OSDOCS-4272: Updating for service account issuer behavior change

Author: bergerhoffer

modules/bound-sa-tokens-configuring.adoc

@@ -19,9 +19,9 @@ You can configure pods to request bound service account tokens by using volume p
 +
 This step is typically not required if the bound tokens are used only within the cluster.
 +
-[WARNING]
+[IMPORTANT]
 ====
-If you update the `serviceAccountIssuer` field and there are bound tokens already in use, all bound tokens with the previous issuer value will be invalidated. Unless the holder of a bound token has explicit support for a change in issuer, the holder will not request a new bound token until pods have been restarted.
+If you change the service account issuer to a custom one, the previous service account issuer is still trusted for the next 24 hours.
 
 If necessary, you can manually restart all pods in the cluster so that the holder will request a new bound token. Before doing this, wait for a new revision of the Kubernetes API server pods to roll out with your service account issuer changes.
 ====