Update cluster-container-registry-integration.md

Author: CocoWang-wql

articles/aks/cluster-container-registry-integration.md

@@ -16,7 +16,7 @@ When you're using Azure Container Registry (ACR) with Azure Kubernetes Service (
 You can set up the AKS to ACR integration in a few simple commands with the Azure CLI or Azure PowerShell. This integration assigns the AcrPull role to the managed identity associated to the AKS Cluster.
 
 > [!IMPORTANT]
-> There is a known latency issue for attaching acr with AAD group: if AcrPull role is granted to an AAD group and kubelet identity is added to the group to achieve RBAC, there might be an 1 hour latency for the RBAC group to take effect(from kubelet generating a token to the identity being added to the AAD group). It's recommended to use the workaround: [BYO kubelet identity][byo kubelet identity]. You can pre-create a user assigned identity, adding it to AAD group, and then use the identity as kubelet identity to create AKS cluster. In this way it can be ensured the identity is firstly added to AAD group and then a token is generated by kubelet, so that there is no latency.
+> There is a latency issue with Azure Active Directory groups when attaching ACR. If the AcrPull role is granted to an Azure AD group and the kubelet identity is added to the group to complete the RBAC configuration, there might be up to a one-hour delay before the RBAC group update takes effect. We recommended you use the [Bring your own kubelet identity][byo-kubelet-identity] in the meantime. You can pre-create a user-assigned identity, add it to the Azure AD group, and then use the identity as the kubelet identity to create an AKS cluster. This ensures the identity is first added to the Azure AD group and then a token is generated by kubelet, which works around the latency issue.
 
 > [!NOTE]
 > This article covers automatic authentication between AKS and ACR. If you need to pull an image from a private external registry, use an [image pull secret][Image Pull Secret].
@@ -226,5 +226,5 @@ nginx0-deployment-669dfc4d4b-xdpd6   1/1     Running   0          20s
 <!-- LINKS - external -->
 [AKS AKS CLI]: /cli/azure/aks#az_aks_create
 [Image Pull secret]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-[byo kubelet identity]: use-managed-identity.md#use-a-pre-created-kubelet-managed-identity
+[byo-kubelet-identity]: use-managed-identity.md#use-a-pre-created-kubelet-managed-identity
 [summary-msi]: use-managed-identity.md#summary-of-managed-identities