From 1aa583500c4f3569e2725d4fdddde8c725225e68 Mon Sep 17 00:00:00 2001
From: Jacob Simpson <jacobsimpson@google.com>
Date: Mon, 27 Feb 2017 08:25:21 -0800
Subject: [PATCH] Update bootstrap comment.

---
 .../certificate/certificate_manager.go        | 26 ++++++++++++-------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/pkg/kubelet/certificate/certificate_manager.go b/pkg/kubelet/certificate/certificate_manager.go
index 9d9d0db3986e4..4242cdfb7cb3c 100644
--- a/pkg/kubelet/certificate/certificate_manager.go
+++ b/pkg/kubelet/certificate/certificate_manager.go
@@ -90,17 +90,23 @@ type Config struct {
 	// Rotation is a call back function which, if provided, will be invoked
 	// after a rotation has occurred.
 	Rotation func()
-	// BootstrapCertificatePEM is the certificate data that will be used to
-	// authenticate connections with the CertificateSigningRequestClient and
-	// request a new certificate, if there is no current certificate available
-	// in the CertificateStore. If there is a current certificate available,
-	// this will be ignored.
+	// BootstrapCertificatePEM is the certificate data that will be returned
+	// from the Manager if the CertificateStore doesn't have any cert/key pairs
+	// currently available. If the CertificateStore does have a cert/key pair,
+	// this will be ignored. If the bootstrap cert/key pair are used, they will
+	// be rotated at the first opportunity, possibly well in advance of
+	// expiring. This is intended to allow the first boot of a component to be
+	// initialized using a generic, multi-use cert/key pair which will be
+	// quickly replaced with a unique cert/key pair.
 	BootstrapCertificatePEM []byte
-	// BootstrapKeyPEM is the key data that will be used to authenticate
-	// connections with the CertificateSigningRequestClient and request a new
-	// certificate, if there is no current certificate available in the
-	// CertificateStore. If there is a current certificate available, this will
-	// be ignored.
+	// BootstrapKeyPEM is the key data that will be returned from the Manager
+	// if the CertificateStore doesn't have any cert/key pairs currently
+	// available. If the CertificateStore does have a cert/key pair, this will
+	// be ignored. If the bootstrap cert/key pair are used, they will be
+	// rotated at the first opportunity, possibly well in advance of expiring.
+	// This is intended to allow the first boot of a component to be
+	// initialized using a generic, multi-use cert/key pair which will be
+	// quickly replaced with a unique cert/key pair.
 	BootstrapKeyPEM []byte
 }