diff --git a/docs/vars.md b/docs/vars.md
index b3aee535a..f51f71808 100644
--- a/docs/vars.md
+++ b/docs/vars.md
@@ -67,9 +67,11 @@ following default cluster paramters:
   OpenStack (default is unset)
 * *kube_hostpath_dynamic_provisioner* - Required for use of PetSets type in
   Kubernetes
-* *authorization_mode* - Set this to "RBAC" (upper-case, no quotes) 
-[to enable Role Based Access Control](https://kubernetes.io/docs/admin/authorization/rbac/)
-* *rotate_kubernetes_certs* - Set this to true to regenerate kubernetes Node certificates. *Warning: Will overwrite old certs.*
+* *authorization_mode* - A list of authorization modes that the apiserver should be configured. 
+Supported values are `['AlwaysAllow', 'RBAC']` (Default: `['AlwaysAllow']`)
+* *rotate_kubernetes_certs* - Set this to true to regenerate kubernetes node and master certificates.
+Useful if the authorization mode was changed and certificate format
+needs to be updated. This will not regenerate the root CA. *(!!Warning!!: Will overwrite old certs.)*
  
  
 Note, if cloud providers have any use of the ``10.233.0.0/16``, like instances'