Documentation changes based on feedback in DES-7199

content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md

@@ -743,9 +743,11 @@ For more information about collecting metrics in Mendix on Kubernetes, see [Moni
 
 ### Customize Service Account {#customize-service-account}
 
-The Mendix environment can be configured to use a specific Kubernetes ServiceAccount instead of the default ServiceAccount.
+The Mendix environment can be configured to use a specific Kubernetes ServiceAccount instead of the default ServiceAccount. 
 
-To achieve this, you need to add the annotation `privatecloud.mendix.com/environment-account: true` (for security reasons, any account matching an environment name but without this annotation cannot be attached to environments).
+In order to ensure that every environment uses a unique account, the Kubernetes service account must have the same name as the Mendix App environment name (environment ID). This ensures that one service account cannot be used for multiple environments.
+
+To achieve this, you need to add the annotation `privatecloud.mendix.com/environment-account: true`. For security reasons, any account matching an environment name but without this annotation cannot be attached to environments.
 
 {{% alert color="info" %}}
 The service account can be customized Mendix on Kubernetes Operator version 2.7.0 and above.

content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-storage-plans.md

@@ -1887,7 +1887,7 @@ To configure the required settings for an RDS database, do the following steps:
 2. Enable [IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.DBAccounts.html#UsingWithRDS.IAMDBAuth.DBAccounts.PostgreSQL) and grant `rds_iam` role to `database-username` role by using the below `psql` commandline to run the following jump pod commands (replacing `<database-username>` with the username specified in `database-username` and `<database-host>` with the database host):
 
     ```sql
-    kubectl run postgrestools docker.io/bitnami/postgresql:14 -ti --restart=Never --rm=true -- /bin/sh
+    kubectl run postgrestools docker.io/library/postgresql:14 -ti --restart=Never --rm=true -- /bin/sh
     export PGDATABASE=postgres
     export PGUSER=<database-username>
     export PGHOST=<database-host>

content/en/docs/deployment/private-cloud/private-cloud-data-transfer.md

@@ -7,7 +7,7 @@ weight: 60
 ---
 ## Introduction
 
-{{% alert color="warning" %}}This tool is provided as-is, and no additional features or enhancements will be implemented in the future. {{% /alert %}}
+{{% alert color="warning" %}}This tool is provided as-is, and no additional features or enhancements will be implemented in the future. If you want to migrate data, we recommend that you reach out to Expert Services, or use [MendixOnAzure](/developerportal/deploy/mendix-on-azure/backups/).{{% /alert %}}
 
 The Mendix on Kubernetes data migration tool allows you to:
 
@@ -161,7 +161,7 @@ spec:
   terminationGracePeriodSeconds: 0
   containers:
   - name: pgtools
-    image: docker.io/bitnami/postgresql:12
+    image: docker.io/library/postgresql:12
     command: ["sleep", "infinity"]
     lifecycle:
       preStop:
@@ -223,7 +223,7 @@ If you need to export or import data from an environment that uses AWS IRSA auth
 4. Add the `eks.amazonaws.com/role-arn` annotation to the `mendix-backup-restore` service account and set it to the role ARN value from the previous step.
 
 This configuration creates a pod which includes `pgtools` (PostgreSQL tools such as `pg_dump` and `pg_restore`), and a Service Account that can get the database credentials from an environment.
-If your database is using another PostgreSQL version (for example, PostgreSQL 13), change the `image: docker.io/bitnami/postgresql:12` to match the target PostgreSQL version (for example, `docker.io/bitnami/postgresql:13`).
+If your database is using another PostgreSQL version (for example, PostgreSQL 13), change the `image: docker.io/library/postgresql:12` to match the target PostgreSQL version (for example, `docker.io/library/postgresql:13`).
 
 {{% alert color="warning" %}}
 Before importing a backup file into an environment, the environment should be stopped (scaled down to 0 replicas).

content/en/docs/deployment/private-cloud/private-cloud-deploy.md

@@ -599,6 +599,7 @@ If you change the data type and value in the .mpr file, the changes are visible
 
 On the Network tab, you add client certificates (in the PKCS12 format) or certificate authorities (in the PEM format) for outgoing connections. These will be used when your application initiates SSL/TLS connections. This works in the same way as the Network tab for deployments to Mendix Cloud. For more details on these, see the [Network Tab](/developerportal/deploy/environments-details/#network-tab) section of *Environment Details*.
 
+For security reasons, root CAs can only be enabled in custom [TLS section](/developerportal/deploy/standard-operator/#custom-tls) in mxpc-cli. The root CAs need to be configured before creating an environment. 
 {{< figure src="/attachments/deployment/private-cloud/private-cloud-deploy/network-tab.png" class="no-border" >}}
 
 ### Runtime Tab {#runtime-tab}

content/en/docs/deployment/private-cloud/secret-store-credentials.md

@@ -513,7 +513,7 @@ After completing the prerequisites, follow these steps to switch from password-b
 2. Enable [IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.DBAccounts.html#UsingWithRDS.IAMDBAuth.DBAccounts.PostgreSQL) and grant `rds_iam` role to `database-username` role by using the below `psql` commandline to run the following jump pod commands (replacing `<database-username>` with the username specified in `database-username` and `<database-host>` with the database host):
 
    ```sql
-   kubectl run postgrestools docker.io/bitnami/postgresql:14 -ti --restart=Never --rm=true -- /bin/sh
+   kubectl run postgrestools docker.io/library/postgresql:14 -ti --restart=Never --rm=true -- /bin/sh
    export PGDATABASE=postgres
    export PGUSER=<database-username>
    export PGHOST=<database-host>