Add configmap checksum annotation and pod scheduling support

[aehrt55]

Hi! Thank you for maintaining this chart — it's been great to work with.

We've been using openclaw-helm to deploy multiple OpenClaw instances on EKS and ran into two gaps that this PR addresses:

Changes

1. ConfigMap checksum annotation on pod template

Adds a checksum/config annotation to spec.template.metadata.annotations in the Deployment. This is a common Helm pattern that ensures pods automatically restart when the ConfigMap content changes (e.g., updating openclaw.json via values).

Without this, changing config values requires a manual kubectl rollout restart since the Deployment spec itself doesn't change.

2. Pod scheduling fields (nodeSelector, tolerations, affinity)

Adds the standard Kubernetes scheduling fields to values.yaml and deployment.yaml. These default to empty (no behavioral change for existing users) but allow operators to control pod placement on multi-node clusters.

This is a standard convention in most Helm charts (e.g., Bitnami, ingress-nginx) and is useful for:

• Pinning pods to specific node types
• Tolerating taints on dedicated node groups
• Zone-aware scheduling

3. README documentation

Added a "Pod Scheduling" section with usage examples for the new fields.

Backwards Compatibility

All changes are fully backwards-compatible:

• The checksum annotation is always present but only causes restarts when config actually changes
• Scheduling fields default to empty, producing identical YAML output to the current chart
• No changes to default behavior or existing values

Testing

Verified with helm template:

• Checksum annotation renders correctly
• Scheduling fields are omitted when empty
• Scheduling fields render correctly when values are provided

Happy to adjust anything if you'd prefer a different approach. Thanks for considering!

[aehrt55]

🤖 PR Review

Branch: feat/deployment-scheduling-and-checksum → main
Round: 2 | Updated: 2026-03-26
Reviewer: claude-opus-4-6 via pr-review-toolkit

---

📊 Summary

Category	Total	Fixed	Remaining
🔴 Critical	0	0	0
🟡 Important	2	1	1
💡 Suggestions	5	3	2

Status: ✅ Ready to merge — remaining items are deferred to follow-up PRs

---

🟡 Important Issues

1. ⏭️ Checksum annotation contradicts init-config logic (pre-existing)

File: charts/openclaw-helm/templates/deployment.yaml:25-27

Problem: The init-config container skips copying openclaw.json if it already exists on PVC. Combined with the checksum annotation, config changes trigger pod restarts but the old config persists.

Decision: Deferred to a separate PR. This is a pre-existing issue and changing init-config behavior may affect existing users who rely on manual config edits surviving upgrades.

2. ✅ Simpler checksum approach

File: charts/openclaw-helm/templates/deployment.yaml:15

Fixed: Changed from {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} to {{ .Values.config | toJson | sha256sum }}. Simpler, avoids fragile template path reference.

---

💡 Suggestions

View 5 suggestions (3 addressed)

#	Suggestion	Status
1	Add usage context to README Pod Scheduling section	✅ Fixed
2	Add note that scheduling fields are independent	✅ Fixed
3	Add inline comments to values.yaml for new fields	✅ Fixed
4	Add link to Kubernetes scheduling docs	⏭️ Deferred
5	Add CI-based helm template validation	⏭️ Deferred

---

✨ Strengths

• Clean implementation: The {{- with }} pattern for scheduling fields is idiomatic Helm and correctly omits blocks when values are empty
• Correct indentation: nindent 8 is verified correct for the pod spec level
• Safe defaults: Empty {} and [] defaults produce identical output to the current chart
• Valid examples: README YAML examples are syntactically correct and use realistic values
• Fully backwards-compatible: No behavioral change for existing users

---

📋 Type Design Ratings

Not applicable — this PR modifies Helm chart YAML templates, not typed programming constructs.

---

🎯 Action Plan

Before Merge:

• Simplify checksum to use .Values.config | toJson
• Add inline comments to values.yaml for new fields
• Add usage context and independence note to README

After Merge (Backlog):

• Fix init-config to not skip existing config files (separate PR)
• Add helm-unittest or CI template validation
• Address pre-existing || true on skill installation

---

_{Generated by pr-review-and-document skill | Round 2}

[thepagent]

Hi @aehrt55, thanks for the clean PR — this is exactly the kind of standard Helm pattern that was missing.

The implementation looks good — {{- with }} pattern is idiomatic, nindent 8 is correct, and using .Values.config | toJson | sha256sum is cleaner than a template path reference.

One thing worth noting: the checksum annotation will trigger restarts correctly, but the init-config container skips copying openclaw.json if it already exists on the PVC, so the new config won't actually take effect on restart. This is a pre-existing issue unrelated to your changes — happy to track it in a follow-up.

Merging as-is. Thanks again!