diff --git a/api/v1alpha2/mysqlserver_types.go b/api/v1alpha2/mysqlserver_types.go
index 9eb4b4519d2..54146f27eff 100644
--- a/api/v1alpha2/mysqlserver_types.go
+++ b/api/v1alpha2/mysqlserver_types.go
@@ -28,7 +28,7 @@ type MySQLServerSpec struct {
 
 	// +kubebuilder:validation:MinLength=1
 	// AdminSecret is the name of a Kubernetes secret containing the username and password of the
-	// MySQLServer administrator account. When specified, the username and password fields of this
+	// MySQLServer administrator account. When specified, the `username` and `password` fields of this
 	// secret will be included in the generated secret associated with this MySQLServer.
 	// If AdminSecret is specified but a secret with the given name is not found in the same namespace
 	// as the MySQLServer, then reconciliation will block until the secret is created.
diff --git a/config/samples/azure_v1alpha2_mysqlserver.yaml b/config/samples/azure_v1alpha2_mysqlserver.yaml
index 720c7592d7a..a64ba61a5be 100644
--- a/config/samples/azure_v1alpha2_mysqlserver.yaml
+++ b/config/samples/azure_v1alpha2_mysqlserver.yaml
@@ -11,6 +11,10 @@ spec:
   serverVersion: "8.0"
   sslEnforcement: Enabled
   createMode: Default # Possible values include: Default, Replica, PointInTimeRestore (not implemented), GeoRestore (not implemented)
+  # Optional admin secret name. If the admin secret is specified the `username` and `password` fields of the secret will be used to set
+  # the administrator username and password. If adminSecret is not provided, ASO will generate an administrator account
+  # and password.
+  # adminSecret: my-admin-secret
   sku:
     name: GP_Gen5_4 # tier + family + cores eg. - B_Gen4_1, GP_Gen5_4
     tier: GeneralPurpose # possible values - 'Basic', 'GeneralPurpose', 'MemoryOptimized'