Updated 10. Setting the solution up in ACS Kubernetes (markdown)

10.-Setting-the-solution-up-in-ACS-Kubernetes.md

@@ -215,9 +215,18 @@ eshop-autogen-k8s-dns.westus.cloudapp.azure.com
     <img src="img/kubernetes/kubernetes-cluster-in-azure-portal.png">
     <p>
     <p>
-## Connect to a Kubernetes cluster in ACS (Azure Container Service)
+## Connect to a Kubernetes cluster in ACS 
 1. **Make sure you have the private keys to connect.
-    * TBD
+    * IMPORTANT: When you created the Kubernetes cluster with the script provided by eShopOnContainers or by using the command "az acs create --orchestrator-type=kubernetes --resource-group $RESOURCE_GROUP --name=$CLUSTER_NAME --dns-prefix=$DNS_PREFIX --generate-ssh-keys", it generated the SSH RSA keys and service principal for the Kubernetes cluster.
+Those keys were stored in the client PC used when you created the cluster and you definitely need those in order to connect to the cluster. If you are going to connect to the cluster from the same machine, it'll work directly because the keys are there. But if you try to connect to the cluster from a different client machine, you'll need to copy the SSH RSA keys and the service principal to that new client machine.
+
+The SSH RSA private key file and the corresponding public key files generated when you created the cluster are stored in the folder at the client machine you used. 
+<img src="img/kubernetes/ssh-rsa-keys-folder.png">
+
+The service principal credentials are written to the file ~/.azure/acsServicePrincipal.json on the client machine you used, as shown in the image below.
+<img src="img/kubernetes/service-principal-credentials-folder.png">
+
+It is critical that you copy and store those files above in a secure place so you can re-used them in the future in other additional client machines.
 
 2. **Install the Kubernetes command line client**, `kubectl`.
     * `kubectl` is the Kubernetes command line client. If you don't already have it installed, you can install it with: