Fix Pesala commit

Author: ggailey777

articles/azure-functions/function-keys-how-to.md

@@ -63,7 +63,7 @@ Keys are stored as part of your function app in Azure and are encrypted at rest.
 | A second storage account | `blob` | Stores keys in Blob storage in a storage account that's different that the one used by the Functions runtime. The specific account and container used is defined by a shared access signature (SAS) URL set in the [`AzureWebJobsSecretStorageSas`](functions-app-settings.md#azurewebjobssecretstoragesas) setting. You must maintain the `AzureWebJobsSecretStorageSas` setting when the SAS URL changes. |
 | [Azure Key Vault](/azure/key-vault/general/overview) | `keyvault` | The key vault set in [`AzureWebJobsSecretStorageKeyVaultUri`](functions-app-settings.md#azurewebjobssecretstoragekeyvaulturi) is used to store keys. | 
 | File system  | `files` | Keys are persisted on the local file system,  which is the default in Functions v1.x. File system storage isn't recommended. |
-| Kubernetes Secrets  |`kubernetes` | The resource set in [AzureWebJobsKubernetesSecretName](functions-app-settings.md#azurewebjobskubernetessecretname) is used to store keys. Supported only when your function app is deployed to Kubernetes. The [Azure Functions Core Tools](functions-run-local.md) generates the values automatically when you use it to deploy your app to a Kubernetes cluster.|
+| Kubernetes Secrets  |`kubernetes` | The resource set in [AzureWebJobsKubernetesSecretName](functions-app-settings.md#azurewebjobskubernetessecretname) is used to store keys. Supported only when your function app is deployed to Kubernetes. The [Azure Functions Core Tools](functions-run-local.md) generates the values automatically when you use it to deploy your app to a Kubernetes cluster. [Immutable secrets](https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable) aren't supported | 
 
 When using Key Vault for key storage, the app settings you need depend on the managed identity type, either system-assigned or user-assigned. 
 

articles/azure-functions/functions-app-settings.md

@@ -207,14 +207,16 @@ Add `EnableProxies` to this list to re-enable proxies on version 4.x of the Func
 
 ## AzureWebJobsKubernetesSecretName 
 
-Indicates the Kubernetes Secrets resource used for storing keys. Supported only when running in Kubernetes. This setting requires you to set `AzureWebJobsSecretStorageType` to `kubernetes`. When `AzureWebJobsKubernetesSecretName` isn't set, the repository is considered read only. In this case, the values must be generated before deployment. The [Azure Functions Core Tools](functions-run-local.md) generates the values automatically when deploying to Kubernetes.
+Indicates the Kubernetes Secrets resource used for storing keys. Supported only when running in Kubernetes. 
 
 |Key|Sample value|
 |---|------------|
 |AzureWebJobsKubernetesSecretName|`<SECRETS_RESOURCE>`|
 
-> [!Important]
-> When configuring AzureWebJobsSecretStorageType to kubernetes, ensure that the Kubernetes secret specified by AzureWebJobsKubernetesSecretName is not marked as immutable. The Azure Functions runtime requires write access to this secret to store and manage function keys. Marking the secret as immutable will prevent the runtime from performing necessary operations, leading to a 500 Internal Server Error during function execution.
+Considerations when use a Kubernetes Secrets resource:
++ You must also set `AzureWebJobsSecretStorageType` to `kubernetes`. When `AzureWebJobsKubernetesSecretName` isn't set, the repository is considered read only. In this case, the values must be generated before deployment. 
++ The [Azure Functions Core Tools](functions-run-local.md) generates the values automatically when deploying to Kubernetes.
++ [Immutable secrets](https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable) aren't supported and using them results in runtime errors.
 
 To learn more, see [Manage key storage](function-keys-how-to.md#manage-key-storage).