[vcluster]: add checksums to trigger pod restarts only on config changes #168

larsgerber · 2025-11-28T11:56:50Z

What this PR does:

Prevents unnecessary restarts of all pods during every Helm chart update when no changes were made to the pod spec.
Adds checksums for all ConfigMaps and Secrets to ensure pods are only restarted when their configuration actually changes.
This prevents invalid configurations from rolling out silently and reduces the risk of unexpected pod crashes during node maintenance.

Notes for Reviewer:

--- output1.yaml	2025-11-28 12:38:18
+++ output2.yaml	2025-11-28 12:38:29
@@ -2881,8 +2881,11 @@
         app.kubernetes.io/name: cluster-name 
         app.kubernetes.io/component: admin
       annotations:
+        checksum/kubeconfig: 3ccf5928330fc41cc5b22bb66a45bb0ece892182272caae28d25485dea1049fd
+        checksum/kubeadm-config: d273228d8a7912e1924910f7f2c83cf0fbbba1e34bbdafdd76cf1452d8676596
+        checksum/konnectivity-config: f5b29f9757d70716a62512ad451f116160dc907d1b3a50ef51cd840ed46c4917
     spec:
       nodeSelector:
         platform.bedag.ch/nodepool: service

@@ -3037,18 +3040,17 @@
       app.kubernetes.io/component: apiserver
   template:
     metadata:
       labels:
-        helm.sh/chart: vcluster-0.16.4
-        app.kubernetes.io/version: "0.1.0"
-        app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/part-of: kubernetes
         app.kubernetes.io/instance: cluster-name
         app.kubernetes.io/name: cluster-name
         app.kubernetes.io/component: apiserver
       annotations:
         checksum/config: cc4101c63beee65d31cb90aa3e5ac06e3615e6fc72f0a9fb8c247fa261d4d01e
+        checksum/policy: 38edbcb46b2a78e1802d25208c843929d517d27fcf49d8b304b09cad24c07da4
+        checksum/konnectivity-config: 368c62e578a71768d12ce750ea61f718148661025390414b5d02df6e22db6c85
     spec:
       nodeSelector:
         platform.bedag.ch/nodepool: service

@@ -3292,17 +3294,15 @@
       app.kubernetes.io/component: controller-manager
   template:
     metadata:
       labels:
-        helm.sh/chart: vcluster-0.16.4
-        app.kubernetes.io/version: "0.1.0"
-        app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/part-of: kubernetes
         app.kubernetes.io/instance: cluster-name
         app.kubernetes.io/name: cluster-name
         app.kubernetes.io/component: controller-manager
       annotations:
+        checksum/config: 272deabe157f7b68b34d0532ca1409a24e5cf149dc1b60d840d3410cec0640e3
     spec:
       nodeSelector:
         platform.bedag.ch/nodepool: service

@@ -3427,17 +3427,15 @@
       app.kubernetes.io/component: scheduler
   template:
     metadata:
       labels:
-        helm.sh/chart: vcluster-0.16.4
-        app.kubernetes.io/version: "0.1.0"
-        app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/part-of: kubernetes
         app.kubernetes.io/instance: cluster-name
         app.kubernetes.io/name: cluster-name
         app.kubernetes.io/component: scheduler
       annotations:
+       checksum/config: e0835b7cb96689eb0322f180f0d2a28650682e4f6c51819893251e09acbc6d48
     spec:
       nodeSelector:
         platform.bedag.ch/nodepool: service

@@ -3540,8 +3538,10 @@
       annotations:
         checksum/manifests: "ed9fdd3a260903055add0662fce9dadd9efa5289d0a4735adcc5933ef4b6c073"
         checksum/webhooks: "b4d97c277d9b0d737783bd06ebfae19c90c774d624a35e6c563868ae37fcfad0"
+        checksum/kubeconfig: 3ccf5928330fc41cc5b22bb66a45bb0ece892182272caae28d25485dea1049fd
+        checksum/provider: 566e0ed5a5d12d5ed9fc60e48bd2f0d67f1cefb15a3fa3bb6f5713a5c22f632b
       labels:
         app.kubernetes.io/part-of: machine-controller
         app.kubernetes.io/component: machine-controller
         app.kubernetes.io/instance: cluster-name

