Merge pull request kubernetes-retired#1198 from hartym/patch-1

Doc: notice about service token invalidation after credentials update.
HotelsDotCom · Mar 27, 2018 · 62f93cd · 62f93cd
2 parents b044b9e + 1d541fb
commit 62f93cd
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/docs/getting-started/step-4-update.md b/docs/getting-started/step-4-update.md
@@ -37,6 +37,9 @@ More concretely, steps should be taken in order to rotate your certs on nodes ar
   kube-aws update
   ```
 
+There are cases where the service account tokens used by the system pods become invalid after credentials update, and
+some of your system pods will break (especially `kube-dns`). Deleting the said secrets will solve the issue (see https://github.com/kubernetes-incubator/kube-aws/issues/1057).
+
 ## The etcd caveat
 
 There is no solution for hosting an etcd cluster in a way that is easily updateable in this fashion- so updates are automatically masked for the etcd instances. This means that, after the cluster is created, nothing about the etcd ec2 instances is allowed to be updated.