Merge pull request #288291 from RichardChen820/user/junbchen/on_demand_refresh_faq

prmerger-automator[bot] · web-flow · commit 3d11f82f2283 · 2024-11-28T03:23:59.000Z
Add FAQ for refreshing configMap on demand
diff --git a/articles/azure-app-configuration/quickstart-azure-kubernetes-service.md b/articles/azure-app-configuration/quickstart-azure-kubernetes-service.md
@@ -372,6 +372,12 @@ Ensure that you specify the correct key-value selectors to match the expected da
 
 You can customize the installation by providing additional Helm values when installing the Azure App Configuration Kubernetes Provider. For example, you can set the log level, configure the provider to run on a specific node, or disable the workload identity. Refer to the [installation guide](./reference-kubernetes-provider.md#installation) for more information.
 
+#### How to trigger on-demand refresh of ConfigMap and Secret
+
+While you can set up automatic data refresh, there are times when you might want to trigger an on-demand refresh to get the latest data from App Configuration and Key Vault. To do this, you can restart the deployment of the Azure App Configuration Kubernetes provider controller. The Kubernetes provider will then reconcile and update the ConfigMap and Secret with the latest data from your App Configuration store and Key Vault.
+
+It is not recommended to delete or modify the ConfigMap and Secret generated by the Kubernetes provider. Although new ones will be generated from the latest data, this could cause downtime for your applications in the event of any failures.
+
 #### Why am I unable to authenticate with Azure App Configuration using workload identity after upgrading the provider to version 2.0.0?
 
 Starting with version 2.0.0, a user-provided service account is required for authenticating with Azure App Configuration [using workload identity](./reference-kubernetes-provider.md#use-workload-identity). This change enhances security through namespace isolation. Previously, a Kubernetes provider’s service account was used for all namespaces. For updated instructions, see the documentation on using workload identity. If you need time to migrate when upgrading to version 2.0.0, you can temporarily set `workloadIdentity.globalServiceAccountEnabled=true` during provider installation. Please note that support for using the provider’s service account will be deprecated in a future release.