@@ -3731,8 +3731,9 @@
       annotations:
         checksum/manifests: "a0d0317ce64ab104d1d3617057c9670a6b897c98cd2744aa2079a329a0ad9e68"
         checksum/webhooks: "3323a5e7edf306de6944451d3825e8604b3d14fbf2707f3989a8669a41742df7"
+        checksum/kubeconfig: 3ccf5928330fc41cc5b22bb66a45bb0ece892182272caae28d25485dea1049fd
       labels:
         app.kubernetes.io/part-of: operating-system-manager
         app.kubernetes.io/component: operating-system-manager
         app.kubernetes.io/instance: cluster-name

@@ -3919,11 +3920,8 @@
   template:
     metadata:
       name: cluster-name-kubernetes-etcd
       labels:
-        helm.sh/chart: vcluster-0.16.4
-        app.kubernetes.io/version: "0.1.0"
-        app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/part-of: kubernetes
         app.kubernetes.io/instance: cluster-name
         app.kubernetes.io/name: cluster-name
         
@@ -4079,11 +4077,8 @@
     spec:
       template:
         metadata:
           labels:
-            helm.sh/chart: vcluster-0.16.4
-            app.kubernetes.io/version: "0.1.0"
-            app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/part-of: kubernetes
             app.kubernetes.io/instance: cluster-name
             app.kubernetes.io/name: cluster-name
             
@@ -4183,11 +4178,8 @@
     spec:
       template:
         metadata:
           labels:
-            helm.sh/chart: vcluster-0.16.4
-            app.kubernetes.io/version: "0.1.0"
-            app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/part-of: kubernetes
             app.kubernetes.io/instance: cluster-name
             app.kubernetes.io/name: cluster-name
             
@@ -4274,11 +4266,8 @@
     spec:
       template:
         metadata:
           labels:
-            helm.sh/chart: vcluster-0.16.4
-            app.kubernetes.io/version: "0.1.0"
-            app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/part-of: kubernetes
             app.kubernetes.io/instance: cluster-name
             app.kubernetes.io/name: cluster-name
             
@@ -5161,11 +5150,8 @@
   ttlSecondsAfterFinished: 120
   template:
     metadata:
       labels:
-        helm.sh/chart: vcluster-0.16.4
-        app.kubernetes.io/version: "0.1.0"
-        app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/part-of: kubernetes
         app.kubernetes.io/instance: cluster-name
         app.kubernetes.io/name: cluster-name

Checklist:

Pull Request title in format [chart]: Changed Something
Updated documentation in the README.md.gotmpl file and executed helm-docs
Chart Version bumped
All commits are signed-off

Signed-off-by: Lars Gerber <github@larsgerber.ch>

chillTschill

LGTM

larsgerber added 3 commits November 27, 2025 12:09

[vcluster]: remove Helm chart labels from pod spec

2568237

Signed-off-by: Lars Gerber <github@larsgerber.ch>

[vcluster]: add configmap and secret checksum to all consumers

722c40e

Signed-off-by: Lars Gerber <github@larsgerber.ch>

[vcluster]: bump to version 0.16.5

99e0bea

Signed-off-by: Lars Gerber <github@larsgerber.ch>

larsgerber requested review from a team as code owners November 28, 2025 11:56

github-actions bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Nov 28, 2025

[vcluster]: fix indentation of checksum annotation

532baf8

Signed-off-by: Lars Gerber <github@larsgerber.ch>

chillTschill approved these changes Nov 28, 2025

View reviewed changes

larsgerber merged commit c3d711b into master Nov 28, 2025
4 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[vcluster]: add checksums to trigger pod restarts only on config changes #168

[vcluster]: add checksums to trigger pod restarts only on config changes #168

Uh oh!

larsgerber commented Nov 28, 2025

Uh oh!

chillTschill left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[vcluster]: add checksums to trigger pod restarts only on config changes #168

[vcluster]: add checksums to trigger pod restarts only on config changes #168

Uh oh!

Conversation

larsgerber commented Nov 28, 2025

Uh oh!

chillTschill left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants