Opportunity to explain that when we modify the ingress CA with custom certs, this will trigger a rollout of MCP update as the following local cert file needs to get updated on all nodes: `/etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt`. 

4.11, 4.12, 4.13, 4.14* (see caveat)

Every time; this is expected, but not documented

    1. Follow steps in docs page: https://docs.openshift.com/container-platform/4.12/security/certificates/replacing-default-ingress-certificate.html
    2. create the configmap as outlined in docs:
~~~
$ oc create configmap custom-ca \
     --from-file=ca-bundle.crt=</path/to/example-ca.crt> \
     -n openshift-config
~~~
    3. Observe that a new machine-config file is generated, triggering rollout to all nodes.
    

MCP update may put cluster into unexpected/undesired rollout condition interrupting workloads.     

    If a rollout is expected, should be documented to advise customers of possible interruption to production workloads.

*4.14 has a new update that explicitly addresses a change in this behavior:

https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html-single/release_notes/index#ocp-4-14-new-cert-process

Which highlights the following (as pertains to a 4.14 release update): (therefore in 4.14 docs at this page, should be stated that this does NOT trigger a MCP rollout, compared to other existing/earlier versions of openshift (4.11,4.12,4.13) I believe this was also present in earlier builds but am not certain when it was introduced/how far backported you need to go with this warning.

~~~
1.3.16.4. Certificates are now handled by the Machine Config Daemon
In previous OpenShift Container Platform versions, the MCO read and handled certificates directly from machine configuration files. This led to rotation issues and created unwanted situations, such as certificates getting stuck behind a paused machine config pool.

With this release, certificates are no longer templated from bootstrap into machine configuration files. Instead, they are put directly into the Ignition object, written onto a disk using the controller config, and handled by the Machine Config Daemon (MCD) during regular cluster operation. The certs are then visible by using the ControllerConfig resource.

The Machine Config Controller (MCC) holds the following certificate data:

/etc/kubernetes/kubelet-ca.crt
/etc/kubernetes/static-pod-resources/configmaps/cloud-config/ca-bundle.pem
/etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt
~~~


Objectively seeking a warning alert box appraising that this change will cause a machine-config update automatically and to prepare accordingly on the highlighted docs page to avoid future confusion/interruptions to customers who aren't expecting it.