add limitation documentation (#325)

hirokuni-kitahara · web-flow · commit d8bedb3bb333 · 2021-03-11T10:55:52.000+09:00
* add limitation docs

* update limitation docs
diff --git a/docs/ACM/README_CLUSTER_UPGRADE.md b/docs/ACM/README_CLUSTER_UPGRADE.md
@@ -0,0 +1,10 @@
+
+# Upgrade OCP Cluster while Integrity Shield is running
+
+OpenShift Container Platform (OCP) has a cluster upgrade function for an existing OCP cluster, and cluster admins can upgrade their clusters even while Integrity Shield is running.
+
+However, during this upgrade, Kubernetes components such as pods, Kubernetes API server and some others will be unavailable for a while.
+
+So this could make Integrity Shield protection unavailable just for a certain amount of time (a few minutes normally). For details of this limitation, please refer to [this](../README_LIMITATION.md).
+
+Therefore, please note that signature protection would be disabled temporally during OCP cluster upgrade.
diff --git a/docs/README_LIMITATION.md b/docs/README_LIMITATION.md
@@ -0,0 +1,15 @@
+# Limitation
+
+## Signature Protection Availability  
+
+
+Integrity Shield provides signature protection to Kubernetes resources and some other artifacts, but there is a limitation in terms of availability.
+
+Integrity Shield monitors Kubernetes resource request like create/update/delete as an admission controller, and an admission controller is connected to Kubernetes API server.
+
+So, when the API server and some other fundamental components are not available, signature protection cannot be performed by Integrity Shield.
+
+For example, when you are trying to upgrade the running cluster, its API server would become unavailable for a while.
+
+During this, signature protection is also unavailable. And after all components get running, it will become available again.
+
