Merge pull request #46113 from nilekhc/clarify-automatic-reloading

docs: updates automatics reloading behaviour.

content/en/docs/tasks/administer-cluster/encrypt-data.md

@@ -719,7 +719,12 @@ allows you to change the keys for encryption at rest without restarting the
 API server.
 
 To allow automatic reloading, configure the API server to run with:
-`--encryption-provider-config-automatic-reload=true`
+`--encryption-provider-config-automatic-reload=true`.
+When enabled, file changes are polled every minute to observe the modifications.
+The `apiserver_encryption_config_controller_automatic_reload_last_timestamp_seconds`
+metric identifies when the new config becomes effective. This allows
+encryption keys to be rotated without restarting the API server.
+
 
 ## {{% heading "whatsnext" %}}
 

content/en/docs/tasks/administer-cluster/kms-provider.md

@@ -264,7 +264,10 @@ defined in a CustomResourceDefinition, your cluster must be running Kubernetes v
 
 1. Set the `--encryption-provider-config` flag on the kube-apiserver to point to the location of the configuration file.
 
-1. `--encryption-provider-config-automatic-reload` boolean argument determines if the file set by `--encryption-provider-config` should be automatically reloaded if the disk contents change. This enables key rotation without API server restarts.
+1. `--encryption-provider-config-automatic-reload` boolean argument 
+   determines if the file set by `--encryption-provider-config` should be
+   [automatically reloaded](/docs/tasks/administer-cluster/encrypt-data/#configure-automatic-reloading)
+   if the disk contents change.
 
 1. Restart your API server.