Comment 2 for bug 1939596

The openstack-integrator charm isn't propagating the change to kubernetes-master. I've confirmed that, once openstack-integrator sends the new info, the change makes it all the way through to the openstack-cloud-controller-manager secret. If the pods are in CrashLoopBackOff then we shouldn't have any issues with pods using stale secret data, so, getting the secret updated should be sufficient.

Unfortunately, Juju doesn't notify the charm when cloud credentials have changed. We can check for changes in the update-status hook, but that could mean up to 5 minutes delay before the changes are propagated automatically. We can add a "refresh-credentials" action to allow the user to propagate the credentials more quickly, but that of course requires user action.

We'll have to do both, I think. Have the charm check in update-status so we get slow but automatic recovery. Add an action so users can recover more quickly if needed.