Install OPA Gatekeeper using its official Helm chart or manifests, then install Ratify using its Helm chart: helm install ratify ratify/ratify --namespace gatekeeper-system with values specifying the notation verifier configuration
Configure Ratify with a Store resource pointing to the target OCI registry (ORAS store) and a Verifier resource of type notation specifying the trust policy and trusted certificates or TSA endpoint
Create an OPA Gatekeeper ConstraintTemplate and a corresponding Constraint that calls Ratify's external data endpoint to check signatures before admitting pod requests
Store the trusted signing certificate or Notary trust policy as a Kubernetes Secret referenced by the Ratify Verifier resource; Ratify retrieves certificates from the secret to validate notation signatures stored as OCI referrers
Test the setup by deploying a pod with a notation-signed image (should succeed) and a pod with an unsigned image (should be rejected with a Ratify verification failure message in the admission response)
Known gotchas
Ratify uses OPA Gatekeeper's external data provider interface; Gatekeeper 3.13 or later is required for the external data feature to be available — older Gatekeeper versions do not support this integration pattern
Ratify's ORAS store must have registry credentials configured to pull artifact manifests from private registries; unauthenticated access to pull signatures from a private registry will cause silent verification failures treated as rejections
Notation trust policies used by Ratify are distinct from the local notation CLI trust policy; they are embedded in the Ratify Verifier Kubernetes resource and must be kept synchronized with the policies used by signing pipelines
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp