I have a k8s cluster running in Azure and I have always reset the service principal credentials by using Azure CLI: az ad sp credential reset --name <xyz> --years 2. Afterwards I have updated the AKS cluster with the new service principal credentials, see update AKS Cluster credentials. After this the cluster will be restarted.
For a production environment I want to avoid restarting the cluster after resetting the credentials, so I was thinking to use the same password as before. So old password=new password. This is achieved using az ad sp credential reset --name <xyz> --years 2 --password <1234>
Now my question is: should I update the AKS cluster with new service principal credentials even if I use the same password as before? Has anyone tried this before?
AFAIK it's not require to update or restart the AKS cluster with new service principal credentials even if you are using the same password as before.
Since you are using the same password at AKS level and only reseting with same password at service principal level for sake of not to expire password.
Note : If you were resting with different password as you are using currently in that case you have to update and reset the AKS cluster.
For the benifits You can use of managed identity rather than service principle as rickvdbosch and Philip Welz Suggested in the comment itself.
You can now update an AKS cluster currently working with service principals to work with managed identities by using the following CLI commands.
az aks update -g <RGName> -n <AKSName> --enable-managed-identity