Add blog introducing-automated-credential-rotation

[gardener-answering-machine]

Purpose

@AleksandarSavchev This is an automatically generated draft pull request proposing a new blog post based on your Gardener review meeting presentation you gave on 2026-01-28 titled:

"Introducing Automated Credential Rotation"

The purpose of the blog post is to actively inform the community about new Gardener features or changes, as discussed during review meetings.

Notes to Reviewers

This draft was automatically generated by LLMs using the review meeting recording and referenced materials.
Please evaluate whether this topic is suitable for a blog post. If so, review and edit the content as needed.
If you decide the topic isn't appropriate for a blog post, feel free to close this PR and delete the branch.

⚠️ This is an experimental GenAI feature. Feedback is welcome! Please direct it to @vlerenc. Thank you!

Instructions for Reviewers

❌ If the draft isn't viable

• Close this PR
• Delete the branch

✏️ If the draft is viable but requires editing

1. Clone the repository and change to the directory:

git clone https://github.com/gardener/documentation
cd documentation

2. Check out the branch:

git fetch origin && git checkout blog/2026-01-28-introducing-automated-credential-rotation

3. Review the content in website/blog/2026/01/01-28-introducing-automated-credential-rotation.md.
4. Make any necessary edits, additions, or removals, and then push the changes:

git add website/blog/2026/01/01-28-introducing-automated-credential-rotation.md
git commit --amend --no-edit
git push origin +blog/2026-01-28-introducing-automated-credential-rotation

✅ If the draft is ready for review

• Mark this PR as Ready for review
• Invite additional reviewers (optional step)
• Comment with /lgtm to approve (required step)

The documentation team will review your PR, as required by branch protection.
They will merge it once you (and any additional reviewers) have approved it.

@AleksandarSavchev Thank you for helping us share valuable updates from the Gardener project with the community!

Summary by CodeRabbit

Release Notes

• Documentation
  • Added blog post introducing Automated Credential Rotation for Gardener. This new feature enables automatic rotation of SSH keypairs, observability passwords, and etcd encryption keys during Shoot maintenance windows. The opt-in feature supports configurable rotation periods ranging from 30 minutes to 90 days, with a default of 7 days.

[rfranzke]

ping @AleksandarSavchev

[AleksandarSavchev]

/lgtm

[gardener-prow]

@AleksandarSavchev: adding LGTM is restricted to approvers and reviewers in OWNERS files.

Details

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new blog post was added to document the Automated Credential Rotation feature for Gardener. The post explains the feature's configuration through Shoot manifest specifications, default rotation periods, and provides usage examples with YAML snippets.

Changes

Cohort / File(s)	Summary
Blog Post website/blog/2026/01/01-28-introducing-automated-credential-rotation.md	New blog post introducing Automated Credential Rotation, covering configuration options, default settings (168h rotation period), and manual rotation alternatives.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A rotation tale I must convey,
Credentials fresh, renewed each day!
Seven days by default they dance,
While Gardener tends with timely glance.
Security blooms in maintenance light,
Our Shoot protected, oh what delight!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description lacks the required '/kind' categorization from the template; the template requires '/kind TODO' to be replaced with actual kind identifiers.	Replace '/kind TODO' with an appropriate kind identifier such as '/kind task' or '/kind enhancement' to properly categorize this PR.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding a blog post about automated credential rotation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch blog/2026-01-28-introducing-automated-credential-rotation

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rfranzke]

/lgtm
/approve
/kind enhancement

[gardener-prow]

LGTM label has been added.

Details

Git tree hash: 0a0ad5ad1b16c8ee063a2f22273d655e99cb80d9

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

website/blog/2026/01/01-28-introducing-automated-credential-rotation.md (1)

51-51: Consider adding details about manual rotation.

The statement mentions that "manual rotation via annotations remains available" but doesn't specify which annotations to use or link to documentation. Consider adding a brief example or linking to the manual rotation documentation to help readers who need this feature.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@website/blog/2026/01/01-28-introducing-automated-credential-rotation.md` at
line 51, The sentence referencing manual rotation is too vague; update the
paragraph that mentions `rotationPeriod` and "manual rotation via annotations"
to include the exact annotation key(s) and a short example (e.g., annotation
name and value) or add a link to the manual-rotation documentation page;
reference the same `rotationPeriod` wording and the phrase "manual rotation via
annotations" so readers can find the example quickly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@website/blog/2026/01/01-28-introducing-automated-credential-rotation.md`:
- Line 15: The post uses h3 headings for top-level sections; change the heading
"Enhanced Security, Effortlessly" from ### to ## and update the other top-level
section headings in this post (the two other section titles currently using ###)
to ## as well so heading hierarchy follows the h1 title and remains consistent
and accessible.

---

Nitpick comments:
In `@website/blog/2026/01/01-28-introducing-automated-credential-rotation.md`:
- Line 51: The sentence referencing manual rotation is too vague; update the
paragraph that mentions `rotationPeriod` and "manual rotation via annotations"
to include the exact annotation key(s) and a short example (e.g., annotation
name and value) or add a link to the manual-rotation documentation page;
reference the same `rotationPeriod` wording and the phrase "manual rotation via
annotations" so readers can find the example quickly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix heading hierarchy.

The first heading in the post should be h2 (##) rather than h3 (###) to follow proper heading level progression after the h1 title. This improves document structure and accessibility.

📝 Proposed fix

-### Enhanced Security, Effortlessly
+## Enhanced Security, Effortlessly

Apply the same change to the other section headings (lines 25 and 55) to maintain consistency:

-### How to Enable Automatic Rotation
+## How to Enable Automatic Rotation

-### Further Reading
+## Further Reading

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	### Enhanced Security, Effortlessly
	## Enhanced Security, Effortlessly

🧰 Tools

🪛 markdownlint-cli2 (0.21.0)

[warning] 15-15: Heading levels should only increment by one level at a time
Expected: h2; Actual: h3

(MD001, heading-increment)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@website/blog/2026/01/01-28-introducing-automated-credential-rotation.md` at
line 15, The post uses h3 headings for top-level sections; change the heading
"Enhanced Security, Effortlessly" from ### to ## and update the other top-level
section headings in this post (the two other section titles currently using ###)
to ## as well so heading hierarchy follows the h1 title and remains consistent
and accessible.

[n-boshnakov]

/lgtm

[gardener-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: n-boshnakov, rfranzke

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [n-boshnakov,rfranzke]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment