stores
A Store
resource defines how to discover and retrieve reference types for a subject.
Please review doc here for a full list of store capabilities.
To see more sample store configuration, click here. Each resource must specify the name
of the store.
apiVersion: config.ratify.deislabs.io/v1beta1
kind: Store
metadata:
name:
spec:
name: required, name of the store
address: optional. Plugin path, defaults to value of env "RATIFY_CONFIG" or "~/.ratify/plugins"
version: optional. Version of the external plugin, defaults to 1.0.0. On ratify initialization, the specified version will be validated against the supported plugin version.
source: optional. Source location to download the plugin binary, learn more at docs/reference/dynamic-plugins.md
parameters: optional. Parameters specific to this store
Oras
An implementation of the Referrer Store
using the ORAS Library to interact with OCI compliant registries.
Sample Oras yaml spec:
apiVersion: config.ratify.deislabs.io/v1beta1
kind: Store
metadata:
name: store-oras
spec:
name: oras
parameters:
cacheEnabled: true
capacity: 100
keyNumber: 10000
ttl: 10
useHttp: true
authProvider:
name: k8Secrets
secrets:
- secretName: ratify-dockerconfig
Name | Required | Description | Default Value |
---|---|---|---|
cosignEnabled | no | This must be true if cosign verifier is enabled. Read more about cosign verifier here. | false |
authProvider | no | This is only required if pulling from a private repository. For all supported auth mode, please review oras-auth-provider doc | dockerAuth |
cacheEnabled | no | Oras cache, cache for all referrers for a subject. Note: global cache must be enabled first | false |
ttl | no | Time to live for entries in oras cache | 10 seconds |
useHttp | no | This needs to be set to true for local insecure registries | false |