diff --git a/charts/gluu-all-in-one/templates/NOTES.txt b/charts/gluu-all-in-one/templates/NOTES.txt
new file mode 100644
index 0000000000..8677584f79
--- /dev/null
+++ b/charts/gluu-all-in-one/templates/NOTES.txt
@@ -0,0 +1,15 @@
+{{ if index .Values "admin-ui" "ingress" "adminUiEnabled" -}}
+********************************************************************************
+***              SECURITY WARNING: ADMIN-UI EXPOSED                          ***
+********************************************************************************
+The flag `admin-ui.ingress.adminUiEnabled` is set to TRUE.
+
+This publicly exposes the Admin UI at "/admin"
+
+RECOMMENDATION:
+1. For production, ensure this endpoint is restricted via NetworkPolicies,
+   IP whitelisting, or an OAuth2 proxy. This endpoint is normally not internet facing.
+2. This can be left public in demo or internal development environments only.
+
+********************************************************************************
+{{- end }}
\ No newline at end of file
diff --git a/charts/gluu-all-in-one/values.yaml b/charts/gluu-all-in-one/values.yaml
index a534f235a5..9308c2097f 100644
--- a/charts/gluu-all-in-one/values.yaml
+++ b/charts/gluu-all-in-one/values.yaml
@@ -381,7 +381,7 @@ admin-ui:
   enabled: true
   ingress:
     # -- Enable Admin UI endpoints in either istio or nginx ingress depending on users choice
-    adminUiEnabled: false
+    adminUiEnabled: true
     # -- Admin UI ingress resource labels. key app is taken.
     adminUiLabels: {}
     # -- Admin UI ingress resource additional annotations.
diff --git a/charts/gluu/templates/NOTES.txt b/charts/gluu/templates/NOTES.txt
new file mode 100644
index 0000000000..576878e00e
--- /dev/null
+++ b/charts/gluu/templates/NOTES.txt
@@ -0,0 +1,15 @@
+{{ if index .Values "global" "admin-ui" "ingress" "adminUiEnabled" -}}
+********************************************************************************
+***              SECURITY WARNING: ADMIN-UI EXPOSED                          ***
+********************************************************************************
+The flag `global.admin-ui.ingress.adminUiEnabled` is set to TRUE.
+
+This publicly exposes the Admin UI at "/admin"
+
+RECOMMENDATION:
+1. For production, ensure this endpoint is restricted via NetworkPolicies,
+   IP whitelisting, or an OAuth2 proxy. This endpoint is normally not internet-facing.
+2. This can be left public in demo or internal development environments only.
+
+********************************************************************************
+{{- end }}
\ No newline at end of file