Skip to content

Operations

Forcing resynchronization

Synchronization to Azure AD only happens when at least one of two things happen:

  1. Any spec.azure.* or spec.accessPolicy.inbound.rules[] value has changed.
  2. An annotation is applied to the resource:
kubectl annotate azureapp <app> azure.nais.io/resync=true

The annotation is removed after synchronization. It can then be re-applied to trigger new synchronizations.

Forcing credential rotation

Credential rotation happens automatically on a regular basis.

However, if you need to trigger rotation manually you may do so by applying the following annotation:

kubectl annotate azureapp <app> azure.nais.io/rotate=true

You should then restart your pods so that the new credentials are re-injected:

kubectl rollout restart deployment <app>