azure-docs
azure-docs copied to clipboard
MicrosoftDocs
Ambiguity around which certificate is the customer's responsibility
This phrase is confusing:
Certificates mentioned above are maintained by Microsoft, except the cluster certificate, which you have to maintain.
Is the "cluster certificate" in the list above? If so which one is it? If it isn't part of that list...perhaps it could be stated more clearly.
In addition, in the rest of the article it shows how to enable automatic rotation and perform manual rotation. But it isn't clear if one or both are how a customer maintains that certificate. I think that is correct, but it is not clear.
I think this is what the article is trying to say, but in summary this format would be easier to follow:
- Microsoft manages the following CAs and Certificates
- The customer is responsible for this certificate 2.a You can enable automatic certificate rotation 2.b You can manually rotate the certificate
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
- ID: 9b78509d-73eb-6c32-aee1-9b34685a64ff
- Version Independent ID: 6f87cf70-1f5a-0f9e-862d-ae1436595f3b
- Content: Certificate Rotation in Azure Kubernetes Service (AKS) - Azure Kubernetes Service
- Content Source: articles/aks/certificate-rotation.md
- Service: azure-kubernetes-service
- GitHub Login: @MGoedtel
- Microsoft Alias: magoedte
@marlobello Thank you for bringing this to our attention. I've delegated this to content author @MGoedtel, who will review it and offer their insightful opinions.
@marlobello - I've reviewed the article and your right, it isn't clear what is the "cluster certificate". The wrong term is being used here, as it's really meant to state "cluster CA". With how it is worded here in that list, it is like it is an array of certificates, but it is the singular certificate that runs the cluster itself.
I'm going to bug this article because this isn't well described in general, and I see other details that can be improved.
Let me know if this properly addresses your concern / question.
Thanks for providing feedback that helps improve our documentation. This issue has been resolved and we are closing the issue. #please-close