diff --git a/charts/velero/templates/_helpers.tpl b/charts/velero/templates/_helpers.tpl index beed7f71..00d97db4 100644 --- a/charts/velero/templates/_helpers.tpl +++ b/charts/velero/templates/_helpers.tpl @@ -86,3 +86,11 @@ For examples: {{- $minorVersion := .Capabilities.KubeVersion.Minor | regexFind "[0-9]+" -}} {{- printf "%s.%s" .Capabilities.KubeVersion.Major $minorVersion -}} {{- end -}} + + +{{/* +Calculate the checksum of the credentials secret. +*/}} +{{- define "chart.config-checksum" -}} +{{- tpl (print .Values.credentials.secretContents .Values.credentials.extraEnvVars ) $ | sha256sum -}} +{{- end -}} diff --git a/charts/velero/templates/deployment.yaml b/charts/velero/templates/deployment.yaml index 4dd12bb5..155cfbd2 100644 --- a/charts/velero/templates/deployment.yaml +++ b/charts/velero/templates/deployment.yaml @@ -40,7 +40,7 @@ spec: {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} - {{- if or .Values.podAnnotations .Values.metrics.enabled (and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange) }} + {{- if or .Values.podAnnotations .Values.metrics.enabled (and .Values.credentials.useSecret (not .Values.credentials.existingSecret)) }} annotations: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} @@ -50,8 +50,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) }} + checksum/secret: {{ template "chart.config-checksum" . }} {{- end }} {{- end }} spec: diff --git a/charts/velero/templates/node-agent-daemonset.yaml b/charts/velero/templates/node-agent-daemonset.yaml index f4edac77..f5104e3d 100644 --- a/charts/velero/templates/node-agent-daemonset.yaml +++ b/charts/velero/templates/node-agent-daemonset.yaml @@ -33,7 +33,7 @@ spec: {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} - {{- if or .Values.podAnnotations .Values.metrics.enabled (and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange) }} + {{- if or .Values.podAnnotations .Values.metrics.enabled (and .Values.credentials.useSecret (not .Values.credentials.existingSecret)) }} annotations: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} @@ -43,8 +43,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) .Values.credentials.restartOnChange }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if and .Values.credentials.useSecret (not .Values.credentials.existingSecret) }} + checksum/secret: {{ template "chart.config-checksum" . }} {{- end }} {{- end }} spec: diff --git a/charts/velero/values.yaml b/charts/velero/values.yaml index 6e45f797..51058b98 100644 --- a/charts/velero/values.yaml +++ b/charts/velero/values.yaml @@ -497,8 +497,6 @@ credentials: # that will be used to load environment variables into velero and node-agent. # Secret should be in format - https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables extraSecretRef: "" - # If true, the velero controller will be restarted if the secret has been changed. - restartOnChange: false # Whether to create backupstoragelocation crd, if false => do not create a default backup location backupsEnabled: true