[Bugfix] Fix TLS Hash generation (#1519)

pkg/deployment/reconcile/action_tls_status_update.go

@@ -59,7 +59,7 @@ func (a *actionTLSKeyStatusUpdate) Start(ctx context.Context) (bool, error) {
 		return true, nil
 	}
 
-	keyHashes := secretKeysToListWithPrefix(f)
+	keyHashes := tlsSecretKeysToListWithPrefix(f)
 
 	if err = a.actionCtx.WithStatusUpdate(ctx, func(s *api.DeploymentStatus) bool {
 		r := false

pkg/deployment/reconcile/plan_builder_tls.go

@@ -144,7 +144,7 @@ func (r *Reconciler) createTLSStatusUpdateRequired(apiObject k8sutil.APIObject,
 		return false
 	}
 
-	keyHashes := secretKeysToListWithPrefix(trusted)
+	keyHashes := tlsSecretKeysToListWithPrefix(trusted)
 
 	if len(keyHashes) == 0 {
 		return false

pkg/deployment/reconcile/utils.go

@@ -27,18 +27,27 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 
 	api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
+	"github.com/arangodb/kube-arangodb/pkg/deployment/resources"
+	"github.com/arangodb/kube-arangodb/pkg/handlers/utils"
 	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil/inspector/pod"
 	"github.com/arangodb/kube-arangodb/pkg/util/strings"
 )
 
-func secretKeysToListWithPrefix(s *core.Secret) []string {
-	return strings.PrefixStringArray(secretKeysToList(s), "sha256:")
+func tlsSecretKeysToListWithPrefix(s *core.Secret) []string {
+	return secretKeysToListWithPrefix(s, resources.CACertName)
 }
 
-func secretKeysToList(s *core.Secret) []string {
+func secretKeysToListWithPrefix(s *core.Secret, skip ...string) []string {
+	return strings.PrefixStringArray(secretKeysToList(s, skip...), "sha256:")
+}
+
+func secretKeysToList(s *core.Secret, skip ...string) []string {
 	keys := make([]string, 0, len(s.Data))
 
 	for key := range s.Data {
+		if utils.StringList(skip).Has(key) {
+			continue
+		}
 		keys = append(keys, key)
 	}