diff --git a/docs/setup/01-CA_and_prerequisite.md b/docs/setup/01-CA_and_prerequisite.md
index 47fc675..675216c 100644
--- a/docs/setup/01-CA_and_prerequisite.md
+++ b/docs/setup/01-CA_and_prerequisite.md
@@ -2,7 +2,7 @@
 
 本步骤主要完成: 
 
-- (optional) role:os-harden，可选系统加固，符合linux安全基线，详见[upstream](https://github.com/dev-sec/ansible-collection-hardening/tree/master/roles/os_hardening)
+- (deprecated) role:os-harden，（未更新上游项目，未验证最新k8s集群安装，不建议启用）可选系统加固，符合linux安全基线，详见[upstream](https://github.com/dev-sec/ansible-collection-hardening/tree/master/roles/os_hardening)
 - (optional) role:chrony，[可选集群节点时间同步](../guide/chrony.md)
 - role:deploy，创建CA证书、集群组件访问apiserver所需的各种kubeconfig
 - role:prepare，系统基础环境配置、分发CA证书、kubectl客户端安装
diff --git a/example/config.yml b/example/config.yml
index 2ccb979..310f158 100644
--- a/example/config.yml
+++ b/example/config.yml
@@ -5,6 +5,7 @@
 INSTALL_SOURCE: "online"
 
 # 可选进行系统安全加固 github.com/dev-sec/ansible-collection-hardening
+# (deprecated) 未更新上游项目，未验证最新k8s集群安装，不建议启用
 OS_HARDEN: false
 
 
diff --git a/roles/os-harden/README.md b/roles/os-harden/README.md
index 0698ca1..83c71bd 100644
--- a/roles/os-harden/README.md
+++ b/roles/os-harden/README.md
@@ -1,5 +1,7 @@
 # devsec.os_hardening
 
+**deprecated** this role is outdated, not testified with the latest k8s cluster setup
+
 ![devsec.os_hardening](https://github.com/dev-sec/ansible-os-hardening/workflows/devsec.os_hardening/badge.svg)
 
 ## Looking for the old ansible-os-hardening role?