Synchronization to Azure AD only happens when at least one of two things happen:
- Any spec.azure.* or spec.accessPolicy.inbound.rules value has changed.
- An annotation is applied to the resource:
kubectl annotate azureapp <app> azure.nais.io/resync=true
The annotation is removed after synchronization. It can then be re-applied to trigger new synchronizations.
Forcing credential rotation¶
Credential rotation happens automatically on a regular basis.
However, if you need to trigger rotation manually you may do so by applying the following annotation:
kubectl annotate azureapp <app> azure.nais.io/rotate=true
You should then restart your pods so that the new credentials are re-injected:
kubectl rollout restart deployment <app>