Skip to content

OSDOCS#17890: Default enablement of signature mirroring #104833

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
snarayan-redhat merged 1 commit into from
Jan 23, 2026
Merged

OSDOCS#17890: Default enablement of signature mirroring #104833

snarayan-redhat merged 1 commit into from
Jan 23, 2026

Conversation

@snarayan-redhat
Copy link
Contributor

@snarayan-redhat snarayan-redhat commented Jan 15, 2026
edited
Loading

@openshift-ci openshift-ci bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jan 15, 2026
@snarayan-redhat snarayan-redhat force-pushed the OSDOCS-17890_signaturemirroring branch from 4c586fd to 5656fa8 Compare January 15, 2026 11:20
@ocpdocs-previewbot
Copy link

ocpdocs-previewbot commented Jan 15, 2026
edited
Loading

🤖 Wed Jan 21 13:33:38 - Prow CI generated the docs preview:

https://104833--ocpdocs-pr.netlify.app/openshift-enterprise/latest/disconnected/about-installing-oc-mirror-v2.html

aguidirh
aguidirh suggested changes Jan 15, 2026
View reviewed changes
Copy link

@aguidirh aguidirh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @snarayan-redhat,

Some suggestions from my side:

I would move the text below from Disabling signature mirroring for oc-mirror plugin v2 to Mirroring and verifying image signatures in oc-mirror plugin v2

By default, signature mirroring is enabled, the oc-mirror plugin v2 mirrors Sigstore tag-based signatures for the following images:

OpenShift Container Platform release images

Operator images

Additional images

Helm charts

Note:
If you do not provide a configuration file, the oc-mirror plugin v2 enables signature mirroring for all images.

To specify a custom configuration directory, use the --registries.d flag.

For more details, see the [containers-registries.d(5)](https://github.com/containers/image/blob/main/docs/containers-registries.d.5.md) manual.

Then on the Disabling signature mirroring for oc-mirror plugin v2

I would keep You can disable signature mirroring for all images by providing the --remove-signatures flag for the oc mirror command. and the Procedures 1 and 2.

@snarayan-redhat snarayan-redhat force-pushed the OSDOCS-17890_signaturemirroring branch from 5656fa8 to b6d8734 Compare January 16, 2026 10:22
@openshift-ci openshift-ci bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jan 16, 2026
@snarayan-redhat snarayan-redhat marked this pull request as draft January 16, 2026 12:32
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 16, 2026
@snarayan-redhat snarayan-redhat added merge-review-needed Signifies that the merge review team needs to review this PR and removed do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Jan 16, 2026
aguidirh
aguidirh reviewed Jan 16, 2026
View reviewed changes
Copy link

@aguidirh aguidirh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @snarayan-redhat,

Only one comment before giving LGTM to this PR.

@snarayan-redhat snarayan-redhat removed the merge-review-needed Signifies that the merge review team needs to review this PR label Jan 16, 2026
@snarayan-redhat snarayan-redhat force-pushed the OSDOCS-17890_signaturemirroring branch from b6d8734 to e07e3f4 Compare January 19, 2026 12:10
@snarayan-redhat snarayan-redhat marked this pull request as ready for review January 19, 2026 12:11
@aguidirh
Copy link

aguidirh commented Jan 19, 2026

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 19, 2026
@snarayan-redhat snarayan-redhat marked this pull request as draft January 19, 2026 17:17
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 19, 2026
@snarayan-redhat snarayan-redhat added the merge-review-needed Signifies that the merge review team needs to review this PR label Jan 19, 2026
@michaelryanpeter michaelryanpeter added the merge-review-in-progress Signifies that the merge review team is reviewing this PR label Jan 19, 2026
michaelryanpeter
michaelryanpeter reviewed Jan 19, 2026
View reviewed changes
Copy link
Contributor

@michaelryanpeter michaelryanpeter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I am not merging because it still has the DRAT/WIP label applied.

