From 5b45127770f194a21b6507d1029865756cea3f82 Mon Sep 17 00:00:00 2001
From: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Date: Tue, 3 May 2022 18:30:58 +0100
Subject: [PATCH] Add documentation reminder to set external VIP to FQDN for
 real deployments

Change-Id: I54ed9e0fac2bfcede41a6fabcfc21c8956268e9f
---
 doc/source/user/security/ssl-certificates.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/doc/source/user/security/ssl-certificates.rst b/doc/source/user/security/ssl-certificates.rst
index 58a0928fb7..4ec84e2147 100644
--- a/doc/source/user/security/ssl-certificates.rst
+++ b/doc/source/user/security/ssl-certificates.rst
@@ -29,6 +29,14 @@ manage and install self-signed and user provided certificates.
 
 .. _ansible_role_pki: https://opendev.org/openstack/ansible-role-pki
 
+.. note::
+
+   The openstack-ansible example configurations are designed to be minimal
+   examples and in test or development use-cases will set ``external_lb_vip_address``
+   to the IP address of the haproxy external endpoint. For a production
+   deployment it is advised to set ``external_lb_vip_address`` to be
+   the FQDN which resolves via DNS to the IP of the external endpoint.
+
 Self-signed certificates
 ~~~~~~~~~~~~~~~~~~~~~~~~