CA rotation docs cleanups (#360)

nightkr · web-flow · commit ccf2bb07f5ca · 2024-02-01T14:56:59.000Z
As requested by @lfrancke (#93 (comment))
diff --git a/docs/modules/secret-operator/pages/secretclass.adoc b/docs/modules/secret-operator/pages/secretclass.adoc
@@ -63,11 +63,11 @@ Users can use podOverrides to extend the certificate lifetime by adding volume a
 Certificate authorities also have a limited lifetime, and need to be rotated before they expire to avoid cluster disruption.
 
 If configured to provision its own CA (`autoTls.ca.autoGenerate`), the Secret Operator will create CA certificates that are valid for 2 years (`autoTls.ca.caCertificateLifetime`),
-and initiate rotation once less than half of that time remains. If configured _not_ to provision its own CA, a warning will instead be issued in that case.
+and initiate rotation once less than half of that time remains.
 
 To avoid disruption and let the new CA propagate through the cluster, the Secret Operator will prefer using the oldest CA that will last for the entire lifetime of the issued certificate.
 
-Expired certificates will currently not be deleted automatically, and should be cleaned up manually.
+NOTE: Expired CA certificates will currently not be deleted automatically. They should be cleaned up manually.
 
 ==== Reference
 
