Fix container image state and add warning for signatures

Fixing the feature state and adding a warning about the non matching signatures issue. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> Co-authored-by: Tim Bannister <tim@scalefactory.com>
sunnylovestiramisu · Nov 23, 2023 · 8dd1f30 · 8dd1f30
1 parent 1483479
commit 8dd1f30
Showing 1 changed file with 21 additions and 6 deletions.
diff --git a/content/en/releases/download.md b/content/en/releases/download.md
@@ -33,20 +33,35 @@ Find your preferred operating system below.
 All Kubernetes container images are deployed to the
 `registry.k8s.io` container image registry.
 
-{{< feature-state for_k8s_version="v1.24" state="alpha" >}}
-
 For Kubernetes {{< param "version" >}}, the following
-container images are signed using [cosign](https://github.com/sigstore/cosign)
+container images are signed using [sigstore](https://sigstore.dev)
 signatures:
 
-| Container Image                                                           | Supported Architectures                                                                  |
-| ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------- |
+| Container Image                                                           | Supported Architectures           |
+| ------------------------------------------------------------------------- | --------------------------------- |
 | registry.k8s.io/kube-apiserver:v{{< skew currentPatchVersion >}}          | amd64, arm, arm64, ppc64le, s390x |
 | registry.k8s.io/kube-controller-manager:v{{< skew currentPatchVersion >}} | amd64, arm, arm64, ppc64le, s390x |
 | registry.k8s.io/kube-proxy:v{{< skew currentPatchVersion >}}              | amd64, arm, arm64, ppc64le, s390x |
 | registry.k8s.io/kube-scheduler:v{{< skew currentPatchVersion >}}          | amd64, arm, arm64, ppc64le, s390x |
 | registry.k8s.io/conformance:v{{< skew currentPatchVersion >}}             | amd64, arm, arm64, ppc64le, s390x |
 
+### Container image signatures
+
+{{< feature-state for_k8s_version="v1.26" state="beta" >}}
+
+For Kubernetes {{< param "version" >}},
+container images are signed using [sigstore](https://sigstore.dev)
+signatures:
+
+{{< note >}}
+Container image sigstore signatures do currently not match between different geographical locations.
+More information about this problem is available in the corresponding
+[GitHub issue](https://github.com/kubernetes/registry.k8s.io/issues/187).
+{{< /note >}}
+
+### Container image architectures
+
+
 All container images are available for multiple architectures, whereas the
 container runtime should choose the correct one based on the underlying
 platform. It is also possible to pull a dedicated architecture by suffixing the
@@ -71,4 +86,4 @@ To manually verify signed container images of Kubernetes core components, refer
 
 ## Binaries
 
-{{< release-binaries >}}
+{{< release-binaries >}}