add a note about production clusters and proper certificates

tkatila · tkatila · commit 333d6369db96 · 2024-08-20T11:46:12.000+03:00
Signed-off-by: Tuomas Katila &lt;tuomas.katila@intel.com&gt;
diff --git a/cmd/fpga_admissionwebhook/README.md b/cmd/fpga_admissionwebhook/README.md
@@ -54,6 +54,8 @@ controller webhook plugin.
 The default webhook deployment depends on having [cert-manager](https://cert-manager.io/)
 installed. See its installation instructions [here](https://cert-manager.io/docs/installation/kubectl/).
 
+> **Note**: The default deployment for the Intel FPGA webhook uses self-signed certificates. For a production cluster, the certificate issuer should be properly set and not use a self-signed method.
+
 Also if your cluster operates behind a corporate proxy make sure that the API
 server is configured not to send requests to cluster services through the
 proxy. You can check that with the following command:
diff --git a/cmd/operator/README.md b/cmd/operator/README.md
@@ -62,6 +62,8 @@ deployments/operator/samples/deviceplugin_v1_dsadeviceplugin.yaml:    intel.feat
 
 ### Cert-Manager
 
+> **Note**: The default deployment for the Intel Device Plugin operator uses self-signed certificates. For a production cluster, the certificate issuer should be properly set and not use a self-signed method.
+
 The default operator deployment depends on [cert-manager](https://cert-manager.io/) running in the cluster.
 See installation instructions [here](https://cert-manager.io/docs/installation/kubectl/).
 
diff --git a/cmd/sgx_admissionwebhook/README.md b/cmd/sgx_admissionwebhook/README.md
@@ -32,6 +32,8 @@ controller webhook plugin.
 The default webhook deployment depends on having [cert-manager](https://cert-manager.io/)
 installed. See its installation instructions [here](https://cert-manager.io/docs/installation/kubectl/).
 
+> **Note**: The default deployment for the Intel SGX webhook uses self-signed certificates. For a production cluster, the certificate issuer should be properly set and not use a self-signed method.
+
 Also if your cluster operates behind a corporate proxy make sure that the API
 server is configured not to send requests to cluster services through the
 proxy. You can check that with the following command:
