Add information about expiration to service serving certificate secrets

dev_guide/secrets.adoc

@@ -150,6 +150,8 @@ to use for your secret. Then, your *PodSpec* can mount that secret. When it is
 available, your pod will run. The certificate will be good for the internal
 service DNS name, `*<service.name>.<service.namespace>.svc*`. The certificate
 and key are in PEM format, stored in `*tls.crt*` and `*tls.key*` respectively.
+They will be regenerated upon expiry, you can view the expiration date in
+`*service.alpha.openshift.io/expiry*` annotation, which is in RFC3339 format.
 
 Other pods can trust cluster-created certificates (which are only signed for
 internal DNS names), by using the CA bundle in the