openshift · mburke5678 · Oct 22, 2025 · Oct 16, 2025
diff --git a/modules/images-configuration-registry-mirror.adoc b/modules/images-configuration-registry-mirror.adoc
@@ -50,6 +50,18 @@ Each of these custom resource objects identify the following information:
 requested from the source repository.
 --
 
+Note the following actions and how they affect node drain behavior:
+
+* If you create an IDMS or ICSP CR object, the MCO does not drain or reboot the node. 
+* If you create an ITMS CR object, the MCO drains and reboots the node. 
+* If you delete an ITMS, IDMS, or ICSP CR object, the MCO drains and reboots the node.  
+* If you modify an ITMS, IDMS, or ICSP CR object, the MCO drains and reboots the node.
++
+[IMPORTANT]
+====
+include::snippets/node-icsp-no-drain.adoc[]
+====
+
 For new clusters, you can use IDMS, ITMS, and ICSP CRs objects as desired. However, using IDMS and ITMS is recommended.
 
 If you upgraded a cluster, any existing ICSP objects remain stable, and both IDMS and ICSP objects are supported. Workloads using ICSP objects continue to function as expected. However, if you want to take advantage of the fallback policies introduced in the IDMS CRs, you can migrate current workloads to IDMS objects by using the `oc adm migrate icsp` command as shown in the *Converting ImageContentSourcePolicy (ICSP) files for image registry repository mirroring* section that follows. Migrating to IDMS objects does not require a cluster reboot. 

diff --git a/snippets/node-icsp-no-drain.adoc b/snippets/node-icsp-no-drain.adoc
@@ -2,18 +2,18 @@
 //
 // * modules/understanding-machine-config-operator.adoc
 // * modules/troubleshooting-disabling-autoreboot-mco.adoc
+// * modules/images-configuration-registry-mirror.adoc
 
 :_mod-docs-content-type: SNIPPET
 
-The following modifications do not trigger a node reboot:
-
 * When the MCO detects any of the following changes, it applies the update without draining or rebooting the node:
 
 ** Changes to the SSH key in the `spec.config.passwd.users.sshAuthorizedKeys` parameter of a machine config.
 ** Changes to the global pull secret or pull secret in the `openshift-config` namespace.
 ** Automatic rotation of the `/etc/kubernetes/kubelet-ca.crt` certificate authority (CA) by the Kubernetes API Server Operator.
 
-* When the MCO detects changes to the `/etc/containers/registries.conf` file, such as adding or editing an `ImageDigestMirrorSet`, `ImageTagMirrorSet`, or `ImageContentSourcePolicy` object, it drains the corresponding nodes, applies the changes, and uncordons the nodes. The node drain does not happen for the following changes:
+* When the MCO detects changes to the `/etc/containers/registries.conf` file, such as editing an `ImageDigestMirrorSet`, `ImageTagMirrorSet`, or `ImageContentSourcePolicy` object, it drains the corresponding nodes, applies the changes, and uncordons the nodes. The node drain does not happen for the following changes:
+
 ** The addition of a registry with the `pull-from-mirror = "digest-only"` parameter set for each mirror.
 ** The addition of a mirror with the `pull-from-mirror = "digest-only"` parameter set in a registry.
 ** The addition of items to the `unqualified-search-registries` list.