n```bash\n# Clone and build\ngit clone https://github.com/rapidfort/kimia.git\ncd kimia\nmake build\n\n# Run tests\nmake test\n```\n\n---\n\n## License\n\nKimia is licensed under the [MIT License](LICENSE).\n\n---\n\n## Support\n\n- šŸ“ [GitHub Issues](https://github.com/rapidfort/kimia/issues) - Bug reports and feature requests\n- šŸ’¬ [Discussions](https://github.com/rapidfort/kimia/discussions) - Questions and community support\n- šŸ“§ Email: support@rapidfort.com\n\n---\n\n## Acknowledgments\n\n- Built on [Buildah](https://github.com/containers/buildah) - A tool that facilitates building OCI images.\n- Built on [Buildkit](https://github.com/moby/buildkit) - concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit\n- Inspired by [Kaniko](https://github.com/GoogleContainerTools/kaniko) - Pioneering daemonless builds\n- Container tools from the [Containers](https://github.com/containers) organization\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frapidfort%2Fkimia","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frapidfort%2Fkimia","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frapidfort%2Fkimia/lists"}