Merge pull request #232207 from miwithro/patch-232

Update workload-identity-overview.md

Author: prmerger-automator[bot]

articles/aks/workload-identity-overview.md

@@ -42,6 +42,10 @@ This article helps you understand this new authentication feature, and reviews t
 - You can only have 20 federated identity credentials per managed identity.
 - It takes a few seconds for the federated identity credential to be propagated after being initially added.
 
+## Language SDK examples
+  - [Azure Identity SDK](https://azure.github.io/azure-workload-identity/docs/topics/language-specific-examples/azure-identity-sdk.html)
+  - [MSAL](https://azure.github.io/azure-workload-identity/docs/topics/language-specific-examples/msal.html)
+
 ## How it works
 
 In this security model, the AKS cluster acts as token issuer, Azure Active Directory uses OpenID Connect to discover public signing keys and verify the authenticity of the service account token before exchanging it for an Azure AD token. Your workload can exchange a service account token projected to its volume for an Azure AD token using the Azure Identity client library or the Microsoft Authentication Library.
@@ -59,6 +63,10 @@ The following diagram summarizes the authentication sequence using OpenID Connec
 
 :::image type="content" source="media/workload-identity-overview/aks-workload-identity-oidc-authentication-model.png" alt-text="Diagram of the AKS workload identity OIDC authentication sequence.":::
 
+### Webhook Certificate Auto Rotation
+
+Similar to other webhook addons, the certificate will be rotated by cluster certificate [auto rotation](https://learn.microsoft.com/azure/aks/certificate-rotation#certificate-auto-rotation) operation.
+
 ## Service account labels and annotations
 
 Azure AD workload identity supports the following mappings related to a service account: