diff --git a/staging/src/k8s.io/legacy-cloud-providers/azure/azure.go b/staging/src/k8s.io/legacy-cloud-providers/azure/azure.go
index 9f9da917bad..d30a66a4166 100644
--- a/staging/src/k8s.io/legacy-cloud-providers/azure/azure.go
+++ b/staging/src/k8s.io/legacy-cloud-providers/azure/azure.go
@@ -160,10 +160,10 @@ type Config struct {
 	// Maximum allowed LoadBalancer Rule Count is the limit enforced by Azure Load balancer
 	MaximumLoadBalancerRuleCount int `json:"maximumLoadBalancerRuleCount,omitempty" yaml:"maximumLoadBalancerRuleCount,omitempty"`
 
-	// The configure type for Azure cloud provider secret.
-	ConfigType secretConfigureType `json:"configType,omitempty" yaml:"configType,omitempty"`
-	// The override type for Azure cloud provider secret.
-	OverrideType secretOverrideType `json:"overrideType,omitempty" yaml:"overrideType,omitempty"`
+	// The cloud configure type for Azure cloud provider. Supported values are file, secret and merge.
+	CloudConfigType cloudConfigType `json:"cloudConfigType,omitempty" yaml:"cloudConfigType,omitempty"`
+	// The cloud config scope for Azure cloud provider. Supported values are all, node and control-plane.
+	CloudConfigScope cloudConfigScope `json:"cloudConfigScope,omitempty" yaml:"cloudConfigScope,omitempty"`
 }
 
 var _ cloudprovider.Interface = (*Cloud)(nil)
@@ -273,29 +273,29 @@ func (az *Cloud) InitializeCloudFromConfig(config *Config, fromSecret bool) erro
 		config.VMType = vmTypeStandard
 	}
 
-	if config.OverrideType == "" {
-		// The default override type is secretOverrideTypeCan.
-		config.OverrideType = secretOverrideTypeCan
+	if config.CloudConfigType == "" {
+		// The default cloud config type is cloudConfigTypeMerge.
+		config.CloudConfigType = cloudConfigTypeMerge
 	} else {
-		supportedOverrideTypes := sets.NewString(
-			string(secretOverrideTypeCan),
-			string(secretOverrideTypeMust),
-			string(secretOverrideTypeNo))
-		if !supportedOverrideTypes.Has(string(config.OverrideType)) {
-			return fmt.Errorf("overrideType %v is not supported, supported values are %v", config.OverrideType, supportedOverrideTypes.List())
+		supportedCloudConfigTypes := sets.NewString(
+			string(cloudConfigTypeMerge),
+			string(cloudConfigTypeFile),
+			string(cloudConfigTypeSecret))
+		if !supportedCloudConfigTypes.Has(string(config.CloudConfigType)) {
+			return fmt.Errorf("cloudConfigType %v is not supported, supported values are %v", config.CloudConfigType, supportedCloudConfigTypes.List())
 		}
 	}
 
-	if config.ConfigType == "" {
-		// The default config type is secretConfigureAll.
-		config.ConfigType = secretConfigureAll
+	if config.CloudConfigScope == "" {
+		// The default config scope is cloudConfigScopeAll.
+		config.CloudConfigScope = cloudConfigScopeAll
 	} else {
-		supportedConfigTypes := sets.NewString(
-			string(secretConfigureAll),
-			string(secretConfigureNode),
-			string(secretConfigureControlPlane))
-		if !supportedConfigTypes.Has(string(config.ConfigType)) {
-			return fmt.Errorf("configType %v is not supported, supported values are %v", config.ConfigType, supportedConfigTypes.List())
+		supportedCloudConfigScopes := sets.NewString(
+			string(cloudConfigScopeAll),
+			string(cloudConfigScopeNode),
+			string(cloudConfigScopeControlPlane))
+		if !supportedCloudConfigScopes.Has(string(config.CloudConfigScope)) {
+			return fmt.Errorf("cloudConfigScope %v is not supported, supported values are %v", config.CloudConfigScope, supportedCloudConfigScopes.List())
 		}
 	}
 
@@ -324,13 +324,13 @@ func (az *Cloud) InitializeCloudFromConfig(config *Config, fromSecret bool) erro
 				return err
 			}
 
-			// Credentials are required if override type is "no".
-			if az.Config.OverrideType == secretOverrideTypeNo {
+			// Credentials are required if cloud config type is "file".
+			if az.Config.CloudConfigType == cloudConfigTypeFile {
 				return fmt.Errorf("no credentials provided for Azure cloud provider")
 			}
 
 			// Controller manager could be initialized from secret.
-			klog.V(2).Infof("No credentials provided, lazy initialize from secret %s", getConfigSecretName(az.Config.ConfigType))
+			klog.V(2).Infof("No credentials provided, lazy initialize from secret %s", getConfigSecretName(az.Config.CloudConfigScope))
 			return nil
 		}
 
diff --git a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_config.go b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_config.go
index a0273befb6e..209e9fd5ea1 100644
--- a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_config.go
+++ b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_config.go
@@ -25,37 +25,37 @@ import (
 )
 
 const (
-	secretNamespace      = "kube-system"
-	secretCloudConfigKey = "cloud-config"
+	cloudConfigNamespace = "kube-system"
+	cloudConfigKey       = "cloud-config"
 )
 
-// The configure type for Azure cloud provider secret. Supported values are:
+// The configure scope for Azure cloud provider secret. Supported values are:
 // * all            : configure applied for components (kubelet and controller-manager). This is the default value.
 // * node           : configure applied for nodes (kubelet).
 // * control-plane  : configure applied for control plane components (controller-manager).
 //
-// For different configure types, the secret name would also be different:
+// For different configure scope, the secret name would also be different:
 // * all            : secret name would be azure-cloud-provider.
 // * node           : secret name would azure-cloud-provider-node.
 // * control-plane  : secret name would be azure-cloud-provider-control-plane.
-type secretConfigureType string
+type cloudConfigScope string
 
 const (
-	secretConfigureAll          secretConfigureType = "all"
-	secretConfigureNode         secretConfigureType = "node"
-	secretConfigureControlPlane secretConfigureType = "control-plane"
+	cloudConfigScopeAll          cloudConfigScope = "all"
+	cloudConfigScopeNode         cloudConfigScope = "node"
+	cloudConfigScopeControlPlane cloudConfigScope = "control-plane"
 )
 
-// The override type for Azure cloud provider secret. Supported values are:
-// * no   : The values from secret won't override any configures from local cloud-config file.
-// * must : The values from secret would override all configures from local cloud-config file.
-// * can  : The values from secret would override only configurations that are explicitly set in the secret. This is the default value.
-type secretOverrideType string
+// The config type for Azure cloud provider secret. Supported values are:
+// * file   : The values are read from local cloud-config file.
+// * secret : The values from secret would override all configures from local cloud-config file.
+// * merge  : The values from secret would override only configurations that are explicitly set in the secret. This is the default value.
+type cloudConfigType string
 
 const (
-	secretOverrideTypeNo   secretOverrideType = "no"
-	secretOverrideTypeMust secretOverrideType = "must"
-	secretOverrideTypeCan  secretOverrideType = "can"
+	cloudConfigTypeFile   cloudConfigType = "file"
+	cloudConfigTypeSecret cloudConfigType = "secret"
+	cloudConfigTypeMerge  cloudConfigType = "merge"
 )
 
 // InitializeCloudFromSecret initializes Azure cloud provider from Kubernetes secret.
@@ -77,25 +77,25 @@ func (az *Cloud) InitializeCloudFromSecret() {
 }
 
 func (az *Cloud) getConfigFromSecret() (*Config, error) {
-	// No override, return nil.
-	if az.Config.OverrideType == secretOverrideTypeNo {
+	// Read config from file and no override, return nil.
+	if az.Config.CloudConfigType == cloudConfigTypeFile {
 		return nil, nil
 	}
 
-	secretName := getConfigSecretName(az.Config.ConfigType)
-	secret, err := az.kubeClient.CoreV1().Secrets(secretNamespace).Get(secretName, metav1.GetOptions{})
+	secretName := getConfigSecretName(az.Config.CloudConfigScope)
+	secret, err := az.kubeClient.CoreV1().Secrets(cloudConfigNamespace).Get(secretName, metav1.GetOptions{})
 	if err != nil {
 		return nil, fmt.Errorf("Failed to get secret %s: %v", secretName, err)
 	}
 
-	cloudConfigData, ok := secret.Data[secretCloudConfigKey]
+	cloudConfigData, ok := secret.Data[cloudConfigKey]
 	if !ok {
 		return nil, fmt.Errorf("cloud-config is not set in the secret (%s)", secretName)
 	}
 
 	config := Config{}
-	if az.Config.OverrideType == "" || az.Config.OverrideType == secretOverrideTypeCan {
-		// "can" override, set default value to existing config.
+	if az.Config.CloudConfigType == "" || az.Config.CloudConfigType == cloudConfigTypeMerge {
+		// Merge cloud config, set default value to existing config.
 		config = az.Config
 	}
 
@@ -107,13 +107,13 @@ func (az *Cloud) getConfigFromSecret() (*Config, error) {
 	return &config, nil
 }
 
-func getConfigSecretName(configType secretConfigureType) string {
-	switch configType {
-	case secretConfigureAll:
+func getConfigSecretName(scope cloudConfigScope) string {
+	switch scope {
+	case cloudConfigScopeAll:
 		return azureSecretNamePrefix
-	case secretConfigureNode:
+	case cloudConfigScopeNode:
 		return fmt.Sprintf("%s-node", azureSecretNamePrefix)
-	case secretConfigureControlPlane:
+	case cloudConfigScopeControlPlane:
 		return fmt.Sprintf("%s-control-plane", azureSecretNamePrefix)
 
 	default:
diff --git a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_config_test.go b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_config_test.go
index dbccdfe7ca6..52d5b20c59d 100644
--- a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_config_test.go
+++ b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_config_test.go
@@ -50,7 +50,7 @@ func getTestConfig() *Config {
 	}
 }
 
-func getTestMustOverrideConfig() *Config {
+func getTestCloudConfigTypeSecretConfig() *Config {
 	return &Config{
 		AzureAuthConfig: auth.AzureAuthConfig{
 			TenantID:       "TenantID",
@@ -60,11 +60,11 @@ func getTestMustOverrideConfig() *Config {
 		RouteTableName:          "RouteTableName",
 		RouteTableResourceGroup: "RouteTableResourceGroup",
 		SecurityGroupName:       "SecurityGroupName",
-		OverrideType:            secretOverrideTypeMust,
+		CloudConfigType:         cloudConfigTypeSecret,
 	}
 }
 
-func getTestCanOverrideConfig() *Config {
+func getTestCloudConfigTypeMergeConfig() *Config {
 	return &Config{
 		AzureAuthConfig: auth.AzureAuthConfig{
 			TenantID:       "TenantID",
@@ -74,14 +74,14 @@ func getTestCanOverrideConfig() *Config {
 		RouteTableName:          "RouteTableName",
 		RouteTableResourceGroup: "RouteTableResourceGroup",
 		SecurityGroupName:       "SecurityGroupName",
-		OverrideType:            secretOverrideTypeCan,
+		CloudConfigType:         cloudConfigTypeMerge,
 	}
 }
 
-func getTestCanOverrideConfigExpected() *Config {
+func getTestCloudConfigTypeMergeConfigExpected() *Config {
 	config := getTestConfig()
 	config.SecurityGroupName = "SecurityGroupName"
-	config.OverrideType = secretOverrideTypeCan
+	config.CloudConfigType = cloudConfigTypeMerge
 	return config
 }
 
@@ -95,34 +95,34 @@ func TestGetConfigFromSecret(t *testing.T) {
 		expectErr      bool
 	}{
 		{
-			name: "Azure config shouldn't be override when override type is no",
+			name: "Azure config shouldn't be override when cloud config type is file",
 			existingConfig: &Config{
-				ResourceGroup: "ResourceGroup1",
-				OverrideType:  secretOverrideTypeNo,
+				ResourceGroup:   "ResourceGroup1",
+				CloudConfigType: cloudConfigTypeFile,
 			},
 			secretConfig: getTestConfig(),
 			expected:     nil,
 		},
 		{
-			name:           "Azure config should be override when override type is must",
-			existingConfig: getTestMustOverrideConfig(),
+			name:           "Azure config should be override when cloud config type is secret",
+			existingConfig: getTestCloudConfigTypeSecretConfig(),
 			secretConfig:   getTestConfig(),
 			expected:       getTestConfig(),
 		},
 		{
-			name:           "Azure config should be override when override type is can",
-			existingConfig: getTestCanOverrideConfig(),
+			name:           "Azure config should be override when cloud config type is merge",
+			existingConfig: getTestCloudConfigTypeMergeConfig(),
 			secretConfig:   getTestConfig(),
-			expected:       getTestCanOverrideConfigExpected(),
+			expected:       getTestCloudConfigTypeMergeConfigExpected(),
 		},
 		{
 			name:           "Error should be reported when secret doesn't exists",
-			existingConfig: getTestCanOverrideConfig(),
+			existingConfig: getTestCloudConfigTypeMergeConfig(),
 			expectErr:      true,
 		},
 		{
 			name:           "Error should be reported when secret exists but cloud-config data is not provided",
-			existingConfig: getTestCanOverrideConfig(),
+			existingConfig: getTestCloudConfigTypeMergeConfig(),
 			secretConfig:   emptyConfig,
 			expectErr:      true,
 		},
@@ -150,7 +150,7 @@ func TestGetConfigFromSecret(t *testing.T) {
 					"cloud-config": secretData,
 				}
 			}
-			_, err := az.kubeClient.CoreV1().Secrets(secretNamespace).Create(secret)
+			_, err := az.kubeClient.CoreV1().Secrets(cloudConfigNamespace).Create(secret)
 			assert.NoError(t, err, test.name)
 		}