Tanzu Hub successfully installed with a particular Identity Provider configuration.

Changes are made on Hub tile, hubsm-install errand is run to push the changes to Hub services.

However  the UAA pod does not appear to be picking up the changes.

Tanzu Hub 10.3.1 - 10.3.4

The secrets associated with the uaa-tp-config package have been updated with the new config.

NOTE: it make take a few minutes for uaa-tp-config app to be reconciled after the errand has completed.

kubectl -n tanzusm get secret uaa-tp-config-values-ver-<ID> -o jsonpath='{.data.values\.yaml}' | base64 -d
kubectl -n tanzusm get secrets tp-uaa-config -o jsonpath='{.data.uaa\.yml}' | base64 -d

However, the uaa Pod needs to be restarted to pick up the new configuration and this is not happening as part of the app reconciliation.

The relevant app can be reconciled immediately with:

kctrl app kick  -a uaa-tp-config -n tanzusm

This issue is resolved in 10.4

As a workaround, restart the UAA pod uaa-tp-config has completed reconciliation 

kubectl rollout restart deploy uaa -n tanzusm