@michaelryanpeter michaelryanpeter added this to the Planned for 4.21 GA milestone Jan 19, 2026
@michaelryanpeter michaelryanpeter added ok-to-merge and removed merge-review-in-progress Signifies that the merge review team is reviewing this PR merge-review-needed Signifies that the merge review team needs to review this PR labels Jan 19, 2026
@snarayan-redhat snarayan-redhat force-pushed the OSDOCS-17890_signaturemirroring branch from e07e3f4 to 89cfd69 Compare January 21, 2026 10:03
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Jan 21, 2026
aguidirh
aguidirh suggested changes Jan 21, 2026
View reviewed changes
@snarayan-redhat snarayan-redhat force-pushed the OSDOCS-17890_signaturemirroring branch from 89cfd69 to a38d088 Compare January 21, 2026 12:13
@snarayan-redhat snarayan-redhat marked this pull request as ready for review January 21, 2026 13:27
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 21, 2026
@openshift-ci
Copy link

openshift-ci bot commented Jan 21, 2026

@snarayan-redhat: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@aguidirh
Copy link

aguidirh commented Jan 22, 2026

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 22, 2026
@MayXuQQ
Copy link

MayXuQQ commented Jan 23, 2026

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Jan 23, 2026
@snarayan-redhat snarayan-redhat merged commit 04fe6e1 into openshift:main Jan 23, 2026
2 checks passed
@snarayan-redhat
Copy link
Contributor Author

snarayan-redhat commented Jan 23, 2026

/cherrypick enterprise-4.21

@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented Jan 23, 2026

@snarayan-redhat: new pull request created: #105272

Details

In response to this:

/cherrypick enterprise-4.21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jan 23, 2026
Merged
dfitzmau pushed a commit to dfitzmau/openshift-docs that referenced this pull request Jan 23, 2026
@snarayan-redhat @dfitzmau
Merge pull request openshift#104833 from snarayan-redhat/OSDOCS-17890…
834851e 
…_signaturemirroring

OSDOCS#17890: Default enablement of signature mirroring
dfitzmau pushed a commit to dfitzmau/openshift-docs that referenced this pull request Jan 23, 2026
@snarayan-redhat @dfitzmau
Merge pull request openshift#104833 from snarayan-redhat/OSDOCS-17890…
501d609 
…_signaturemirroring

OSDOCS#17890: Default enablement of signature mirroring
dfitzmau pushed a commit to dfitzmau/openshift-docs that referenced this pull request Jan 23, 2026
@snarayan-redhat @dfitzmau
Merge pull request openshift#104833 from snarayan-redhat/OSDOCS-17890…
a38261b 
…_signaturemirroring

OSDOCS#17890: Default enablement of signature mirroring
dfitzmau pushed a commit to dfitzmau/openshift-docs that referenced this pull request Jan 23, 2026
@snarayan-redhat @dfitzmau
Merge pull request openshift#104833 from snarayan-redhat/OSDOCS-17890…
7ad62bc 
…_signaturemirroring

OSDOCS#17890: Default enablement of signature mirroring
dfitzmau pushed a commit to dfitzmau/openshift-docs that referenced this pull request Jan 23, 2026
@snarayan-redhat @dfitzmau
Merge pull request openshift#104833 from snarayan-redhat/OSDOCS-17890…
044a9b6 
…_signaturemirroring

OSDOCS#17890: Default enablement of signature mirroring
openshift-cherrypick-robot pushed a commit to openshift-cherrypick-robot/openshift-docs that referenced this pull request Jan 23, 2026
@snarayan-redhat
Merge pull request openshift#104833 from snarayan-redhat/OSDOCS-17890…
045d673 
…_signaturemirroring

OSDOCS#17890: Default enablement of signature mirroring
dfitzmau pushed a commit to dfitzmau/openshift-docs that referenced this pull request Jan 23, 2026
@snarayan-redhat @dfitzmau
Merge pull request openshift#104833 from snarayan-redhat/OSDOCS-17890…
fa9c263 
…_signaturemirroring

OSDOCS#17890: Default enablement of signature mirroring
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michaelryanpeter michaelryanpeter michaelryanpeter left review comments

+1 more reviewer

@aguidirh aguidirh aguidirh requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

@aguidirh aguidirh

Labels

branch/enterprise-4.21 lgtm Indicates that a PR is ready to be merged. ok-to-merge qe-approved Signifies that QE has signed off on this PR size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

Planned for 4.21 GA

Development

Successfully merging this pull request may close these issues.

6 participants

@snarayan-redhat @ocpdocs-previewbot @aguidirh @MayXuQQ @openshift-cherrypick-robot @michaelryanpeter