Merge pull request #10294 from rifelpet/nlb-acm-notes

Add more NLB release notes and documentation

docs/cluster_spec.md

@@ -82,13 +82,15 @@ spec:
       crossZoneLoadBalancing: true
 ```
 
+### Load Balancer Class
+
 **AWS only**
 
 {{ kops_feature_table(kops_added_default='1.19') }}
 
 You can choose to have a Network Load Balancer instead of a Classic Load Balancer. The `class` field should be either `Network` or `Classic` (default).
 
-**Note**: changing the class of load balancer in an existing cluster is a disruptive operation. Until the masters have gone through a rolling update, new connections to the apiserver will fail due to the old master's TLS certificates containing the old load balancer's IP address.
+**Note**: changing the class of load balancer in an existing cluster is a disruptive operation for the control plane. Until the masters have gone through a rolling update, new connections to the apiserver will fail due to the old masters' TLS certificates containing the old load balancer's IP addresses.
 ```yaml
 spec:
   api:

docs/releases/1.19-NOTES.md

@@ -35,6 +35,9 @@ If you already have a default `StorageClass`, you should set `cloudConfig.Openst
 The certificates on a node will expire sometime between 455 and 485 days after the node's creation.
 The expiration times vary randomly so that nodes are likely to have their certs expire at different times than other nodes.
 
+* kOps now supports using an AWS Network Load Balancer (NLB) for API access.
+See the [documentation](/cluster_spec/#load-balancer-class) for more info.
+
 ### CLI
 
 * The `kops update cluster` command will now refuse to run on a cluster that