Merge pull request #208314 from rzhang628/aks-doc-rong

Aks doc rong

Author: prmerger-automator[bot]

articles/aks/certificate-rotation.md

@@ -11,7 +11,7 @@ ms.date: 5/10/2022
 Azure Kubernetes Service (AKS) uses certificates for authentication with many of its components. If you have a RBAC-enabled cluster built after March 2022 it is enabled with certificate auto-rotation. Periodically, you may need to rotate those certificates for security or policy reasons. For example, you may have a policy to rotate all your certificates every 90 days.
 
 > [!NOTE]
-> Certificate auto-rotation will not be enabled by default for non-RBAC enabled AKS clusters.
+> Certificate auto-rotation will *only* be enabled by default for RBAC enabled AKS clusters. 
 
 This article shows you how certificate rotation works in your AKS cluster.
 
@@ -55,10 +55,11 @@ az vmss run-command invoke -g MC_rg_myAKSCluster_region -n vmss-name --instance-
 
 ## Certificate Auto Rotation
 
-For AKS to automatically rotate non-CA certificates, the cluster must have [TLS Bootstrapping](https://kubernetes.io/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/) which has been enabled by default in all Azure regions.
+For AKS to automatically rotate non-CA certificates, the cluster must have [TLS Bootstrapping](https://kubernetes.io/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/) which has been enabled by default in all Azure regions. 
 
 > [!Note]
 > If you have an existing cluster you have to upgrade that cluster to enable Certificate Auto-Rotation.
+> Do not disable bootstrap to keep your auto-rotation enabled. 
 
 For any AKS clusters created or upgraded after March 2022 Azure Kubernetes Service will automatically rotate non-CA certificates on both the control plane and agent nodes within 80% of the client certificate valid time, before they expire with no downtime for the cluster.
 
@@ -82,7 +83,7 @@ az aks upgrade -g $RESOURCE_GROUP_NAME -n $CLUSTER_NAME
 
 ### Limitation
 
-Auto certificate rotation won't be enabled on a non-RBAC cluster.
+Certificate auto-rotation will only be enabled by default for RBAC enabled AKS clusters.
 
 ## Manually rotate your cluster certificates
 

articles/aks/scale-cluster.md

@@ -8,7 +8,7 @@ ms.date: 06/29/2022
 
 # Scale the node count in an Azure Kubernetes Service (AKS) cluster
 
-If the resource needs of your applications change, you can manually scale an AKS cluster to run a different number of nodes. When you scale down, nodes are carefully [cordoned and drained][kubernetes-drain] to minimize disruption to running applications. When you scale up, AKS waits until nodes are marked **Ready** by the Kubernetes cluster before pods are scheduled on them.
+If the resource needs of your applications change, your cluster performance may be impacted due to low capacity on CPU, memory, PID space, or disk sizes. To address these changes, you can manually scale your AKS cluster to run a different number of nodes. When you scale down, nodes are carefully [cordoned and drained][kubernetes-drain] to minimize disruption to running applications. When you scale up, AKS waits until nodes are marked **Ready** by the Kubernetes cluster before pods are scheduled on them.
 
 ## Scale the cluster nodes
 
@@ -165,4 +165,4 @@ In this article, you manually scaled an AKS cluster to increase or decrease the
 [set-azakscluster]: /powershell/module/az.aks/set-azakscluster
 [cluster-autoscaler]: cluster-autoscaler.md
 [az-aks-nodepool-scale]: /cli/azure/aks/nodepool#az_aks_nodepool_scale
-[update-azaksnodepool]: /powershell/module/az.aks/update-azaksnodepool
+[update-azaksnodepool]: /powershell/module/az.aks/update-azaksnodepool