diff --git a/README.md b/README.md
index f8374dc..fa3769c 100644
--- a/README.md
+++ b/README.md
@@ -55,19 +55,11 @@ make docker-buildx
 # load the image into kind
 make kind-load-image
 
-# Choose one of the following ways to deploy the external data provider:
-
-# 1. client and server auth enabled (recommended)
-helm install attest-provider charts/external-data-provider \
+# deploy attest provider
+helm install attest-provider charts/attest-provider \
     --set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \
+    --set image="docker/attest-provider:dev" \
     --namespace "${NAMESPACE:-gatekeeper-system}"
-
-# 2. client auth disabled and server auth enabled
-helm install attest-provider charts/external-data-provider \
-    --set clientCAFile="" \
-    --set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \
-    --namespace "${NAMESPACE:-gatekeeper-system}" \
-    --create-namespace
 ```
 
 4. Install constraint template and constraint.
diff --git a/charts/attest-provider/templates/attest-provider-deployment.yaml b/charts/attest-provider/templates/attest-provider-deployment.yaml
index cc6372e..326752e 100644
--- a/charts/attest-provider/templates/attest-provider-deployment.yaml
+++ b/charts/attest-provider/templates/attest-provider-deployment.yaml
@@ -68,6 +68,11 @@ spec:
           mountPath: {{ .Values.certDir }}
           readOnly: true
         {{- end }}
+        readinessProbe:
+          httpGet:
+            path: /ready
+            port: {{ .Values.port }}
+            scheme: HTTPS
       restartPolicy: Always
       nodeSelector:
         kubernetes.io/os: linux
diff --git a/main.go b/main.go
index 2d13c5f..d399f55 100644
--- a/main.go
+++ b/main.go
@@ -103,6 +103,9 @@ func main() {
 
 	mux.Handle("POST /validate", http.TimeoutHandler(validateHandler, handlerTimeout, timeoutError))
 	mux.Handle("POST /mutate", http.TimeoutHandler(mutateHandler, handlerTimeout, timeoutError))
+	mux.Handle("GET /ready", http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
 
 	server := &http.Server{
 		Addr:              fmt.Sprintf(":%d", port),
@@ -125,7 +128,7 @@ func main() {
 		clientCAs.AppendCertsFromPEM(caCert)
 
 		config.ClientCAs = clientCAs
-		config.ClientAuth = tls.RequireAndVerifyClientCert
+		config.ClientAuth = tls.VerifyClientCertIfGiven
 		server.TLSConfig = config
 	}