Nodes are rebooted when cert is rotated

mburke5678 · mburke5678 · commit 1e8f26d8e2ef · 2021-04-29T12:33:09.000-04:00
diff --git a/modules/troubleshooting-disabling-autoreboot-mco.adoc b/modules/troubleshooting-disabling-autoreboot-mco.adoc
@@ -5,17 +5,19 @@
 [id="troubleshooting-disabling-autoreboot-mco_{context}"]
 = Disabling the Machine Config Operator from automatically rebooting
 
-When configuration changes are made by the Machine Config Operator (MCO), {op-system-first} must reboot for the changes to take effect. Whether the configuration change is automatic, such as when a `kube-apiserver-to-kubelet-signer` certificate authority (CA) is rotated, or manual, an {op-system} node reboots automatically unless it is paused.
+When configuration changes are made by the Machine Config Operator (MCO), {op-system-first} must reboot for the changes to take effect. Whether the configuration change is automatic or manual, an {op-system} node reboots automatically unless it is paused.
 
 [NOTE]
 ====
 The following modifications do not trigger a node reboot:
 
-* changes to the SSH key in the `spec.config.ignition.passwd.users.sshAuthorizedKeys` parameter of a machine config
-* changes to the global pull secret or pull secret in the `openshift-config` namespace
-* changes to the `/etc/containers/registries.conf` file, such as adding or editing an `ImageContentSourcePolicy` object
+* When the MCO detects any of the following changes, it applies the update without draining or rebooting the node: 
 
-When the MCO detects any of these changes, it drains the corresponding nodes, applies the changes, and uncordons the nodes.
+** Changes to the SSH key in the `spec.config.ignition.passwd.users.sshAuthorizedKeys` parameter of a machine config.
+** Changes to the global pull secret or pull secret in the `openshift-config` namespace.
+** Automatic rotation of the `/etc/kubernetes/kubelet-ca.crt` certificate authority (CA) by the Kubernetes API Server Operator. 
+
+* When the MCO detects changes to the `/etc/containers/registries.conf` file, such as adding or editing an `ImageContentSourcePolicy` object, it drains the corresponding nodes, applies the changes, and uncordons the nodes.
 ====
 
 To avoid unwanted disruptions, you can modify the machine config pool (MCP) to prevent automatic rebooting after the Operator makes changes to the machine config.
diff --git a/modules/understanding-machine-config-operator.adoc b/modules/understanding-machine-config-operator.adoc
@@ -47,10 +47,12 @@ To prevent the nodes from automatically rebooting after machine configuration ch
 
 The following modifications do not trigger a node reboot:
 
-* changes to the SSH key in the `spec.config.ignition.passwd.users.sshAuthorizedKeys` parameter of a machine config
-* changes to the global pull secret or pull secret in the `openshift-config` namespace
-* changes to the `/etc/containers/registries.conf` file, such as adding or editing an `ImageContentSourcePolicy` object
+* When the MCO detects any of the following changes, it applies the update without draining or rebooting the node: 
 
-When the MCO detects any of these changes, it drains the corresponding nodes, applies the changes, and uncordons the nodes. 
+** Changes to the SSH key in the `spec.config.ignition.passwd.users.sshAuthorizedKeys` parameter of a machine config.
+** Changes to the global pull secret or pull secret in the `openshift-config` namespace.
+** Automatic rotation of the `/etc/kubernetes/kubelet-ca.crt` certificate authority (CA) by the Kubernetes API Server Operator.
+
+* When the MCO detects changes to the `/etc/containers/registries.conf` file, such as adding or editing an `ImageContentSourcePolicy` object, it drains the corresponding nodes, applies the changes, and uncordons the nodes.
 ====
 
