diff --git a/Dockerfile b/Dockerfile
index 569d3ec44177f234093a8887a5e0c770aff015fa..3ddb1c2e476ece5d51f6c5a686b4b09464b4c842 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
-ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io
-ARG BASE_IMAGE=ubi8
+ARG BASE_REGISTRY=registry1.dsop.io
+ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
 ARG BASE_TAG=8.2
 
 FROM goharbor/notary-signer-photon:v2.0.2 as base
diff --git a/README.md b/README.md
index 6d45ad27d4f18da991ca5757ae8f843979897d43..13c150a2222e12e2c4869603b3896e957ab0f1e1 100644
--- a/README.md
+++ b/README.md
@@ -12,3 +12,7 @@ To learn more about Harbor [go to the complete documentation](https://goharbor.i
 ## Deployment
 
 Refer to the Helm [chart](https://repo1.dsop.io/dsop/charts/-/tree/master/harbor/harbor) for deployment instructions.
+
+## Notes
+
+The image does not contain a default `signer-config.postgres.json`. You must mount the notary configuration to `/etc/notary/signer-config.postgres.json`. If you are using Helm to deploy, the chart handles creating and mounting the config. See [the sample config](./conf/signer-config.postgres.sample.json) for an example configuration.
diff --git a/conf/signer-config.postgres.sample.json b/conf/signer-config.postgres.sample.json
new file mode 100644
index 0000000000000000000000000000000000000000..014de5d371dfdceff01146f1ebeb86edda4ee3f7
--- /dev/null
+++ b/conf/signer-config.postgres.sample.json
@@ -0,0 +1,15 @@
+{
+  "server": {
+    "grpc_addr": ":7899",
+    "tls_cert_file": "/etc/ssl/notary/tls.crt",
+    "tls_key_file": "/etc/ssl/notary/tls.key"
+  },
+  "logging": {
+    "level": "info"
+  },
+  "storage": {
+    "backend": "postgres",
+    "db_url": "postgres://harbor-database:5432/notarysigner?sslmode=require",
+    "default_alias": "defaultalias"
+  }
+}