From 00070e6e2340c1729a75a088da98699476863e3c Mon Sep 17 00:00:00 2001
From: Bjorn Neergaard <bneergaard@mirantis.com>
Date: Fri, 27 Jan 2023 08:19:15 -0700
Subject: [PATCH] docs: add note about MKE CA rotation, which is potentially
 dangerous

Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
---
 docs/reference/commandline/swarm_ca.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/reference/commandline/swarm_ca.md b/docs/reference/commandline/swarm_ca.md
index 9e13917cad..2886109173 100644
--- a/docs/reference/commandline/swarm_ca.md
+++ b/docs/reference/commandline/swarm_ca.md
@@ -81,6 +81,13 @@ gyg5u9Iliel99l7SuMhNeLkrU7fXs+Of1nTyyM73ig==
 
 ### <a name="rotate"></a> Root CA rotation (--rotate)
 
+> **Note**
+>
+> Mirantis Kubernetes Engine (MKE), formerly known as Docker UCP, provides an external
+> certificate manager service for the swarm. If you run swarm on MKE, you shouldn't
+> rotate the CA certificates manually. Instead, contact Mirantis support if you need
+> to rotate a certificate.
+
 Root CA Rotation is recommended if one or more of the swarm managers have been
 compromised, so that those managers can no longer connect to or be trusted by
 any other node in the cluster.